The following text is copyright 1993 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.
By: Scott Bradner
One of the most basic problems in this computer or networking biz is the inability to get assured data. Now I don't mean statistics; such as how many packets a router has sent since last Thursday. Its the simple things like, how do you know that the new version of the router software you picked up via ftp over the Internet really came from the router vendor? How do you know that the copy of /bin/login on your SUN sparkstation is the one that SUN put there? Or, is thet configuration file that your router just retrieved via tftp the one that the network manager edited? Is the security bug fix you just retrieved from that bulletin board a Trojan horse that opens more holes than it closes?
The lack of a way to ensure of the authenticity of origin and the lack of surreptitious modification of the many types of files each one of us uses could keep a body awake at night. (That is, if most of us stopped ignoring the possibility of problems.)
It has been in the back of my mind for a while that this would be a good topic for a column when the Network World special issue on security brought it to the foreground again.
I'd like to point out a particular technology that was described in that issue which could go a long way towards allowing sleep (even if the problem is not being ignored).
If the creator of a particular file, be it program, configuration or data, added a digital signature then the user could go through a process that would provide for complete assurance that the file had not been modified since the digital signature was created. You also could be sure of who created the file. For example, Proteon could include a digital signature, signed by Proteon ,with the copy of the router's system software upgrade in an anonymous ftp directory. When the file is retrieved, the signature could be checked. If it verified, you could be sure that it came from Proteon and had not been modified . (Unless someone had stolen the Proteon private key, in which case the integrity of the software would be merely the start of some interesting times.)
One place that this technique could prove quite useful is in virus checkers for personal computers. Microsoft could include a digital signature with the diskettes of Microsoft Word. Microsoft would then give its public key to the vendors of virus checkers. With this knowledge, the virus checker can almost instantly verify that the copy of Microsoft Word had not been infected. One problem inherent with this approach is that some of the personal computer software modifies its files to insert customizing information, such as the user's name. This could be dealt with by simply moving the custom information into a separate file or into a portion of the program file that is skipped by the digital signature.
This may sound like a bit of a panacea. It could be used to help in a lot of cases but still would not protect the person who uses their first name as a password. Digital signatures can be an additional tool to help build a secure environment, but good procedures are the building blocks and common sense is the mortar.