IBM®
Skip to main content
    Country/region change    Terms of use
  
 
 
    Home    Products    Services & solutions    Support & downloads    My account    
IBM Research

Think Research


 


 Featured Concept
Security for a Networked World

By Mark Fischetti

New Approaches to End-to-End Security can Enhance the Value of Network Computing by Preventing Unauthorized Access to Systems and Data

In Brief:

A weakness at any point in today's networked world, from individual computers to Internet servers, can give attackers access to any part of the system. To boost security, IBM researchers have devised new means of authenticating communicators of information, controlling the activities of incoming software, and ensuring ultimate security for highly sensitive applications. In some cases, corporate users can tailor the security techniques to their specific needs.

A few short years ago, securing data was straightforward: you entered a password to authenticate yourself to the host computer, or checked floppy disks for viruses. Those steps took care of the major threats. Outsiders couldn't intercept a hardwired connection, and the PC wasn't connected to anything.

Today, though, we live in a networked world. While the benefits of being connected are undeniable, so are the added security risks. Unless adequate precautions are taken, intrusions can occur. Messages can be intercepted, allowing an eavesdropper to capture data or passwords. Harmful files can be downloaded unwittingly, corrupting other files or even giving a hacker access to one's entire system. Impostors can con users into revealing valuable information, resulting in financial losses.

Of most concern is that a weak link anywhere in this system - a computer, a company's intranet, an Internet provider's server or downloadable software - gives an invader access to every other portion of the system. "The sum of the parts is often a hole," observes David Safford, manager of network security at the Thomas J. Watson Research Center. That's why Safford and colleagues at Watson, as well as at other Research labs and sites throughout the company, are developing new schemes to address specific security loopholes or improve existing ones that not only protect your data, but ultimately will create a more secure environment for networked computing. That translates into three primary goals: keeping your communications private, authenticating who you are communicating with so you can't be duped by impostors, and defusing subversive programs that can damage your computer, steal data or carry out "denial of service" attacks that jam your system.

Are You Really You?

For most applications, current encryption schemes can meet the first goal of preserving privacy. More problematic is the fact that encryption can't verify who is communicating with whom. Exposing impostors requires software to manage the cryptographic "keys" that identify a sender and receiver. "The hard part is not encrypting the data," Safford says, "but authenticating who is sending it."

To authenticate who is trying to log in on a company intranet the Open Software Foundation, a consortium of the world's leading computer companies, has devised the Distributed Computing Environment (DCE) protocol. IBM Research played a key role in developing DCE, which the foundation has adopted as a standard. DCE is available on all of IBM's new operating systems, including OS/390®, OS/400®, and AIX® (IBM's version of Unix), and as an add-on for earlier operating systems.

François Dolivo and his team at the Zurich Research Lab are developing a smartcard-based solution to secure user authentication that essentially moves to the smart card the same function that is executed within DCE today. Once a user enters his password or Personal Identification Number (PIN) into the smartcard, it will securely authenticate the user to any server one wishes to access on the network. Other groups at Watson and in Zurich are developing further security solutions based on smartcards, most notably secure electronic payments and secure electronic ticketing.

On the Web, a server's identity is authenticated with Secure Socket Layer (SSL), a protocol developed by Netscape that is built into the latest Web browsers from Netscape and Microsoft and that can provide security for applications. Currently, most software does not authenticate who is requesting information from a Web server - or from any computer on any kind of network, such as that on an intranet. Dolivo's smartcard-based sign-on solution will support a secure SSL handshake for authenticating users to Web servers based on their secret cryptographic key.

While SSL protects application data, a more general protocol that operates at a deeper level and could ensure security of all network traffic would be preferable. The Internet Engineering Task Force, an international standards-setting group, is developing such a scheme, called the Internet protocol security standard (IPSEC). Once again, Research has been fundamentally involved in defining the standard, which includes both the design of the cryptographic key exchange protocols and IBM's HMAC message authentication technique (see "Making the Internet More Secure," Research, Number 2, 1997).

IPSEC can authenticate and encrypt any transmission between any sender and receiver, and would be installed on each user's computer. It enables the creation of "virtual private networks" over the global and open Internet. "Ultimately, the operating system is where security should reside," Safford says, because that's where outgoing and incoming communications are controlled. His group is finalizing the IPSEC code for IBM's new operating systems, which should be shipped on products by early 1998. Microsoft is on the same schedule for its Windows 95® and Windows NT® operating systems, as is Sun for its Unix operating system.

