Computer Security

Like almost all topics related to computing, computer security is a complex and contentious subject.  There are many reasons for this situation, and we have discussed some of them over the course of this semester:  the various values and perspectives that computing brings into conflict, the conflicting social meanings that we build around computing, and the important financial and political conflicts that computing helps to shape and, in turn, is shaped by.  Seen from this point of view, computer security is no different.

At the same time, however, computer security is a bit too narrow a term for the kinds of concerns of most interest to this course.  Computer security is only one component of a much larger question:  information security.  Very generally speaking, those of us in LIS tend to think in terms of information security, while practitioners in computer science, telecommunications, and electrical engineering tend to think in terms of computer security.  I will presume away differences between the terms and use them synonymously here.

One important school of thought holds that we should think of computer and information security primarily as a way to increase access to information by as many people as possible, and, only then, think of security as a way to protect important assets from intruders (Bill Bard, personal communication).  Instead of terms such as “information security,” terms like “information assurance” or “information quality” help us develop a different psychology of security and a deeper understanding of information distribution (Bard, 1996).

Bill’s notes go on to discuss the fact that, to assure information quality, any system must be able to provide three functions:

·         Integrity (accuracy or authenticity)

·         Confidentiality (secrecy or privacy)

·         Availability (accessibility or reliability).

These functions are supported by a number of components, commonly identified as the five A’s (Bard, 1996):

1.       Authentication, the unerring identification of users, programs, and data

2.       Authorization, the trustworthy association of identities with allowed activities

3.       Accounting, the recording of characteristics involved in system activities, e.g., determining answers to the questions how many, when, how long, who, what, and so on.  This meaning of “accounting” is not equivalent to the concept of billing.

4.       Auditing, often employed only selectively to determine the specific actions of specific entities during a specified time

5.       Administration, the adding and removal of entities from the system.  Administration is also recognized as the means by which the system interacts with the outside world.

Providing these functions in a networked environment is clearly a challenge.

Carroll (1996) offers some useful conceptual and practical advice about how to achieve just such a goal.  Unfortunately, Carroll emphasizes the negative aspects of computer security (keeping intruders out), with relatively little concern for the positive aspects (establishing an infrastructure of trust that ensures sharing of high-quality information).  Such an emphasis, however, is most common in the security literature, especially that written by computer specialists.  Further, the book has relatively little on Internet security per se.  The interested reader might find Brenton’s Mastering Network Security quite useful; it is also the major textbook for the Information and Network Security course taught here by one of our alumni, Lance Hayden, now head of security for Cisco Systems.  Despite these limitations, however, Carroll’s book is very good, especially for its use of lists and examples.

He begins by identifying a number of characteristics that make digital technologies especially vulnerable to attack (p. 4):

·         Density of information

·         Obscurity

·         Accessibility

·         Undetectability of forgery

·         Retentivity

·         Profligacy.

Carroll then gives a taxonomy of the most probable kinds of attacks (p. 7):

·         Covert attacks by employees (subversion)

·         Unintended attacks by employees (negligence)

·         Accidental occurrences

·         Covert attacks by non-employees (stealth an deceit)

·         Overt attacks by outsiders (force)

·         Overt attacks by employees

·         Unintended actions by outsiders (input error).

Carroll also provides seven defense mechanisms to help ensure the security of computerized information (pp. 12-13):

1.       Physical security

2.       Personnel security

3.       Encryption of sensitive information

4.       Technical surveillance inspection

5.       Suppression of compromising acoustical and electromagnetic emanations

6.       Communications line security

7.       Unique identification of users and their levels of authorization.

Carroll also refers to the Computer Emergency Response Team (CERT), based at Carnegie-Mellon University in Pittsburgh.  He goes on to note that “[i]n the present state of the art, information technology security can ensure privacy, dependability, and availability of interconnected computers . . . .  it cannot do this and still allow national governments to pursue evaders of taxes, export restrictions and other prohibitory laws” without some form of escrow deposit of cryptographic keys.  This tension between protecting information and communication, on the one hand, and protecting society from criminals, on the other, is among the most volatile of information technology policy conflicts.

Later in the book, Carroll refers to two ways in which the microcomputer/PC can be secured:  “absolute physical and electrical isolation” (p. 453).  These characteristics are often overlooked when people are concerned with the vulnerability of their networked machines.  Turning them off, even without disconnecting network connections, provides unassailable protection.  Many people, however, dislike turning off their machines because of concerns about the aging effects of power surges that occur when a machine is turned on and because they wish to make their machines’ cycles available to others during off hours.

Anyone interested in further pursuing the topic of computer and information security is encouraged to take Lance Hayden’s course here at the iSchool and to use the resources available to you in print and online.  I cannot emphasize strongly enough the classic status of Schneier (1996).

A Few Words on Cryptography Policy in the United States

Cryptography policy is extremely contentious in the U.S. as elsewhere.  There is an inherent conflict between two important goals referred to briefly above:  open yet secure communication and the need to protect society from criminal behavior.  The U.S. has controlled the export of cryptographic tools using the same means as those used to restrict the export of certain kinds of armaments.  Within the past two years, however, the United States has slowly but surely loosened its restrictions on the use and export of cryptographic techniques.  Similarly, the Clinton administration surrendered its championing of the Clipper Chip and other escrow techniques, although the Clipper Chip is now a mandatory feature of televisions made in America.

