Networks Are Graphs
Network Topologies Are Geometric Graphs
Every computer network has a topology — the geometric arrangement of nodes (devices) and edges (connections). Topology determines fault tolerance, bandwidth, and security properties.
Five fundamental topologies:
- Star: One central hub, all nodes connect to it. Simple, cheap. Single point of failure — if the hub dies, everything dies. N-1 edges for N nodes.
- Ring: Nodes form a circle, each connected to two neighbors. A single break partitions the network. N edges for N nodes.
- Bus: All nodes share a single backbone cable. Cheap but collision-prone. One backbone failure takes down everything.
- Mesh: Every node connects to every other node. Maximum redundancy. A full mesh with N nodes has N(N-1)/2 edges — that is O(N²) connections. Expensive but highly fault-tolerant.
- Tree: Hierarchical branching. N-1 edges (minimum connected graph). Root failure partitions subtrees.
Real networks are hybrids — a mesh core with star-topology access layers, tree-structured routing hierarchies, and ring-topology redundancy at critical junctions.
Topology and Fault Tolerance
A data center has 20 servers. The operations team is debating between a full mesh and a star topology for the internal network.
The Geometry of Exposure
Attack Surface = Geometric Boundary
In cybersecurity, the attack surface is the total set of points where an attacker can interact with a system. Think of it geometrically: your system is a shape, and every point on its boundary is a potential entry point.
Components of the attack surface:
- Network surface: Every open port on every public IP address. A server with 5 open ports has 5 points on its network boundary.
- Application surface: Every API endpoint, every URL route, every form input. A web app with 200 routes has 200 application-layer boundary points.
- Human surface: Every employee with credentials, every phishing target. Social engineering attacks target the human perimeter.
- Physical surface: Every server room door, every USB port, every network jack.
The geometric principle: Security improves by minimizing the boundary between trusted and untrusted zones. A firewall defines a geometric boundary — traffic inside is trusted, traffic outside is not. The fewer holes in that boundary, the smaller the attack surface.
This is why the principle of least privilege is geometric: give each component the minimum boundary exposure it needs to function.
Reducing Attack Surface
A company runs a web application with the following exposure: 12 public API endpoints, SSH open on all 50 servers (port 22), a database with a public IP, and an admin panel accessible from the internet.
Attack Graphs and Threat Trees
Threat Modeling Uses Graph Theory
Security professionals model threats as directed graphs. The structure of these graphs reveals attack paths, high-value targets, and defensive priorities.
Attack graphs: Nodes represent system states (or individual systems). Directed edges represent possible transitions — exploits, lateral movements, privilege escalations. An attack path is a walk through this graph from an external node to a target node.
Attack trees: A specialized graph structure. The root node is the attacker's goal (e.g., 'steal database'). Child nodes are methods to achieve the parent goal. Leaves are concrete attack actions. AND-nodes require all children to succeed; OR-nodes require only one.
Graph centrality identifies high-value targets:
- Betweenness centrality: A node through which many shortest paths pass. In a network, this is the choke point — compromise it, and you control traffic flow. A firewall or domain controller often has high betweenness centrality.
- Degree centrality: A node with many connections. In an attack graph, a node reachable from many other nodes is a high-value lateral movement target.
Shortest path = most likely attack vector: Attackers optimize for fewest steps. The shortest path in an attack graph from the internet to the database is the most likely attack route. Defense means making that shortest path longer — adding nodes (security controls) that the attacker must traverse.
Attack Graph Analysis
Consider a network with this structure: Internet → Web Server → App Server → Database. The Web Server also connects to a File Server. The App Server connects to a Backup Server. An attacker's goal is the Database.
Elliptic Curve Cryptography Is Geometry
Elliptic Curves: Where Geometry Becomes Encryption
Elliptic curve cryptography (ECC) is one of the rare places where security is literally built on geometric operations.
An elliptic curve is the set of points (x, y) satisfying: y² = x³ + ax + b (plus a special 'point at infinity'). Over the real numbers, this looks like a smooth, symmetric curve.
Point addition — the geometric operation that makes cryptography work:
1. Take two points P and Q on the curve.
2. Draw a straight line through P and Q.
3. That line intersects the curve at exactly one other point R'.
4. Reflect R' across the x-axis to get R = P + Q.
This 'addition' operation forms a mathematical group — it is associative, has an identity element (the point at infinity), and every point has an inverse.
Scalar multiplication: Adding a point P to itself k times gives kP. Going forward (computing kP given k and P) is fast — O(log k) operations using double-and-add. Going backward (finding k given P and kP) is the elliptic curve discrete logarithm problem (ECDLP) — believed to be computationally infeasible for large curves.
This asymmetry is the security foundation of modern TLS. Your browser's HTTPS connection likely uses ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) — both sides agree on a shared secret by exchanging points on an elliptic curve, and no eavesdropper can recover the secret without solving ECDLP.
Why Geometry Makes Good Cryptography
ECC provides the same security as RSA with much smaller key sizes. A 256-bit ECC key provides roughly the same security as a 3072-bit RSA key.