Privacy and Security on the Internet

Lawrence E. Widman, MD, PhD
with editorial contributions by David A. Tong, PhD
University of Texas Health Science Center
Division of Cardiology, Department of Medicine
San Antonio, Texas

Why be Concerned about Privacy and Security on the Internet?

We all like to believe that we can trust people. Our patients trust us to do the best for them. We trust our partners to cooperate in achieving mutual goals. Even the IRS trusts us (more or less) to pay our taxes fairly. Unfortunately, some people and entities are not trustworthy.

We all take basic security precautions. We learn at an early age not to wave cash around in a public place, or even to take out a wallet, lest someone with poor impulse control grab it. When we send mail, we put only the most trivial comments on postcards, and we send cash in very opaque security envelopes. We insist that important documents be notarized to prove that the individual papers are legitimate.

The basic approach to security is illustrated by the above examples. First, one assesses the threat. Then, one devises a response that reduces the likelihood of the threat to an acceptable level. Not all threats can or should elicit a maximum response. For example, most people do not drive in armored vehicles even though armed carjacking occurs and is often fatal to the car driver. Most people reason that their likelihood of armed carjacking is much less than the expense of armoring their car. However, in the 31 states where it is permitted, some people (civilians) undergo training and background checks in order to carry concealed weapons. The rates of violent crimes have declined in those states, and some states explicitly permit use of concealed weapons by civilians to prevent carjacking. As with any other security response, these people evidently believe that the time and expense required are less than the benefit.

How do the above concepts apply to the Internet and to personal computers?

The Internet is simply a way to communicate. It offers rapid, inexpensive communication among computers that is almost unrelated to how far one computer is from another. Designed to survive a nuclear attack on the United States, the Internet is resistant to the failure of its individual parts, and is therefore very robust. It was not designed to protect the privacy of the information transmitted over it. Like a telephone line, network communications can be tapped (intercepted) at any number of points between two computers. You can use the utility traceroute to show that your email message to a machine outside your institution will typically cross several to dozens of other machines along the way. Unlike a telephone line, however, detection of the interception of information at these intermediate points can be nearly impossible and in some cases is completely legal.

The personal computers that many medical professionals use are part of the Internet when they are equipped with direct network connections or with modems that can be used to connect to an Internet Service Provider. Personal computers were designed to meet the needs of individual users. They were designed to make information readily available, not to protect it. Thus, the personal computers that many people use, based on Windows 95, Windows 3.1, and MSDOS, offer minimal protection of their stored information from unauthorized users and programs.

In terms of threat assessment, messages you send on the Internet are just like messages you send by postcard: anyone along the way can read them. Files you store on your computer are not much more secure: anyone with access to your computer - in person or over a network - can read your files. Also, if you download programs from the Internet, whether as email macros, Java or ActiveX controls, or stand-alone programs, your computer offers essentially no protection against unsociable behavior by the program such as transmitting your files over the Internet or erasing them.

When personal computers were new and the Internet was a novelty, the likelihood of these threats affecting you were small. In 1999, however, they are not small. Many people and organizations have already begun using virus scanning programs routinely. As in daily life, it is possible to adopt security practices for your computer and your use of the Internet that balance inconvenience with protection. As noted in a recent review [Finnie97], "the Web is a relatively young community, a neighborhood where few people lock their doors. But that community is rapidly growing into a city. Perhaps it's time you thought about installing some locks."

In this talk, I will describe how to continue to enjoy the benefits of personal computing and the Internet while protecting yourself from these and other hazards.

Threat assessment

The first step in protection is to assess accurately potential threats. The second step is to invest the resources needed to develop responses that neutralize them. It is important to recognize that not all threats can or should be neutralized.

In general, the threats relating to personal computers and the Internet include unauthorized snooping around your personal computer(s); interception of your transmissions over the Internet in the form of electronic mail, file transfers, and World Wide Web interactions; and impersonation (theft of your identity). This last threat is possible only if you don't keep secret exactly how you have neutralized the first two threats.

The responses consist of encryption and its variants, barriers to unauthorized access, and simple caution. What kinds of threats are there?


The Technology

Fundamentally, security is a social consensus to conduct affairs in a secure way. We must all accept that passwords should not be easy to guess and should not be shared. We must all agree that confidential information should not be given to people or entities who should not have it, even if they try to force us to do so by various means. Ultimately, we must all agree that privacy is valuable and worth preserving. The technology described below is simply a way to implement such a social consensus.

