gcMosaic
HTML 

HTML


Animation


ActiveX


JAVA


VRML


CGI


ISAPI


Security


Grafman



















Reliability |
Authentication |
Transactions |
Integrity |
Privacy |
Lifetime |
Certificates |
Rating |
Encryption |
Internet







Internet Security Overview


Internet Security issues cover a vast arena a technologies, behaviors and science.


Major categories covered here include:


    

  • Systems Reliability

  • Authentication

  • Transaction Management

  • Data Integrity

  • Data Privacy

  • Data Lifetime











Systems Reliability

If you are responsible for a mission-critical project, such as a missle defense system, you
need to ensure that all your sub-systems are dependable and have reasonable backups.


This includes data, hardware, people, communication lines and power.


For data, this involves data archiving, and may mean mirrored data storage for maintaining continuous, 
safe copies of data.


For hardware, this can mean multiple systems that can perform failsafe checks on each other,
and perform as backup systems if others fail.


When necessary, redundant personnel for essential roles must be available as standby, or
to perform in shifts during prolonged emergency situations.


Critical data is of little value if you can't get to it.  Backup communication lines
are becoming a necessity in many modern businesses.  The same is true for power supplies.


All of these components are required to ensure that data and services are available when needed.










Authentication

Having secured the systems that provide storage and access to the data, 
the next thing to secure is: who, what, when and how the data is added, 
accessed, modified and removed.


The first step is to identify all the means that data can be accessed:
can duplicate votes be stuffed into a polling box; 
can someone walk in and shred a file; can checks be forged;
can visitors overhear sensitive phone calls;
do you know everone who has access to your ethernet packets...


The next step is to track who does what, when and how and provide
measures to prevent erroneous transactions and unauthorized access.


A key part of this is authentication; being able to identify who/what is
attempting to make a transaction and determining whether or not they are
authorized to do so.


Driver's licenses, social security cards, employee badges, credit cards, 
caller ID, keys to doors/cars/software, IP/MAC addresses are all mechanisms
that attempt to positively identify who you are, and/or what you are allowed 
to do.









Transaction Management

Once a party can be identified, their transactions can be monitored
and logged -- to assist in ascertaining whether a security breach, or an attempt to breach,
has been made.


In addition to tracking transactions, transaction management must also provide a
mechanism to establish that a transaction (often delayed) has actually occured and is agreed between parties.


In mission-critical protocols such as those used in a space launch, certain actions cannot proceed
until a certain combination of previous states have been attained.  Transaction management
keeps track of the events have occurred, their status and the order in which they occurred, 
and informs interested parties when specific states have been achieved.  
Similar management is used in complex financial transactions.










Data Integrity

Simply knowing that transactions have properly occurred is not enough to guarantee
the integrity of data.  Data may have been violated or tampered with in an unforseen manner, 
or the data may degrade due to hardware or media characteristics and quirks.


Data integrity is most often validated by some notorization mechanism or by comparison to a
known valid record.  This requires that the notorization process be unforgeable, and that
the comparison record is sufficiently accurate and intact.










Data Privacy

In a reliable system where access is controlled, transactions validated and data integrity ensured,
there remains the issue of privacy for sensitive data.  Such data needs to be secure
in all stored forms, and at all points of transit.


In some cases, it is not enough to keep the data private --
even the time and type of transaction must be kept secure.


This usually involves keeping the data and transactions in digitally sealed containers, or in some way
obfuscating the information through code or camouflage.











Data Lifetime

In some cases, all physical records of secure information are destroyed upon acquisition.
However, in most cases, security measures are designed so that the data can be retrieved at a latter date, 
and generally by several authorized people.  As long as there is a record of the secure data,
there is always a possibility that an unauthorized party might access the data through breach
of authentication or due to a hole in a privacy mechanism.


The issue is rarely whether privacy can be breached, but rather when it will be breached.
A sustained attack with sufficient resources will eventually break a safe; taking extreme measures will 
minimize the probability or opportunities to compromise the safe -- thereby delaying the breach, 
or making it too timely/costly to circumvent the measures.


Keeping data secure involves a cost; the more secure a safe is, the more it will generally cost.  
The cost of the safe should be balanced against the value of the items to be stored in it.


Most sensitive information has a lifetime; after a period, the 
sensitivity, and hence its value, degrades over time.  By determining the sensitive lifetime of the data, 
and by measuring the value of the data itself, one can judge the justifiable costs of ensuring data privacy.











