Superconductor

I had an interesting discussion last week about why most security experts don’t believe them when tokenization vendors claim that their technology is more secure than encryption. It seems that understanding this is good example of an application of Bayes’ theorem. Here’s why.

Let E represent the belief that encryption is the most secure way to protect sensitive information. Let K represents the knowledge that we have of the effectiveness of security technologies and T represent the belief that tokenization is more secure than encryption.

What we’re interested in is the probability that encryption is the most secure way to protect sensitive information given the claim made by tokenization vendors and our prior understanding of security technologies: P(E|T∩K). We can use Bayes’ theorem to write this as

P(E|T∩K) = P(E|K) P(T|E∩K) / P(T∩K)

= P(E|K) P(T|E∩K) / (P(E|K) P(T|E∩K) + P(NOT(E))|K) P(T|NOT(E)∩K))

Let’s assume that before we hear any claims about the security of tokenization, we’re fairly confident that encryption is the best way to protect sensitive information, so that P(E|K) = 0.99. If we don’t believe that encryption is the most secure way to protect sensitive information then it's reasonable to assume that we might believe that tokenization is a good alternative. To reflect this let’s assume that P(T|NOT(E)∩K)) = 0.9. On the other hand, you’d be hard pressed to find a single cryptographer who agrees that tokenization is more secure that encryption, so it’s probably the case that we should doubt the claim that tokenization is more secure than encryption. To reflect this, let’s assume that P(T|E∩K) = 0.1.

With these values we can now calculate P(E|T∩K) as

P(E|T∩K) = (0.99)(0.1) / ((0.99)(0.1) + (0.01)(0.9)) = 0.9167

so that Bayes’ theorem tells us that there’s no reason to assume that the claims that tokenization is more secure than encryption should really change our belief that encryption is the best way to protect sensitive information.