=Mesh Security= 
[[toc]]
Given the lessons of the Fall and the very real risk still posed by hackers, virii, and similar threats, network security is taken extremely seriously in Eclipse Phase. Four methods are typically used: authentication, firewalls, active monitoring, and encryption.
==Authentication== 
Most devices, networks (PANs, VPNs, etc.), and services require some kind of authentication (a process by which a system determines whether the claimed identity of a user is genuine) before they grant an account and access privileges to a user. There are several different ways for a system to authenticate a user. Some are more reliable and secure than others, but for the most part, the more secure the method, the higher the operational expenses.
**Account:** If you have access to an account on one system, this may give you automatic access to related systems or subsystems. This is typical of slaved devices, where access to the master automatically grants you access to slaves.
**Mesh ID:** Some systems accept mesh IDs as authentication. This is extremely common with most public systems, which merely log the mesh ID of any user that wishes access. Other systems will only allow access to specific mesh IDs, but these are vulnerable to spoofing.
**Passcode:** This is a simple string of alphanumeric characters or logographic symbols, submitted in an encrypted format. Anyone with the passcode can access the account.
**Biometric Scan:** This calls for a scan of one or more of the user’s biometric signatures (fingerprint, palm print, retinal scan, DNA sample, etc.). Popular before the Fall, such systems have fallen out of use as they are impractical with synthmorphs or users that frequently resleeve.
**Passkey:** Passkey systems call for some of encrypted code that is either hardwired into a physical device (that is either implanted or physically jacked into an ecto) or extracted from specialized software. Advanced passkeys combine hardwired encryption with physical nanotech etching to create a unique key. To access such systems, the passkey must either be acquired or somehow spoofed.
**Ego Scan:** This system authenticates the user’s ego ID.
**Quantum Key:** Quantum key systems rely on the unbreakable encryption of quantum cryptography.
==Firewalls== 
Firewalls are software programs (sometimes hardwired into a device) that intercept and inspect all traffic to and from a protected network or device. Traffic that meets specified criteria that designates it as safe is passed through, whereas all other traffic is blocked.
In Eclipse Phase, every network and device can be assumed to have a firewall by default. Firewalls are the main obstacle that an intruder must overcome, as discussed under Intrusion Tests.
Like other gear, firewalls come in varying quality levels and so may apply modifiers to certain tests.
==Active Monitoring== 
Instead of relying on authentication and firewalls alone, secure systems are actively monitored by a security hacker or a muse. These digital security guards inspect network traffic using a number of software tools and applications that flag conspicuous events. Active surveillance makes intrusions more difficult, since the interloper must beat the monitoring hacker/AI in an Opposed Test (see Intrusion). Active monitoring also includes monitoring any devices slaved to the monitored system.
Characters may actively monitor their own PANs if they so choose, though this requires a moderate level of attention (count as a Quick Action). It is far more common for a muse to actively guard a user’s PAN.
==Encryption== 
Encryption is an exceptionally effective extra layer of security. There are two types of encryption commonly used in Eclipse Phase: public key cryptosystems and quantum cryptography.
===Public Key Crypto=== 
In public key cryptosystems, two keys are generated by the user, a public key and a secret key. The public key is used to encrypt messages to that user, and is made freely available. When messages are encrypted using that public key, only the secret key—controlled by the user—can decrypt them. Public key crypto is widely used both for encrypting data traffic between two users/networks/devices and for encrypting files. Due to the strength of the public key system algorithms, such crypto is essentially unbreakable without a quantum computer (see Quantum Code-breaking).
===Quantum Cryptography=== 
Quantum key distribution systems use quantum mechanics to enable secure communications between two parties by generating a quantum key. The major advantage of transmitting information in quantum states is that the system itself instantly detects eavesdropping attempts as quantum systems are disturbed by any sort of external interference. In practical terms, this means that quantum encrypted data transfers are unbreakable and attempts to intercept automatically fail. Note that quantum crypto doesn’t work for basic file encryption, its only use is in protecting communication channels.
While quantum key systems have an advantage over public key systems, they are both more expensive and less practical. In order to generate a quantum key, the two communications devices must be entangled together on a quantum level, in the same location, and then separated. So quantum key encrypted communications channels require some setup effort, especially if long distances are involved. Since the implementation of quantum cryptographic protocols is an extraordinary expense, it is usually only adopted for major high-security communications links.
===Breaking Encryption=== 
What this means is that encrypted communications lines and files are very safe if using public key systems, and that data transfers are absolutely safe if using quantum crypto. Gamemasters should take note, however: while this may be useful to player characters, it may also hinder them. If the characters need to get at something that is encrypted, they’re going to need to figure out some way to get the secret key’s passcode. Common methods include the old standbys of bribery, blackmail, threats, and torture. Other options involve espionage or social engineering to somehow acquire the passcode. Hackers could also nd some other method to compromise the system and gain inside access, bypassing the encryption entirely.
===Quantum Codebreaking=== 
As noted above, quantum computers can also be used to break public key encryption. This requires an [[Infosec]] Task Action Test with a +30 modifier and a timeframe of 1 week (once started, the quantum computer finishes the job on its own; the user does not need to provide constant oversight). Gamemasters should feel free to modify this timeframe as ts the needs of their game. Note that quantum computers cannot break quantum-encrypted communications, only encrypted files.

=See Also= 
[[Intrusion]]
[[Intrusion Countermeasures]]
[[Subversion]]
[[Cyberbrain Hacking]]

[ [[Home]] | [[Game Rules]] | [[The Mesh]] ]