We all take basic security precautions. We learn at an early age not to wave cash around in a public place, or even to take out a wallet, lest someone with poor impulse control grab it. When we send mail, we put only the most trivial comments on postcards, and we send cash in very opaque security envelopes. We insist that important documents be notarized to prove that the individual papers are legitimate.
The basic approach to security is illustrated by the above examples. First, one assesses the threat. Then, one devises a response that reduces the likelihood of the threat to an acceptable level. Not all threats can or should elicit a maximum response. For example, most people do not drive in armored vehicles even though armed carjacking occurs and is often fatal to the car driver. Most people reason that their likelihood of armed carjacking is much less than the expense of armoring their car. However, in the 31 states where it is permitted, some people (civilians) undergo training and background checks in order to carry concealed weapons. The rates of violent crimes have declined in those states, and some states explicitly permit use of concealed weapons by civilians to prevent carjacking. As with any other security response, these people evidently believe that the time and expense required are less than the benefit.
How do the above concepts apply to the Internet and to personal computers?
The Internet is simply a way to communicate. It offers rapid, inexpensive communication among computers that is almost unrelated to how far one computer is from another. Designed to survive a nuclear attack on the United States, the Internet is resistant to the failure of its individual parts, and is therefore very robust. It was not designed to protect the privacy of the information transmitted over it. Like a telephone line, network communications can be tapped (intercepted) at any number of points between two computers. You can use the utility traceroute to show that your email message to a machine outside your institution will typically cross several to dozens of other machines along the way. Unlike a telephone line, however, detection of the interception of information at these intermediate points can be nearly impossible and in some cases is completely legal.
The personal computers that many medical professionals use are part of the Internet when they are equipped with direct network connections or with modems that can be used to connect to an Internet Service Provider. Personal computers were designed to meet the needs of individual users. They were designed to make information readily available, not to protect it. Thus, the personal computers that many people use, based on Windows 95, Windows 3.1, and MSDOS, offer minimal protection of their stored information from unauthorized users and programs.
In terms of threat assessment, messages you send on the Internet are just like messages you send by postcard: anyone along the way can read them. Files you store on your computer are not much more secure: anyone with access to your computer - in person or over a network - can read your files. Also, if you download programs from the Internet, whether as email macros, Java or ActiveX controls, or stand-alone programs, your computer offers essentially no protection against unsociable behavior by the program such as transmitting your files over the Internet or erasing them.
When personal computers were new and the Internet was a novelty, the likelihood of these threats affecting you were small. In 1999, however, they are not small. Many people and organizations have already begun using virus scanning programs routinely. As in daily life, it is possible to adopt security practices for your computer and your use of the Internet that balance inconvenience with protection. As noted in a recent review [Finnie97], "the Web is a relatively young community, a neighborhood where few people lock their doors. But that community is rapidly growing into a city. Perhaps it's time you thought about installing some locks."
In this talk, I will describe how to continue to enjoy the benefits of personal computing and the Internet while protecting yourself from these and other hazards.
In general, the threats relating to personal computers and the Internet include unauthorized snooping around your personal computer(s); interception of your transmissions over the Internet in the form of electronic mail, file transfers, and World Wide Web interactions; and impersonation (theft of your identity). This last threat is possible only if you don't keep secret exactly how you have neutralized the first two threats.
The responses consist of encryption and its variants, barriers to unauthorized access, and simple caution. What kinds of threats are there?
Encryption is a mathematical process of "scrambling" a message or a file in a way that can be reversed only with a specific password. A simple but powerful encryption algorithm is the XOR function, in which a bit in the key is matched with a bit in the text. The rule is: 0+0 = 0. 1+0 or 0+1 = 1. 1+1 = 0. Notice that if XOR is performed twice in a row, it recovers the original text: if 0011 XOR 0101 = 0110, then 0110 XOR 0101 = 0011 and 0011 XOR 0110 = 0101. There are two important points about this algorithm: knowing the algorithm itself does not help to decode the encrypted text. And, if you have a sufficiently long key that consists of random bits, the algorithm is nearly unbreakable.
