pki
ACM Queue - Pointless PKI: PKI without a Cause
Tue, Apr 29, 2008
.navtab {
background: #99ccff url('/images/tabs/corner.gif') no-repeat top left;
text-align: center;
font-size: 0.65em;
}
.navtab a {
color: #336699;
font-weight: bold;
}
.navtab2 {
background: #6699cc url('/images/tabs/corner2.gif') no-repeat top left;
text-align: center;
font-size: 0.65em;
}
.navtab2 a {
color: #ffff99;
font-weight: bold;
}
.navtab3 {
background: #6699cc;
text-align: center;
font-size: 0.65em;
}
.navtab3 a {
color: #ffff99;
font-weight: bold;
}
QA, Testing& Performance
ALM
Developer Tools
Security
Sponsored by Aladdin
SOA
Development Tools Directory
Architecture
Business
Data
Hardware
Legacy Systems
Networks
Open Source
Languages
Social Computing
Storage
Telecom
Virtualization
UML
Web
Wireless
Columns:
Curmudgeon
Geek@Home
Interviews
Kode Vicious
Opinion
|
Conference Calendar
Issue Index
Site Map
Videos
|
Enter your search terms
Submit search form
Queue Partners:
Oracle's embedded technologies for ISVs and OEMs
dtSearch®
INSTANTLY SEARCH TERABYTES OF TEXT! New 64-bit. See www.dtsearch.com for hundreds of reviews & developer case studies; full evaluations.
Actuate brings business intelligence to the Eclipse Platform
Guide to Effective Software Asset Management Strategies
Download Strategic Licensing Management White Paper
Latest Queuecasts:
White Papers:
Conferences:
Poll
Apart from your colleagues, what is your primary source of technology trend analysis?
Television
Radio
Newspapers
Magazines (commercial)
Journals (academic)
Web sites - commercial
Web sites - government
Web sites - academic
Web sites - personal blogs
ResultsPollsVotes: 110 Comments: 0
What's Newon ACM Queue
·Data-Parallel Computing
·All Things Being Equal?
·Beyond Server Consolidation
·Network Virtualization
·A Conversation with Jason Hoffman
go to issue index
Most Popular Articles
1Document & Media Exploitation
2A Conversation with Mary Lou Jepsen
3The Code Delusion
4Storage Virtualization Gets Smart
5Powering Down
more
Security ->
Kode Vicious ->
HCI issue
Pointless PKI
by Kode Vicious
printer-friendly format
recommend to a colleague
PKI without a CauseGot a question for Kode Vicious? E-mail him at kv at acmqueue.com--if you dare! And if your letter appears in print, he may even send you a Queue t-shirt, if he's in the mood. And oh yeah, we edit letters for content, style, and for your own good!
Queue Digital Edition
The PDF version of the November/December issue of Queue is now online.
Download here
All Things Being Equal?New year, another perspectiveDocument & Media ExploitationThe DOMEX challenge is to turn digital bits into actionable intelligence.The Seven Deadly Sins of Linux SecurityAvoid these common security risks like the devilmore SecurityPoisonous ProgrammersHow do you prevent certain rogue elements from sabotaging your project?Take a Freaking Measurement!It just depends on what level of confidence you want to have.The Next Big ThingThis month Kode Vicious considers the future of functional programming and then offers up his top five protocol-design tips.more Kode Vicious
As prickly as he is, Kode Vicious actually enjoys reading your comments and might even respond to them in print. But it's your programming questions that are the true lifeblood of the column. So don't be shy, shoot off your latest humdinger to kv@acmqueue.com. If we publish it you'll receive not only the benefit of KV's sage advice, but also a very cool Queue coffee mug.
Dear KV, I work at a large Web-based company, and we're looking for a way to secure our traffic. Unlike most companies, this is not to secure the traffic between remote offices but actually to secure all the traffic inside the company, between the front-end Web servers and our back-end databases. We've had problems in the past with internal compromises, and management has decided that the only way to protect the information is to encrypt it during transmission. We won't be storing the data encrypted because it's too hard to get everyone to rewrite their applications. Building a system like this is no easy feat because we have thousands of servers involved in making our systems work. I'm building a PKI system to handle all the keys necessary - one for each service we provide - and am wondering if you have any advice on how to secure data inside a company, as opposed to making the service itself secure. Keyed up over Security
Dear Keyed, Yes, you're right, building such a system is no easy feat, and the worst part is, even if you succeed it will be completely pointless. Several things in your letter confuse me, so I'll try to address them logically, which is more than I can say for your management, which seems to be in what is kindly referred to as "reactive mode" and what I would term, "putting your head in your sand" (or somewhere else).
