It is not an overstatement to say that the Internet has transformed the way we live. Social networking represents the new town square; blogging has turned citizens into journalists and e-commerce sites have spurred global competition in the marketplace. But the Internet’s phenomenal growth has led to an increase in computer-related crimes. The range of criminal activity that the Internet supports is vast and there is little doubt that adaptive and sophisticated adversaries are misusing the Internet. The focus of this article is security and the privacy benefits that accrue from efforts to combat cyber-crime.
According to Gartner, “Phishing attacks in the United States soared in 2007 as $3.2 billion was lost to these attacks. The survey found that 3.6 million adults lost money in phishing attacks in the 12 months ending in August 2007, as compared with the 2.3 million who did so the year before.”* Governments have expressed increasing concern about public safety and national security, including information warfare. So, if we want online activity to provide all its potential benefits, security on the Internet cannot remain at current levels.
Our initial focus on security is appropriate because the Internet has proven to be a great medium for committing crime. Not only was it designed without concern for security, but it has three key attributes that attackers love:
(1) Global connectivity
(3) Lack of traceability
In addition, it is difficult for computer users to know, or find out, what malicious programs are running on their machines, what machines they are connecting to and whom they are dealing with. As a result, those prone to prey electronically on others have considerable opportunity for success, with little risk of being identified and being held accountable for their actions. It is correct to both assume and hope that the use of the Internet will continue to grow, expanding its reach, resulting in even more online activity.
Although Microsoft Corp. through Trustworthy Computing, and many other organizations have taken significant steps to improve the security and privacy of the Windows platform as well as their other products and services in this increasingly connected world, these activities alone will not make the Internet secure enough and privacy-enhanced enough for many of its potential uses.
In short, in our view changing the game requires two things:
(1) Building a “trusted stack,” with suitably strong authentication of hardware, software, people and data
(2) Improving the ability to audit events to provide accountability
We must also grant people better control over their digital personas to enhance privacy. This trusted stack, combined with better mechanisms to protect privacy, will enable End to End (E2E) Trust—giving people, devices, and software the ability to make and implement good decisions about who and what to trust throughout the eco-system. This will help protect security and privacy as well as help bring criminals to justice when electronic malfeasance occurs.
Evolving the Security Strategy: Enabling End to End Trust
As people look to engage in an increasing number of personal and commercial activities online, it becomes important to address their growing demands for both security and privacy. Experience shows that most cybercriminal schemes are successful because people, machines, software, and data are not well authenticated and this fact, combined with the lack of auditing and traceability, means that criminals will neither be deterred at the outset nor held accountable after the fact. Thus the answer must lie in better authentication that allows a fundamentally more trustworthy Internet and audit that introduces real accountability. We must create an environment where reasonable and effective trust decisions can be made.
We must also create an environment where accountability—and therefore deterrence—can be achieved. To do this, one must have access to a trusted stack:
(1) Security rooted in the hardware
(2) A trusted operating system
(3) Trusted applications and users
(4) Trusted data
The entire stack must be trustworthy because these layers can be interdependent, and a failure in any can undermine the security provided by the other layers. Moreover, all security strategies, whether designed to ensure physical security or information security, must be based on sound risk management principles. Put more bluntly, it is about risk management, not risk elimination. There are essentially five major security components required to help facilitate trust. These include:
1. Identity Claims: Who does the person or what does the device or software claim to be? Robust reputation policies, processes, and systems will need to be built out to support the many trust decisions people need to make.
2. Authentication: We must have mechanisms that allow identity claims to be verified. In the physical world, we often turn to formal documents to verify identity (e.g., a driver’s license). Similarly, there are electronic analogies; that we can use such as certificates to identify a device, or digital signatures to identify the author of software.
3. Authorization policies: Assuming an identity is authenticated, there is some formal or informal policy that permits or prohibits activity based upon that authenticated identifier.
4. Access control mechanisms: Access must be granted or denied based upon policy and verification of any necessary attributes. At times, people may obtain access to resources without permission, thus potentially violating computer crime laws.
Much good work has been done to improve the security and privacy of computer users. But a key question remains: As we become increasingly dependent on the Internet for all our daily activities, can we maintain a globally connected, anonymous, untraceable Internet and be dependent on devices that run arbitrary code? If the answer is “no,” then we need to create a more authenticated and audited Internet environment—one in which people have the information they need to make good trust choices.
In addition to empowering users to make good trust choices, the more general goals are to
(1) Mitigate common risks, substantially, so that public faith in the safety of the IT ecosystem is restored
(2) Permit security professionals to reduce their current efforts to address existing threats
(3) Make it more difficult for cyber criminals to by deploying authentication and audit systems
(4) Enable law enforcement to find and prosecute a greater number of unlawful online crimes
To achieve these goals, it is important to address all the related issues raised to ensure we end up with the Internet we want; one which empowers individuals and businesses and at the same time protects the social values we cherish. In sum, the opportunity exists to create a privacy-enhanced Internet. It is also critical to understand the end goal: a more secure and trustworthy Internet eco-system.