There are a variety of encryption methods. All of the useful ones are well-known, like the XOR function but much more complicated. (Algorithms that are secret cannot be assessed adequately, and are never trusted by serious cryptologists.) The available algorithms can be divided into two kinds: "weak" and "strong". "Weak" methods are easy to use but are also fairly easy to bypass. You would use them when the value of the message is low enough that a snoop would not bother even to break a weak encryption.
"Strong" encryption methods are very difficult to break. The mathematical field of cryptology is quite sophisticated, and many algorithms that appear to be strong have turned out to have fatal flaws. On the other hand, there are a few methods that have proven robust despite prolonged efforts to break them. The strengths of "keys", or passwords for encryption, are typically measured in the length of time required to crack the keys with the most powerful computer technology that could possibly be used. For strong encryption methods, the length of time is measured in hundreds of years. Strong encryption is suitable for messages whose value is high, such as the master code to your office safe, as well as for more mundane messages.
The keys used for secure Web browsers are secret keys.
The asymmetric encryption method works as follows: any message encrypted with your public key can be decrypted only with your corresponding private key. Any message encrypted with your private key can be verified as having been signed by you by decrypting it with your public key. The advantage of asymmetric encryption is that the public key is not a secret: anyone can know it. Only you know the private key (which is typically protected with a secret password for extra security on your own computer). The disadvantage is that much larger keys are required for adequate security.
There are a few pitfalls of asymmetric encryption that you must remember:
This problem can be addressed in several ways. People can print their public keys in books, which are harder to fake. There are web sites that act as "public key servers". They vary in the effort they make to verify the identify of people who submit keys, but in principle they could act as Notary Publics by affirming the identities persons whose public keys they provide. Finally, you can get a person's public key directly from that person.
You can change the secret password for your private key. You cannot change your private key without also changing your public key.
Whether someone can read or copy your private key easily depends on your operating system. If you are using Windows 95 or a Macintosh computer, anyone with physical access to your computer can copy it. If you are using a UNIX variant, anyone with "root" access can copy it.
As noted above, it is very important to keep your private key to yourself. Once digital signatures become standard, it will be very difficult to prove that you did not sign a document if someone gets access to your private key. Unlike a handwritten signature, there is no way to distinguish a forgery from a legitimate digital signature when both are created from the same private key.
You are most likely to encounter certificates of authority when you use a Web browser. The Netscape and Microsoft browsers come with a built-in list of generally accepted third parties. If you encounter a certificate signed by an unknown third party, these browsers will notify you of the fact. Netscape will offer to let you accept the authority; Microsoft's browser will not. As a general rule, you should not accept a certificate of authority unless you are certain that you can trust it. An example of the latter would be on an organizational "Intranet" when you own organization issues the Certificate of Authority.
As noted previously, secret keys are much more secure than public-private key pairs of the same length. The author of PGP estimates that the computation time needed to exhaust all the possible 128-bit keys in the IDEA cipher (a particularly good secret key algorithm) would equal the factoring workload to crack a 3100-bit RSA key, which is quite a bit bigger than the 1024-bit RSA key size that most people use for high security applications.
The key lengths of "40" and "128" refer to secret keys used in Web browsers. Because of U.S. Government regulations, software capable of handling 128-bit keys may not be exported from the U.S. except to Canada without special permission.
The key lengths of "512", "1024", "2048", and larger refer to public-private key pairs used with PGP and similar programs for strong encryption. These programs may also not be exported from the U.S., but functionally equivalent versions have been created and are readily available anywhere in the world.
The Data Encryption Standard, DES, is a national standard, adopted in 1977. Use of DES is mandatory in most Federal agencies, except the military. DES is very widely used in the private sector, as well. Interbank wire transfers, Visa transactions, medical and financial records, and organizational financial data are some of the many things secured against prying eyes or against modification by DES.
