Describe about the Quantitative Risk Analysis in Information Security Management?
This is a report on the application of modern information security tools and techniques contrasting in practical scenarios. In order to demonstrate these applications, this report draws a comparison of a failed conspiracy of the late 16th century known as the “Babington Plot”, famous for the way the English intelligence network managed to use espionage and cryptanalysis to safeguard the throne, and postulates how such a conspiracy would have benefited from modern information security technology.
The Babington Plot was a conspiracy to assassinate Queen Elizabeth I and replace her with Queen Mary Stuart alongside a Spanish invasion into England. It was thwarted by Sir Francis Walsingham’s efforts over 20 years to establish a valiant spy network and infiltrate the ranks of any potential threats. On account of his spies, Walsingham was able to collect damning evidence against all conspirators, especially Mary Stuart, who was the primary target of his espionage and ended up being executed for her involvement in the plot. The key evidence that made the case was acquired by a security leak in the communications between Mary Stuart and her supporters, both within and outside England, created by Walsingham that allowed him to intercept all such communications.
After a detailed breakdown of the shortcomings of the communication channels established by the conspirators, this report presents a postulated scenario of such a plot occurring in the 21st century and how modern technology could play a role in plugging the gaps in the original 16th century plot.
Information Security Techniques Used
Before discussing the exact techniques employed during the course of the plot in order to establish secure communication, we must first look at the major persons of interest who were directly involved in the line of communication. The following is a brief of these people:
Mary Stuart, Queen of Scots: She was a legitimate heir to the throne of England and had been chased out of Scotland by Scottish rebels. She was imprisoned by Queen Elizabeth I for 19 years at various locations and under the charge of various jailers.
Sir Francis Walsingham: Then spymaster in the employ of Queen Elizabeth I, he was able to discover the ongoing plot and planted a double agent, Gilbert Gifford, in the line of communication between Mary and her co-conspirators in order to collect evidence against the conspirators thus eliminating Mary from the line of succession.
John Ballard: He was a Jesuit priest as well as an agent of the Roman Church who was able to group together a number of other conspirators in a plot not just spanning the assassination of Queen Elizabeth but also encompassing a Spanish invasion of England, deposing Queen Elizabeth (a Protestant) and replacing her with Queen Mary (a Catholic).
Anthony Babington: A Catholic recruit of John Ballard, he served the role of a courier for messages between the imprisoned Mary and other conspirators for a duration of time. He was also instrumental in Mary’s communications with her foreign supporters.
Thomas Phelippes: He was a cryptanalyst in the employ of Walsingham and was directly inserted in the line of communication for decoding all letters sent to and received from Mary and making copies of the letters.
Gilbert Gifford: A double agent who was originally involved in a previous plot against Queen Elizabeth but was captured by Walsingham and eventually agreed to act as a double agent in order to avoid punishment.
Throughout the course of Mary’s imprisonment, a number of channels and techniques were employed for communication. However, the crux of the Babington Plot was the communication between the conspirators after a July 1584 decree by Queen Elizabeth that prevented all communications to and from Mary, thus also eliminating the possibility of incriminating her in a plot. A new line of communication had to be established, and this was tailor-made by Walsingham to suit his needs. The communications to Mary were received by the French ambassador to England as diplomatic packages. These were passed on by him to Gifford who would then hand them over to Walsingham. Walsingham would allow his cryptanalyst Phelippe to decode and copy the letters, then reseal the letters and return them to Gifford. As per previous arrangement, Gifford would hand this letter to a local brewer who would hide the letters in a water-tight casing inside the stopper of a barrel, thus smuggling them to Mary. The reverse procedure was followed for letters originating from Mary.
It is notable that the cipher used in these communications, a nomenclature cipher, was provided by Walsingham himself. The nomenclature cipher was a very popular type of cipher used in the 16th century for secure communication and is regarded as a type of substitution cipher which employs homophonic substitutions. The following is an analysis of this episode from the standpoint of achieving the three goals of secure communication – confidentiality, integrity and availability.
Confidentiality. The primary device employed by Mary and her conspirators to ensure confidentiality was to encode letters using a cipher which was supposedly known only to the two parties involved in the communication. There were multiple vulnerabilities in their designs. Firstly, the secrecy of the cipher had been compromised. Thus, all their communications were easily decoded and recorded. Secondly, a single cipher was used for all communications which ensured that once the cipher is known to an interceptor, all further messages are insecure. Thirdly, verification of the secrecy of the cipher was difficult to achieve. Even if a single cipher is to be used throughout all communications, if there were a mechanism in place to check if the cipher has been leaked to outside parties, then appropriate counter-measures could have been taken.
Integrity. There were no mechanism in place to ensure integrity of messages. Therefore, it was extremely easy for anyone in the communication chain or for someone intercepting messages in the middle of the chain to modify the contents of the messages being conveyed. This was exploited by Walsingham in the instance of a reply from Mary to an authorization request for the assassination plan, approving of the plans of her supporters but not expressing authorization. The original letter was kept by him as evidence and a duplicate letter was forged, in which instructions to reveal the identities of all co-conspirators and their roles was added by him along with authorization to proceed with the plan, and sent to the French ambassador as a letter from Mary herself.
Availability. There were minimal considerations given to ensuring availability of the messages, especially from the viewpoint of modern information security. The meandering routes taken for all communication and the long distances to be travelled made it so that, in the absence of any high-speed data transmission technology, the only concern of the conspirators was to ensure secure delivery of messages. Walsingham was keen to ensure steady communication between Mary and her supporters as this was the most important pre-requisite for gathering evidence against Mary.
