Application Development - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Application Development


The End-to-End Encryption Trend



 By: Peter Coffee
2003-01-27
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Application Development story.


  Table of Contents:
  1. The End-to-End Encryption Trend
  2. ' Under the Hood '

Rate This Article:
Poor Best
The End-to-End Encryption Trend
( Page 1 of 2 )

Defense in depth might make a system more secure, but it also takes power out of buyers' hands.Frustrated by the challenge of controlling access to enterprise assets, IT architects are embedding encryption at every layer of the stack. Theyre not just encrypting traffic between one perimeter and another but are also encrypting data repositories inside the perimeter—and even encrypting the flows of data between processors and other subsystems.

While we applaud the principle of defense in depth, eWEEK Labs sees more than trace contaminants of vendor self-interest in this trend. The resulting systems may be more secure—the devil, as always, is in the details of implementation—but they also tilt the balance of power from buyers toward closed-system suppliers and from content users toward more powerful providers.

Enterprises must understand the trade-offs thus created and may need to vote loudly—with their wallets and with their input to legislators and industry standards bodies—if they desire continued freedom to find an optimal mix of products in a competitive IT market.

In the second half of this year, as previously reported by eWeek, Transmeta Corp. will release Crusoe-family processors with on-chip accelerators for common encryption algorithms and with facilities for secure on-chip storage of keys and other sensitive data. This opens new doors to partnerships between hardware makers and application developers, along the lines suggested by Microsoft Corp.s Palladium and Intel Corp.s LaGrande initiatives, that could restrict machines to an approved slate of applications and enforce any number of use or access policies.

Its long been axiomatic that a computer is a byte pump: A program is a stream of bytes, decoded as instructions, while data is a stream of bytes that may mean anything at all. Battles royal have been fought over different encoding schemes for instructions, ranging from low-level machine code to the byte codes that are further translated by a "virtual machine" (for example, when programs are written in Smalltalk or Java).

Resource Library:

Other battles have been fought over data representation standards, ranging from ASCII text to the elaborate (and undisclosed) formats used by Autodesk Inc.s AutoCAD or Microsoft Word. Even so, although these schemes often go by the name of "code," that word is used in the sense of representation, not concealment.

In the same way that anyone with a soldering iron could once extend the range of operations performed by a computer, anyone with a debugger or other low-level software tool has been free to examine what one computer—or even one piece of a computer—was saying to another.

But that turns out to be a postulate, not an axiom, as the geometers might say. Just as one can devise geometries with no such thing as parallel lines, one can build computers on which theres no such thing as "free" software (defined by Richard Stallmans "free as in free speech, not as in free beer").

Software that could always be patched at the binary level, or modified in a more maintainable way with access to source code, could be on its way into the history books—along with medicines not approved by the Food and Drug Administration or airplanes not certified by the Federal Aviation Administration, to cite other technologies in which demand for safety took priority—with consequences of higher costs, fewer suppliers and a far more deliberate pace of innovation.

In an essay published last July, software engineer Adam Barr (author of the book "Proudly Serving My Corporate Masters: What I Learned in Ten Years as a Microsoft Programmer") sees the beginning of this path in a worthy goal: the desire to boot a PC securely from a network connection. Working on this problem in 1997, said Barr, he encountered the problem of securing the "boot loader": the first piece of software that a system runs, which must assure the security (by means such as cryptographic "code signing") of all subsequent modules.

"A clever hacker could corrupt the loader as it went by," Barr explained, "then have his modified loader bring up a version of the kernel that did not do the code signing check, and at that point all heck could break loose on the users machine (or, for the quick and dirty version, the corrupted loader could just format the hard drive and then stop)."

It soon became clear that the first secure link in the chain had to be embedded in BIOS hardware, a notion since formalized by Intel as Boot Integrity Services.

On general-purpose computers, that secure chain ends at the operating system, whose job then becomes the loading and execution of whatever applications a user may choose. Theres nothing but custom and expectation, though, to prevent that chain from extending into the domain of applications, as it does on game machines such as Microsofts Xbox or Sony Corp.s PlayStation.

Ironically, that extension of control may merely shift the battleground from the domain of technology to the domain of business process. If an accounting employee is transferred from receivables to payables, and if provisioning systems and procedures fail to revoke former privileges in the process of granting new ones, a classic opportunity for fraud arises—regardless of any restrictions that may exist on the applications that are allowed to run on a machine, or the configurations in which that machine can be placed. But the opportunity for software companies to enter the marketplace with innovations that promote good practices may be materially reduced by the need for a platform imprimatur.

If one is still looking for axioms, eWEEK Labs offers this: The concealment that results from end-to-end encryption, imposed by closed systems that are not subject to peer review, will inevitably be penetrated by attackers—whose attacks will then be camouflaged by that same concealment.

