Abstract: How and why have concerns about internet security evolved over the past 15 years? What are some of the proposed legal and technical solutions? This paper analyzes security issues for three archtypical internet applications.
In 1993, the internet reached a turning point as a communications medium. With the World Wide Web and Mosaic as user interfaces lying on a solid technical infrastructure, the internet is becoming a communications tool for the general public. During the transition period, basic network security issues need to be re-examined.
CASE #1: buying pizza over the internet SECURITY ISSUE: transferring credit card numbersIt's late, and I'm hungry. Let's order pizza over the internet. Twenty years ago the mere thought would have illicited laughter. Today, we have a broad choice of on-line restaurants. What type of security concerns involve this scenario? Only one - keeping the credit card from getting ripped off. That credit card number needs to be transferred with at least the same amount of privacy that a phone call provides. If the internet is to be used as a serious tool of commerce, even more security is required.
CASE #2: Useless, useless bureaucracy stuff SECURITY ISSUE: Privacy over email, no forgeryPerhaps I want to send something important, something official over the internet. Maybe I want want the boss's signature on a purchase order. Maybe I need my advisor's signature on my add or drop form. I would appreciate it if other people did not read this stuff.
CASE #3: Allow people to view my museum photos of Triceritops legs SECURITY ISSUE: Keep people from mucking up my information serverRunning a sever on the internet involves a fundamental tradeoff. We want information to be freely available to others, but we don't want outsiders to violate our system. Maintaining a one-way road for information flow is not an easy task.
CASE #1: buying pizza over the internet SECURITY ISSUE: transferring credit card numbersRight now there are no obstacles to ordering pizza through the internet - if you pay cash upon delivery. Only a fool would send unprotected credit card numbers over a computer network.
Information packets pass through the internet like the Olympic torch making its way from Greece to Norway. (Ok, packets rarely go over ski jumps, but you never know.) As the information passes from computer to computer, there's a good chance somebody will jot it down.
Industry and network people acutely realize this shortcoming. The architects of WWW and Mosaic are developing a method for sending such information in encrypted form. No convenient technical solutions have been implemented, as of yet.
The most workable solution involves encrypting a credit card number and sending it over email. Developers will expend much effort to build this transparently into the Web.(2) While NCSA Mosaic release 2.4 has menu options for encryption modes, they are not used at this time.
A summer, 1994 New York Times article documented the first commercial internet sale. The PGP message encryption program protected the transfer of credit card numbers. Since then the internet has been swarming with merchants hawking their wares. As soon as developers implement a simple, secure credit card interface in Mosaic (this issue will be a top priority for the ten private companies that have licensed the program) the number of merchents will probably increase a thousand fold.
Note: as merchants advertise in inappropriate places like the "What's New list on NCSA Mosaic" (3), they annoy the technically established internet community. This exposes them to a higher security risk from indignant hackers.
CASE #2: Useless, useless bureaucracy stuff SECURITY ISSUE: Privacy over email, no forgeryWhat if I were to use snail mail? (i.e. the US Postal System) I would mail my advisor the add or drop form. He would sign it and mail it back. I would then mail it to the Registrar. This transaction would cost three stamps, a moderate amount of effort, and 11 days (by this time the deadline has long since passed)
Sending documents through US mail presents no real security problems. It is a federal offense to open US mail and also difficult to do so unless I happen to be a corrupt postmaster. Hand signatures are not inherently secure. Skilled individuals can readily forge a hand written signature. Still we trust hand signatures enough to bind contracts and laws.
Intercepting email presents little difficulty. Forging email is incredibly easy. The sidebar belowexplains why someone like the CIA or your neighbor's kid can so readily manipulate email.
Sidebar: Why email is so insecure
The internet was originally designed, with defense funding, to be a computer communications network capable of (among other things) surviving a nuclear war. To this end, the internet was specifically developed so that no one computer or link was crucial for the system's operability. When I send mail, the message bounces from machine to machine, before it reaches its destination. Often email will take a circuitous path, taking 15 "hops" before reaching a recipient.