Now that we have discussed the original intricacies of the plot and the various mechanisms employed for secure communication during the conception of the Babington Plot in the late 16th century, we can proceed to adapt the scenario to the 21st-century. Should a similar scenario arise in the present era, the following adaptations of the original plot are quite probable.
Firstly, the communication link would definitely be digital. As the people involved in the conspiracy are distributed far apart from each other geographically, it is only logical that digital communication media, most likely the internet and e-mail, would be employed.
Secondly, due to the addition of high-speed computing in to the mix, both the cryptography and cryptanalysis techniques would be significantly upgraded. Instead of a simple substitution cipher, which can be easily cracked using computers, a more sophisticated encryption algorithm would be used.
Thirdly, the role of Gilbert Gifford would experience a notable change. Modern day message carriers, the role previously played by Gilbert Gifford, are computers and not people. Thus, it is highly likely for Mary to communicate directly with Babington and other conspirators without needing Gifford to relay her messages. It is thus more likely for Gifford to only receive copies of their exchanges for the purpose of managing logistics or such, if at all. The other people and props involved purely in communication of messages, such as the brewer and his beer barrels, can be imagined to have been replaced by e-mail Servers and electronic devices hard-wired with communication protocols.
Fourthly, new security concerns arising out of usage of modern technology will need to be addressed. Most of these are modern day complications, derivations or branches of existing security issues which have been born due to the advances in technology, for example new forms of social engineering attacks.
Therefore, to imagine the enactment of the Babington Plot in the modern era such that Mary Stuart and her fellow conspirators would strive to establish a secure line of communication via modern e-mail technology, it can be postulated that these techniques would be employed:
Mail Transfer Agent (MTA). This is a modern day take to the brewer and his beer barrel from the original plot in the 1580s. Messages are transferred between the conspirators using a well-known MTA as this ensures that the MTA will ensure many aspects of secure transmission, including a measure of confidentiality, integrity and most importantly availability. In the modern day, digital transmission of data should be almost instantaneous and availability of message transmission services as well as transmitted data is a huge concern. Therefore, relying on a well-established and publically respected MTA is recommended.
Authenticated Encryption. Authenticated Encryption (AE) is a data encryption technique which employs a block cipher to simultaneously provide confidentiality, integrity and authenticity. Some of this is redundant but recommended nevertheless with the usage of an MTA. An example of an AE would be combining a Message Authentication Code (MAC) with another data encryption function. A MAC uses the concept of a secret key shared between two end-users to ensure authentication and data integrity by using this key to generate meta-data (hash) specific to the key and the original data. Thus, any changes to the data or any differences in the key used for generating the hash will cause a mismatch with the original hash. In addition to this, the original message is encrypted using a data encryption algorithm (e.g. AES) and the MAC may be generated before or after encryption.
Key Distribution. This is one of the greatest concerns of modern day information security. In the case of asymmetric encryption algorithms, public key servers have been able to resolve this issue in large parts. Symmetric key encryption algorithms are trickier in their needs for secure distribution of keys and this is often achieved by first establishing a secure communication line with the help of asymmetric keys. As was mentioned in the shortcomings of the original communication line in the Babington Plot, using a single cipher (or in this case key) for extended periods of communication causes vulnerabilities to arise and thus it is recommended for the key to be changed on a periodic basis.
Conclusion and Recommendation
The study and analysis of the circumstances and facts surrounding the “Babington Plot” have revealed that concerns regarding secure communication have been carried down from several centuries ago to the modern day. Emergence of new technology has changed the way these concerns apply to real life, and has introduced new forms and factors that affect these applications, but the basic concepts of confidentiality, integrity and availability are largely unaffected.
The Babington Plot was thwarted by the presence of a large number of security leaks. These leaks were a product of the extensive spy network established by Sir Francis Walsingham and demonstrated that while the conspirators were committed to their cause, they were unable to outsmart their enemies. Thus, it can be said that the conspirators lost the information war, a term which is generally associated with the “Information Era” or the 21st century, but definitely holds true even for a case from the 16th century.
It is thus highly recommended for any endeavor that requires secure communications to check and re-check all their communication links for conformity to the basic standards of information security. The techniques highlighted in this report are some suggestions that could benefit secure communications but should not be regarded as the entire gamut of security measures available in the modern day. The information war, between spies and counter-spies, guardians and hackers, thieves and security forces, is constantly on-going and ever-changing in form. Thus, caution and awareness are the only reliable tools to step towards victory.
Pachghare, V. K. (2015). Cryptography and information security. PHI Learning Pvt. Ltd..
Oppliger, R. (2015). Quantitative Risk Analysis in Information Security Management: A Modern Fairy Tale. IEEE Security & Privacy, (6), 18-21.
Rebollo, O., Mellado, D., Fernández-Medina, E., & Mouratidis, H. (2015). Empirical evaluation of a cloud computing information security governance framework. Information and Software Technology, 58, 44-57.
Jajodia, S. (2015). Advances in Information Security.
Chen, X., Zhang, Z., Chen, H. H., & Zhang, H. (2015). Enhancing wireless information and power transfer by exploiting multi-antenna techniques.Communications Magazine, IEEE, 53(4), 133-141.
Ab Rahman, N. H., & Choo, K. K. R. (2015). A survey of information security incident handling in the cloud. Computers & Security, 49, 45-69.
Kenkre, P. S., Pai, A., & Colaco, L. (2015). Real time intrusion detection and prevention system. In Proceedings of the 3rd International Conference on Frontiers of Intelligent Computing: Theory and Applications (FICTA) 2014(pp. 405-411). Springer International Publishing.
Haya, G. M. (2015, June). Complexity Reduction in Information Security Risk Assessment. In Proceedings of the 2015 ACM SIGMIS Conference on Computers and People Research (pp. 5-6). ACM.