The good news: software and online service vendors are getting organized around security, and have taken security into consideration as a habit. The bad news: hackers are organized too. John Patrick from Attitude LLC led a panel discussion at DEMO 2006 to explore not only the Future of Security, but also taking on the challenges at the foundation of bringing security to an inherently open system:
Hilarie Orman, CTO of Shinkuro, sees that even government regulators and insurers are working to develop an acceptable level of security. In her opinion, secure operating systems are possible. The NSA paid for a hardened version of Linux, which is either a very good or very intimidating place to start. Orman theorizes that we won't be able to address security adequately until computer technology hits a plateau and we have the time to focus upon the issue. (Her idea of a plateau is when software hits the limits of silicon, and we are waiting for quantum computing to become available.)
Charles Palmer, general manager at IBM Research, believes that most consumers are now aware and thinking about security, which represents a great stride forward. Unfortunately, it's incredibly tough to go back for security retrofitting, and most software was built initially without thinking about security. And Dr. Partha Dasgupta, an associate professor from Arizona State University, doesn't see instructors teaching their students how to write safe code. There are a number of coder habits that, if maintained, would make software safer. Why aren't teachers introducing these habits from the start? As Patrick stated, "The only secure server is a server that's powered down."
Dasgupta also posited that many problems could be avoided if people would simply use PKI, which has been around for so long that its patent has expired. Most people don't even know that security has been built into email software. It's too hard to figure out public key infrastructure (PKI), and there's no one to teach consumers.
IBM is trying to find small-scale solutions that provide protection for sensitive data such as identity. In the consumer market, for example, solutions such as smart cards are better than nothing, and an uncorrupted, insecure operating system is better than the typically corrupted systems that are in use today. Palmer believes that most security solutions offered are overly complicated, and that complication introduces weaknesses. (This is an interesting counterpoint to the opinons held by Phil Zimmermann, the inventor of PGP - see my previous post.) Dasgupta agreed, stating that the more mobile devices you have, the more points of entry a hacker has. He thinks that simple protections like the ASTAV demonstration will be hard to beat.
Biometrics were very popular with the panelists. Dasgupta believes that fingerprinting is most reliable since we've been doing it the longest, but it's also more hackable since you can phish for fingerprints or steal the biometrics. Palmer claims that most fingerprint systems are only taking measurements from a finger, not an actual print or picture. If this information isn't protected, one could easily envision attackers creating false fingers. Palmer's team is working on "cancelable biometrics" - this means that biometric data is one-way; you could scan a finger, but you couldn't create a finger from the scanned information.
Voice printing has more potential since it is the most flexible. Dasgupta prefers more sophisticated means, such as verbal challenge-response, in order to collect voiceprints. This is superior to using the same basic phrase, which could be recorded and played back any time. Palmer also likes the challenge-response of voice, since it's hardest to imitate and hackers won't always know the right words.
Face is a challenging biometric, since recognition is still imperfect. Tracing the veins in your hand is a promising area, as are iris scans. (My officemate, Todor Tashev, tells me that iris scans are best since you can verify that they come from living tissue. Unlike fingerprints, which can come from dead tissue. I may not want to know how Todor knows this.)
Let's note that none of this obviates the need for cryptography. If a phisher can hack into your account where the fingerprint is saved, then he doesn't need to create a copy of your finger!
All of the panelists work in some way with the federal government, so Patrick dug in on how breakable and susceptible these security systems were to government surveillance. Dasgupta thinks that regular encryption is essential, since only using encryption occasionally will draw attention to those emails that have been encrypted.
Orman likes encryption, but worries about key management. Key selection and protection are not well-managed, so you can have unbreakable cryptography with an easily accessible key. For example, Orman noted that to do a brute force attack against a 128-bit symmetric key with efficient computing, it would take the energy of all the sunlight that hits the earth in one year. That's a lot of power budget for one hack, so protecting the key becomes the essential element.
Tags: christine herron christine.net space jockeys demo 2006 attitude security technology