How can users obtain protection? "Go to your company's systems administrator," Safford advises, "and say you want the new versions." He also encourages customers to press their Internet service providers to upgrade their servers to run IPSEC. This will add a layer of redundancy against hackers who might try to get into your computer by breaking into a server and waiting for you to log on.

Java in the Sandbox

Once it is widely deployed in a year or two, IPSEC should protect outgoing and incoming transmissions from eavesdropping. It will also enable users to authenticate who they are communicating with. That leaves the third security goal: stopping downloadable software that could contain a rogue program. So large is the potential problem that it has spawned an entire branch of security research known as active content control.

Active content, or "downloadable executable content," is any program you can download from a network and use on your computer. It includes shareware, Active X programs obtained over the Web using Microsoft Internet Explorer® and "plugins" - software plucked from the Web using Netscape. It also includes Java® "applets," the newest, rapidly spreading mini-programs that work with any browser or operating system.

Once downloaded, these programs must access your operating system to function. That's when the breach can occur. A group at Watson, led by Nayeem Islam, has devised security software, called Flexxguard, that prevents any applet from accessing restricted parts of the operating system and from performing illicit operations such as erasing files.

Flexxguard belongs to a class of techniques generally known as sandboxing. Imagine that an operating system is contained in a suburban backyard with the portion of the system that runs Java in a sandbox in one corner of the yard. Flexxguard forces the applet to work within that sandbox. Of course, the applet has to call for data from certain parts of the operating system to do its intended job. "Policy graphs" - computer code specified by the user - determine the kind of data the applet is allowed to see and the actions it may perform.

The policy graphs provide multiple levels of control. For starters, an incoming program from an undesirable or unknown source would not even be allowed into the sandbox. Applets that are allowed to download are assigned "tables" specifying what they may and may not access, the actions they may perform and the computer resources they may access. Finally, the applets are continually monitored to ensure that they comply. If the applet tries to violate the restrictions, it is stopped and a message flashes on the computer's screen.

In effect, Flexxguard's policy graphs operate as you might when answering the doorbell. If a man wearing a uniform from an unknown utility company requests access, you won't let him in. If he is wearing the correct uniform and provides identification, you will let him in but allow him access only to your basement and electrical meter, but not your bedroom or your personal files.

Flexxguard works on JDK® operating systems, and IBM presets the policies that control access. A prototype has been available for free since December 1996 through IBM's Alphaworks service. Some of its features are being incorporated into the next version of Java, JDK1.2, being developed by Java's co-owners, JavaSoft and Sun. Islam and his colleagues are now working on a new operating system, called Lava. "The idea of Lava is to enforce security at the operating system level rather than at the Java virtual machine level," says Islam. It also allows for centralized management of the policy graphs. For example, "If General Motors said, 'Hey, we need to set our own policies,'" Islam explains, "they would be able to buy Lava software from IBM and program it." IBM is also talking to manufacturers about incorporating Lava into the next version of operating systems that run Java.

Meanwhile, Islam and his team are adapting Lava to work with all downloadable programs, not just Java applets. And they are trying to make Lava available for any device that can download a program, including personal digital assistants and other so-called Tier-0 devices.

At Zurich, meanwhile, security is being addressed for mobile agents - programs that roam the network, seeking, filtering and forwarding information back to their owners, or even doing business on their owner's behalf (see "The Secrets of Agents," Research, Number 1, 1997). "Thus," points out Günter Karjoth, a researcher at Zurich, "mobile agents are a generalization of active content that raise many of the same security concerns as applets." To foster acceptance of agents, Karjoth has developed a coherent security model that addresses many of these concerns, as well as the additional one of host computers harming a visiting agent. The model defines the principals within an agent system with respect to their responsibilities and interests, and their access to resources. A policy database and owner-specified preferences provide control of the agents. In cooperation with the Aglets team at the Tokyo Research Laboratory, he is now designing a security architecture and application programming interface (API) that will enable agent application developers to enforce their own security - so that an agent can, for example, control access to its own data or audit its own security-relevant activities.

For defense in depth, David Safford is extending the sandbox approach to a computer's entire operating system. He is working alone on a concept called Skeptix, for the Unix operating system, which would sandbox any application, not just downloaded software. This would enable a company to control which programs, and thus which users, have access to specific parts of the firm's intranet, computers on the intranet and employees' individual machines. It would also operate on Internet service providers' computers, to limit the spread of rogue programs. "With Skeptix, IPSEC and Lava," Safford says, "we will be able to provide all the pieces of the security puzzle."