In 1998, the DES encryption algorithm was broken in less than 4 months by a brute force search. The solution was found using approximately 78,000 computers, mostly ordinary personal computers, over the Internet. In fact, the winning key was found on a 90MHz Pentium computer with 16 megabytes of memory.The fact that an informal hodge-podge of amateurs could break this key is important because a major company and cetainly a sovereign country could easily duplicate the computing power that was used. In 1999, a specially-designed computer chip was reported that cracks DES keys even more quickly than general-purpose computers do.
Fortunately, the difficulty in breaking a secret key doubles for each additional binary bit in its length. Thus, using current computer technology, the 128-bit key used in "domestic" versions of Netscape and Internet Explorer are still secure. The thought that a single disgruntled employee with a packet sniffer and a 300 MHz Pentium could decrypt a "secure" 40-bit Web session in 4 months, however, should disturb anyone who transmits high-value information over the Web. Some cryptographers have gone so far as to characterize 40-bit keys as insecure for this reason.
As you review these numbers, remember that it is relatively easy to create arrays of 50,000 to 100,000 computers that work in parallel. An array of 100,000 computers, each with a 300MHz Pentium chip, would solve the problem 100,000 times more quickly. Such an array could break a 1,024-bit key in 100 years. This sounds fine until you remember how rapidly computer technology is advancing, and that special chips for breaking keys can also be constructed that can work much more rapidly. For encrypting important messages, therefore, some people favor using 2,048-bit keys.
|Time required for one 300MHz Pentium (300 MIPS) to break a key whose length is specified in bits|
|Bits||Low (years)||High (years)|
Every computer on the Internet has a specific number associated with it. This number can be thought of as its "telephone number" because no other computer on the entire world-wide Internet has the same number. The number is called its "IP address". In contrast to actual telephone numbers, the IP address of a computer can change. In particular, when a computer connects over a telephone line, it often receives a different IP address every time a connection is established. However, the IP address does not change as long as the computer remains connected.
The information on the Internet travels along the same generic path, although there are a multitude of variations in the details of the path. The information is first packaged by the operating system into packets of a specific format. Each packet is labeled with the IP address of the computer where the packet is created, the IP address of the computer where the packet is supposed to go, and some information about what kind of data the packet contains (e.g., Web data versus file transfer data). None of this information is encrypted.
Each packet is sent to a routing computer, or a router. The router is programmed to recognize whether the packet should go to one of the computers connected to it, or whether it should be passed along to another router that is connected to a different group of computers. Eventually, packets finds their way to the destination IP address, where they are sorted into the proper order and reassembled into the information format that resided on the originating computer.
Packet sniffers are computers that listen to every packet that passes by them. Usually, computers look only a packets that are directed to them. "Sniffer" computers listen to all packets. It is possible to write software that will screen the enormous number of packets that pass by in a day, to pick out the few with information that a cracker would like to have: passwords, account names, perhaps email messages. Sniffer computers are not detectable except by examining physically every connection to the network. A determined intruder or a disgruntled employee can use equipment that is nearly impossible to detect even by physical examination.
One way to make an intranet secure is to place a firewall computer between it and the Internet. The firewall computer has two network cards and two sets of IP addresses. The protected computers are behind the firewall. Their IP addresses are secret from the Internet, and computers outside the firewall cannot send packets to them and cannot "sniff" packets that they send. When the protected computers need an Internet connection, they open connections to the firewall computer which, in turn, opens connections to the Internet. Packets can then pass back and forth between the Internet and the protected computers. Depending on the specific method used, the firewall computer can allow only certain kinds of packets to pass (such as Web packets) but not others (such as telnet, or login, sessions).
The remaining operating systems can be divided into two groups: those that started as single-user operating systems, and those designed to allow multiple users to work on one machine. The single-user operating systems are Windows 95 and the Macintosh operating systems. The multi-user operating systems are the UNIX variations and Windows NT.