An assertion commonly made is that national security entities and law enforcement officials want to discourage the use of encryption so that criminals, “terrorists,” and others cannot pose a threat to the public good and U.S. national security.  Citizens, political organizers and activists, privacy proponents, and others are commonly assumed to be enthusiastic proponents of cryptographic techniques.

This simple duality is misleading, however.  Encryption can just as easily be used to protect privacy, ensure the integrity of commercial transactions, and otherwise prevent crime as well as encourage it.  In addition, citizens may have a compelling interest in access to governmental and other records to monitor the actions of government officials, yet strong encryption might prevent this form of public oversight.  In this sense, there is an inherent tension in encryption as there is in intellectual property, especially copyright.  As creators of intellectual property, we want the strong protection given to our economic and other interests by copyright, patents, trademarks, and restrictions on unfair trade practices.  On the other hand, as users of others’ creative work, we want the ability to use that work as freely as possible.  The parallel in cryptography policy is that all parties, whether governments, individual citizens, or businesses, are proponents of hard encryption when sending or receiving information, but are against hard encryption when looking to intercept or use information intended for others.  It is in this ambivalence, caused by our dual roles as users and “opponents” of cryptography, that the principal policy conundrum related to cryptography lies (Doty).

The civilian use of cryptography and its invocation in ordinary digital communication is emerging only now as an important policy area.  The lack of considered, integrated policy about cryptography reflects the lack of social consensus about the social structures necessary for the protection of digital information and its appropriate revelation.  There are complex and interlocking means, however flawed, for the protection of identity, privacy, confidentiality and the like in the “real world” — for example, birth certificates, drivers’ licenses, injunctions to appear in person with appropriate documents to prove identity, fingerprints, retinal patterns, blood type, and other methods.  While there are some analogues of such protections in the digital world, they are often very weak when compared to the protections granted by the corporeal world.  Similarly, the methods for revealing identity, even compelling the revelation of identity, in the “real world” have no full counterparts in computer networks, despite the ubiquity of passwords and other security mechanisms.

As noted earlier, under certain circumstances, cryptographic technologies can be formally classified as armaments, included on the U.S. Munitions List, and, therefore, subject to export restrictions under the Defense Trade Regulations (formerly the International Traffic in Armaments Regulations), security classification, Executive Orders, National Security Decision Directives, and other policy actions.  Inclusion of cryptographic algorithms on lists of restricted exports makes cryptography subject to regulation by the Departments of Defense, State, and Commerce, as well as by the Executive Office of the President.  Such regulation is often without appeal.  The interested reader may wish to consult Title 22 of the United States Code (Foreign Relations and Intercourse), especially Chapter 39 (Arms Export Control), Subpaper III (Military Export Controls) and Title 22 of the Code of Federal Regulations (Foreign Relations), especially sections 123.27 and 126.1.

Cryptography is important to a discussion of Federal information policy for information professionals because of simultaneous and sometimes conflicting concerns for privacy, protection from fraud and other digital malfeasance, and national security, on the one hand, and for the ability to intercept and read messages and provide equitable access to information, on the other.  Whatever the user’s identity and whatever the nature of the communication, the importance of cryptographic policy will only continue to grow.  Cryptography underscores short- and long-term information policy conflicts that LIS professionals must help our society address, especially to support the public interest in information in a society where the commodity value of information threatens to overshadow its other characteristics.

Sources

Bard, Bill.  (1996).  Computer security.  Prepared notes for Fundamentals of Digital Information (LIS 385T.6).  Austin, TX:  Graduate School of Library and Information Science. [Mr. Bard spent 30 years as a senior manager in Information Technology Services at UT-Austin, and he continues to serve the University as a Senior Lecturer in the Department of Electrical and Computer Engineering.]

Brenton, Chris.  (1999).  Mastering network security.  Alameda, CA:  SYBEX Network Press.

Carroll, John M.  (1996).  Computer security (3^rd ed.).  Boston:  Butterworth-Heinemann.

[United States] Code of Federal Regulations. http://www.access.gpo.gov/nara/cfr/cfr-table-search.html

Denning, Dorothy.  (1997).  The future of cryptography.  In Brian D. Loader (Ed.), The governance of cyberspace:  Politics, technology and global restructuring (pp. 175-189).  London:  Routledge.

Diffie, Whitfield, & Landau, Susan.  (1998).  Privacy on the line:  The politics of wiretapping and encryption.  Cambridge, MA:  MIT Press.

Doty, Philip.  (under revision).  Federal Information Policy in Library and Information Studies.

Kahn, David.  (1996).  The codebreakers:  The story of secret writing.  New York:  Scribner.

Landau, Susan, Kent, Stephen (Chair), Brooks, Clint, Charney, Scott, Denning, Dorothy, Diffie, Whitfield, Lauck, Anthony, Miller, Doug, Neumann, Peter, & Sobel, David.  (1994).  Codes, keys and conflicts:  Issues in U.S. crypto policy.  Report of a Special Panel of the ACM U.S. Public Policy committee (USACM).  s.l.:  Association for Computing Machinery.

Schneier, Bruce.  (1996).  Applied cryptography:  Protocols, algorithms, and source code in C (2^nd ed.).  New York:  John Wiley & Sons.

Tanenbaum, Andrew S.  (1996).  Computer networks (3^rd ed.).  Upper Saddle River, NJ:  Prentice-Hall.

United States Code. http://www4.law.cornell.edu/uscode/