Encryption, Keys, Digital Signatures, and Certificates

What is Encryption?

Threat: An unauthorized user wants to read your files. For example, a clerk wants to read the office manager's budget, stored in Quicken.

Encryption is a mathematical process of "scrambling" a message or a file in a way that can be reversed only with a specific password. A simple but powerful encryption algorithm is the XOR function, in which a bit in the key is matched with a bit in the text. The rule is: 0+0 = 0. 1+0 or 0+1 = 1. 1+1 = 0. Notice that if XOR is performed twice in a row, it recovers the original text: if 0011 XOR 0101 = 0110, then 0110 XOR 0101 = 0011 and 0011 XOR 0110 = 0101. There are two important points about this algorithm: knowing the algorithm itself does not help to decode the encrypted text. And, if you have a sufficiently long key that consists of random bits, the algorithm is nearly unbreakable.

There are a variety of encryption methods. All of the useful ones are well-known, like the XOR function but much more complicated. (Algorithms that are secret cannot be assessed adequately, and are never trusted by serious cryptologists.) The available algorithms can be divided into two kinds: "weak" and "strong". "Weak" methods are easy to use but are also fairly easy to bypass. You would use them when the value of the message is low enough that a snoop would not bother even to break a weak encryption.

"Strong" encryption methods are very difficult to break. The mathematical field of cryptology is quite sophisticated, and many algorithms that appear to be strong have turned out to have fatal flaws. On the other hand, there are a few methods that have proven robust despite prolonged efforts to break them. The strengths of "keys", or passwords for encryption, are typically measured in the length of time required to crack the keys with the most powerful computer technology that could possibly be used. For strong encryption methods, the length of time is measured in hundreds of years. Strong encryption is suitable for messages whose value is high, such as the master code to your office safe, as well as for more mundane messages.

What is "Secret key" Encryption?

"Secret keys" are passwords that must be kept secret. The same key is used both to encrypt the message and to decrypt it. The advantage of secret keys is that they can be relatively small yet still be quite resistant to brute-force attack by trying all possible combinations of passwords. The disadvantage is that it is hard to share secret keys among all the people who may need them. Thus, a secret key is useful when only a few people need to share it, and when they can exchange the key securely (in person in a secure place, for example). A secret key is less useful when many people must know the key, or when a few people can't communicate the key without the risk of eavesdropping.

The keys used for secure Web browsers are secret keys.

What is "Public key-Private key" Encryption?

"Public keys" and "private keys" refer to pairs of keys derived from prime number mathematics. These keys are part of "asymmetric" encryption. The names of the two most popular asymmetric encryption algorithms are RSA and Diffie-Hellman. The legal issues surrounding these algorithms are complex. Briefly, the patent on the first expires in August, 2000, and the patent on the second expired last year. After 2000, there will two remaining patents, but it is unclear whether their claims include the current PGP implementations. There are two PGP implementations in wide use at this time: an older one, PGP version 2.6.2 (web.mit.edu/network/pgp.html), which is not supported commercially, and a newer commercial PGP version 5.0 (www.pgp.com) one, which is easier to use. You can use the free implementations for non-commercial purposes, and the newer version for all legal purposes. Note that the sites listed above are available only to users inside the U.S. and Canada, and that exporting them from these countries is a felony crime. An international version of the older implementation is also available.

The asymmetric encryption method works as follows: any message encrypted with your public key can be decrypted only with your corresponding private key. Any message encrypted with your private key can be verified as having been signed by you by decrypting it with your public key. The advantage of asymmetric encryption is that the public key is not a secret: anyone can know it. Only you know the private key (which is typically protected with a secret password for extra security on your own computer). The disadvantage is that much larger keys are required for adequate security.

There are a few pitfalls of asymmetric encryption that you must remember:

What are Digital Signatures?

Digital signatures are a variation on encrypting a message with your private key. Instead of encrypting the entire message, a mathematical summary of the message is created, and that is encrypted. Anyone with your public key can verify that you signed the summary. The summary in turn can be used to verify that the message has not been altered since it was signed.

As noted above, it is very important to keep your private key to yourself. Once digital signatures become standard, it will be very difficult to prove that you did not sign a document if someone gets access to your private key. Unlike a handwritten signature, there is no way to distinguish a forgery from a legitimate digital signature when both are created from the same private key.

What are Certificates of Authority?

Certificates of authority are messages signed digitally by an independent third party. The messages verify that the person or organization that sends you the certificate really is who he/she/it says. They serve much like a human Notary Public.

