Technical approaches to Thwart computer fraud
1 Need for Data Security
Computer crimes and information theft have become a serious problem [12, 15, 35]. The general public is quite aware of it. The newspapers and TV stations report about it under a number of fancy names: wiretapping, computer hacking, trapdoor, salamis, data diddling, leakage, masquerading, Trojan horse, virus, worm, bacterium, time bomb, inference, superzapping, scavenging, spoofing, impersonation, piggybacking, software piracy, .... The recent spread of computer viruses has been quite alarming. Although it is difficult to estimate the losses it entails, the technical feasibility of many attacks is without any doubt [12, 15, 35]. Recently computer fraud has been prosecuted in some European countries with the traditional laws and offenders have been sentenced to jail. However it is far better to make computer crimes infeasible by technical means. Cryptography is the science of techniques which make data unintelligible and unmodifiable by outsiders (without detection) and still accessible or verifiable by the legitimate receiver. It has been called by a leading expert in computer security, D. Parker [15] ~The premier safeguard against computer crime". Indeed although it is not so easy to implement, cryptography is always an essential element in a comprehensive protection against all these attacks.
2 State of the Art in Cryptography
The basic concept of cryptography (see Fig. 1) is to use a key in order to convert or encrypt the cleattext into the ciphertext so that the intended receiver can with his key and the algorithm obtain the clea~text. It should be c~i~cult for the eavesdropper who has no access to the key of the receiver to obtain the cleartext from the ciphertext. This privacy protection should not be dependent on the fact that the algorithm is secret or public (Kerckhoffs' assumption) in the same way as the safety of a mechanical lock is not dependent on the mechanism but on the key. In the symmetric or traditional cryptography the keys 1 and 2 of sender and receiver are secret and are the same. Hence it is clear that in a network of about 1000 users one has the burden of the secure exchange of about half a million keys. In the public key or asymmetric algorithms key 1 is different from key 2 and the intended receiver can make his key 1 public for all those who want to send him messages and keep his key 2 secret in order to decrypt his messages. Hence privacy protection of a network with 1000 users only requires the authenticated transmission of lfl00 keys of type 1.
decryption is often too slow. Then the solution is a hybrid system, i.e., one can use RSA for key exchange and afterwards use a fast algorithm like DES for information exchange. For another public key algorithm, based on the discrete logarithm problem, one claims [4] to be able to achieve faster rates at the same security level; during the last years the elliptic curve based algorithms received wide attention. The knapsack algorithm on the other hand is very fast and is very easy to implement. However almost all research has been discontinued, because most of the versions have been broken [71. The B-Crypt of British Telecom is another interesting algorithm. However it is not clear whether the fact that this algorithm is secret, will limit its use. Moreover chipcards are very convenient and important in cryptographic applications and electronic payment (electronic checkbook, electronic purse, telebanking, access control ...). Extensive experiments have been performed in France (Lyon, Blois, and Caen, 1979-1984), Norway, Italy. It is now used in the Belgian TRASEC system for the electronic transmission of financial transactions between the customers and the banks. Many countries and companies have extensive plans for using the chip card (Japan, Mastercard, VISA, OSIS/Teletrust). For further details the reader is referred to the conferences on chipcards (Smart card 2000 Vienna 1987, Amsterdam 1989). Several standards have been very useful [i, 10] like ANSI X9.9-1982 (revised in 1986), "Financial Institution Message Authentication" [2] and ANSI X9.17-1985, "Financial Institution Key Management (Wholesale)" [3]. Many other standardization efforts are underway (CCITT, OSI, ECMA ...) [17]. In addition it is worth mentioning important developments in the US. Under the commercial COMSEC (Communications Security) Endorsement Program (CCEP) offered by the National Security Agency (NSA) some selected US companies are developing highly secure encryption products [1, 12, 23, 26] based on secret algorithms. Also Secure Telephone Units (STU) are marketed in the US [12, 1] at reasonable prices (around at 2000 $ a piece). The Kerberos authentication system [5] is becoming very popular to protect open networks (it was incorporated into OSF's DCE). More recently the US government has proposed the digital signature standard (DSS) and the corresponding secure hash standard (SHS) for the electronic verification of the integrity and the source of unclassified information [18, 35]. In addition the "clipper chip" has been put forward for concealment within the US. It contains the secret "skipjack" algorithm, that is a 64-bit block cipher with an 80-bit key. The chip has the specific property that it reveals the secret key encrypted under a master key. This master key is stored in a secure place (divided over two or more escrow agencies), and can be obtained with a warrant that authorizes a line tap. The skipjack is a secret algorithm and hence cannot be subject to a public scrutiny which opens a debate about their strength and the existence of trapdoors. Moreover this chip can only be produced within the US; it might be allowed to use it outside the US. Industrial software products for computers and network security that often have been evaluated by the American National Computer Security Center 25 are SCOMP (Honeywell), RACF (IBM), ACF2 (SKK), Panoramics, Top Secret (CA), ...[1]. It is often argued at the management level that security is an expensive way to degrade a computer system. However the professional attitude is that security is a management tool which is effective in controlling the use, i.e., the availability, the integrity, and the confidentiality of data. A global security policy should be devised including the culture, the standards, and the procedures, with specific regulations on hardware, software, communications, environment, personnel, contingency, and disaster recovery.
