Home

Feedback

Credits

About Raj
Security: Internet

*
 Introduction
*
 Security in General
*
 Privacy
*
 Integrity
*
 Usability
*
 Can I Use Cryptographic Software?

Computer Security Primer-The Internet:

Integrity

We have mentioned encryption repeatedly above, but did you know that it also can help insure that the data you think you have, is what you really have?

Cryptographic Signatures / Faxes

When you write your name on a document, or check, or credit card slip, you are said to be signing it. This signature can be compared by an expert to other examples of your signature and that expert can state with reasonable certainty that the signature is yours. When a facsimile is ``signed'', however, and especially when that facsimile is of low quality (such as that transferred in a few dots-per-inch in a traditional fax), the chances for forgery are greatly increased, even made trivial.

Fortunately, when using computers, that same passphrase and encryption technology can give a strong certification, when properly handled, that what is signed is accurate. There are mathematical methods of insuring that data is stored accurately. Your disk drive uses at least one, and perhaps more than one, without you ever noticing. These same ``check sums'' or even more complex ones, can be encrypted in such a way, that anyone can open them, but only you can encrypt them. When this is done, a collection of data, such as an E-Mail message, or data file, is said to be cryptographically signed.

When strong encryption is used, and you properly safeguard your passphrase, and keys, this signature is a better indication of content and identity, today, than a facsimile hand signature.

Additionally, when you encrypt your data files, not only can they not be opened by someone without your passphrase, but also, they cannot be altered in that form, without being destroyed. This means that what you think you have is what you really have.

Again, however, not all encryption is the same. Some software is stronger than other choices, and some may even be defective, despite mass marketing.

Data Formats

But part of data integrity, also deals with continued usability. More and more, complete business and personal records are stored on the computer. This data may be stored in simple formats, encrypted as above, or in closed-standard formats (with or without encryption). ``Closed-standard'' means peculiar to one or a few companies, and not generally available, and unusable without the program that created it, or one very much like that. It usually means that there is no way to choose different software to do the same job, without laborious manual conversion with both the old and new software running at the same time, on the same system. When you trust your data to programs with closed standard data files, you sacrifice some of your data integrity. For some people this is not a problem. For many, it becomes a problem at the least convenient time. Closed standard data storage, for example, is one of the problems that significantly affects checking for the problems concerning the year 2000.

As mentioned at the beginning, many security issues are quite inter-related. At the end of June 1998, it was announced that the commonly used closed-standard data formats usually named with extensions such as ``.DOC'', ``.PPT'', ``.XLS'', and possibly others, with OLE, may be embedding information you do not wish revealed, even to a correspondant. A news story posted on 29 June gives an easy to understand description of this, and also gives a pointer to description and patch which Microsoft says will fix this problem in months-old versions of their popular software. Other unrelated items are also posted there by Microsoft.

Wouldn't it be ironic, if in four or five years, you were able to read archived copies of all of your most trivial E-mail, but unable to open the word processed files containing the originals of your most vital contracts, and spreadsheets or databases of your most critical archived financial information? Some data interchange formats are quite stable. A spreadsheet or simple database stored in a Comma Delimited Table or Tab Separated Values will loose formulas, but preserve the raw data - or preserve both, depending upon the software. Word processor files stored as plain text loose the formatting, but preserve the content. Some so-called interchange formats, however, seem to have incomplete documentation (hence are really closed standard) or often-changing specifications, or both. This also affects Usability, below.


This story Copyright © Bruce Gingery. All rights reserved.
Copyright © 1996, 1997, 1998 Dr. Raj Mehta. All rights reserved.