You are most likely to encounter certificates of authority when you use a Web browser. The Netscape and Microsoft browsers come with a built-in list of generally accepted third parties. If you encounter a certificate signed by an unknown third party, these browsers will notify you of the fact. Netscape will offer to let you accept the authority; Microsoft's browser will not. As a general rule, you should not accept a certificate of authority unless you are certain that you can trust it. An example of the latter would be on an organizational "Intranet" when you own organization issues the Certificate of Authority.

What is a "40-bit" Key? A "128-bit" Key? A "1024-bit" Key?

Key lengths are measured in the number of binary bits in them. For example, a one-bit key could have the values of only "0" or "1". A two-bit key could have the binary values 00, 01, 10, or 11 (that is, 0, 1, 2, or 3, in decimal). The secret keys used in Web browsers are either 40 bits long or 128 bits long. The keys used in public key-private key encryption range in length from 512 to 4096 bits.

As noted previously, secret keys are much more secure than public-private key pairs of the same length. The author of PGP estimates that the computation time needed to exhaust all the possible 128-bit keys in the IDEA cipher (a particularly good secret key algorithm) would equal the factoring workload to crack a 3100-bit RSA key, which is quite a bit bigger than the 1024-bit RSA key size that most people use for high security applications.

The key lengths of "40" and "128" refer to secret keys used in Web browsers. Because of U.S. Government regulations, software capable of handling 128-bit keys may not be exported from the U.S. except to Canada without special permission.

The key lengths of "512", "1024", "2048", and larger refer to public-private key pairs used with PGP and similar programs for strong encryption. These programs may also not be exported from the U.S., but functionally equivalent versions have been created and are readily available anywhere in the world.

Are these Encryption Algorithms Legal?

Encryption by private citizens is legal in most countries. It is specifically forbidden in France, Russia, and Iraq.

How Secure are These Keys?

Secret Keys
Several international teams of computer scientists are concerned about the lack of security in the shorter private key lengths. Despite assurances that 40-bit keys are "secure", these groups have noted that the number of computations that are need to crack these keys is only 100 MIPS-years. That is, a 100 MIPS (e.g., 100 MHz Pentium) computer can crack one key in a year's time. The important point, however, is that the task can easily be divided among many computers, which can then crack a key in much less time. To demonstrate this point, these groups have used groups of computers on the Internet and have shown that a 40-bit key can be broken in less than 32 hours and a 48-bit key can be broken in 280 hours. These results are particularly of concern now that a message encrypted with the Data Encryption Standard algorithm has been broken.

The Data Encryption Standard, DES, is a national standard, adopted in 1977. Use of DES is mandatory in most Federal agencies, except the military. DES is very widely used in the private sector, as well. Interbank wire transfers, Visa transactions, medical and financial records, and organizational financial data are some of the many things secured against prying eyes or against modification by DES.

In 1998, the DES encryption algorithm was broken in less than 4 months by a brute force search. The solution was found using approximately 78,000 computers, mostly ordinary personal computers, over the Internet. In fact, the winning key was found on a 90MHz Pentium computer with 16 megabytes of memory.

The fact that an informal hodge-podge of amateurs could break this key is important because a major company and cetainly a sovereign country could easily duplicate the computing power that was used. In 1999, a specially-designed computer chip was reported that cracks DES keys even more quickly than general-purpose computers do.

Fortunately, the difficulty in breaking a secret key doubles for each additional binary bit in its length. Thus, using current computer technology, the 128-bit key used in "domestic" versions of Netscape and Internet Explorer are still secure. The thought that a single disgruntled employee with a packet sniffer and a 300 MHz Pentium could decrypt a "secure" 40-bit Web session in 4 months, however, should disturb anyone who transmits high-value information over the Web. Some cryptographers have gone so far as to characterize 40-bit keys as insecure for this reason.

Public-Private Key Pairs
The table below shows the time required for a single, inexpensive desktop computer, readily available in 1999, to break a public key-private key pair if it worked at the task full-time. The length of the keys is specified in binary bits. Recall that the number of possibilities doubles when length is increased by one binary bit. Since the mathematical problem is factoring of a large integer rather than trying every possibility, the difficulty does not double.

As you review these numbers, remember that it is relatively easy to create arrays of 50,000 to 100,000 computers that work in parallel. An array of 100,000 computers, each with a 300MHz Pentium chip, would solve the problem 100,000 times more quickly. Such an array could break a 1,024-bit key in 100 years. This sounds fine until you remember how rapidly computer technology is advancing, and that special chips for breaking keys can also be constructed that can work much more rapidly. For encrypting important messages, therefore, some people favor using 2,048-bit keys.

