Fact of the week
In 2000, RSA securities web site was defaced by crackers, in what could have been a serious embarrassment for the well known security company. The crackers did not crack RSA's systems, however, but performed a spoof by attacking a DNS server "upstream" of RSA's domain. This shows how critical the problem of dependency is in security, and that security is not just the concern of those who have secrets to keep. It is a problem for society at large,
Using the same prime number methods used by RSA, the Diffie-Hellmann key exchange algorithm offers a way of constructing a key at two separated locations, without actually sending the key over the network. This key exchange algorithm is central to many high security schemes.
The problem with the SMTP E-mail protocol, as implemented on many systems, is that it cannot handle non-ASCII data. This makes encryption or transmission of multi-media data files difficult. This is the reason for MIME (multi-purpose internet mail extension) attachments, which reencode data in ASCII symbols (like Unix uuencode/uudecode). Encryption systems for E-mail must therefore convert the data into an ASCII printable format.
Email content can be encrypted manually with PGP. A secure version of MIME (for transport of multimedia extensions), called S/MIME allows encryption and use of digital signatures.
SSL and TLS use public/private key methods to establish communications, security capabilities, and establish a session key. The protocol then authenticates both parties and negotiates a cheaper encryption algorithm and message digest to sign the message. Thereafter the cheaper encryption scheme is used, (e.g. 3DES,IDEA,RC4 etc).
SSL is designed to be a drop-in replacement for standard socket communication, easily implemented, with minimal investment on the part of the programmer. Roughly speaking, one simple replaces some system calls with library functions from SSL and the encryption should be transparent.
SET makes use of a trusted third party certificate organization, who keep a database of user certificates for verification, similar to the registration of SSL sites by Verisign.
The SET model uses a system of dual signatures to maximize privacy. The merchant does not need to know a customer's credit card details; the bank does not need to know the details of the goods ordered from the merchant. Separate hashes are used for each part of the message. These signatures need to be combined, so that payment and goods-transaction are connected. However, they are combined in such a way that only the bank can verify its part of the signature and only the merchant can verify its part of the signature.
One of the problems with TCP/IP security is that passwords and other information are often sent in clear text (unencrypted) so that eavesdroppers could `sniff' the net and pick up the data.
A secure virtual private network (VPN) is an encrypted link between hosts, which acts as a tunnel or `armoured pipe' between a remote location and a service provider. There are many technical solutions to this problem, most are based on RSA style encryption, like ssh.
Secure DNS attempts to guarantee the authenticity of the DNS records, to avoid the problem of spoofing. RFC 2535. It does not attempt to provide privacy for lookups (after all, the database is public knowledge), only integrity. It is a design principle that all users should obtain the same information when making the same lookup, i.e. that spoofing should be impossible.
DNS is probably the largest distributed database in existence. The problem of implementing a secure service, with updates and distribution all around the world, is a formidable one and the system is still being tested.