So-so top-level review of crypto role in IS

Rohit Khare (khare@pest.w3.org)
Wed, 4 Sep 96 14:06:01 -0400


> "Do you think Ford [Motor Co.] or Chrysler is going to
> let someone else control their certificates? Then there
> is this issue of where did you get your certificate from?
> Am I going to let you query my database to get a key? No
> way," Maskowitz says.

> "We're an international company, so we can't use the
> domestic version of Netscape [Communications Corp.'s
> Netscape Navigator]. And we can't trust the data using
> the international versions," says Richard Perlotto,
> corporate network security manager at VLSI Technology
> Inc., in Tempe, Ariz.

A snapshot of what the tolerably-clean masses are hearing about security... RK
------------------------------------------------------------------

Encryption technology can help secure private data over public carriers, but
tackling its own issues is another story

By Julie Bort
InfoWorld Electric

Think about this: Every time one of your end-users sends an electronic
communication from your network, it opens the door to an attack. It is
unbelievably easy for a knowledgeable hacker to exploit the failings of SMTP
and other communications protocols to eavesdrop on Internet e-mail, send phony
messages, or even gain access to other networked systems, security
consultants say. A domain name or single IP address is the only information
needed, and from there the door is wide open for other mischief.

One increasingly popular way to plug this gaping hole is to encrypt e-mail
and other electronic communications. Encryption is a way to encode text using
complex mathematical algorithms.

"When explaining encryption, I like to use the analogy of the Cap'n Crunch
Super Secret Decoder Rings. These rings [distributed in Cap'n Crunch cereal
boxes in the 1960s] contained a very simple algorithm. It was something like
`take a letter then add 5.' So an A became an F. Simply speaking, that's all
these algorithms are, mathematical formulas," explains Gary Fresen, a member
of the American Bar Association's committee on digital signatures and an
attorney and partner at Baker McKenzie LLP, in Chicago, one of the world's
largest law firms.

Although no encryption algorithm is in and of itself crack-proof, several of
them are so complex that they are virtually unbreakable. Coupled with proper
implementation, authentication, and secure connections, encryption solutions
can add a high level of security to any company's arsenal. However, it is an
area that requires a knowledgeable person to make the purchasing decision
because the technology is very complex, the best product selected will add a
level of administration overhead, and numerous industry consortiums are
developing competing APIs.

NUMEROUS USES. Is encryption security overkill? Absolutely not, say users who
have already adopted it or are in the processing of adopting it. One reason
is to gain some security control over public telecommunications lines used in
wide area networks.

"We have a good idea of our internal security, but we also use the public
carriers for our worldwide WAN, such as CompuServe [Inc.'s] frame relay and
British Telecom [Plc.'s] frame relay, and we [don't control] their level of
security," says Richard Perlotto, corporate network security manager for VLSI
Technology Inc., in Tempe, Ariz.

"Even if you own most of your own equipment, with frame relay you don't own
the router, the carrier does. Frequently [the carrier has] modems attached to
those routers to manage the equipment remotely," Perlotto adds.

Those modems can allow hackers to tap in and grab data as it is being
transmitted, without ever being detected by the company's security systems.

Consequently, VLSI is currently evaluating encryption boxes and other
products that sit on either end of a connection, such as NetFortress from
Digital Secured Networks Technology Inc. (DSN), in Englewood Cliffs, N.J. One
box encodes all traffic on the fly when it's being transmitted, and the other
decodes the information upon receipt. Router vendors offer similar add-ons.

Besides simply letting employees sleep better at night with the knowledge
that their corporate secrets are safe, encryption technology can mean that a
company can operate more efficiently and cost-effectively, users say.

"Right now, we drop letters into the post office, which isn't very secure
when you think about it," Fresen says. "After all, anyone could look at them.
Or we send a courier. But if we can secure our [Lotus Development Corp.]
cc:Mail system, there's a tremendous cost savings to us compared to sending a
courier to Hong Kong three times a day. And we'll be able to do things in a
day that used to take a week." Fresen is currently testing Entrust 2.0 from
Northern Telecom Ltd. (NorTel), in Research Triangle Park, N.C., as an
encryption add-on to e-mail.

GETTING KEYED IN. But before you can go out and purchase an encryption
system, you need to do some serious homework. Encryption involves multiple
technologies, competing protocols, and complex mathematics.

You can start the learning process by understanding the two components that
make up most encryption systems: the key and the certificate.

The key is the algorithm or mathematical formula that encodes the message
itself. It must be sent to the message recipient so the message can be
decoded, hence the term key.

The size of the key, measured in bits, determines how complex the algorithm
is and how tough the code is to crack. The state of the art for encryption
technology used exclusively within the United States is 1,024 bits. However,
the maximum size key that is allowed to be exported is 40 bits.