Time required for one 300MHz Pentium (300 MIPS) to break a key whose length is specified in bits
BitsLow (years)High (years)
--------------------
512 19.779 1.735e+05
768 2.004e+04 1.050e+09
1024 5.643e+06 1.268e+12
1536 5.226e+10 1.241e+17
2048 8.833e+13 1.430e+21
4096 2.565e+23 1.152e+33

The Internet and Intranets: Operating Systems, IP packets, Routers, Sniffers, Firewalls, Name Servers

The Internet consists of a large number of computers connected by wires that carry data. The Internet is international. Intranets are the same, but they connect only those computers in a given organization. Computers on an intranet are not necessarily connected to the Internet. Everything in this discussion applies to intranets as well as to the Internet.

Every computer on the Internet has a specific number associated with it. This number can be thought of as its "telephone number" because no other computer on the entire world-wide Internet has the same number. The number is called its "IP address". In contrast to actual telephone numbers, the IP address of a computer can change. In particular, when a computer connects over a telephone line, it often receives a different IP address every time a connection is established. However, the IP address does not change as long as the computer remains connected.

The information on the Internet travels along the same generic path, although there are a multitude of variations in the details of the path. The information is first packaged by the operating system into packets of a specific format. Each packet is labeled with the IP address of the computer where the packet is created, the IP address of the computer where the packet is supposed to go, and some information about what kind of data the packet contains (e.g., Web data versus file transfer data). None of this information is encrypted.

Each packet is sent to a routing computer, or a router. The router is programmed to recognize whether the packet should go to one of the computers connected to it, or whether it should be passed along to another router that is connected to a different group of computers. Eventually, packets finds their way to the destination IP address, where they are sorted into the proper order and reassembled into the information format that resided on the originating computer.

Packet sniffers are computers that listen to every packet that passes by them. Usually, computers look only a packets that are directed to them. "Sniffer" computers listen to all packets. It is possible to write software that will screen the enormous number of packets that pass by in a day, to pick out the few with information that a cracker would like to have: passwords, account names, perhaps email messages. Sniffer computers are not detectable except by examining physically every connection to the network. A determined intruder or a disgruntled employee can use equipment that is nearly impossible to detect even by physical examination.

One way to make an intranet secure is to place a firewall computer between it and the Internet. The firewall computer has two network cards and two sets of IP addresses. The protected computers are behind the firewall. Their IP addresses are secret from the Internet, and computers outside the firewall cannot send packets to them and cannot "sniff" packets that they send. When the protected computers need an Internet connection, they open connections to the firewall computer which, in turn, opens connections to the Internet. Packets can then pass back and forth between the Internet and the protected computers. Depending on the specific method used, the firewall computer can allow only certain kinds of packets to pass (such as Web packets) but not others (such as telnet, or login, sessions).

Operating Systems

Operating systems are large software programs that allow users to do things with their computer hardware. There are five major operating systems in 1999: Windows 95, Windows NT, the Macintosh operating systems, IBM's OS/2, and the UNIX variations. The Macintosh operating systems and OS/2 have not achieved a large market share. Although they are not described further here, the principles discussed here apply quite well to them.

The remaining operating systems can be divided into two groups: those that started as single-user operating systems, and those designed to allow multiple users to work on one machine. The single-user operating systems are Windows 95 and the Macintosh operating systems. The multi-user operating systems are the UNIX variations and Windows NT.

In general, the single-user operating systems are very easy to use but offer little or no data security. The multi-user operating systems offer considerable security when they are set up correctly, but because they are so capable, they are also subject to having "bugs" or "loopholes" that crackers can use to break into them.

Name Servers

Name servers are computers that are much like telephone books. If each computer on the Internet has a telephone number, then name servers allow these same computers to have individual names. This facility allows computers to be moved around while still retaining their names. The names are organized into domains, subdomains, and so forth. The current top-level domain names include "com" for commercial organizations, "edu" for educational institutions, and so forth. Subdomains are assigned to individual entities such as companies, universities, and so forth. Individual computers are then assigned names by these entities, who maintain name servers responsible for their own set of names. The high-speed computers that are responsible for the top-level domains are known as the root name servers. The concept of name servers is important only because one security threat is the replacement (by a cracker) of a legitimate name server with one that forces unsuspecting users to connect to his or her machines instead of legitimate ones.