In general, the single-user operating systems are very easy to use but offer little or no data security. The multi-user operating systems offer considerable security when they are set up correctly, but because they are so capable, they are also subject to having "bugs" or "loopholes" that crackers can use to break into them.
Web servers sometimes are capable of encrypting ("scrambling") the data they send out and decrypting the data they receive. All modern browsers have this capability, but not all servers do. When you connect to a secure server, you will see a special symbol on the browser change. On Netscape 4, for example, the image of the lock in the lower left hand corner will change from an open position to a closed position. When you are using a secure link, all communications between your browser and the server are encypted.
There are two levels of security: 40-bit and 128-bit. As we discussed before, the term "40-bit security" is misleading and you should not use this level for important communications. The "128-bit" level of security is satisfactory for the next few years at least.
This situation is likely quite common, and should be investigated by all physicians whose professional reputations depend on network security. Possible solutions include card-based encryption at the computer terminal, which would require a physical token (e.g., credit-card sized card ith a built-in microchip containing a unique secret encryption code) or public key-private key encryption, together with digital signature generation.
The word cracker is derived from criminal hacker.
Crackers are people who are skilled in the art of breaking into computer systems and who like to do so even though it is a crime. Usually only large organizations are targets of crackers, perhaps because only they are connected to the Internet for long periods of time. If your office computer is connected directly to the Internet for any period of time, however, it too could become a target.
A favorite method used by crackers is "social engineering". This method relies on weaknesses in the target organization that allow an outsider to obtain account information and passwords. One famous story describes the Pentagon security consultant who broke into a top-secret computer system in 15 minutes. How? He called up the office responsible for passwords for the system and convinced the clerk who answered that he was an authorized high-ranking officer who had forgotten his password. He thus obtained the (real) officer's account, password, and access to secret information. The equivalent in your office might be the cracker who calls your secretary, tells him/her that he/she is a consultant for the office database, and that "the Doctor told me to fix the problem right now!".
Another favorite method is cracking passwords. Passwords are stored on hard disks in encrypted format. However, most people choose passwords that are easy to guess, such as proper names and plain English words. If a cracker can get a copy of the encrypted passwords on one of your computers by one method or another, he/she can use programs that are readily available to crack them. These programs guess passwords by trying hundreds of thousands of common words to see whether the encrypted version of one will match an encrypted password on your computer. If so, the cracker can log in and have all the system privileges that the legitimate account user has.
The easiest way to neutralize the threat from the Internet is to separate the computer used for Internet access from the computer(s) that contain information that is important in any way. Other ways are less perfect, and include firewalls and operating systems that are built with security in mind. If you are in this situation, you would be well advised to consult a network security specialist. This method does not protect your systems from people who have physical access to them, such as salespeople, cleaning personnel, and disgruntled employees.
You should also require that you and your staff choose passwords that are hard to guess: at least 8 characters that are not proper words and preferably include numbers or punctuation inside them. For example, you could think of the memorable phrase, "This is a GREAT password." You can then contract it into "TIA!G!PD", which would be hard for current password cracking programs to guess. It is also important to train your staff to insist that no one look while they type their passwords. This simple principle is often forgotten.
Java Applets and ActiveX Controls are two different ways for a web site to run a program on your computer. This is an attractive feature because it increases the power of the Web. For example, a site could make available a little program that estimates the risk of significant cardiovascular disease given the values of several risk factors. Running the program on your computer would be much faster than sending the data back to the Web server and then running the program on its computer.
Many types of computers are connected to the Internet. Java Applets and ActiveX Controls were written so that they can run on all of them. This is important because it eases the task of writing such "machine-indepent" programs considerably.
Unfortunately, some individuals have taken advantage of the power of such programs, and have created malicious programs. Sometimes there are errors in the programs that inadvertantly can cause damage to the user's computer. The two new languages have taken two different approaches to these problems. Briefly, Java (Sun Microsystems, Inc.) limits the power available to the program. ActiveX, developed by Microsoft, relies on the user to verify that the ActiveX control came from a reliable source, but it does not protect against errors in the programs. Java has developed a method based on digital signatures that allows specific programs to have more power. It is unclear whether ActiveX can be made intrinsically safe under Windows 95. Commercial programs are available that protect user computers against malicious and inadvertently dangerous behavior by both Java and ActiveX programs.