Until 1970 cryptography was mainly pushed by the military and diplomatic needs. The cryptographic techniques used in these domains are not suited for the actual intense and widespread commercial applications. Indeed, either the algorithms are secret, which impedes standardization, or the techniques are too bulky and involved. Since 1970 gradually a different set of algorithms, chips, and electronic equipment has been developed which are called commercial cryptography. Only in recent years there has been an intensive use of these techniques and the market still needs more. It is estimated that this market grows by 20% each year. An important element in commercial cryptography is that public evaluation and reporting is a vital part of the mechanism (see Fig. 2). Each year at least two international conferences are organized on cryptography (Crypto in the US, Eurocrypt in Europe, and recently also Auscrypt in Australia and Asiacrypt in Asia), and several others are involved with data and computer security (Carnahan, ESORICS, National Computer Security Conference, IEEE symposium on Security and Privacy, Securicom ... ). Moreover since 1988 a journal, called the Journal of Cryptology, is published. A nice survey of the state of the art on cryptography was published in the May 1988 issue of IEEE proceedings [24]. It was extended an updated into a book [25] in 1991. The fact that many algorithms have been broken in the past few years emphasizes the need for the public evaluation. Although there are currently quite a few algorithms at the initial phases of evaluation, only DES and RSA have reached the mature phases [7, 8, 26], where standardization and commercialization is reached or still continuing. Research in cryptography deals with new methods, protocols, algorithms, and systems. Recently much attention was devoted to zero knowledge protocols, electronic cash, signatures, pseudo-randomness, number theory, smart cards, networks .... Concerning the security of DES there is a rather general consensus [13] among the cryptographic researchers that it is an extremely good algorithm with an unfortunately small key of 56 bits. Hence it is best used in a multi-encryption scheme (triple encryption with two keys) and with feedback modes instead of the electronic code book mode (ECB) in order to avoid exhaustive key searches and cryptographic attacks. This algorithm is in very wide use, especially in banking applications and has been accepted in a number of standards [1]. It has been reaffirmed by NBS for 5 years in 1987 [26]. The use of DES has been specified in ANSI and ISO/TC68 banking standards, but because of political reasons it is very unlikely that DES will be standardized in ISO/IEC SC27; within this committee it has been decided to register algorithms for confidentiality protection, rather than to standardize them [17]. The register will not guarantee the quality of the algorithm, and the entries in the register might be secret. The security of RSA is also considered to be very good. Today it requires about 1 day for a supercomputer to factor a number of 90 decimal digits with the best methods. It would take about 100,000 years to factor a number of 200 decimal digits. The factorization record (for products of two large primes) is now at 117 decimal digits. Hence keys of 300 decimal digits or more are considered to be secure for the next 5 to 10 years. However the speed of the encryption and decryption is often too slow. Then the solution is a hybrid system, i.e., one can use RSA for key exchange and afterwards use a fast algorithm like DES for information exchange. For another public key algorithm, based on the discrete logarithm problem, one claims [4] to be able to achieve faster rates at the same security level; during the last years the elliptic curve based algorithms received wide attention. The knapsack algorithm on the other hand is very fast and is very easy to implement. However almost all research has been discontinued, because most of the versions have been broken [71. The B-Crypt of British Telecom is another interesting algorithm. However it is not clear whether the fact that this algorithm is secret, will limit its use. Moreover chipcards are very convenient and important in cryptographic applications and electronic payment (electronic checkbook, electronic purse, telebanking, access control ...). Extensive experiments have been performed in France (Lyon, Blois, and Caen, 1979-1984), Norway, Italy. It is now used in the Belgian TRASEC system for the electronic transmission of financial transactions between the customers and the banks. Many countries and companies have extensive plans for using the chip card (Japan, Mastercard, VISA, OSIS/Teletrust). For further details the reader is referred