Buyers will pay the price at both ends, in higher costs both for what they buy and for figuring out how to protect what they own.

Technology Editor Peter Coffee can be reached at peter_coffee@ziffdavis.com.





  Reader Comments: The End-to-End Encryption Trend
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Application Development Articles          >>> More By Peter Coffee
 


x}r"9qļ9;E] mvnoOԸb ̜}y'SRݸ3m.))JRAH Ӟc,,Jg1ȥw&$!4i5*_2du%CFԲ>Hnw2'v53OL ~}@nF,wD!H/ԁT a@]2dW;s6!;LPOƾQ7;1LJ5bhq؂C< tWü#h5#@I.b(Ѻ;c(D?ϱL-:ۗ<7*E;38݉i/De)l$$*F8u/d;FVB z.Y^71Zpj9:N`QFdn ڭ`㹠H ~5a w\u#7J3q'"QcOj$ѡqLJ^tXF>D>8z vG09bqj9lfL nO%0֛; =ӧ^8ȢQ/!꟔Cbp`mFS *[F>2=hG'9tvlrԽiס>6µL}E-5Zwv@Z Nb}"*r@DXNfq"0i>Mmd~HyFFI?l|%RWrh9ɥ|2S ӘQ$!hIcF/XTU 6sҸ7^g7bٙXC ji@E$-_ٰ6KyG.:y!)|v.!5 P\68ڪV`Gk'^E[CYCa#˅f#1p96ԇZݏH|;9e"]L%ˍ ę>u܉ܿGɏaM<`~xAp 2Xc]vlYRX 4}G_HQ_'L\wP3Z$ߪ23]X MH:ƒ5Ŧ]`)edFSG8ř/\PP_΢;0jJTwAQb%wax<ψ*_\RC 1 p*^ۻʆYTV78;N?,7KDi,,ɺ35wi4w{Rh\:"UmRGstDAG6R^lzK$ 47P}HO:aI$7xؿ] s σ/>09޼*I t"v3G{l`ΌA3tNP"_G0u9؆\,_zv?8s,EeKJ/N)Hj`> ~XRW/p~W.Y 3DXVHdGf!zB{ݠX2\漂:- #M)b²#A@7ŭ`(mtfѸ+>q^7iԊv$iۈ5 Ͷڏbuk£I G۵i]ik#;$7BfjZaּFRXZKPD,@&}/XsezeM:ƽ7kX96q7Seuo }d2< N4R,9ڹe+ 9P87CJ$l'I*=sT-]~ouܱ퓟mЙS |x)̕>E XXԲmX*X[ sDd48, ,[b)#9C.Wc-gsSW7ڦwXSvoIq:/ V!P8H8bELmRǦE=BuϴӎW nVnoAdX,(9Up~6=2e]PT,Z_9cDzt̠:W$chS m p z p݆ sHl4$"Paa03]rEtqмUgPx4rMilwPq`* j3KI^-JYAp]x1*(S(i9 x /Oqח\M?; LZ7]|V*zCG>3AWKf~gVl^OavP#O%Loeؑ0t!GOȣCY vx MUm#ܚ 0(hE}舰⦉!O ԀH-VFl.|nN ;hJSIV0 5-" ? Y TkoӅݢk)D{~dW1S~FUMaf*k}\URShWyAP֫ל-"fdbDGs=8@5iM~'H-y Vx9y^%qfR+2yߙުVz=[WAҐ,4/Y3ipUU ҕӥg7Y^zΦ6b\hD8WGa4θ/@^(0ѢIK5(3nǍ+^:Ɔʢ"CW5o+ʗDŜ" G~B׌T:\. PU3yr=/W eP5u 2 t rOb.Um3~z&̩maAyk2$@ dk9+ NP&WrV>X+RL[>lu'gܫs$P"cr0>ZxGpX/owRqϰ6e$+TbǵN9:ˀ"UA ұg / O}gn 2,irNR“s{D&:,pz] Gߋ eRDR33խޛ5>AWXy*?*1⃪J2P*5-]-J_ 3i0FP|/yOP?o\,*\zI< D:HP Y| #"Є[چ ˕^W/o)ɡ$ | ( "58&?\w>^KvC_[ q߲gU=H3 r!C'$9Ĩ}/v2ϛWk^6Hk5.