As more business systems migrate towards the Internet, strong security becomes essential, particularly for firms that provide remote access, or access for customers or suppliers, via the Web.
Organisations need to be able to send, receive and store sensitive data without it falling into the wrong hands. Eavesdropping can compromise the privacy of data in transit, and eavesdropping on the Internet is often impossible to prevent or even detect. Therefore cryptography is the only option to ensure the privacy of data while it is transit on the Net.
Encryption is also occasionally used to prevent unauthorised access to stored data, although this can have shortcomings. There are often alternative ways for prying eyes to gain access to stored data without manipulating encrypted data. For example, by monitoring print jobs or email, neither of which are normally encrypted; or simply by persuading somebody to reveal the information. Once an encryption key becomes known to others then the security dependent on that key is uncertain.
Though there are cryptographic algorithms that have proved to be unbreakable so far, simply using cryptography does not guarantee the security of a system.
Authentic solutions
Clearly, IT managers need to proceed with caution, particularly as certain vendors of cryptographic systems have tried to shift from the use of cryptography to prevent eavesdropping to the use of encryption to underpin authentication, integrity and non-repudiation. Although cryptography can play an important role in these tasks, the security of an application is only as strong as its weakest link, and often this is not the actual encryption algorithm.
For example, asymmetric keys are vulnerable to third parties impersonating others and substituting their own public keys. Therefore the security of a public key infrastructure (PKI) can be compromised by virus-like software running on the user's PC that can perform this type of interception. It follows that a PKI can only be relied on if there is no possibility of unauthorised software operating on the device used to sign documents. While this may be possible with sealed, tamper-proof devices sometimes used for code signing, experience shows that this is not true for desktop PCs where users can install software such as applications or browser plug-ins.
Systems are not necessarily secure simply because encryption is used. Organisations should produce security assessments that model the entire system and the threats to it. Ideally, the model should include costs associated with each threat and each proposed countermeasure, so that the cost-effectiveness of countermeasures can also be assessed. There is little point in buying sophisticated security systems if they can be bypassed simply by offering an IT manager a new job. Unfortunately, the easiest way of compromising cryptographic security is generally to fool, bribe, seduce or threaten key holders, or take advantage of their carelessness in storing or handling keys. This problem can be minimised by training and using need-to know policies for information distribution.
There may be benefits in developing security systems gradually, rather than relying on a single monolithic security system. For example, the security model for remote access will need significant updating if an organisation replaces a remote access server with a virtual private network (VPN) system.
Even upgrading to a new version of software can affect the security of systems. Writing software containing cryptographic algorithms is a complex and difficult task requiring detailed understanding of involved mathematical procedures. The software for the surrounding infrastructure, including applications, communications protocols and even the mathematical primitives used for encryption, can all compromise an otherwise secure encryption method.
Experts therefore recommend that encryption algorithms should be open to specialist inspection and peer review and should, where possible, be algorithms already known to be sound. IT managers may put their companies at risk if they install packages where the ciphers are secret and proprietary or where the infrastructure closely associated with the cryptographic mechanisms is not fully open for inspection.
Where software updates are likely, experts recommend a development strategy that involves reviewing and refining existing security systems rather than largely replacing them. This is the most practical way to manage the software bugs that could occur.