to the conferences on chipcards (Smart card 2000 Vienna 1987, Amsterdam 1989). Several standards have been very useful [i, 10] like ANSI X9.9-1982 (revised in 1986), "Financial Institution Message Authentication" [2] and ANSI X9.17-1985, "Financial Institution Key Management (Wholesale)" [3]. Many other standardization efforts are underway (CCITT, OSI, ECMA ...) [17]. In addition it is worth mentioning important developments in the US. Under the commercial COMSEC (Communications Security) Endorsement Program (CCEP) offered by the National Security Agency (NSA) some selected US companies are developing highly secure encryption products [1, 12, 23, 26] based on secret algorithms. Also Secure Telephone Units (STU) are marketed in the US [12, 1] at reasonable prices (around at 2000 $ a piece). The Kerberos authentication system [5] is becoming very popular to protect open networks (it was incorporated into OSF's DCE). More recently the US government has proposed the digital signature standard (DSS) and the corresponding secure hash standard (SHS) for the electronic verification of the integrity and the source of unclassified information [18, 35]. In addition the "clipper chip" has been put forward for concealment within the US. It contains the secret "skipjack" algorithm, that is a 64-bit block cipher with an 80-bit key. The chip has the specific property that it reveals the secret key encrypted under a master key. This master key is stored in a secure place (divided over two or more escrow agencies), and can be obtained with a warrant that authorizes a line tap. The skipjack is a secret algorithm and hence cannot be subject to a public scrutiny which opens a debate about their strength and the existence of trapdoors. Moreover this chip can only be produced within the US; it might be allowed to use it outside the US. Industrial software products for computers and network security that often have been evaluated by the American National Computer Security Center 25 are SCOMP (Honeywell), RACF (IBM), ACF2 (SKK), Panoramics, Top Secret (CA), ...[1]. It is often argued at the management level that security is an expensive way to degrade a computer system. However the professional attitude is that security is a management tool which is effective in controlling the use, i.e., the availability, the integrity, and the confidentiality of data. A global security policy should be devised including the culture, the standards, and the procedures, with specific regulations on hardware, software, communications, environment, personnel, contingency, and disaster recovery.
3 The Worldwide Evolution of IT Security
It is now generally and worldwide acknowledged that security is an essential component in Information Technology (IT) and that IT plays an important role in almost all sectors of societies like those in the US, Japan, and Europe. In this context, IT security means [31]: confidentiality: information is only disclosed to those users who are authorised to have access to it; integrity: information is modified only by those users who have the right to do so; availability: information and other IT resources can be accessed by authorised users when needed.
Every IT system or product will have its own requirements for maintenance of confidentiality, integrity, and availability. In order to meet these requirements it will contain a number of security functions, covering, for example, areas such as access control, auditing, and error recovery. Appropriate confidence in these functions will be needed: in [31] this is referred to as assurance, whether it is confidence in the correctness of the security functions (both from the development and the operational points of view) or confidence in the effectiveness of those security functions. In response to these needs and requirements of the users a document called Trusted Computer System Evaluation Criteria (TSEC) [30], commonly know as the "Orange Book", has been published by the US government. This was followed by many other countries especially in Europe. The ITSEC document [31] has been drafted in order to harmonize and extend the criteria of France, Germany, the Netherlands, and the United Kingdom. The corresponding ITSEM document [32] specifies the evaluation procedure. When considered from the consumer side, there is a vast increase in personal computation resources in a broad spectrum of products. IC technology and VLSI will make these products even more performant and cheaper. Many of these products require on line transactions. Moreover the services are often mobile (the cellular radio, the personal communicator). From all this, one can easily infer an increase in the threats both in the strength and in the frequency. For example, mobile services can be easily intercepted.
