Security: Internet
|
|
|
|
Computer Security Primer-The Internet:
Integrity
We have mentioned encryption repeatedly above, but did you know that it also
can help insure that the data you think you have, is what you
really have?
Cryptographic Signatures / Faxes
When you write your name on a document, or check, or credit card slip, you are
said to be signing it. This signature can be compared by an expert to other
examples of your signature and that expert can state with reasonable certainty
that the signature is yours. When a facsimile is ``signed'', however, and
especially when that facsimile is of low quality (such as that transferred
in a few dots-per-inch in a traditional fax), the chances for forgery are
greatly increased, even made trivial.
Fortunately, when using computers, that same passphrase and encryption
technology can give a strong certification, when properly handled, that
what is signed is accurate. There are mathematical methods of insuring
that data is stored accurately. Your disk drive uses at least one, and
perhaps more than one, without you ever noticing. These same ``check sums''
or even more complex ones, can be encrypted in such a way, that anyone can
open them, but only you can encrypt them. When this is done, a collection
of data, such as an E-Mail message, or data file, is said to be
cryptographically signed.
When strong encryption is used, and you properly safeguard your passphrase,
and keys, this signature is a better indication of content and
identity, today, than a facsimile hand signature.
Additionally, when you encrypt your data files, not only can they not be
opened by someone without your passphrase, but also, they cannot be altered
in that form, without being destroyed. This means that what you think
you have is what you really have.
Again, however, not all encryption is the same. Some software
is stronger than other choices, and some may even be defective, despite mass marketing.
Data Formats
But part of data integrity, also deals with continued usability. More and more,
complete business and personal records are stored on the computer. This data
may be stored in simple formats, encrypted as above, or in closed-standard
formats (with or without encryption). ``Closed-standard'' means peculiar
to one or a few companies, and not generally available, and unusable without
the program that created it, or one very much like that. It usually means
that there is no way to choose different software to do the same job, without
laborious manual conversion with both the old and new software running at the
same time, on the same system. When you trust your data to programs
with closed standard data files, you sacrifice some of your data
integrity. For some people this is not a problem. For many, it becomes a
problem at the least convenient time. Closed standard data storage, for
example, is one of the problems that significantly affects checking for the
problems concerning the year 2000.
As mentioned at the beginning, many security issues are quite inter-related. At the end of June 1998, it was announced that the commonly used closed-standard data formats usually named with extensions such as ``.DOC'', ``.PPT'', ``.XLS'', and possibly others,
with OLE, may be embedding information you do not wish revealed, even to a correspondant.
A news story posted on 29 June
gives an easy to understand description of this, and
also gives a pointer to description and patch which Microsoft says
will fix this problem in months-old versions of their
popular software. Other unrelated items are also posted
there by Microsoft.
Wouldn't it be ironic, if in four or five years, you were able to read archived
copies of all of your most trivial E-mail, but unable to open the word processed
files containing the originals of your most vital contracts, and spreadsheets
or databases of your most critical archived financial information? Some
data interchange formats are quite stable. A spreadsheet or simple
database stored in a Comma Delimited Table or Tab Separated
Values will loose formulas, but preserve the raw data - or preserve both,
depending upon the software. Word processor files stored as plain text loose
the formatting, but preserve the content. Some so-called interchange
formats, however, seem to have incomplete documentation (hence are really
closed standard) or often-changing specifications, or both. This
also affects Usability, below.
|