Mark Fischetti is a technology and business writer in Lenox, Massachusetts.

For More Information:

The Secrets of Proactive Security

No security method is 100 percent foolproof. As a result, continual improvements are needed to thwart attackers. One such method, known as proactive security, is a means of maintaining security over long periods of time in the face of repetitive attacks. Much of the work in the field so far has been done by cryptographers at IBM's Thomas J. Watson Research Center and its sister labs in Haifa and Zurich. Paradoxically, points out Watson's Tal Rabin, proactive techniques exploit the same distributed nature of computing in a networked world that created much of vulnerability in the first place.

One application that can benefit from proactive security is that of digital signatures. Such signatures depend on the technique of public key cryptography, in which a person uses a private key to sign an outgoing message with a unique signature, and a public key that a recipient uses to authenticate that signature.

To advance the use of public key cryptography, users must feel confident that a public key really does belong to its stated owner. The task of authenticating public keys would fall to a so-called certificate authority (CA). The CA would also have a private key, which it would use to sign a certificate with a digital signature. The matching public key of the CA would be widely published and even installed in hardware. The ensuing difficulty and expense of changing the CA's public key require maintaining the private one for long periods of time, thereby exposing it to repetitive attacks. Keeping the CA's private key secure, yet accessible, is a major challenge.

One approach is to store the key in a protected computer. But a sophisticated hacker, given enough time, could probably penetrate the computer and steal the key. In short, the mere fact that the key is in one place and susceptible to repeated attacks undermines the security of the key. Proactive security offers a solution to this problem.

Divide And Protect

Proactive security can be regarded as a further step in the ongoing process of making a private key increasingly more secure. To start with, consider one simple improvement for safeguarding a private key, namely, dividing it into, say, three partial keys, each stored in a separate computer. To reconstitute the entire key a hacker would then have to break into all three, which is a more difficult and time-consuming task. However, if one of the computers crashed and a partial key were lost, not even the rightful owner would be able to reconstruct it.

A more sophisticated scheme for distributing the key is therefore required. Known as threshold distribution, it uses equations to split the key into pieces on multiple computers in such a way that the pieces from some but not all of the computers are sufficient to reconstruct the key. Now, a crook would still have to break into multiple computers, but if some of the computers crashed, the key could nevertheless be reassembled by the owner. So far, these schemes assume that a hacker could not break into enough computers to steal the key. That might be the case over a few weeks, but if the key must be safeguarded for, say, a year, hackers might be able to complete their invasion. It was this kind of concern that gave rise to the notion of proactive security, whereby security measures are continually taken to protect the secret information in the first place, and to allow recovery from known or unknown partial break-ins in the second.

Here's how it works. Suppose a private key is divided among three computers, and any two of the partial keys are needed to reconstruct the entire key. To limit the time a hacker would have to break into two computers, researchers at Watson and Haifa have devised a way for the computers to "refresh" the partial keys. The computers communicate during an update session, and change each partial key in each computer in such a way that three partial keys still constitute the same private key. The update session, which takes only a few minutes, could recur as often as the owner likes (and will pay for). Now, a thief would have to break into two computers within the specified time before the partial keys change. The only potential loophole in this scheme would occur if the key had to be reassembled when it was time to use it, for example, when a certificate authority wished to issue a certificate. During that period when the key is in one place, it would share all the vulnerability of a secret key stored in a single computer. To prevent that from happening, the proactive signature scheme includes an algorithm in each computer that creates a partial certificate. These are sent to an independent processor that combines them into a complete certificate. Even if these partial certificates were stolen, it would not reveal the values of the partial keys, thus protecting the CA's private key.

Researchers at Watson and Haifa are now applying this framework of proactive signature schemes to the Digital Signature Standard (DSS), a U.S. industry standard for creating digital signatures. Rabin says the mathematics for providing "proactive DSS" are complete. So are the mathematics for proactive RSA, the prevailing signature technique worldwide. IBM researchers are now implementing proactive DSS and proactive RSA for certain applications. And the Sandia National Laboratory has indicated that it plans to use proactive DSS for its own applications.

"There is great motivation to use our techniques," Rabin says. "If a private key of a certificate authority were compromised, it would be a tremendous financial loss for the authority and would compromise the security of people who used certificates issued by that authority. And it would require an expensive reinstallation of a new public key."




    About IBM    Privacy    Contact