Updated: 2.9.2002; 22:17:41 GMT

Security Weblog



daily link  Thursday, August 15, 2002

End-end security dream

Everyone seems to be quoting Ray Ozzie's article talking the end-end security principle. Mark O'Neill notes that end-end security concept is not panacea. He quotes one of his colleagues:

"Let's not confuse securely designed with securely implemented...the vast bulk of the security issues have been implementation problems. Adding in a whole, complex layer of authentication, encryption and validation would, frankly, have just given software developers more chances to screw up."

I would like to add another perspective to this. I am for application level end-end security as anybody else, unfortunately, in practice it proves to be often too expensive. It needn't be so when there's only one application to be secured and no-to-little crypto is reqired. But as soon cryptography is used on the data level, it gets interesting - one gets whole loads of issues with key management and with other practical issues (eg backups, export of data, key expiration, workflows, etc). If you are developing a new application from scratch, and you have developers with enough crypto skills, chances are you can pull it off.

What's bad is that you won't get much support from off the shelf software. Ozzie's Groove and Notes are probably exception to this, but neither of them is also not the most widespread development platform. So to get crypto working in your COTS environment, you need to consider buying some additional software or add considerable amount of development. Just for illustration, in a case where I investigated these issues, only adding digital signing to the application translated into 25% of extra costs. These costs can be justifiable for a mass market software package. But in bespoke deployments (vertical apps) it is quite a lot of money for a feature that actually doesn't do anything useful (only makes user's life more difficult). This conclusion may sound brutal but that's the approach general public have towards security.

We haven't finished yet. The problem gets even worse.

Single application is more exception rather than rule and more often than not you need to integrate several applications together. If these applications were not developed with single end-end security concept in mind (and you don't venture much saying that they were not) the end-end security will end at the interface of the first application to which users are talking to. And so even if you try to push your e-e dream, you will get security only a bit better than the one you get using traditional approach and more expensive.

  8:51:18 PM  permalink  

  
August 2002
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Jul   Sep
General

About
Reading list
Resources
Contact me

News

SANS NewsBites
Crypto-gram
UKCrypto
Information Security
all.net
Objectwatch
CBDi Forum

Channels

RSS Better Living Through Software
RSS Brent Sleeper: Web Services
RSS David Fletcher's Government and Technology Weblog
RSS DeveloperWorks.com - Security Articles
RSS Dictionary.com Word of the Day
RSS Digital Identity
RSS Digital Identity World
RSS Eric J. Norlin's Blog
RSS IBM Developer Works - Web Architecture Articles
RSS Joel on Software
RSS Jon's Radio
RSS KableNET
RSS Loosely Coupled weblog
RSS Mark O'Neill's Radio Weblog
RSS O'Reilly Network Articles
RSS onlineblog.com
RSS Scott Loftesness: Digital Identity
RSS Scott Loftesness: Trusted Computing
RSS Scripting News
RSS Security Blog
RSS SecurityFocus
RSS Web Services Architect
RSS Web Services Articles from The Stencil Group
RSS WebServices.Org
RSS Windley's Enterprise Computing Weblog


Click to see the XML version of this web page.

jenett.radio.simplicity.1.3R
Radio Userland


Copyright 2002 © Jiri Ludvik.
Last update: 2.9.2002; 22:17:41.