Oracle Database and Middleware in an Embeddable Package
By "internal compromises," I suspect you mean that some employees have been making off with your data. Internal compromises and leaks are a risk at any company - and the larger the company, the bigger the risk. The more people you have involved, the more likely you're going to wind up with a few people whom you should not have hired. How do you keep these infernal internal people from doing things with the data that they should not? I can tell you that encrypting all traffic is not going to help much. It is unlikely that an inside attacker would put a packet sniffer on the network, collect a day's or week's worth of data, and then walk out with it. Sifting through that much information is far too much work, and besides, you've given them a much easier target.
If your company is storing data in a back-end database, then that is where internal attackers will go to get their data. Why sift through packet traces when a few SQL statements and a DVD burner or fast connection would provide you with much better data? If you're storing sensitive data, then it is the data that needs to be secured, not the network! What if the attacker walks off with the backups, as has happened in several cases recently? If the data in the database is not secured - that is, hashed or encrypted - then he who has the backups has the data.
Another concern that most people don't understand in this sort of system is the concept of "need to know." Governments and the military, which are just two sides of the same coin, attempt to set up systems such that sensitive data is seen or modified only by people who actually need to work with that data, hence, "need to know." Databases and other computer systems can also be set up in similar ways, such that only the small number of people who need to work with any particular bits of data actually work on it. Honest people won't care that they don't have access to all the data because they have what they need to do their jobs, and the dishonest ones will have access to less data, thereby reducing the chance of a compromise.
A frequent mistake people make in setting up secure systems is to encrypt everything. If you encrypt all data, then everyone has to have keys and the keys can be lost or stolen, thereby leading to a compromise. Encrypt only what you must encrypt to secure your business; then only a small number of people will need keys or access to the sensitive data.
Finally, you don't say anything about auditing in your letter. The best way to find the dishonest people in your system is not by encrypting all the communication but by auditing when sensitive data is read, modified, or deleted. Keeping a log of "who did what to whom," and reviewing that log on a regular basis, is the best way to find the abusers of your system.
I'm sorry I didn't tell you how to implement a good PKI system. It's a fascinating topic, but it's not one that is going to help you at all, except in making your corporate masters feel more secure, when in reality they won't be. KV
Dear KV, I read the comments on heisenbugs ("Kode Vicious Bugs Out," April 2006) and am surprised you did not mention the approach that tends to work the best in solving these particular bugs. That approach is the random passerby who looks over your shoulder and immediately points out the error. Passing
Dear Passing, The debugging practice you're referring to is what I call the "Stupid Programmer Trick." There are actually two different versions. The one you mention is actually the less reliable of the two, because it depends on a chance encounter.
The other version, which I prefer, is where I walk over to a coworker - it could be anyone, not just an engineer, just someone to stand there and go "uh huh" a lot - and start explaining the problem I'm having. It could even be a marketing person, but then I have to buy them drinks and that cuts into my own drinks budget.
To use this trick, you start explaining your problem, pointing at the code or diagrams you're using to think about the problem. If you're talking to someone with a clue, you might get lucky and that person might find the bug, or at least ask you a good question. But at some point, BANG, you smack your forehead - being bald I do this a lot; it makes a nice slap sound - and say, "Eureka!" and jump from the bath. No, wait, that was someone else. At any rate, you get that lovely feeling of having found the problem. Thanks for reminding me. KV
Dear KV, I read your response to Hungry Reader (April 2006), and I indeed have all of the books you listed except Raj Jain's (The Art of Computer Systems Performance Analysis, Wiley, 1991), which I am going to get. I would include just one more that I feel is indispensable: The Mythical Man-Month by Frederick P. Brooks (Addison-Wesley, 1975; republished 1995). It's good to get a copy for your manager, too. What do you think? Should this one be on your list? Nostalgic over PDP-11s
Dear Nostalgic, At the risk of drawing another Web comment on being an antique for recommending an older book, yes, your suggestion is good. The thrust of my original response was technical books, whereas Mythical Man-Month is a management book, although one that gives me dry heaves a lot less than most books in the management section of my local bookstore.
