Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular node for directing data and applying cryptography
Reexamination Certificate
1998-12-23
2004-08-03
Luu, Le Hien (Department: 2141)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular node for directing data and applying cryptography
C713S152000, C713S164000, C709S229000
Reexamination Certificate
active
06772332
ABSTRACT:
BACKGROUND OF THE INVENTION
FIELD OF THE INVENTION
The present invention relates to computer security, and more particularly, to an apparatus and method for providing secure access to a wide-area network.
BACKGROUND INFORMATION
Advances in computer and communications technology have increased the free flow of information within networked computer systems. While a boon to many, such a free flow of information can be disastrous to those systems which process sensitive or classified information. In a typical networked computer system, one or more workstations are connected over a network to a host computer or server. These workstations may range from low-cost personal computers to powerful UNIX processors. In such a system the workstations, servers and even the connecting networks may all be at great risk of a security breach.
In developing a strategy for reducing the potential and consequences of a security breach (i.e. a computer security policy), one must assume that competent and dedicated individuals will mount active attacks on the computer system's security mechanisms. These individuals are called the threat. The threat seeks to find vulnerabilities which can be exploited to cause a part of the computing system to operate in violation of its owner's security policy. Threats fall into two broad classes: Insiders and Outsiders.
Insiders are those individuals who have been granted some level of legitimate privilege and then abuse that privilege. An example of an insider in the noncomputer world is a bookkeeper who uses his or her legitimate access to account records to embezzle. An example in the computer world is a systems administrator who uses his or her legitimate access to a computer system to generate fraudulent billings, payable to a corporation owned by the administrator. Concern for insider actions also extends to individuals who, through ignorance, incompetence or improper direction, cause security policy to be violated intentionally.
Outsiders are those individuals who have no legitimate privilege on the system but who can exploit vulnerabilities to gain access to it. An example of an outsider in the noncomputer world is a burglar, who exploits weaknesses in locks and alarms to steal from a safe or lockbox. An example of an outsider in the network world is the “hacker” who takes control of a networked computer away from its legitimate owners.
The risk of security breach is compounded when a pathway is provided from the internal, private network to an external wide-area network such as the Internet. The Internet is a loose conglomeration of networks connected by a standard network protocol. The lure of access to the Internet is the vast amounts of information that can be accessed by the user; the danger is that there are little or no controls on what individuals have access to and what they may do with that access. Therefore, access to the Internet can provide an open door for exploitation of your own network by a variety of threats.
In effect, a wide-area network such as the Internet serves as a threat multiplier. Networks such as the Internet have evolved as fora for the free exchange of ideas. This fact can be exploited by threats seeking to access or subvert a private network. For instance, the global connectivity of such a network means that data taken from a private network can be moved around the world very quickly. To compound this problem, the Internet contains a number of very large data archives which can be used to store data transferred or posted from private networks. Hackers have also used the global connectivity of wide-area networks such as the Internet to directly manipulate computer facilities on the internal network (by such mechanisms as trying unlikely combinations of requests or commands) or to inject malicious software into the machine. Malicious software, which is able to do the threat's bidding remotely and without direct control, can be injected manually or by such technical mechanisms as “viruses” or “worms.” (One such self-replicating piece of malicious software was responsible for a well publicized attack on computers connected to the Internet a few years ago.)
Internet protocols that have been developed to-date were not designed for security. For instance, Usenet news can be used by ignorant or disgruntled employees to post company proprietary information in publicly accessible space. In some cases, this posting can be done anonymously (e.g. by using an anonymous file transfer mode or by posting the data to an anonymous server). In addition, the proprietary nature of data may be obscured by encrypting the data via one of a number of free, easily accessible cryptographic packages.
In addition, since the standard Unix password is reusable, it is subject to capture and abuse by outsider threats. For instance, the use of reusable passwords means that each password is vulnerable to being “sniffed out” and captured. Once captured the password can be used by an inside or an outside threat to gain access to a site. In addition, if the password belongs to someone with administrative privilege, the threat can use the captured password to gain administrative privileges on the internal network. The threat can then use that privilege to install a permanent “trapdoor” in order to ensure future access.
This combination of features makes the Internet particularly vulnerable to attack. A potential buyer of stolen information can anonymously post a solicitation along with his public key; potential sellers can then encipher the information desired with that public key and post it, secure in the knowledge that only the solicitor will be able to decipher it.
The existence of an active threat places requirements on a private network which are significantly different from the superficially similar problem of providing reliable service. A reliability engineer can take advantage of the low probability of certain phenomenon, and choose not to respond to them because they are so unlikely. A security engineer cannot do this; a vulnerability, however obscure and unlikely, will be actively sought out by the threat, publicized to persons of like mind, and exploited over and over once discovered. Countermeasures must therefore be developed which effectively close, or prevent the exploitation of, each system vulnerability.
A number of countermeasures have been proposed to reduce the vulnerability of networked systems. These countermeasures share three characteristics:
1) It takes a secret to keep a secret. All information security mechanisms are based on the use of secrets which are shared by authorized individuals an kept from unauthorized ones. The secrets may be transformed, compressed or hidden inside protected hardware, but in every security architecture there is one set of values, which, if known, would lead to the compromise of the whole system.
2) Vulnerabilities always exist. It is no more possible to achieve perfect security than it is to achieve perfect reliability; in fact, it is much less possible because you must assume that the threat is actively working to discover the system vulnerabilities.
3) Threats escalate continuously. Installation of a given set of countermeasures does not eliminate the threat; it simple spurs it on to greater efforts to find ways of circumventing them.
These three common factors then pose the following problems for the countermeasures engineer:
1) Protecting the secrets that keep the secrets. This is highest priority requirement, for loss of these values would lead to catastrophic breaches of security.
2) Making vulnerabilities hard to find. The embodiment of the security mechanisms must be such that it is difficult for the threat to obtain details of their operation, or instances of them on which experiments may be performed.
The countermeasures proposed to date have focussed on either preventing the transfer of data or on encrypting the data using known cryptographic methods in order to render it more difficult to compromise.
One method proposed for the prevention of unauthorized exploitation of the private n
Andreas Glenn
Boebert William E.
Gooderum Mark P.
Hammond Scott W.
Rogers Clyde O.
Luu Le Hien
Schwegman Lundberg Woessner & Kluth P.A.
Secure Computing Corporation
LandOfFree
System and method for providing secure internetwork services... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for providing secure internetwork services..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for providing secure internetwork services... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3341698