Seers and Craftspeople

Columnist Steve Bellovin discusses the need to judge new ideas more by their potential, and less by what they leave unsolved

Security as a Systems Property

How do we protect systems? The answer is straightforward: each component must be evaluated independently and protected as necessary. Beware the easy answers, such as deploying stronger encryption while ignoring vulnerable end points; that's too much like looking under the streetlamp for lost keys, not because they're likely to be there but because it's an easy place to search. Remember, too, that people and processes are system components as well, and often the weakest ones ”think about phishing, but also about legitimate emails that are structurally indistinguishable from phishing attacks. I'm not saying you should ignore one weakness because you can't afford to address another serious one” but in general, your defenses should be balanced. After that, of course, you have to evaluate the security of the entire system. Components interact, not always in benign ways, and there may be gaps you haven't filled

Unconventional Wisdom

We are told that passwords are evil. We are told to change our passwords frequently, and never, never to write them down. We are even told that if you work for most U.S. corporations, frequent password changes are required by law. How much of this is true, and how much is simply mythology? Remarkably enough, the conventional wisdom can be wrong on all of these points, even the first

Wiretapping the Net

To serve the needs of law enforcement while protecting privacy, the legal and technical approaches to Internet wiretapping must be reexamined

Report of the IAB Security Architecture Workshop

On 3-5 March 1997, the IAB held a security architecture workshop at Bell Labs in Murray Hill, NJ. We identified the core security components of the architecture, and specified several documents that need to be written. Most importantly, we agreed that security was not optional, and that it needed to be designed in from the beginning

Access Control Prefix Router Advertisement Option for IPv6

Some very low-end devices are expected to rely on address-based authentication, even though that is not a high-security mechanism. In particular, they may wish to permit access by "local" peers only, for some value of "local". This memo proposes a new Router Advertisement option to supply a list of privileged prefixes

A Technique for Counting NATted Hosts

There have been many attempts to measure how many hosts are on the Internet. Many of those end-points, however, are NAT boxes (Network Address Translators), and actually represent several different computers. We describe a technique for detecting NATs and counting the number of active hosts behind them. The technique is based on the observation that on many operating systems, the IP header's ID field is a simple counter. By suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined. Our implementation, tested on aggregated local trace data, demonstrates the feasibility (and limitations) of the scheme

Using Bloom Filters for Authenticated Yes/No Answers in the DNS

Some aspects of DNSSEC, such as NXDOMAIN error messages, require an authenticated answer. Producing this answer requires complex mechanisms, online storage of the zone's secret key, expensive online computations, or massive zone files. As an alternative, we propose storage of authenticated pointers to Bloom filters. This scheme provides large reductions in the size of, and computational expense to produce, partially-signed zone files

Pseudo-Network Drivers and Virtual Networks

Many operating systems have long had pseudo-teletypes, inter-process communication channels that provide terminal semantics on one end, and a smart server program on the other. We describe an analogous concept, pseudo-network drivers. One end of the driver appears to be a real network device, with the appropriate interface and semantics; data written to it goes to a program, however, rather than to a physical medium. Using this and some auxiliary mechanisms, we present a variety of applications, including system test, network monitoring, dial-up TCP/IP, and ways to both improve and subvert network security. Most notably, we show how pseudo-network devices can be used to create virtual networks and to provide encrypted communications capability. We describe two implementations, one using a conventional driver for socket-based systems, and one using stream pipes for System V

The Government and Cybersecurity

We all realize that computer security is a serious problem. But who should solve it? More precisely, who should be responsible for coping with computer insecurity—governments or the private sector? To some extent, the answer depends on how we view the problem. This installment of ClearText aims to get to the bottom of it