Keys come in two flavors: symmetrical, or public key model; and asymmetrical,
or public key/private key model.

A symmetrical key uses the same algorithm to encode and decode a message.
This is the technique used by the public key encryption program Pretty Good
Privacy (PGP).

PGP assumes what security experts call the peer trust model. That is, the
sender knows and trusts the receiver and is therefore perfectly comfortable in
sending the key on its way. Herein lies the "pretty good" part of the
privacy. Although the algorithm itself makes the message difficult to crack,
the key exchange is only pretty good when compared with other methods.

On the other hand, the great advantage to PGP is that it creates no key
management overhead, which is the biggest drawback of asymmetrical keys.

In the asymmetrical model, users have a public key stored somewhere that is
available. Should someone want to send an encrypted message, the sender
locates the public key of the recipient, encodes the message, and sends it
off. The receiver then uses a private key to decode the message. The private
key is different from the public key, but they are mathematically linked so
that the private key is capable of decoding the message.

Asymmetrical systems require no trust between the sender and the recipient.
That's good. But they do create administration overhead in the form of storing
and maintaining public and private keys.

Public/private key exchange is the technique used by RSA Data Security Inc.,
which was recently sold to Security Dynamics Inc., in Bedford, Mass. RSA uses
a technology that is actually an adaptation of the decade-old National
Institute of Standards and Technology's peer-trust Data Encryption Standard
(DES), still used in many products. DES is a method of grabbing random keys
for each encryption task, rather than using the same key repeatedly.
Cryptographers say that RSA solves some problems, such as the trust issue but
generates others.

"Say I want to send a secure message. The first thing I do is take a random
key and encrypt the message with it," says Paul Kocher, an independent
cryptography consultant in Menlo Park, Calif., and one of the people
responsible for discovering the flaw in the security of Netscape Communication
Corp.'s Netscape Navigator.

"But without that key, I won't know how to decode [the message], so I take an
RSA public key and encrypt the random DES key with my recipient's public key.
The recipient uses a private RSA key to decrypt the DES key. If it sounds
convoluted, it is. RSA is very slow and cumbersome. DES is fast and efficient,
but it doesn't give you the security of the public/private key system,"
Kocher explains.

RSA remains one of the most well-known encryption technologies, but it is
not, by far, the only public/private key exchange method currently in use.

For example, other vendors use a competing version called Diffie-Hellman. It
is a mathematically different implementation of the asymmetrical model, and it
is the method employed by DSN's NetFortress.

THE REAL YOU. Using public or public and private keys is the foundation of
encryption, but keys can't verify a recipient's identity.

"When you're talking about sending secured messages, there are two goals
you've got. One is to make sure that the information stays confidential, and
the other is that it does not get tampered with," Kocher says.

Enter the certificate, also called the digital signature. Certificates act
like an electronic driver's license. They authenticate that the receivers and
senders are who they say they are.

"The issue is trust. When we owned our own 3270 cabling, we trusted it, we
worried less. Now I have someone at Daytona Co. that needs access to Chrysler
Corp. across multiple networks. What sort of trust do I have?" asks Bob
Maskowitz, technical support specialist for Chrysler, in Detroit, and a member
of the Internet Architecture Board of the Internet Engineering Task Force
(IETF). "I need to authenticate that this person is allowed to update [a
document]."

Certificates can be created and managed by a third party, such as VeriSign
Inc., in Mountain View, Calif., or they can be created and managed internally,
with products such as NorTel's Entrust, which also performs encryption. Once
a certificate is obtained, it becomes the user's digital signature.

When digitally signing something, the recipient of the signature gets all of
the information contained on the certificate, such as who the person is, the
person's address, or other items chosen to be included on the certificate. The
digital signature also says who granted the certificate, when it expires, and
what level of verification was done.

"There are three classes of certificates," explains Gina Jorasch, director of
product marketing for VeriSign. "In Class 1, we check for a unique name, that
the e-mail address is correct, and that the person receiving it has authority
to access that e-mail account. In Class 2, we check the name, address,
driver's license, social security number, and date of birth. For a Class 3 we
check all of those things, plus we check against the Equifax [credit reporting
bureau] database."

Although certificates provide the invaluable service of authenticating users,
organizations that care enough about their security to use encryption and
certificates may not want to trust an outsider to handle them, according to
users.

"Do you think Ford [Motor Co.] or Chrysler is going to let someone else
control their certificates? Then there is this issue of where did you get your
certificate from? Am I going to let you query my database to get a key? No
way," Maskowitz says.

they are outsourced, they will add a significant amount of system management
overhead to an encryption system, even with systems such as Entrust that
include management features.

