Adaptive security

ditd

1/13/23, 8:52 AM

I would like to know if there are any effective methods to choose a cryptographic algorithm from a pool of algorithms depending on a certain situation.

Let's say we know the performances of these algorithms when encrypting or signing messages of different sizes for example (there are too many metrics other than msg size) and we want the best algorithm to do the job. Are there any machine learning methods to do this?

Thank you

0 + 0

machine-learning

ckamath

1/13/23, 1:07 PM

The title and actual question seem unrelated to me.

ditd

1/13/23, 1:23 PM

Sorry for the confusion with the notion of adaptive security. It's actually an adaptive architecture that can change it's cryptographic suite depending on the context, not only the continuous monitoring of threats but also in order the improve the performances.

Maarten Bodewes

1/15/23, 11:21 PM

I'm sure that you could do this, but the choice of algorithm itself would not be cryptography. We generally don't use these kind of methods as an attacker can then try and make sure that the weakest algorithm is chosen, and then attack that. Besides that, complexity is more often than not a threat to security.

Score:1

Crypto

Daniel S

1/13/23, 9:43 AM

There certainly are mechanisms for choosing cryptographic algorithms from a pool. The obvious example is the TLS handshake to agree on a cipher suite for a connection between two computers. The two endpoints will have a list of the ciphers that it is willing/able to support. This will be set by the policy of the device owner and may be determined by believed bit-level of security, forward security, or performance, or other factors.

The decision mechanism is essentially an "I cut you choose" method, where the client lists its supported suites in order of preference and the server selects one suite from the list.

More complex negotiations would be possible, taking more information about the performance and preferences of the endpoint, but in practice, the speed of the decision process is deemed sufficiently important to keep with the "I cut you choose" version.

I expect that companies such as Google measure the performance of their data centres and handsets in order to choose the default preferences of Chrome and Google websites to optimise performance for both. How they perform the optimisation however I do not know.

0 + 0

ditd

1/13/23, 1:19 PM

Thank you for your response. I will explore the protocol used in the case of TLS. In fact i was thinking about a more complex case, where two or more entities handshake in a dynamic and dense topology (vehicles for example).

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Adaptive security

TH: ความปลอดภัยที่ปรับเปลี่ยนได้

RO: Securitate adaptivă

RU: Адаптивная безопасность

VI: bảo mật thích ứng

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.