Many of these have been written to take advantage of an immature technology in order either to give some dimly perceived competitive advantage or to fulfill a political imperative. One consequence of this rapidly changing complexity has been to stop the development and maintenance of an adequate security response. How can we instill a security ethic in our organizations when the threats are impossible for even specialists to characterize and therefore understand, resulting in system defenses that are seldom adequate?
The most effective strategy is to actively manage the complexity by dividing systems into two categories: those whose effectiveness is amenable to high standards of proof and those that are not. Firewalls and intrusion detection systems are examples of security techniques that have no theory or practice associated with them that justifies us in believing that they will provide high levels of protection. Evidence of this comes in the regular press reports of penetrations of what might rightly be supposed to be some of the most secure systems of this type in the world. To operate effectively, these types of solution are high maintenance, requiring constant expert attention; you may be sure that the U.S. National Security Agency invests significant resources to the operation of these types of system.
By contrast, communications security by use of encryption is amenable to high standards of proof and relatively simple operating procedures. The techniques involved in analysis have been evolved over decades and are well understood by experts, providing highly cost-effective protection where the implementation is of good quality.
So what is a good quality implementation? In the past a good quality implementation was usually equipment designed with very fixed functionality and many years behind the technological requirement. Nowadays, one of the critical features has become the ability to adapt the equipment, since however good the implementation, changes in algorithm, communications technology or techniques may lead to a need to upgrade the implementation standard.
The rate at which cryptographic algorithms are being replaced is increasing rather than decreasing. Algorithms may be made obsolete as the result of degradation in resistance to brute-force attacks over time, or due to a sudden and unexpected cryptanalytic success. The need to replace algorithms is understood, but even so, in most security systems both the cost of upgrade and the time taken to achieve it will be enormous. As an example, the financial transactions industry is probably the biggest DES user base and yet many systems are still only in the specification stages of a DES to triple-DES upgrade, with AES as yet unplanned for.
The consequences of a flaw being found in a well-established algorithm (e.g. AES in five years time) may be extremely serious if there is no upgrade path for systems using it.
The large investment in operating security systems also brings with it the need for interoperability between new and 'legacy' cryptographic equipments that can be many years old. A 'big-bang' upgrade is often infeasible for practical and economic reasons - instead the gradual introduction of units that simultaneously offer support for current and legacy communication protocols and algorithms allows a controlled upgrade.
The underlying communications infrastructure over which a security product operates clearly affects the operation of that product. As upgrades to the communications infrastructure are required at an ever increasing rate - IPv4 to IPv6, for example - so too are upgrades to the cryptos that operate on them. A lack of available or upgradeable security products can act as a barrier to the uptake of improved communications capability.
The need for interoperability between different groups has increased. It represents an especially problematic legal and technical issue where highly secure information exchanges between different nations are required to support dynamic political alliances. Such interoperability requirements can arrive with little or no warning and there is usually no means of predicting them at system specification time, since changing political relationships are induced by events that move faster than product specification and development. A flexible security system that can be quickly adapted to utilize an appropriate common security protocol is one of the best ways of providing support.
National and coalition communications security requirements can often be mutually exclusive. In order that users do not require separate security devices for each user community they belong to, a single device that can simultaneously support several security protocols is required; this requires high levels of assurance.
Communications is now a part of almost every environment, and communications security is an area in which both the nature and quality of the available security solutions are intelligible both by experts, such as governments' own security advisors, and by a wider population. Segmentation of communications security from the rest of the applications environment allows the techniques evolved over decades for analysis of these solutions to be deployed, while at the same time permitting users to focus their risk-based analysis on areas that are not amenable to this type of 'isolationism.'
But to ensure that it is sensible and cost effective to use good quality implementations of these high assurance solutions to 'lock down' certain elements of the overall solution, it is essential that the equipment used should bring a level of flexibility that will not deter unforeseen changes to aspects such as algorithms or protocols when required.
Peter Davies is technical director of Thales e-Security (www.thales-esecurity.com) and has been active both in the U.K. and U.S. in the development of electronic security equipment for government and banking sectors for the last 16 years.