Passwords, Keys and Certificates

Traditional authentication usually involves a pair of identifiers: a public and a private identifier.
A check or a charge card has your name and/or photo as your public identifier; your signature is a private
identifier that presumably only you know how to duplicate.  The effort/cost is low, and so is its privacy
lifetime; it provides little protection against forgery.  However, in most transactions, it is suitable
to its use.


A username and password, or an account ID with a Personal ID Number (PIN), is somewhat more secure.
The password or PIN (key) is kept private; it can be breached only if your secret is revealed, or if someone
uncovers it by guesswork or sustained trial and error.  Sustained trial and error can be minimized by
limiting the number of erroneous attempts that will be permitted by the transaction system.


Privacy attacks can also be minimized by using long, complicated keys.  
The longer the key, the lower the probability that the key will be found by sustained trial and error.


Unfortunately, the longer the key, the more difficult it is for a person to remember and use it, and the more
costly (in time or money) the validation mechanism becomes.  Most people use short, easy-to-remember (and unfortunately, easy-to-guess)
passwords, defeating the best designed privacy and authentication systems.


This is complicated by the fact that in the absence of security standards, there is a proliferation of
authentication schemes -- requiring people to memorize (or worse yet, record) a plethora of usernames, IDs,
passwords, PINs, etc.


After years of chaos, the software industry is finally beginning to develop standards of authentication.
Digital certificates can store digital keys and a variety of identification 
(name, description, address, birth, photo, voice print, etc).
Eventually you will only need one digital certificate that will work for debit cards,
private internet transactions, and perhaps even for starting your car.


However, one roadblock remains.  In an attempt to ensure that government agencies can tap private communications,
restrictions have been made to limit the size of digital keys.
The value of digital certificates is undermined by the fact that is it relatively easy to
break keys of the current restricted length -- which make these certificates prone to forgery.











Digital Signing, Ownership and Rating

Using digital key and certificate technology, it is possible to digitally "sign" data in a way to validate its
integrity -- to ensure that it has not been tampered with.  This make it possible to create digital containers that
carry data, plus information such as authorship, when it was created, who can use it, and how -- and then digitally
sign it.


Anyone receiving a validated container can be sure that it was actually created/sent by the claimed author.
This is seriously lacking in today's email systems.  Web content publishers will also be able to determine
authorship and check for copyright violations.


In addition to authorship, digital containers can also hold rating information.  Authors or rating organizations
can certify that web content contains material suitable for target audiences.  Parents can choose to filter out
material that has not been rated by an approved certification agency (CA) as appropriate for children.  


Religiously selective users could filter out content not certified by their religious organization; scholars can choose
to filter out material not rated by their chosen science/literary panels; users could filter out unsolicited
advertisements.  Those that choose not to filter their content will continue to receive everything they want,
without being restricted by censorship legislation.











Encryption

Encryption uses digital keys to obfuscate data.  This technology is used to secure stored data, as
well as data in transit.  If you encrypt a file, no one can access it without uncovering your key.
The longer the key, the harder it is to break the code.  


The governmental restrictions that limit digital certificates
and signing, impact encryption as well.


Encryption is important not only in keeping sensitive data private, but is also instrumental in enforcing
rating systems.  A file that is rated R can't be read by a minor, unless they have a certificate that will
decode the content.


Note that encrypting a file will keep it's contents private, but will not keep transactions private.
To keep transactions private, you also need to encrypt the communications line.



In addition to maintaining restrictions on key lengths, governments are also attempting to restrict the distribution
of encryption technologies.  Posting free encryption software and source on the Internet is considered
an act of exporting military munitions by the US Government, and is punishable as a federal crime.
However, importing identical technology from overseas is unrestricted, creating an uncompetitive
market for US software companies.










Internet Security

A number of standards have been defined over the years for encrypting stored data, but little had been
done until recently regarding Internet transmisions.  Anyone with a packet-sniffer on your network
can capture your email, password and banking transactions.


To address this issue, Netscape proposed the Secure Sockets Layer 
(SSL) protocol that provides privacy 
over Internet TCP sessions, which is the mechanism used for email and the Web.


While this addresses a critical Internet secuity problem, it still does not address packet-level, UDP transactions.
Proposals are in the works to address this issue, as well.


Microsoft has recently added Crypto API 
(CAPI) support to Win95 and NT, making it easier for software
developers to add cryptographic security to their products.


Microsoft has also adopted a digital signing standard called 
Authenticode, and a
digital rating system called .













Top |
Reliability |
Authentication |
Transactions |
Integrity |
Privacy |
Lifetime |
Certificates |
Rating |
Encryption |
Internet











© Copyright 1996 - Grafman Productions - ALL RIGHTS RESERVED


Grafman Productions