| |
|
It requires cross-disciplinary expertise, ranging from cryptography and computer security, through hardware tamper-resistance and formal methods, to a knowledge of applied psychology, organizational methods, audit and the law. System engineering skills - from business process analysis through software engineering to evaluation and testing - are also important, but they are not sufficient. They only deal with error and mischance rather than with malice.
Why is Security Engineering Important? For generations, people have defined and protected their property and their privacy using locks, fences, signatures, seals, account books, and meters. These have been supported by a whole host of social constructs ranging from international treaties through national laws to manners and customs.
This is changing, and quickly. Most records are now electronic, from bank accounts to registers of company shares and real property; and transactions are increasingly electronic, as shopping moves to the Internet. Just as important, but less obvious, are the many everyday systems that have been quietly automated. Burglar alarms no longer wake up the neighborhood but send silent messages to the police; students no longer fill their dormitory washers and dryers with coins but credit them using a smartcard they recharge at the college bookstore; locks are no longer simple mechanical affairs but are operated by electronic remote controls or swipe cards; and instead of renting videocassettes, millions of people get their movies from satellite or cable channels. Even the humble banknote is no longer just ink on paper, but may use tricks such as digital watermarks to enable many forgeries to be detected by machine.
How good is all this new security technology? Unfortunately, the honest answer is `nowhere near as good as it should be'. New systems are often rapidly broken, and the same elementary mistakes are repeated in one application after another. It often takes four or five attempts to get a security design right, and that is far too much.
A common view of the Internet divides its history into three waves, the first being centered around mainframes and terminals, and the second (from about 1992 until now) on PCs, browsers, and a GUI. The third wave, starting now, will see the connection of all sorts of devices that are currently in proprietary networks, standalone, and non-computerized. By 2003, there will be more mobile phones connected to the Internet than computers. Within a few years we will see many of the world's fridges, heart monitors, bus ticket dispensers, burglar alarms, and electricity meters talking IP. By 2010, `ubiquitous computing' will be part of our lives. We already have a number of the component technologies required to make ubiquitous computing dependable; the last twenty years have seen much work on the theoretical aspects of computer security and cryptology. But there has been much less on the practice. Many insecure systems are built, and the resulting safety, privacy and crime prevention problems (both real and perceived) are a significant impediment to building the `electronic society'. Once communicating embedded systems become both ubiquitous and critical, we will simply have to do better.