The myth of 'trusted systems'

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

The myth of 'trusted systems' Tuesday, October 17, 2000

Over the past few months we have focused on various architectural flaws commonly found in today's digital certificate technology.

Put simply, the vast majority of implementations fall way short of the most basic safeguards surrounding traditional business transactions used the world over.

http://www.it.fairfax.com.au/columns/buildingnt/20001017/A48780-2000Oct13.html

However, the real Achilles heel of what is sold as "e-commerce security" is the underlying assumption made about end-user computers.

To secure online transactions, computers at both ends must be what the industry calls "trusted systems". A trusted system not only keeps your information safe but will only use that information for authorised purposes.

In other words, when you install some e-commerce software, you assume it will: Not eavesdrop on other e-commerce applications installed on your machine. Store transaction details in a totally secure manner. Prevent other programs from spying on transactions as they are created. Transmit information over the Internet with complete privacy. Deny access to the system to everyone except people you have authorised.

If any one of the above cannot be guaranteed, your system is intrinsically insecure, no matter how many digital certificates or passwords you heap on top of it.

So professional certification authorities spend millions to make their systems secure. An e-commerce site may spend hundreds of thousands.

However, a secure system isrequired at all ends of the transaction. So given the above criteria, which any reasonableperson expects to be honoured with an e-commerce transaction, how secure is the average end-user PC?

In the case of business-to-consumer e-commerce, a Windows or Macintosh machine using astandard dial-up connection to an ISP will most likely fail miserably on all five counts.

The operating system usually does not stop one application from spying on another. The hard disk is usually not encrypted.

Access to the system can quite easily be compromised by hackers, especially if it is not stored in a bank vault where it cannot be tampered with physically.

This may at first appear extreme but makes sense when you think about it. Would you stash a book of signed blank cheques in your desk's top drawer?

This is exactly what your digital certificate is floating around on your computer's hard disk, sitting on top of your desk. All someone needs to do is obtain your password (the key to the drawer) and they are in business with your money.

The easiest way to do this is with a virus-like program, which simply records your password as you type it in. Odds are this will never happen to you or me. It will probablyhappen to a lot of other nice people out there unless we are one of the unlucky ones.

And thanks to our absolutely brilliant politicians in Canberra, there will be little or no recourse when such fraud does occur, so be careful out there.

This is not the fault of Microsoft or Apple. They never designed nor marketed their products as trusted systems for e-commerce purposes. But that doesn't stop e-commerce security companies flogging their digital certificate technology as "Internet security" for consumer applications.

Meanwhile, our gullible pollies have no hesitation lending Federal Government credibility to such schemes, under the advice ofutterly ignorant bureaucrats, which in the case of business-to-consumer e-commerce seems particularly deceptive.

Even for business-to-business e-commerce, creating an end-to-end environment of justifiably trusted systems across multiple enterprises is possible, though not often accomplished.

Unless digital certificates are part of a comprehensive andrigorously enforced security regime, spanning building access to maintaining firewalls on end-user machines, they can only be oflimited use.

This is the biggest flaw of today's Internet security, constantly referred to by so-called "experts" without them realising it. In their own words, they call this flaw "the security chain".

However in every other discipline of IT, chain-like dependencies are avoided, with "redundancy" ensuring no single point of failure brings down an entire system all except for the e-commerce security industry of course.

I reckon it's time to go back to the drawing board, boys!

-- Martin Thompson (mthom1927@aol.com), October 16, 2000


Moderation questions? read the FAQ