Inside risks: Cryptography, security, and the future

F rom email to cellular communications, from secure Web access to digital cash, cryptography is an essential part of today's information systems. Cryptography helps provide accountability, fairness, accuracy, and confidentiality. It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can protect your anonymity or prove your identity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. And in the future, as commerce and communications continue to move to computer networks, cryptography will become more and more vital. But the cryptography now on the market doesn't provide the level of security it advertises. Most systems are designed and implemented not by cryptographers, but by engineers who think cryptography is like any other computer technology. It's not. You can't make systems secure by tacking on cryptography as an afterthought. You have to know what you are doing every step of the way, from conception through installation. Billions of dollars are spent on computer security, and most of it is wasted on unsecure products. After all, weak cryptography looks the same on the shelf as strong cryptography. Two email encryption products may have almost the same user interface, yet one is secure while the other permits eavesdropping. A comparison chart may suggest two programs have similar features, although one has gaping security holes that the other doesn't. An experienced cryptographer can tell the difference. So can a thief. The people who break cryptographic systems don't follow rules; they cheat. They can attack a system using techniques the designers never thought of. Art thieves have burgled homes by cutting through the walls with a chain saw. Home security systems, no matter how expensive and sophisticated, won't stand a chance against certain attacks. Computer thieves come through the walls too. They steal technical data, bribe insiders, modify software , and collude. The odds favor the attacker: defenders have to protect against every possible vulnerability, but an attacker may have to find only one security flaw to compromise the whole system. Present-day computer security is a house of cards; it may stand for now, but it can't last. Many unsecure products have not yet been broken because they are still in their infancy. But when these products are widely used, they will become tempting targets for criminals. The press will publicize the attacks, undermining public confidence in these systems. Ultimately, products …