Web servers and Secure Web servers

The World Wide Web consists of programs like Netscape and Internet Explorer that can be used to look at Web documents (called "browsers"), and programs that provide the documents to browsers (called "servers"). Servers include various security features that protect the computer they are running on.

Web servers sometimes are capable of encrypting ("scrambling") the data they send out and decrypting the data they receive. All modern browsers have this capability, but not all servers do. When you connect to a secure server, you will see a special symbol on the browser change. On Netscape 4, for example, the image of the lock in the lower left hand corner will change from an open position to a closed position. When you are using a secure link, all communications between your browser and the server are encypted.

There are two levels of security: 40-bit and 128-bit. As we discussed before, the term "40-bit security" is misleading and you should not use this level for important communications. The "128-bit" level of security is satisfactory for the next few years at least.

Threats and Responses

Your Institutional Intranet

Surprising as it may be, the major vendors of hospital information systems apparently have not protected users from security breaches within the hospital intranet. At one major hospital, for example, physicians are required to sign an agreement that their login password will carry the same legal weight as their written signature. Physicians are not, however, provided with any information as to how their passwords will be protected as they travel over the hospital network or as they are stored in the central computer. Nor is there any way for physicians to verify that their entries have not been modified since the physicians signed them. It turns out that this system apparently transmits passwords without encryption over the network, making them available to anyone with a packet sniffer.

This situation is likely quite common, and should be investigated by all physicians whose professional reputations depend on network security. Possible solutions include card-based encryption at the computer terminal, which would require a physical token (e.g., credit-card sized card ith a built-in microchip containing a unique secret encryption code) or public key-private key encryption, together with digital signature generation.

Operating systems: Windows 95, NT, and UNIX

The UNIX variants are much more resistant to attack by virus and penetration by amateur crackers than are Windows 95 or Windows NT. There are two major reasons:

Break-ins by Crackers

Threat: A cracker (skilled but malicious unauthorized user) breaks into your office computer, which is connected continuously to the Internet, and erases all your billing records. Why? Perhaps for the thrill. How long will it take you to reconstruct your electronic records from paper records?

The word cracker is derived from criminal hacker.

Crackers are people who are skilled in the art of breaking into computer systems and who like to do so even though it is a crime. Usually only large organizations are targets of crackers, perhaps because only they are connected to the Internet for long periods of time. If your office computer is connected directly to the Internet for any period of time, however, it too could become a target.

A favorite method used by crackers is "social engineering". This method relies on weaknesses in the target organization that allow an outsider to obtain account information and passwords. One famous story describes the Pentagon security consultant who broke into a top-secret computer system in 15 minutes. How? He called up the office responsible for passwords for the system and convinced the clerk who answered that he was an authorized high-ranking officer who had forgotten his password. He thus obtained the (real) officer's account, password, and access to secret information. The equivalent in your office might be the cracker who calls your secretary, tells him/her that he/she is a consultant for the office database, and that "the Doctor told me to fix the problem right now!".

Another favorite method is cracking passwords. Passwords are stored on hard disks in encrypted format. However, most people choose passwords that are easy to guess, such as proper names and plain English words. If a cracker can get a copy of the encrypted passwords on one of your computers by one method or another, he/she can use programs that are readily available to crack them. These programs guess passwords by trying hundreds of thousands of common words to see whether the encrypted version of one will match an encrypted password on your computer. If so, the cracker can log in and have all the system privileges that the legitimate account user has.

The easiest way to neutralize the threat from the Internet is to separate the computer used for Internet access from the computer(s) that contain information that is important in any way. Other ways are less perfect, and include firewalls and operating systems that are built with security in mind. If you are in this situation, you would be well advised to consult a network security specialist. This method does not protect your systems from people who have physical access to them, such as salespeople, cleaning personnel, and disgruntled employees.

You should also require that you and your staff choose passwords that are hard to guess: at least 8 characters that are not proper words and preferably include numbers or punctuation inside them. For example, you could think of the memorable phrase, "This is a GREAT password." You can then contract it into "TIA!G!PD", which would be hard for current password cracking programs to guess. It is also important to train your staff to insist that no one look while they type their passwords. This simple principle is often forgotten.

Java Applets and ActiveX Controls

Threat: The ActiveX control that your downloaded from the World Wide Web has a programming error (bug) that erases files on your disk. Or, it has an intentional programmed capability to copy files from your disk and send them to a remote computer without your knowledge.