區  vN[iׯ?4ėd:5wBZͫu{Ofy TUs:TzF_j59πa5(F'[Q?6T+[Ě]fłB?RN3('@R`OH $#Λn9c[z_A@npz!NU ¯U,%$ke;2%K7:uNx=|ur /Uщk\^ $~1y*~y:~_dxL 5Bٲइg2 _IO:"$Ee"S`Aϭ,|j?!IZ7)o =%(Eɦ:@7djCJ T=K6z=O;?{( cl9A(c>P$=zZgen#ݒ>x,5'+2%)M'8TL PҶlO⴬y=!lVQ1 i(KiŽDlbTHJN׭_pVPt>+PwXbOiBhEg;y-.EU-VYÛK81 <}\9&YgtoJIbӝmiڣ,i;x; v<b'2Qf ,djoP' ;_Y.40{믞 ]Cd4WL_ P}4%hXl/4g3@ ?\:b^ )^ci ^U> jU3לJnLcB qXj8#vڕeaDr.J^HG3M!rz߸&K+=F]ge7oOm T2#|4KO$h̉;nV?qBΚ9l÷ړH7ɝt_ۃdNimơ8 zAl"$$YUղZU3$]d%s >& Yp2M3}h%3 ,яKni^h wG>g[1rzpmoOE>^q.E~(Ro!-\)s*Q#vދrQV^Z(\dDqDŷG o 14+ߙL,*z3]}v[vÏ9&< ,5ȥn4.ƛ; `#3Ȑ"+Q9MgH&2d` @F8T8x<|wgLll4!R"ШdLp٢p2;mP\>m`! ܭò';;'Q,\ac•㢤b+SX{]UJn֠w.sZlX 847軫ՊZTءPطMˬ "1ar9 IJv̊ @/^,|n#߶ԓ.;*]9&i=/= &DŽIg͎T*, ~/Ā Pr T@%u%#2"=O02W-OBE)֟Z8|X{^JjmN_ i/E|eB1.:-<*IAL\`TtOsE'%aD9)_V5aDp:a$ū*qY=kiE]!ӻmIxBt$JKBA-)Z>"8$ "e38_=wqmrI<"(y~ ש7ӥ7gR^-[x43f̩ZRI[v<s=n -ǫZOWAwyȪ=H+)N?δ{܍3CHwrL:vATERA& 0B҅'UsL28"B NE/;KȦ MɆF5aW tޓ:V4푅L9iRډVh`+$l,Z!"Z5X=^iW.=Mq⾫{>qd_yRWcD/Ujlv%)kn߰Z ΫQGܦ65EIKVM|p]Էؔ="x:yyyy?¼Ƿ0o^D[E>ٸA 9PIO̞0 $()yŋlu,ӛJJ%_cm5pLx [  Z&H? g-l_]֊6]/K@ّ_ŲR]ԛcUf@(f%\fF$NO:wדԜ/Pe0,%^: A\KfYc+a|mx{>j#a^ZD8+I-`*PI_JQ̾uwsR4-[/s0 EF&"_8|&~B߳PR{VIŌɷ'%S`=LRp@i/lm[yʛ$L!WB_/dԞ\uG+qJ!Ń+}WpzRۓ.5B<0a &X+}F lˀjwk57@RӠT*EBUH{It4uHmsSzm%/!1yr&K=!Bn9^DU k>!2. 7#7#7#7#D#|mFm\x'Qw撪(RہԦ=/H.ub߅JڳLbr^Qw Db5Gx4mBPQ{w/m*\Op6xDNqI:jwZcEXg; N7`~i rhG$sOmؽ:g|t@__ڴoW\ӷ 9i.$6c%)!.GKt{RTm XD5 idRR۞mLtN5&~Svl]:ֶIkDeG*fkv mH|}[˨/'{[NA>vڅlw@, t?KE ˏ3(\C"C)Fv|:ߎzu7f@0sg[ׄ5T|/ 1ǿx6Go®0΀ёE<(F 5f5jNnedyi&I$5?hV2oO.` lj;6jYa̬jTs@VD^[K#˺tѵeorY/VBKWlr,ǹyfGc ~|2oO@05[QY' ZHgs9W`u 8c٘C@Jb uzs݅^9=:\ãC>İ(|sLY5~V/0K{~i; uSP7- ڎ'"-k;pO⯶&}}xz=Dw߁\hh "֐C s==,L;wTa1tq*{o~#H+) ~)$E;KD [ W> I7!W|^c9'BW{A @a}IޞYX$Qm LPӬO3O0Q_wna}{wL#ǔvTs*s6w\_Wf&CVH%E&! $|0JdU<:@'ٛ'"7R? |¾#⟎}ZGa+XWg~DCְjl`vM4#Hd$ |u4俸yD?S9E]1בI)8΅w{T*>4is(]ALa!-(-paIzŋJ&sψ$B9qyCIm$ 0Z1?V,gBx@ ,%>n"9wYaO`<ĒAG˸XFPxNqg6 b ^4}J16ǜSJRQ7s.19HvtEjbIAc2ķ>sa⻼RA5-09j+| HX#PZ<O?bXy ιmYM15цX50y,f|DZGa{{vυ%zW\A[bKw;ܬT nn:& ă%.