The views in this paper are those of the author and do not necessarily represent the views of the Australian Government.
The paper comprises:
As the Final Report put it:
"In the next decade, large-scale communications investments in Australia will pave the way for many business, government, information and entertainment services. These services could change forever the way business and government operate and how we communicate with our colleagues, families and friends. Over time, even the significance of international borders and the design of towns and cities will change."Similarly, the OECD in its 1992 Guidelines for the Security of Information Systems said:
"Recent years have witnessed ... growth of computer use to the point that, in many countries, every individual is an actual or potential user of computer and communication networks."Over the past twelve months, the OECD has embarked on a round of meetings on Global Information Infrastructures. The outcomes of this round are to be provided in a report to the G7 on job creation and the information society.
Security privacy and the protection of intellectual property are some of the issues being addressed as part of this round. Indeed the final meeting will specifically address these issues. In outlining an agenda for this meeting the OECD saw encryption as a pivotal issue in the security of information systems.
The OECD interest in the Global Information Infrastructure relates not only to the direct impact of the infrastructures on national economies, but also on the economic impact of investment failures if the infrastructure is misused or not used to its expected capacity. User confidence is seen as a key factor in infrastructures reaching their full potential. It is from this position that the OECD is examining issues of security, privacy and the protection of intellectual property.
Turning again to the OECD Guidelines, they stated when addressing the question of building confidence:
"Users must have confidence that information systems will operate as intended without unanticipated failures or problems. Otherwise, the systems and their underlying technologies may not be exploited to the extent possible and further growth and innovation may be inhibited."Obviously if encryption is a pivotal issue in information systems security, confidence in encryption techniques and technology is pivotal to confidence in information infrastructures and therefore to the economic viability of such infrastructures.
Encryption was for centuries the domain of government, primarily to protect military and diplomatic communications. In the past few decades private enterprise has become an increasingly larger user of cryptography to protect its commercial activities. We have now arrived at the point where individuals are going to become major users of cryptography to protect personal information and finances, and their privacy in general, as they become participants in information infrastructures.
The OECD will also be holding a meeting on National Cryptography Policies later this year.
At an OECD meeting On Security, Privacy and Intellectual Property in Global Information Infrastructures, held in Paris last November, most of the session on security was taken up with encryption. It was interesting, however, that very little of it was related to security of government or commercial information on systems. The main focus was on verifiable but untraceable transactions on information infrastructures. This highlighted the progression of cryptography towards individual's requirements and their desire for their transactions to be secure but anonymous.
The issue of privacy of an individual's activities in information infrastructures is beginning to receive similar attention in Australia. Individuals are concerned that their activities can be monitored to develop personal profiles such as buying habits. These profiles could then be exploited by organisations such as direct marketing bodies.
The Minister for Justice in a speech to the Australian Share/Guide Conference in March this year identified two areas of concern:
People want to be assured that information on how they use the network is protected. Usage patterns are of particular interest and value to various groups, for example, direct marketers; and People also need to be assured that the content of their information is protected both on networked systems and flowing across the network.Both these concerns can be overcome through the use of cryptography. The first through verifiable but untraceable transactions and the latter through more established message encryption techniques.
Debate to date has focussed on higher level encryption. I feel that the needs of the majority of users of the infrastructure for privacy and smaller financial transactions, can be met by lower level encryption which could withstand a general but not sophisticated attack against it.
Job vacancies will be another area where information networks will be utilised. Potential employers will be able to place job vacancies on a bulletin board which potential employees will be able to access from community facilities.
Confidentiality will not be an issue in these networks. Nor will there be a need for users to establish their identity. However, both the integrity and availability of the information will be important.
Clients will soon start to demand access to information held about them to verify the contents. They will also want to be able to update data or correct errors. The simplest of these being the ability to update address, change names in the event of marriage or add a new dependant.
