The following text is copyright 1993 by
Network World, permission is hearby given for reproduction, as long as
attribution is given and this notice is included.
By: Scott Bradner
One of the most basic
problems in this computer or networking biz is the inability to get assured
data. Now I don't mean statistics; such as how many packets a router has sent
since last Thursday. Its the simple things like, how do you know that the new
version of the router software you picked up via ftp over the Internet really
came from the router vendor? How do you know that the copy of /bin/login on
your SUN sparkstation is the one that SUN put there? Or, is thet configuration
file that your router just retrieved via tftp the one that the network manager
edited? Is the security bug fix you just retrieved from that bulletin board a
Trojan horse that opens more holes than it closes?
The lack of a way to
ensure of the authenticity of origin and the lack of surreptitious modification
of the many types of files each one of us uses could keep a body awake at
night. (That is, if most of us stopped ignoring the possibility of problems.)
It has been in the back
of my mind for a while that this would be a good topic for a column when the
Network World special issue on security brought it to the foreground again.
I'd like to point out a
particular technology that was described in that issue which could go a long
way towards allowing sleep (even if the problem is not being ignored).
If the creator of a
particular file, be it program, configuration or data, added a digital
signature then the user could go through a process that would provide for
complete assurance that the file had not been modified since the digital
signature was created. You also could be sure of who created the file. For
example, Proteon could include a digital signature, signed by Proteon ,with the
copy of the router's system software upgrade in an anonymous ftp directory.
When the file is retrieved, the signature could be checked. If it verified, you
could be sure that it came from Proteon and had not been modified . (Unless
someone had stolen the Proteon private key, in which case the integrity of the
software would be merely the start of some interesting times.)
One place that this
technique could prove quite useful is in virus checkers for personal computers.
Microsoft could include a digital signature with the diskettes of Microsoft
Word. Microsoft would then give its public key to the vendors of virus
checkers. With this knowledge, the virus checker can almost instantly verify
that the copy of Microsoft Word had not been infected. One problem inherent
with this approach is that some of the personal computer software modifies its
files to insert customizing information, such as the user's name. This could be
dealt with by simply moving the custom information into a separate file or into
a portion of the program file that is skipped by the digital signature.
This may sound like a
bit of a panacea. It could be used to help in a lot of cases but still would
not protect the person who uses their first name as a password. Digital
signatures can be an additional tool to help build a secure environment, but
good procedures are the building blocks and common sense is the mortar.
sob@harvard.edu