I remember the book fondly for several reasons. Its conclusions were obvious to anyone who had worked in a software company for more than five minutes, yet you can still use it to beat stupid managers over the head with. It has stood the test of time for two reasons: One is that it was well written, an uncommon quality; the other reason is that people haven't gotten any smarter about managing large projects in the last 50 years. One other good thing about Mythical Man-Month was that it was short enough that I could read it and return it in time to recoup the full price from my university bookstore. I took the money and bought beer for a Fourth of July party. No, I am not kidding. So, I don't have my copy anymore, but I do have some fond, if confused, memories. KV
ACM Queue vol. 4, no. 6 - July/August 2006
by Kode Vicious
KODE VICIOUS, known to mere mortals as George V. Neville-Neil, works on networking and operating system code for fun and profit. He also teaches courses on various subjects related to programming. His areas of interest are code spelunking, operating systems, and rewriting your bad code (OK, maybe not that last one). He earned his bachelor's degree in computer science at Northeastern University in Boston, Massachusetts, and is a member of ACM, the Usenix Association, and IEEE. He is an avid bicyclist and traveler who has made San Francisco his home since 1990.
Submit this story to one of the following blogs:
Related Stories
All Things Being Equal?
- New year, another perspective
Stan Kelly-Bootle, Author
WOYHD - Upgrading
- Love: Visual Studio 2005, Oracle JDeveloper 10g, Eclipse, and PowerBuilder
Seeking Compliance Nirvana
- Don't let SOX and PCI get the better of you
Greg A. Nolann
Discuss Pointless PKI
Be the first to comment on this article.
Post your comment now!
name:
email:
subject:
comment:
note: only , , and
tags allowed
Please type in the captcha number below
Free QueueNews Email Newsletter
QueueNews is a weekly newsletter featuring a listing and excerpts of the latest articles to appear on Queue's Web site.Subscribing is quick and easy! Just fill out the form below.
- HTML version - plaintext version
Please type in the captcha number:
privacy policy
Place Your Link Here
Bonus Casino
Cheap Personal Loans
Online Casino
phone cards
ACM Home
About Queue
Advertise with Queue
Advisory Board
Back Issues
Contact Us
Dev Tools Roadmap
Free Subscription
Privacy Policy
RSS feeds
© 2008 ACM, Inc. All rights reserved.
разделы
беременность род
штукатурка фасадный
книга кремль
спецобувь заказ
ивановец
mobil pegasus
нужен фотограф
сэндвич кофе-бар
предохранитель пкн
оркестр креольский танго
плазменный панель настенный
автошкола
трехмерный презентация
охота лис
кадровый владимир
санфаянс
штангенциркуль
купить угольник
выборочный уф-лак
спб доставка
интеллектуальный электросчетчик
компания сент-лючии
красный площадь васильевский спуск
северный корона
акриловый вкладыш
нард скачать бесплатный
снегоход буран
дренаж
новосельский доломит
диспорт
эмжс
выборочный уф-лак
доставка хим. реагент
kyiv apartments service
укв радиосвязь
антенна бустер
shimadzu
certification microsoft
кострома жилье
ожирение
электропечь dimplex model lee rc
пленка пэ
мрт коленный сустав
автоподъемник
рак простата
центр проктология
банковский ячейка
нард онлайн
кайт пилотажный
промывка инжектор
asus p505
флаг башня
гелусил лак
dhl
угловой тестомесители
кулер процессор
поливомоечная машина
охота лис
управление архангельск
асбест хризотиловый
два цвет
isdn видеоконференция
1с бюджетирование
магнитно-маркерные доска
мачта флагшток
подбор эмаль
охота пиранья
карл гиря
5003.17 (крышка)
пбоюл
холодильный централь
циклон батарейный
теплогенераторы master
монитор видеодомофона, монитор, видеодомофон
этикетировочные машина
газонокосилка stiga
лечение головокружение
pki