*,1=,auv:"_Pv y #?tkmlM/ 7')3"4\Zh 0>85.VΕ灭oD/OY-kJI+UP]:e=˖ɵFZZۜ9]JVLѨ':g<~d䅂ϕ7tZ [Pу-#b r+>(BA!e+osŘ #`ζC0Uztc oUu6J>$>;3x0s{AN^ڂ96YlaNΜWHEoJ4\s ^/DJp -gwh~9~:Jbbg* ;KN:u0L}U-x[ihWwQf'1MaK|@M@&Ghs:2u\xG,Ř_ۆ JFV9 LvXR9.e7._Ōc\>eFK5mVR񗈫P0VD^`DU<11t'OjNTLO0Y]C3 } ($W|ۓQ7>6v 7A6pw2|S#U+%=zhp &̊XHst<:~.m;={LfRaO!'LvCRY `Oi$yLK1?]q EC `J>(ZlM=dY6F.}ڎܙ.aK>΃K29sK ˊ\X+ ߐwa:\k4uU-\n|I7w-t$rC!igoGW=0$yB~b C:. lnZwAれF <"m3uǸ\4145`AXv\Ncs\scDSabU *"&"f;GG4m|.΂R{D‡ȧN9zKqffY< D:GX (]`Edw@4G4(ϏB6DbKJDi$zs >G|̨?u@;0<(G]ĝ5]3~~2?ͫt6^a><=K֙S!jIQt#?wK{N2;Pq.1%Lj#sB4_ D0q鎶þ~>5GB ><Rh̘_[)%*uYԁk]j!v]]K ӺYT^F"?Ә\I LN]t/ PHZ wGPɺtP =b3bqOuvcVv[EuAzO{gnٹ"Vo?a[L|쏺WwN;:ͫFy.LVbv>N4mMƋB狸e A.Sr?XԞpi.$ /"cIJWZIx(b,6u{$#Evüfzu 6񏡓uұq Ϗxu;_99sΣ7~~m>T3%+UoE )njI窑*5/[@!_ kȿޞVJw ߞ88oA E ~>@?G=]671|?4R͔~[VZ;e~0vNoNON賝Bmv }"^Jɿ˔ARېNɇJ+JȟN|ȗ.G7>PR:~z0^{0^@=#a|R )7{B7MJ7@7)_$)ez ջqz~;<9M/dj)R(H_~Jˇ-EJ~SYQzvBEvS\ejOK"sԿw2~vRAiv:}иCJWX4fm=AF2h?)1sOºύh!su3nWνb2˭XѦ\~5~^9=U2̉CK=}6)$"%˜/ܻCz̈nR"/T-<!VSfq~@ a?mࡠǻ]?#i0.: 7X>ai'[vx3k[Սq@ AxaП 9!?&OpWp:xivRZBoJgU` }3OO`uqpt.,'t3%ުo{ɤi!nUmk/]'}'CFL,D~f&g uěxlWBޡ>W'oB~ %` LWx \Z=woLp*iBr6M b ه%?1-^< ]ǮlNzg^~2gI6۞,^6K %$I]w 2bA{ S‡tDi`W_GBbW ;&3U^. JS4&QX`F쭇P J$ `NHO-::6jdfk!̿F*r{Bd/P?Dp`wBhϑt(0hSqfF߯uh#7MXBÙz򼩉H Y8;{'{Qc]o\b96z.HwGSaOB D$%E '_! @=$J>7"32Q)֊_&gcǁ;yl>nwe&M=ʆ+RZI7? X) slncW|B{l[{Km`A8 I^R1&ڏ.L[Ggڦ1cbZ!qZ`ޓ5Z@<K*OC34`(F{c< D O 7x}6vl;5&4z0}n6~]f2KHG=KdM(IU`2{hFq:h WI ]L-  `y]zx@iV9H\*8f 4 vkf㿜7%;P?Ba1Tdx kyj#ţ3XW\2FP'J8Vw(lZ7HǶVQ ƶ2ڗ*iD1c7Ϗq``2;{4v/v0AmLȏ,l [d'].hzE# ء~!#_ŷ;pɂ 1>OxH>%B6QryѲXha$y9sKb4'jR+d/KUa{[+;TchGޘ',E1ԛc$(\dϺ0~ ux&Sǂ)wa+Ea2z(-f,1Fs *@]P&=`B4<5@TFE@ E7d!VĄ"L\Jfru3k Q [}&뇎ԌnB-br L$8 K3ol'/|A,T/$ ow2b%Ӟ$_yPOɅѯ,!ĊGNťju5̅s՗.f1w$k~Zyv<;j4wbh+ቲo gV:?CK;ΥI2FuͫN`*Xk8Ml\㍾cP1|TߛsӨZQ+ŜID#{oa['- ].IEɗs;g{v۹ VٱM*_d%rR R}&2eabf؄;!6BJkl{6 *