Computer Security: Key Management Issue
MacWeek Special Report: Emerging Technologies
By Bruce Schneier
March 16, 1992
Back when computers stood alone on desks, unconnected to the rest of the world, computer security was simply a matter of locking an office door, putting a lock on the power supply or installing a security software package. Today, the rules of computer security are changing, and in years to come, it's going to be a whole new ball game.
What used to be the concern solely of the military is required by more and more companies. "Between LANs, file servers and dial-up connections, it's hard to regulate who has access to what," said Steven Bass, principal software engineer at Codex Corp., a division of Motorola Inc. in Canton, Mass.
Barry Eisenberg, computer specialist at Hughes Aircraft Co.'s Ground System Group in Fullerton, Calif., said, "We don't worry about remote access yet, but it's growing."
Present-day security solutions commonly are ad hoc, complicated and worthless against a sophisticated adversary.
Often a network manager has to make the choice between shackling the hands of users or taking chances with security. And the widespread adoption of groupware will bring security problems that give managers even more headaches.
The key to the future. Over the next several years, the proliferation of cryptography on personal computers will help solve security problems in new and different ways. Conventional methods will make computer systems harder to break into, but if present trends continue, new systems involving public-key cryptography will bring fundamental changes in our notions of security, privacy and authentication.
No longer will people have to agree on the password to be used as the encryption key before they can communicate privately. "With public-key cryptography, it's easier to send encrypted electronic mail to users you haven't met before," said Ralph Merkle, member of the research staff at the Computer Science Lab for Xerox Corp.'s Palo Alto Research Center and co-inventor of the public-key cryptography system.
Jim Bidzos of Redwood City, Calif.-based RSA Data Security Inc., a major developer of public-key cryptography systems, said: "The mathematical basis for public-key cryptography exists today. It's just a matter of time before these protocols are incorporated into products. In five to seven years, these security protocols will be an integral component of operating systems and networks. Companies such as Apple, IBM [Corp.], Microsoft [Corp.], Digital Equipment [Corp.], NeXT [Computer Inc.], Sun [Microsystems Inc.] and Novell [Inc.] are all researching ways to weave security into their future products."
The key is in the past. This widespread commitment to develop and sell secure systems to non-military customers is relatively new, even though the idea of public-key cryptography is more than 15 years old. Whit Diffie and Martin Hellman introduced the idea in 1976, and the first concrete proposals for public-key systems were in circulation by the end of the '70s.
"People have been paying lip service to the importance of computer security for a long time," said Joan Feigenbaum of AT&T Bell Laboratories, "and there's a large body of research literature on cryptographic protocols. But these protocols haven't been finding their way into products and services. Making products secure involves some cost in development or performance or both, and companies seem to have been acting on the assumption that customers are not willing to pay the cost."
The payoff can be substantial. Public-key cryptography can authenticate the validity of a message or a file. "Digital signatures are going to be one of the pivotal authentication technologies in future systems," Xerox's Merkle said. "Today, we sign our names almost any time we transact business. In the future, we'll still sign our transactions, but it will usually be a digital signature."
Apple's Open Collaboration Environment (OCE) will use public-key cryptography to provide mail and document authentication, but the technology has implications well beyond the steps that Apple is taking.
New security against current threats. Merkle predicted that computer viruses will become worse in the future because of rising computer literacy, proliferation of computer systems, standardization of operating systems and increased networking of computers. "A virus or worm can attack only the systems it understands," Merkle said. "If there is only one system that everyone uses, then one attacker and even one virus can harm all of them. And a successful attack can spread to every computer connected to the network; in the future, everyone will be connected to the network."
Cryptographic security measures can help prevent the spread of viruses. "Companies can use digital signatures to sign their software packages and data files. Users will immediately be able to tell whether the program has been infected by a virus," he said.
Remote log-in procedures also could become more secure using public-key cryptography. With public keys held on "smart cards," small credit card-size devices that can store several kilobytes of memory, users could log onto host systems remotely without fear that their passwords will be stolen by someone listening on the line. The increasing use of wireless modems makes such listening a concern.
"In the future, all communications between remote computers and hosts can be encrypted," said RSA's Bidzos.
More-complicated protocols will permit users to sign contracts simultaneously, send certified mail and even spend untraceable electronic money via E-mail.
"Right now computer networks are built on the principle of openness," said Avie Tevanian, director of software systems at NeXT in Redwood City, Calif. "Future computer networks will be built on the principle of privacy."
Today, password-protection packages sit on top of the operating system, allowing an adversary considerable leeway in circumventing their security. Likewise, some programs allow users to encrypt individual files, but they often employ trivial algorithms.
"In the future, security will be handled at all levels," Tevanian said. "You can't just stick it somewhere and have it magically work everywhere else. Security is required at the hardware level, the operating system level and the network level. Tool kits will allow developers to build security into their software easily."
Getting a jump on security. What can a responsible network manager do to get ready for this plethora of security mechanisms? The short answer is nothing. Vendors realize that one of the keys to effective computer security is that it has to be as invisible to the user as possible, and system buyers agree. "It would be nice to run security via remote control," said Irene Kogan, a network architecture analyst at Boeing Co. in Ridley Park, Pa. "I would like to lock all PCs after 5 p.m. if no one is using them."
Bidzos said, "We want to provide high-quality security with absolutely no overhead, buried deep and seamlessly into software products."
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..