COMPUTERGRAM INTERNATIONAL: NOVEMBER 03 2000 + Vint Cerf Says Security Crucial to Internet's Future Vinton Cerf, one of the few men who can claim to be credited with being the "father of the internet", yesterday warned that security needs to tighten up in most areas if the internet is to fully achieve its potential. Cerf, WorldCom Inc's senior vice president of internet architecture and technology, made his plea for tighter security at the Compsec2000 International conference in London, UK yesterday. Cerf, who is perhaps best known as the co-designer of the web's TCP/IP protocols, outlined numerous areas where security could be improved. He named cryptographic technology, network security, host security and internet-enabled appliances among the main candidates where improvements are needed. First on Cerf's hit list is the problem of cryptography. Cerf pointed to the need for a universally adopted non-proprietary standard. While the US National Institute of Standards and Technology (NIST) has now accepted the Rijndael algorithm of Belgian researchers Vincent Rijmen and Joan Daemen as its sole candidate for standardization, the search for alternative standards in both Japan and Europe threatens the possibility of a unified approach, he said. Cerf also criticized the slow rate of adoption of public key infrastructure (PKI) in the public and cross enterprise arenas, and argued strongly for the separation of identification and authentication. Identity, he said, should just be a means of declaring oneself for validation. Registering should not itself confer authority. That should be left to individual entities based on their own database rather than centralizing all knowledge of individuals. Cerf said there is a also a need for multiple public and private keys to avoid people using others' public keys as identifiers. He also argued that global verification standards may need to relinquished in favor of using different methods for individuals, enterprises and governments. In terms of network security, Cerf said the internet protocol security (IPSec) standard is well specified, giving hosts the chance to defend themselves, but there is still a need to adopt a common key distribution process and firewalls that defend against internal threats. He also said there is a need for end-to-end encryption in VPNs in order to prevent any danger from packet leaks into other networks. Host security is also critical, especially in a world of increasingly distributed systems. Cerf said internal firewalls within operating systems may be needed to overcome their inherent security weaknesses. He also advocated mutual and continuous authentication between devices to prevent hijacking of IP addresses and active monitoring, for instance for virus detection and trojan horse signatures. Within the distributed world, internet-enabled appliances, such as the much-hyped internet refrigerator, are likely to form the next target for hackers, he said. As such, he said that authentication is needed for secure device control from the net to stop, say, the kid next door reprogramming your house while you are away. The profusion of such devices, enabled by putting IP into hardware, will also quickly put a strain on IP address space, he said. .............................................................. Michael Sondow ================================================================= INTERNATIONAL CONGRESS OF INDEPENDENT INTERNET USERS http://www.iciiu.org (ICIIU) iciiu@iciiu.org Tel(718)846-7482 Fax(603)754-8927 =================================================================