Threat: The Microsoft Word email you just received has an attached macro. Because you did not disable automatic execution of mail macros, this macro is executed when you look at the mail. It erases files from your hard disk.
Viruses appear at the rate of hundreds per month. They are created from toolkits that are available on the Web, for reasons best understood by their authors. They can be programmed to do anything that you can do your your machine, including erasing essential files. They almost always are programmed to make copies of themselves in your software so that, after you recover from the damage they cause, they can spread to other computers when you transfer files from your computer. Viruses are activated when they are run as programs. They cannot do any damage until they are run as programs. They are often recognized by specialized programs called "Virus checkers".
Macros are sets of instructions to specialized programs such as word processors or spreadsheets. Some of these programs allow their macros to do very powerful operations such as erasing files. This freedom allows malicious macros to do great damage. Fortunately, the current versions of these programs allow you control macro operations.
You can choose from the following approaches to protect yourself, starting with the most secure approach.
This approach is suitable only for people who are very familiar with computer software. The rest of the approaches in this list assume you are using Windows 95 or Windows NT.
Or, set up a separate computer for Internet activities. That way, your main computer will not be connected to the Internet and will be protected. Never copy programs from the separate computer to your main computer.
This set of five programs does not protect against hostile Java applets or ActiveX controls. It should therefore be used with one of the other two packages. It provides virus scanning for files on your disk and files as you download them from the Internet, a backup facility you can use to make routine copies of your hard disk, a firewall facility for small networks, and two non-PGP encryption modules (one for your disk and one for your local area network). Make sure you get Version 2.0 or higher to avoid a bug that interferes with the TCP/IP stack in Windows 95. Estimated street price: $100.
This program protects agains hostile Java applets and ActiveX controls. It allows you to download them, but isolates them in a safe area and does not allow them to do anything malicious. It also will protect your computer from packets originating from computers at unwanted IP addresses. It allows you to configure it to perform its duties the way you want. Estimated street price: $70.
This program is the latest in a series from the first company to make this kind of protection software. Unlike eSafe Protect, it prevents you from downloading dangerous Java applets and ActiveX controls. You can configure it to define what you want to consider "dangerous" behavior. This program may be a hindrance until you configure it to meet your needs. Estimated street price: $120.
Some Windows programs include "encryption" features. Programs that crack the passwords of these encryption schemes are posted on Web sites that specialize in security (on both sides of the question!). If you have serious information, it is much better to encrypt it with a strong encryption algorithm.
As discussed above, you may be able to use a secret password algorithm quite well. If you need public key-private key encryption, the best packages use the RSA or Diffie-Hellman algorithms. For the user who is not a computer software expert, the best choice is PGP (www.pgp.com). As noted below, the PGP product integrates with the freeware product Eudora Light, and is also available as freeware for noncommercial individual use.
When you send electronic mail (email), your machine often transmits the message to its destination machine through intermediate machines, which make copies of your message. Anyone with access to the copies can read your mail, even if you and the recipient delete the messages from your own machines.
The best response to this threat is to encrypt the message, preferably with PGP, before you send it. The message will then appear to be gibberish to anyone who tries to read it without decrypting it first.
Email with strong encryption is available for individuals in the combination of the free Eudora Light package, by QUALCOMM, Inc., San Diego CA, and the free PGPfreeware package by Network Associates, Inc., Santa Clara CA. Both packages are available at reasonable prices for commercial use. The latter package is export-controlled, and so is available only to computers located with the United States and Canada. This package, available for Windows and for the Macintosh, allows the user to encrypt both email and files on his/her hard disk with the PGP implementation of strong encryption. The maximum key length is 4096 bits, which should be sufficient for protecting information for the forseeable future. It is important, of course, not to forget your password! You can also encypt your message with PGP with a stand-alone PGP implementation before you mail it with your current email program.