At any point along the way, email can be read by an unscrupulous party. Either the owner of the machine or someone who has gained high level privileges can read your email without leaving any signs of tampering.
Forgery presents a larger problem. Since computers hand off email messages to each other with very little thought or verification, it is easy to slip a bogus message into the mailstream. A hacker can do this by by linking (via telnet) to a computer's mail port and manually entering a bogus message into the port.
Indivduals (like Phillip Zimmerman) and organizations (like Cypherpunks, and MIT) are implementing technical solutions to uphold email integrity. Chief amongst these methods is a technique called public key cryptography. In this solution, the user cyphers his or her email, or at least to provides a validating checksum at the end of the message to prove authenticity.
Because of patent issues and national security policy, this system was not available for general public use until the summer of 1994. The defacto standard email encryption program, PGP (4), has an estimated distribution of four million copies.
However, as PGP is a password based system, it is still possible for people to forge or intercept email. Inexperienced or security inept users are most likely to face this problem. FBI Special Agent Carol Covert of the Computer Crimes Squad claims that the Bureau has never seized an encrypted message they could not crack, however she declined to comment on whether this included PGP encryption.(5)
Legally, the privacy of email is best covered in Chapter 121 of the Electronic Communications Privacy Act (ECPA) of 1986. (6) As email is not considered instantaneous communication (covered by another section of the ECPA), the relevant law discusses unauthorized access communications facilities.
In summary, while there are technical and legal means to enhance the integrity of email, neither means are likely to be used. Do not send sensitive information through email without taking precautions.
CASE #3: Allow people to view my museum photos of Triceritops legs SECURITY ISSUE: Keep people from mucking up my information serverSystem break-ins are the bread and butter of traditional computer crime over the last decade. This is the category in which people invade my computer system and do things that I really don't want them to do. It can happen; security holes criss cross the interenet. Fortunately, there is little motivation for people to be mischievious when all the information is publicly available.
Most serious computer crimes involve pay services. Phone calls and computer links have been hacked since the 1960's. Steve Jobs got his start building hardware devices designed to rip off the phone company. Today, the Secret Service estimates telecommunications fraud at $2.5 billion.
Systems that sell information or services for a price are more likely to get hit by crackers. While the vast majority of World Wide Web servers provide free information, this setup will change as corporations try to profit from selling their information. (A pioneer in Web based information commercialization is Ziff-Davis publishing.(7))
Other popular criminal possibilities include break-ins to prestigious sites (Whitehouse.gov has gotten thousands of attempts) Another cracker option, in the case of Lawrence Livermore National Labs, is appropriation of disk space. Lawrence Livermore found its network transformed into a multigigabyte pornography server in the summer of 1994.
The first priority of a new technology is simply getting things to work, which was no small task given all the incompatible machines that run on the internet. Networks crashed frequently. A site was considered quite reliable if it managed to stay functional for an entire week. Many academic and commercial networks (especially the ones based on UNIX) still don't meet that level of reliability.
Fifteen years ago, it did not make sense to worry about outside attackers when system adminsitrators could not keep things working with benign users. In any case, hackers were mostly limited to bright engineers who occasionally pulled a prank with the computer systems. The Internet at that time was specialized, unknown by 99% of the general public, and capitalized.
The net had a brilliant strategy called "Security through Obscurity" Don't let anyone fool you into thinking that this was done on purpose. The software has grown into such a tangled mess that nobody really knows how to use it. Befuddled engineers fervently hoped potential meddlers would be just as intimidated by the technical details as they were themselves.
As networks went into practical use, hacking activities became more serious. A sub cluture evolved around telecomunications fraud through technical expertise. The hacking community was generally dismissed as harmless tinkerers. This group spawned much technical innovation. Steve Jobs got his start building "blue boxes", devices for scamming free long distance phone calls.