Networks involving client access will need to take measures to ensure the confidentiality, integrity and availability of the data. The principal concerns will be to establish the users identity and entitlement to lodge access or modify the data, to ensure that modifications are legitimate, to ensure that personal or sensitive data is transferred in a secure manner and to ensure that the system is available.
The objective of security of information systems is the protection of the interests of those relying on information systems from harm resulting from failures of availability, confidentiality, and integrity "Availability" means the characteristic of data, information and information systems being accessible and useable on a timely basis in the required manner. "Confidentiality" means the characteristic of data and information being disclosed only to authorised persons, entities and processes at authorised times and in the authorised manner. "Integrity" means the characteristic of data and information being accurate and complete and the preservation of accuracy and completeness.
In carrying out the above steps you should consult with both management and staff in the various elements of your organisation. Other input can be obtained from the police and insurance companies.
This process should be carried out in conjunction with the initial planning for the infrastructure being developed.
Another key strategy is the development of a business continuity strategy at the general planning stage. The strategy should encompass both disaster avoidance and business resumption.
The risk management and business continuity strategies should be developed at this stage to allow equipment specifications to be developed to assist in selecting the most appropriate technology. Formal plans based on these strategies can be developed once the equipment has been selected.
An important point to remember is that most vulnerabilities in systems are discovered more by accident than by structured approaches. Once these vulnerabilities are identified they are readily distributed. The increase in the user base arising from the new infrastructures is likely to result in any vulnerabilities being quickly identified and widely distributed. It is important that the planning stage identify as many vulnerabilities as possible and that contingency plans are in place to handle any problems which might arise.
As mentioned earlier, system vulnerabilities will assume new proportions in the new infrastructures. It is therefore even more important to know what the hardware and software you are considering actually does. It should be made clear to vendors the implications of not identifying known vulnerabilities in systems hardware or software being offered.
Of equal importance is the need for an effective management structure for security. Whether it is centralised or devolved, the structure needs to be documented and all involved need to understand what there responsibilities are. Ultimately, however, security is the responsibility of individual users.
Ultimately these types of issues will need to be taught to children as early as primary school, where they first start to use information infrastructures.
In addition the process of establishing whether your system meets the applicable standard requires a detailed examination of the system. This leads to a greater understanding of the system which will be invaluable if problems do arise.
Standards Australia has recently issued a Draft Australian / New Zealand Standard For Comment - Information Security Management - Document DR 95305.
This is a further area where confidence needs to be engendered to ensure acceptance. There is a need for a mechanism to ensure that techniques are appropriate for the purpose for which they will be used. Similarly there is a need for a structure through which keys can be obtained and digital signatures authenticated.
Within Australia a Government Group has been developing a proposal for a Public Key Authentication Framework. The group's work has been primarily focused on the needs of electronic commerce. In an unpublished paper the group stated:
There needs to be a wide scale informed debate about this issue before any decisions are taken as to choice of technology, the appropriate administrative structure, privacy issues, legal effect, method of implementation and the like. After such a debate the system will need to be introduced in a planned way with appropriate public education, legislation and the like in order that the use of the PKAF system will have the same standing and validity in the eyes of the community as a paper based signature.The proposal calls for a management structure to verify various key generation systems, supervise the issue of key pairs and maintain a directory of the public keys.
This proposal has been referred to the Standards Association of Australia which has established a task force to examine the establishment of an Australian Public Key Authentication Facility. The Task Force is required to report by the end of the year.
Australia has also raised in the OECD the need to establish an international framework to ensure the effective use of public keys as a tool for both international electronic commerce and individual use of the global information infrastructure.
While this proposal is driven, primarily, by commercial needs, there is scope for it to be extended to meet the needs of individuals who will also be using the information infrastructure. Any scheme such as this has to be better than the current process of passing credit card information over the network.