Hence the market for IT security is expected to grow considerably in the coming years: trusted computer programs will be widespread and cryptography will be used on a wide scale in trusted computer systems. G. Simmons has put it very pointedly in one of his predictions for the nineties: "By the end of the decade (that sounds more modest than "the turn of the century"), virtually everyone will have and will routinely use a cryptographic-based identity and transaction identifier for everything from ATM's, point-of-scale transactions, access control (to the phone system, data banks, etc.) to voting. I don't think the identifier is apt to be a calculator-like object, but much more apt to be something one keeps and wears all the time: the 2001 version of the dog.tags I wore in the Army for nearly five years - with similar, but low-tech function. The key words in this prediction are "virtually everyone" and "routinely": there is no uncertainty in predictin# "many" and "for some purposes" or "occasionally". " A Japanese study [34] estimates that the Japanese market is between one tenth and one twentieth of that of the US. It is expected to grow each year by about 15% from now until 2010. In the 21st century the security industry should have established an invincible position and users should have firmly established security policies. This includes several relevant security industry segments like access control, cryptography, backup services [341 . On the other hand we should be careful not to howl with the wolves about computer crime. D. Parker [161 has recently debunked 17 myths that circulate among IT people and journalists. His main statements are the following: There are no valid figures for computer crime losses. It is not proven that computer crime is mostly caused by insiders, or is motivated by greed. Computer viruses are not a major threat. There are a great variety of mechanisms for information loss. Information in computers is not more vulnerable than spoken, printed or displayed information. Eavesdropping and tapping data wires is not such a common criminal activity. Although the incidence of business crime is diminishing with increasing use of computers, the loss per ease is increasing. The primary business confidentiality policy should be based on the need-to-withhold rather than on the need-to-know. Automatic dial back is not the best telephone access control. Authentications of identity should be based on very diverse items. Tiger team testing is dangerous, ineffective, inefficient, and unethical in a non-military environment. In addition to good controls and practices, people are essential in order to achieve effective information security. Quantitative risk assessment is unreliable. Increasing computer usage is improving personal privacy not destroying it. These statements should not be misinterpreted as if computer security is of no concern at all. In fact [35] computer viruses and network attacks are becoming more and more sophisticated and widespread. Both the number of viruses and the number of incidents keeps increasing but not exponentially as some researchers have predicted.
4 Evolution of IT Security in Europe
Most of the observations made in the previous section are of course also valid for Europe. In addition, there are a number of specific evolutions, rapid changes, and attitudes. First of all, there is a unified European market, which has now been combined with the opening of many East European countries. This new configuration opens unprecedented markets, and opportunities to cooperate and interact much more intensely. When this is combined with the generally good education in Eastern Europe, an intense economic growth is expected. However this euphoria has calmed down to some realism. By the end of 1992 the European Community has set up a unified European market of about 300 million customers. In view of this market integrated broadband communication (IBC) using fiber optics is planned for commercial use in 1995. This IBC will provide high speed channels (64 kbps, 2 Mbps and more) of image, voice, sound and data communications and will support a broad spectrum of services like telex, telefax, telephony, teletex, videotex, electronic mail, telenewspaper, teleconferencing, videoconferencing, cable TV, telebanking, teleshopping, home banking, EFT, POS, mobile telephony, paging, alarm service, directory services, etc. These services can be home based, office based, (private or public) manufacturing or mobile. They may include dialogue service or messaging or retrieval or a distribution service. It is clear that the majority of these services offered in future networks are crucially dependent on security. Also for the IT Security several European countries felt the need to harmonize the criteria [31]. This is certainly an important document both for the users and the manufacturers. When products and systems are evaluated against ITSEC criteria, system managers and system integrators have a quantifiable level of assurance for the selection of products and systems. However as explained in detail in the contribution of D.W. Roberts [22], ITSEC has some limitations. It does not deal with tamper resistant devices, and it does not describe accurately the effectiveness of the data security. Moreover the delay of certification implies that the computers are often outdated by the time they are certified. Last but not least the ITSEC criteria do not eliminate completely the need for trust of the consumer in the manufacturer. Let us also mention here that Europe has important initiatives at the network security level like the RACE project SESAME.
5 IT Security Issues and Conclusions
It is likely that the European market will harmonize and expand. Hence the European IT security criteria are likely to spread and extend. Hence one should expect on the market in the next five years an explosion of devices, systems, tokens, and other security products based on cryptography. One of the key issues here is to make a trade-off between three often conflicting demands: security, speed, and user-friendliness. Another problem is related to the procedure one 28 should adopt when a widely used algorithm like DES would be broken. Although some progress is made, there are also still important legislative obstacles between the European Countries which may impede internationM EFT. For example one country may allow EFT encryption, while others may only allow authentication [1, 20]. Although the European market will unify and even a common European currency is expected, Europe will still be marked by many different cultures and languages. How can information technology and its security be efficiently and effectively worked out so that a free flow of people and products can be supported ? Moreover since many services (like bank services) move closer to the users, how can IT support multilingual and multicultural services ? Most companies have products from several vendors. Hence it is not so obvious to implement a company wide security policy and to define the responsibilities. In addition it may be difficult to apply these principles in court. Here the differences between the legal systems in the different European countries may be a major bottleneck. For example in Belgium the hackers that entered the BISTEL government computer network were condemned because they were stealing electric energy, which is a rather weak argument from a technical point of view. Since cryptography is an essential element in a global security concept, what are the future developments we can expect in this area? (public key, zero knowledge protocols, anonymous payment, ...) It is hoped that the mutual strengths and needs of the users and manufacturers can be combined in order to provide secure systems for information technology in Europe. In the coming years, Europe is expected to move quickly and both the users and the manufacturers can greatly benefit from these opportunities if good communication is established and efforts are combined.