Java Applets and ActiveX Controls are two different ways for a web site to run a program on your computer. This is an attractive feature because it increases the power of the Web. For example, a site could make available a little program that estimates the risk of significant cardiovascular disease given the values of several risk factors. Running the program on your computer would be much faster than sending the data back to the Web server and then running the program on its computer.

Many types of computers are connected to the Internet. Java Applets and ActiveX Controls were written so that they can run on all of them. This is important because it eases the task of writing such "machine-indepent" programs considerably.

Unfortunately, some individuals have taken advantage of the power of such programs, and have created malicious programs. Sometimes there are errors in the programs that inadvertantly can cause damage to the user's computer. The two new languages have taken two different approaches to these problems. Briefly, Java (Sun Microsystems, Inc.) limits the power available to the program. ActiveX, developed by Microsoft, relies on the user to verify that the ActiveX control came from a reliable source, but it does not protect against errors in the programs. Java has developed a method based on digital signatures that allows specific programs to have more power. It is unclear whether ActiveX can be made intrinsically safe under Windows 95. Commercial programs are available that protect user computers against malicious and inadvertently dangerous behavior by both Java and ActiveX programs.

Viruses and Virus checkers

Threat: The nifty new game you just downloaded from somewhere on the Internet contains a "virus" designed to erase all the data on your disk drive.

Threat: The Microsoft Word email you just received has an attached macro. Because you did not disable automatic execution of mail macros, this macro is executed when you look at the mail. It erases files from your hard disk.

Viruses appear at the rate of hundreds per month. They are created from toolkits that are available on the Web, for reasons best understood by their authors. They can be programmed to do anything that you can do your your machine, including erasing essential files. They almost always are programmed to make copies of themselves in your software so that, after you recover from the damage they cause, they can spread to other computers when you transfer files from your computer. Viruses are activated when they are run as programs. They cannot do any damage until they are run as programs. They are often recognized by specialized programs called "Virus checkers".

Macros are sets of instructions to specialized programs such as word processors or spreadsheets. Some of these programs allow their macros to do very powerful operations such as erasing files. This freedom allows malicious macros to do great damage. Fortunately, the current versions of these programs allow you control macro operations.

You can choose from the following approaches to protect yourself, starting with the most secure approach.

Several security programs have been developed to deal with threats to personal computers from the Internet. This author has not used any of them, but the products and the companies that make them have received favorable reviews in trade journals [Finnie97].

Encryption and Digital Signatures of Files and Email

Encryption and Digital Signatures

There are two basic ways to encrypt files and email: with weak encryption and with strong encryption. The first is easily broken, the second is not. As discussed above, secret-key encryption of electronic mail and Web browser interactions with 40-bit keys is not secure, and public-key encryption with less than 1024-bit keys is not secure. In fact, one cryptographic expert has written a screen saver that cracks the 40-bit keys used for "secure" mail (S/MIME). He estimates that his algorithm can crack any 40-bit key in 70 days on a 166 MHz Pentium computer, and on average will require only 35 days to do so. His point is that 40-bit keys are not secure despite the statements of the US Government and of S/MIME vendors.

Some Windows programs include "encryption" features. Programs that crack the passwords of these encryption schemes are posted on Web sites that specialize in security (on both sides of the question!). If you have serious information, it is much better to encrypt it with a strong encryption algorithm.

As discussed above, you may be able to use a secret password algorithm quite well. If you need public key-private key encryption, the best packages use the RSA or Diffie-Hellman algorithms. For the user who is not a computer software expert, the best choice is PGP (www.pgp.com). As noted below, the PGP product integrates with the freeware product Eudora Light, and is also available as freeware for noncommercial individual use.

Electronic Mail

Threat: Your email to your friend in another organization is critical of your boss. You erase your copy of the email. So does your friend. Unfortunately, a copy of the email is retained on the "mail server" computer in your organization. You get to explain the email to your boss when she calls you into her office a week later.

When you send electronic mail (email), your machine often transmits the message to its destination machine through intermediate machines, which make copies of your message. Anyone with access to the copies can read your mail, even if you and the recipient delete the messages from your own machines.

The best response to this threat is to encrypt the message, preferably with PGP, before you send it. The message will then appear to be gibberish to anyone who tries to read it without decrypting it first.