The referral of the PKAF proposal to Standards Australia is in keeping with the Australian Government policy of minimal legislative intervention. When commenting on the implementation of the OECD Guidelines for the Security of Information Systems, in a speech I referred to earlier, the Minister for Justice outlined the Government's approach as follows:
In implementing the Guidelines, the Government has decided not to use a general legislative approach because of the problems in reaching agreement with State and Territory Governments on legislation where the Commonwealth has no blanket constitutional power. Furthermore we recognise that legislation is slow to respond to technological advances, so broad definitions have been used in relevant legislation to allow the courts to consider current technology as cases come up. This policy extends to electronic commerce and the use of cryptography in general. Any legislation required to support the use of cryptography is likely to be written in broad terms rather than endorsing particular technology or algorithms. It would then be left to groups such as Standards Australia to specify the standards which at that particular point in time would meet the legislative requirement.
With the advent of public access to information through government and community networks, users will need to be able to establish their entitlement to access information. Similarly the advent of electronic commerce will require the use of digital signatures to conduct the transaction. We are, therefore, moving to the stage where individuals will require a unique electronic identifier to transact business on the superhighway. Such identifiers are likely to take the form of a digital signature on an individual smart card.
Such cards could be issued within the public key authentication framework referred to earlier. An individual could apply to a certifying authority for a smart card containing their secret key component of their digital signature.
The card would be issued upon satisfaction of the one hundred point criteria currently used by banks to open accounts. The individual could then use the card both for signature and identification purposes.
Technology also exists for blind signatures and anonymous cash transactions. It may be possible for both digital signature and anonymous cash techniques to be embedded in the one card, which the user could opt to use in either mode.
Obtaining a card would, of course, be optional although there would be circumstances where it may be necessary for individuals to identify themselves to obtain access to a particular service. Regulations or Codes Of Practice issued by the Privacy Commissioner could limit the circumstances in which use of the identifier is mandatory, in much the same way as use of tax file numbers is controlled.
The cards could then perform a number of activities. For example one concern has been access to restricted material over the network. It may be possible to convert date of birth information in the identified section of the smart card into an anonymous age field which could be added when required to demonstrate an entitlement to restricted classification material. Access to restricted information could be limited to those who could demonstrate their age in this way.
As mentioned earlier, obtaining the card would be optional, the user would determine what information other than basic identifying information would be held on the card, and the user would control which of this information would be released through a PIN pad on the card.
The digital signature would be used in much the same way as a written signature is used to authenticate a person signing a document.
For the information superhighway to reach its full potential in terms of both economic viability and social change, cryptographic systems will need to be developed to meet the needs of individual users. These systems will need to be cheap, user friendly, and above all, have public confidence.
For centuries the simple paper wrapper called an envelope has met the needs of the majority of users of the postal service. They come in many forms but most provide an indication of whether they have been tampered with. Also individuals have their own way of opening envelopes no matter what type they are. This basic philosophy needs to be applied to encryption systems for individual users. In other words a simple system which is easy to seal and easy to open and which does not require a wide variety of techniques for either.
Individual users will not be attracted to use services if they each involve different techniques for sending or receiving information. To this end service providers may need to look at providing a number of alternative schemes for distributing material so that they meet the individual's requirements, rather than expecting the user to maintain a number of systems to meet the various providers requirements.
We are entering a new and challenging era of information technology. Up until now IT area's clients have generally been the organisations management and staff. With the new technology, this client base has expanded and in many cases will cover the whole population. In addition national boundaries have increasingly less significance in terms of information flow and it will be possible for people from around the world to access our systems. The challenge is to maintain the confidentiality, integrity and availability of information and equipment in this new era.
Go to Roger's Home Page.
Go to the contents-page for this segment.
Last Amended: 6 November 1995
These community service pages are a joint offering of the Australian National University (which provides the infrastructure), and Roger Clarke (who provides the content). |
The Australian National University Visiting Fellow, Faculty of Engineering and Information Technology, Information Sciences Building Room 211 | Xamax Consultancy Pty
Ltd, ACN: 002 360 456 78 Sidaway St Chapman ACT 2611 AUSTRALIA Tel: +61 6 288 6916 Fax: +61 6 288 1472 |