Lenovo ThinkPad A30p IDC white paper titled "The Coming of Age of Client - Page 12
The Weakness Of Software-only Solutions, The Strength Of Hardware Security - memory
View all Lenovo ThinkPad A30p manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 12 highlights
Biometry - authentication by fingerprint, retinal scan, voice, or facial geometry - is particularly good for matching employees or customers with systems and data records. While biometry represents a key piece of the security puzzle, biometric information carries no data and cannot in itself support PKI. An improvement over passwords, biometry provides better security because users cannot alter their biological qualities. Passwords are ever useful as an added security step, even though biometric entry can be a complete substitute for passwords. Still, a password can help prevent ID spoofing, which hackers can still sometimes practice successfully against systems protected by only "what you have" methods. THE WEAKNESS OF SOFTWARE-ONLY SOLUTIONS A key distinction between core security implementations is whether they are software or hardware based. There are a number of reasons why hardware-based security is better than softwarebased security, speed being among them, but you really only need one good one. And here it is: Software security is hackable. In January 2000, researchers at nCipher in Cambridge, England, came up with an algorithm that can search main memory, looking for a high degree of entropy. A good private key is going to be exceedingly entropic; that is, the random numbers in the key will be well dispersed in numeric space. Other elements in memory - such as the clear text to be encrypted and the encryption program itself - won't be. All three - the program, the data, and the key - have to be in main memory at the same time for software encryption to take place. The nCipher algorithm, in combination with a Trojan horse such as Back Orifice, which, as mentioned earlier, allows someone on the Internet to commandeer a PC, will let the intruder scan the contents of main memory and find the user's private key. Back Orifice is good at masking itself, encrypts its own outgoing traffic, and was released in source code about two years ago at a hackers' conference. The nCipher program can find a 1,024-bit private key, the best in commercial use. And if a malicious hacker can get your private key, he can get your identity - and your right to do business. Another weakness of software solutions is that they cannot prevent hammering because they are unable to keep a counter. A hacker can always freeze the state of the machine and continue to bombard it with attempts. But this flaw pales beside the problem of leaving highly entropic private keys around in main memory. Bottom line: Private keys, symmetric keys, credit card numbers, and anything else stored on clients or servers protected by only software encryption are more vulnerable than those protected in hardware. THE STRENGTH OF HARDWARE SECURITY Because of the weakness of software-only solutions, IBM set out in the direction of implementing encryption operations in hardware. Initially an in-house project, the resulting architecture and silicon designs have been widely adopted in the information technology industry. The IBM security chip is extremely secure, simple to use, and inexpensive. The chip, actually a cryptographic microprocessor, can be embedded in the system board of the client. It supports RSA PKI operations and includes electronically erasable programmable read-only memory (EEPROM) for storing key pairs. The chip communicates with the main processor via a local bus and also has a link to the system BIOS during boot up. An application program interface (API) routes Bottom line: Private keys, symmetric keys, credit card numbers, and anything else stored on clients or servers protected by only software encryption are more vulnerable than those protected in hardware. 12 #3577 ©2003 IDC