Email with strong encryption is available for individuals in the combination of the free Eudora Light package, by QUALCOMM, Inc., San Diego CA, and the free PGPfreeware package by Network Associates, Inc., Santa Clara CA. Both packages are available at reasonable prices for commercial use. The latter package is export-controlled, and so is available only to computers located with the United States and Canada. This package, available for Windows and for the Macintosh, allows the user to encrypt both email and files on his/her hard disk with the PGP implementation of strong encryption. The maximum key length is 4096 bits, which should be sufficient for protecting information for the forseeable future. It is important, of course, not to forget your password! You can also encypt your message with PGP with a stand-alone PGP implementation before you mail it with your current email program.

Web browsers

Threat: Your credit card number is captured by a packet sniffer when you buy gloves over the Internet. Two months later, a "cracker" (a technically adept "hacker" gone bad) buys $5,000 worth of goods. You get to prove you didn't make the purchase.

The good news about Web browsers is that the 128-bit versions are reasonably secure. When you send confidential information, make sure that the URL starts with https, not http, and make sure that the security icon is set to secure mode. Finally, check your browser's security information to make sure it is capable of 128-bit encryption (not just 40-bit, which is insecure).

Security Flaws

Your Web browser has access to your computer because it is running on it. Several serious security flaws have been documented in Netscape for many computer operating systems but have been fixed (as far as I know). Similar security flaws
still exist for many Web browsers running under Windows NT, according to one web site.

The nature of the security flaws is that they allow the Web server to get a copy of your login name and password file. Your password is encrypted in the password file, but apparently it doesn't take long for a modern computer to break a Windows password. The site reporting this flaw estimates any 14-character Microsoft Strong password can be broken in less than 14 days.

The take-home message is that your Web browser may be compromising your security. Since neither major vendor has released source code for its current browsers (although Netscape has released source code for a predecessor of its current browsers), there is no way to know for certain to what extent either browser allows unauthorized access to your machine.

Known Browser Characteristics

Another aspect of browsers is behavior in which we know they engage. For example, your browser routinely releases your name and email address to sites you visit on the Web. This information can be and is collected into the huge lists of email addresses used by mailers of spam email .

One simple step you can take is not to use a Web browser for electronic mail. You are then free to put nonsense in the browser's Identify information (name, email address, home page, etc.). If a Web site gets access to the nonsensical information, you have lost nothing.

Web Cookies

Cookies are simple text strings sent by a Web server that are stored in a "cookie file" on your hard disk. When you reconnect to the same Web server, the cookie is returned to that server (or, optionally, to others related to it). They are useful because they let the server know that you have been there before. The server can store information about what you have seen so it knows what to show you next. For example, the "shopping cart" capability of Web sites relies on cookies.

Cookies do, unfortunately, threaten your security because they let unscrupulous people track where you have been on the Web. This information is already being used to tailor the ads you receive to the interests you have demonstrated by visiting other Web sites. By itself, of course, this is simply targeting marketing, which many consumers find quite useful. But you should be aware it is happening.

If you don't want your Web browsing to be tracked, you can go through a proxy service such as www.anonymizer.com. These sites mask the identity of your computer so that the computers you visit cannot tell who you are or where your computer is located (its IP address). The Anonymizer (www.anonymizer.com) service is provided free, but there is a delay when you visit other sites through it. For a modest fee (currently $15 for 3 months), you can have the same service without the delay in viewing pages.

Legal threats also can involve cookies. There is at least one instance of legal demands for the cookie files of a defendant in a law suit. Since this file, the history files, document and image caches, and other Web browser files contain details of which sites have been visited and which newsgroups have been accessed, they may prove to be legitimate targets of legal discovery proceedings.

One approach, which is known to work with a UNIX version of Netscape, is to start up two copies of Netscape independent of each other. The second copy will not write to at least some of the files mentioned above. This approach does not appear to work with Windows 95.

One approach to this problem is to delete all these files every time you exit from the browser. You can do this by hand or with commercial products. This author has not used these products, but they have received favorable reviews in a trade journal [Finnie97]. This approach guarantees that there are no records of how you used the browser.

The products are:

For cookies, you always have the option of setting your browser not to accept cookies. If you do this, some sites may refuse to allow you to see their information. You can also set your browser to allow you to reject each cookie that is sent by a server. You will likely find this option quite annoying, especially since the large commercial sites with interesting material like to set many cookies before you get to see anything. Several less aggressive approaches are available for cookies with the aid of cookie managers. These are programs that allow you to pick and choose which cookies you will allow and which you will not.

Several cookie managers are available. This author has not used any of them, but the products and the companies that make them have received favorable reviews in trade journals [Finnie97].