Most certificates are set to expire in a set amount of time, such as a year.
Someone will have to see that they get reissued. Someone will also have to
make sure that certificates for employees who leave a company are revoked and
that new employee certificates are issued.

SMIME'S THE WORD. The final area of concern IS managers face is the new wave
of protocols being spewed out by various industry consortiums. Numerous APIs
are being created that cover all the aspects of using encryption.

Although these APIs are posing as standards, in truth the two most popular
APIs for the commercial sector are merely vehicles for the mass adoption of a
particular company's key technology.

Nevertheless, vendors of products such as e-mail packages are lining up behind them.

The four big protocols being worked on are Secure Multipurpose Internet Mail
Extensions (SMIME), Multipart Object Security Standard (MOSS), the
next-generation version of PGP that allows asymmetrical key exchange, and
Message Security Protocol, says Rik Drummond, chairman of the IETF's
electronic data interchange over the Internet committee and president of The
Drummond Group, a consultancy in Fort Worth, Texas, that helps corporations
choose and implement networking and security systems.

MOSS is the API for the Department of Defense, and it will be mandatory for
anyone in the government or anyone who does business with it.

But commercially, SMIME and PGP, Version 3.0, are more robust choices,
Drummond says, and they offer features best-suited for the commercial sector,
such as backward compatibility, and better key and certificate management
capabilities.

By far the biggest names in the Internet world have lined up behind SMIME,
including Microsoft Corp., which intends to make Microsoft Exchange
SMIME-compliant; Netscape; and Qualcomm Inc., maker of the Eudora e-mail
package.

That makes it a comforting set of protocols to choose because corporations
that buy products with SMIME or that purchase SMIME toolkits for customer
applications will know that they will be able to communicate with the vast
majority of others through a de facto standard. Those using other protocols
will be left talking to themselves.

Still, SMIME, as it stands now, isn't a panacea. Among its problems is that
"the signature is exposed outside the encryption envelope," Maskowitz says.

Also, once a message is encrypted with someone else's public key, the sender
of the message can't open the message to make changes, Maskowitz adds.

The architects of SMIME haven't completed the APIs yet, so there is some
possibility that these problems will be fixed but in all likelihood not in
time to be included in the first crop of SMIME-compliant applications, due to
start rolling out this fall.

Even with such serious issues still up in the air, today's encryption and
certification products can offer a great deal of protection, especially if the
Internet or a wide area intranet is becoming a serious business tool for a
particular organization, and it can't wait for a de facto standard to emerge.

For those with the time to wait, the learning curve should be ascended now.
Mass adoption of encryption technology is a virtual certainty. Those that
ignore it will find their secrets being blabbed to the world.

_
Uses for encryption technology:

* Sending sensitive data over publicly owned wide area links;
* Sending sensitive data over Internet e-mail;
* Electronic commerce;
* Electronic data interchange over the Internet;
* Order entry/order status over an intranet or the Internet;
* Automated access to personnel files;
* Storing sensitive data online;
* Distribution, newsgroup style, of sensitive data.

_

Will the export of strong encryption be allowed?

One of the problems with adopting encryption worldwide is that the federal
government severely restricts its export. In fact, encryption technology is
classified as munitions.

Therefore, U.S. encryption vendors and corporations are forbidden from
exporting and deploying versions that use more than a 40-bit key. However,
companies in other countries, such as Japan, can freely sell encryption
technology that uses the tougher 1,024-bit standard.

The U.S. government isn't completely closing its eyes to the matter. In July,
Vice President Al Gore unveiled a proposal that would create a key-escrow
system allowing keys greater than 40 bits to be exported but requiring a third
party to keep a copy of a key that could be used by law enforcement
officials. (See _U.S. considers easing encryption export laws_.)

And this past June, the Senate Subcommittee on Technology, Science, and Space
heard a slew of testimony from encryption vendors and other experts on the
problem. In fact, there are several bills pending in both houses of Congress
that would relax the current export restrictions. The Security and Freedom
Through Encryption Act was introduced in the House by Rep. Robert Goodlatte,
R-Va. Meanwhile, The Encrypted Communications Privacy Act of 1996 was
introduced in the Senate by Sen. Patrick Leahy, D-Vt., and the Promotion of
Commerce On-Line in the Digital Era Act of 1996 also sits before the Senate.

All three laws would relax the 40-bit restriction on keys as well as
eliminate other restrictions on international use and development of
encryption.

Officials of U.S. corporations look forward to these changes and believe that
such changes would improve their ability to compete in the international
marketplace.

"We're an international company, so we can't use the domestic version of
Netscape [Communications Corp.'s Netscape Navigator]. And we can't trust the
data using the international versions," says Richard Perlotto, corporate
network security manager at VLSI Technology Inc., in Tempe, Ariz.

Julie Bort is a free-lance writer based in Dillon, Colo.