By the 1980's Americans grew more aware of their increasing dependence on computers. An attack on a computer could represent a threat to society. Movies such as "War Games" reflected this way of thinking. Nowhere was this more evident than in the E911 incident. Hackers had obtained some technical document describing Bell South's 911 Emergency Service details. There was much (unjustified) fear that hackers were in a position to disrupt the 911 service.
Law inforcement agencies responded to the public's concern. Official made some grevious mistakes dealing with the new and unfamiliar technology of omputer crime. Fiascos like the Secret Service raid of Steve Jackson games (which attempted to use drug raid techniques for computer crime) illustrated a rocky transition for law enforcement.
Moreover, on the technical side, networks were extraordinarily vulnerable. Robert T. Morris, then a graduate student at Cornell University, drove this point home. His 1987 "internet worm" brought down machines all over the world. His criminal trial helped initiate a new, more serious perception of computer criminals.
Today we have a motley set of tools used to protect our networks. PGP is slowly turning email into a more secure system. Groups like CERT (8) watch for, and react to, technical security loopholes exploited by hackers. Corporations attempt to shield their nets behind firewalls. Still, for the most part, systems run on a wing and prayer.
In the days of yore (three years ago) lackluster security didn't matter. Computer savvy hackers are quite able to poke around, but until recently they had little motivation to do so. Very little of value was available through the internet.
For instance, in the most highly touted computer espionage case of all time, a West German group of hackers, financed by the Soviets, broke into sensitive computers all over the United States. After routing through hundreds of military systems, the hackers managed to pirate a few programs. Like GNU Emacs.
Today, there are much better targets. Activities such as eavesdropping on a pizza order, forging official documents, and corrupting important information sources are all possible using a computer.
As 1994 progresses, it is becoming more and more clear that the internet is the mainstream "information highway" of the future. With the easy to use Mosaic interface, the Web will soon be ubiquitous in the general public. The consumer IP connection (hardware link) will most likely be provided through a cable television feed, although phone links of up to 28.8 kbps will also be in use
Further in the future, internet bandwidth will be expanded to make it more practical to transfer large amounts of information (for instance, video or digitized voice communications) Such services will likely incur a bandwidth fee from the network owner. Fortunately, the immense capacity of fiber optics should keep costs low.
What does this mean for security? Most likely hackers will return to their phone phreaking roots, using information services while avoiding payments. In addition, a huge base of technically uninformed users presents easy targetss.
With computer networks as part of the popular communications infrastructure, these three security issues need to be dealt with. They are, in fact, the last remaining stumbling blocks for internet aacceptance. Watch in the next 12 months as technical and legal solutions to the three situations arise.
Endnotes: (1) Fill-Out form Example #7, NCSA Mosaic Documentation. (2) This is the PGP Web Encrytption from Cern (3) What's New With NCSA Mosaic Mosaic Project, National Center For Supercomputing Applications (4) MIT PGP Release, MIT (5) Special Agent Carol Covert, Ethics: Law and Order on the Electronic Frontier: Class discussion Oct 3, 1994 (6) Cavasos, Edward, and Morin, Gavino, Cyberspace and the Law MIT Press, Cambridge MA 1994, page 23. (7) Infoseek Corporation in conjuntion with Ziff Communications. (8) Documentation for PGP, /mit/pgp/doc/politic.txt Other References: Access Authorization for WWW http://info.cern.ch/hypertext/WWW/AccessAuthorization/Overview.html Cavasos, Edward, and Morin, Gavino, Cyberspace and the Law MIT Press, Cambridge MA 1994. Covert, Carol, Special Agent, FBI Computer Crime Squad, Ethics: Law and Order on the Electronic Frontier: class discussion Oct 3, 1994. Farmer, Dan, "Improving the Security of Your Site by Breaking Into It", Sun Microsystems, March 1994. (Public) Mosaic Security Issues http://www.ncsa.uiuc.edu/SDG/Software/Mosaic/Docs/security.html Wallrich, Paul, "Wire Pirates", Scientific American, March 1994.