The good news about Web browsers is that the 128-bit versions are reasonably secure. When you send confidential information, make sure that the URL starts with https, not http, and make sure that the security icon is set to secure mode. Finally, check your browser's security information to make sure it is capable of 128-bit encryption (not just 40-bit, which is insecure).
The nature of the security flaws is that they allow the Web server to get a copy of your login name and password file. Your password is encrypted in the password file, but apparently it doesn't take long for a modern computer to break a Windows password. The site reporting this flaw estimates any 14-character Microsoft Strong password can be broken in less than 14 days.
The take-home message is that your Web browser may be compromising your security. Since neither major vendor has released source code for its current browsers (although Netscape has released source code for a predecessor of its current browsers), there is no way to know for certain to what extent either browser allows unauthorized access to your machine.
One simple step you can take is not to use a Web browser for electronic mail. You are then free to put nonsense in the browser's Identify information (name, email address, home page, etc.). If a Web site gets access to the nonsensical information, you have lost nothing.
Cookies do, unfortunately, threaten your security because they let unscrupulous people track where you have been on the Web. This information is already being used to tailor the ads you receive to the interests you have demonstrated by visiting other Web sites. By itself, of course, this is simply targeting marketing, which many consumers find quite useful. But you should be aware it is happening.
If you don't want your Web browsing to be tracked, you can go through a proxy service such as www.anonymizer.com. These sites mask the identity of your computer so that the computers you visit cannot tell who you are or where your computer is located (its IP address). The Anonymizer (www.anonymizer.com) service is provided free, but there is a delay when you visit other sites through it. For a modest fee (currently $15 for 3 months), you can have the same service without the delay in viewing pages.
Legal threats also can involve cookies. There is at least one instance of legal demands for the cookie files of a defendant in a law suit. Since this file, the history files, document and image caches, and other Web browser files contain details of which sites have been visited and which newsgroups have been accessed, they may prove to be legitimate targets of legal discovery proceedings.
One approach, which is known to work with a UNIX version of Netscape, is to start up two copies of Netscape independent of each other. The second copy will not write to at least some of the files mentioned above. This approach does not appear to work with Windows 95.
One approach to this problem is to delete all these files every time you exit from the browser. You can do this by hand or with commercial products. This author has not used these products, but they have received favorable reviews in a trade journal [Finnie97]. This approach guarantees that there are no records of how you used the browser.
The products are:
Several cookie managers are available. This author has not used any of them, but the products and the companies that make them have received favorable reviews in trade journals [Finnie97].
Threat: Using the techniques described in this talk, you use the PGP program with a highly secure key to sign an important document with your digital signature. This signature guarantees mathematically that the document has not been altered since it was signed, and that you signed it. Unfortunately, you revealed the password to your private key to an associate, thinking that the private key itself was hidden. It wasn't. Now your associate can sign your signature. You get to prove that you didn't sign the document that transfers important assets to the associate. (This is an example of the "social engineering" weakness in security procedures.)
Unfortunately, you cannot use technology to protect yourself when you trust a person or group which then is corrupted (or corrupt to begin with). You should be as careful as possible with personal information. There is a growing civil rights movement on the issue of personal privacy, but as yet it has been ineffective in preventing large organizations from acquiring and using personal information to their own ends.
This widespread sharing of patient information among insurers/payors is currently legal, and is subject to few if any protections under the law for patients, providers, and hospitals [Slack97]. Numerous abuses of access to these records have been documented [Woodward95].
All of the available operating systems are proprietary (their source code is a trade secret) except for Linux, a UNIX variant. The advantage of proprietary systems (and individual programs) is that a single organization is available to fix problems, train users, and make improvements. The disadvantage is that, for a given operating system or program, there is no competition.
The advantages of source code availability include: