INTERNET SECURITY AND PRIVACY by Joan Lippincott, Assistant Executive Director, CNI Recent news reports have brought increasing attention to the vulnerability of the Internet to hackers and others who intentionally wish to violate the security of the Internet and the servers of institutions and organizations. Less attention is given to existing efforts to develop both technical solutions and policies to address these and other concerns. At the Coalition's Fall Task Force Meeting in Orlando on November 29-30, 1994, several experts provided attendees with an overview of projects and issues pertaining to network security and privacy. In his introduction of the panel, CNI Executive Director Paul Evan Peters commented that strategies for addressing security and privacy threats in networked environments frequently address three mechanical components (the clients, servers, and networks) and two non-mechanical components (the users and providers). These strategies are formulated and pursued with an awareness that most threats in cyberspace today are decidedly low-tech and that the organizational problems of building and managing secure and private systems are so difficult that they frustrate any purely technical solution. We're Not in Kansas Anymore! Bill Ruh, Associate Technical Director and Director, Workstation Systems Engineering Center, Mitre Corporation, spoke about the Internet and security from his perspective at Mitre, a non-profit think tank that works on projects for the federal government. His talk, "We're not in Kansas Anymore!" used the analogies of small town and urban America to describe attitudes and security concerns in the Internet. Ruh stated that the early Internet culture was similar to that found in small town America where everybody knew everybody else and people left their doors unlocked. This tendency was operationalized in the Internet by means of guest accounts and anonymous FTP. However, the Internet has now become a suburbia where there are lots of new people, and even a few "bad influences" and isolated incidents. In the Internet, we now lock our doors by giving people access, but controlling that access. We have a neighborhood watch program for security that includes an Internet firewalls mailing list, a Computer Emergency Response Team (CERT), and a Computer Incident Advisory Committee (CIAC). Ruh commented that we are emerging into a "Bright Lights, Big City" scenario where there will be millions of inhabitants, rising crime rates with no police force (and a federal government ignoring its role in this area), and a resulting move towards electronic security and private communities. The Internet population is changing and there will be more and more computer crime. As commerce comes online, this will become a more serious issue. Firewalls Providing security measures requires a balancing act, preserving the positive features of the network such as open lines of communication and collaboration, while ensuring the safety of our information assets. Ruh feels that we are moving into an era where we can balance these factors, primarily through the use of firewalls: a computer or a set of computers that control(s) the flow of network traffic in and out of the local community. Typical firewall capabilities are: access control, network service restrictions, user authentication, and transaction logging. Today there are over thirty different firewall products, a tripling of a year ago. Benefits of firewalls include: % creation of a barrier (or network "fence") that prevents unauthorized intrusion; % access to Internet resources in controlled manner; and, % reduction of the "zone of risk" to firewall components. Drawbacks of firewalls include: % lack of complete commercial firewall solutions; % unavailable firewall techniques for some protocols; % need for security management responsibilities, e.g. authentication management, log reviews; and, % negative impact on performance and user needs, e.g. popular network applications may not immediately be allowed by the firewall. Ruh concluded with a recommendation that institutions implement firewalls and noted that they are critical in situations where there are personnel records and copyrighted information. Common Solutions Raman Khanna, Director, Distributed Computing and Communication Systems, Stanford University, described the work of the Common Solutions Group's (CSG) Authentication Project. The CSG, which has both representatives of individual universities and other organizations such as EDUCOM, NTTF, CREN, and CNI, is working on inter-institutional authentication. The group has been formed to collaborate on the definition, development, and deployment of a higher education information infrastructure and development of middleware for higher education. The authentication project will architect an inter-institutional security infrastructure which will: provide the capability for secure, unambiguous universal identification of an actor for "store and forward" interactions, e.g. e- mail, for which we need public key technology; support privacy, integrity, and digital signatures; and, evaluate existing approaches, e.g. PEM (privacy enhanced mail) and PGP (pretty good privacy). The group has recommended the PGP approach for store and forward transactions and they are using MIT's Kerberos-mediated PGP key-signing service. CSG wants to use its leverage to influence vendors on directions in this arena. Intellectual Preservation Peter Graham, Associate University Librarian for Technical and Networked Information Services, Rutgers University, discussed information authentication, or what he described as intellectual preservation. Graham noted that one of the library's missions is to ensure that information is preserved in the form for which it was intended. Librarians work to preserve the intellectual content of materials well beyond the timeframe of their own lives. Graham divided the work of preservation into three categories. In "medium preservation," the problem is the decay of the artifact itself, (e.g. paper, magnetic tape), and the solution is to "refresh" the information. In "technology preservation," the problem is obsolescence, (e.g. new media and data structures), and the solution is to migrate the information. In "intellectual preservation," the problem is the malleability of information, (e.g. accidental updates, version control, and fraud), and the solution Graham proposed is digital time-stamping. Digital Time Stamping Graham stated that two solutions commonly proposed for intellectual preservation are encryption, which can require a private key and thereby restricts access to information resources, and digital signatures, which require secrecy and encrypted records. Digital time-stamping is an authentication solution that combines two techniques: "hashing" digital content and engaging in a "widely-witnessed event." Digital time- stamping, a generic name for a process developed at BellCore, can be used for public or private documents and there is no need for trust between the producer and user. Federal Policy David Peyton, Vice President, Processing and Networking Services Division, Information Technology Association of America (an association that represents computer software and service companies), presented a round-up of the status of security and privacy issues in the federal arena. He discussed three specific security issues: % Digital telephony ("FBI Wiretapping") - A middle-of-the-road law (PL103-414) was passed this year to retrofit the existing public network and to engineer for the future. % Message protection ("Clipper Chip") - The Administration feels that the current data encryption standard needs to be updated, and it has promoted the Clipper Chip, which Peyton said "flunks every user acceptance test," in this light. The Administration seems to be pulling back from its preference for the Clipper Chip, but it is not clear where things actually stand. % Digital signature protection - In the absence of a Federal standard, most firms in the computer industry have licensed implementations of a commercial standard in this area. Unfortunately, NIST proposed something totally different. The three privacy issues he discussed were: % Application areas - In the health care reform discussions, there was a general consensus that privacy issues should be addressed. In the new Congress, in which health care reform is not thought to be a priority, we will need a new bill to frame privacy concerns in this area. Transportation provides a second excellent example of how privacy issues surface in application area. Intelligent vehicle systems (IVHS) will generate huge databases of very personal information about an individual's movements, which can be used for both good and bad purposes. % Workplace issues - Monitoring of electronic mail by employers is becoming an issue on the minds of more and more Americans, but bills protecting employees died a quiet death in the last Congress. % Direct marketing - Indiscriminate solicitation of business on the Internet is an issue that may soon come under Congress scrutiny, as telemarketing has before it. Additional Information Many documents from the Fall 1994 Task Force Meting are available on the Coalition's Internet server. % If you access the Coalition's server by gopher, point your gopher client to gopher.cni.org 70 and follow this series of menus: Coalition FTP Archives (ftp.cni.org) Coalition Task Force Meetings (/CNI/tf.meetings) Fall, 1994 Meeting of the Coalition Task Force % If you choose to access the materials via NCSA Mosaic (or some other browser) and WWW, you can use this URL to access a HTML formatted document: http://www.cni.org/tf.meetings/1994b.fall/www/sumrpt.html % If you choose to access the materials via FTP, browse the following directory on host ftp.cni.org: /CNI/tf.meetings/1994b.fall