Other Threats

Threat: Your Social Security Number is stolen by a cracker from your company's computer, from the car dealership where you applied for a car loan, or some other source. So is your birthdate, parents' names, and so forth. All this information is available to skilled crackers, who target you because of your income. An identity thief, using this "confidential" information, obtains credit cards in your name, and then obtains goods and services valued at $75,000 by the time you find out about the problem. You get to clear your credit record, often without help from the authorities.

Threat: Using the techniques described in this talk, you use the PGP program with a highly secure key to sign an important document with your digital signature. This signature guarantees mathematically that the document has not been altered since it was signed, and that you signed it. Unfortunately, you revealed the password to your private key to an associate, thinking that the private key itself was hidden. It wasn't. Now your associate can sign your signature. You get to prove that you didn't sign the document that transfers important assets to the associate. (This is an example of the "social engineering" weakness in security procedures.)

Unfortunately, you cannot use technology to protect yourself when you trust a person or group which then is corrupted (or corrupt to begin with). You should be as careful as possible with personal information. There is a growing civil rights movement on the issue of personal privacy, but as yet it has been ineffective in preventing large organizations from acquiring and using personal information to their own ends.

Security - Privacy from Whom?

Security requires threat assessment. Not all threats can be neutralized with the available resources. One threat is eavesdropping by authorized users in the institution in which data are stored. Another is impersonation of authorized users by unauthorized individuals anywhere on the network. A third is direct access to network data, as with packet sniffers or by breaking into data storage repositories. Several groups have suggested ways to authenticate providers who are requesting information [Rind97] and to discourage illicit review of clinical records [Safran95]. Encryption of data is an increasingly popular mechanism for protecting data from the casual snooper. Efforts by governments to limit civilian use of encryption technology generally have met with skepticism: questions about trustworthiness of the governments themselves may protect this important tool for ensuring the confidentiality of what patients tell their health care providers [Mitchell97]. However, the greatest danger to individuals likely arises from the fact that insurance companies routinely demand and receive clinical records on patients. These companies then share the information in two ways: Thus, in any discussion of the confidentiality of medical records it is important to remember that clinical records are essentially freely available to nonclinical personnel in clinical organizations, payor organizations, the Medical Information Bureau, and sometimes even convicted felons. While computer and network security is important, it is ultimately the social system that must accept the importance of confidentiality of medical records.

References

  1. Finnie S. Protection at the Desktop, PC Magazine. (Sept 9) 1997: 149-180.
  2. Mitchell P, Confidentiality at Risk in the Electronic Age, The Lancet. 1997: 349(9065):1608.
  3. Rind DM, Kohane IS, Szolovits P, Safran C, Chueh HC, and Barnett GO. Maintaining the Confidentiality of Medical Records Shared over the Internet and the World Wide Web. Annals of Internal Medicine. 1997; 127(2): 138-141.
  4. Safran C, Rind D, Citroen M, Bakker AR, Slack WV, and Bleich HL. Protection of Confidentiality in the Computer-Based Patient Record. MD Computing. 1995; 12(3): 187-192.
  5. Slack W.B. Private Information in the Hands of Strangers. MD Computing. 1997; 14(2): 83-86.
  6. Woodward B. The Computer-Based Patient Record and Confidentiality. New England Journal of Medicine. 1995; 333(21): 1419-1422.

Appendix A: Computational Difficulty in Factoring Large Integers

The number of operations needed to factor a number of size n is a range: Modified from: Garfinkel, S. "PGP: Pretty Good Privacy". O'Reilly and Associates, Inc., Sebastopol CA. pp. 361-364, which was reprinted from Rivest, R. "Ciphertext: The RSA Newsletter", volume 1, Number 1, Fall 1993, with permission and updates. The factor "1.526" is published as "1.56", but the lower value matches the published data more closely.

Appendix B: Value of Source Code Availability

Source code is the human-readable form of a computer program. It can be written in a variety of computer languages such as Basic, Cobol, Fortran, C, C++, Ada, Lisp, and Java. Before a computer can run the program, the source code must be converted to binary code by programs called compilers or interpreters.

All of the available operating systems are proprietary (their source code is a trade secret) except for Linux, a UNIX variant. The advantage of proprietary systems (and individual programs) is that a single organization is available to fix problems, train users, and make improvements. The disadvantage is that, for a given operating system or program, there is no competition.

The advantages of source code availability include:


Copyright © 1999 Lawrence E. Widman, M.D., Ph.D. <widman@sones.uthscsa.edu>
Last modified: Wed Feb 28 11:37:04 CST 1999