Easy-to-use solutions hot at Security Show
The large computer companies are turning
out easy-to-use security solutions. This was apparent at the RSA Data
Security Conference, one of the worlds largest security conferences.
The american crypto policy was also debated.
CS/San Francisco
One of the largest and most important computer security conferences -
RSA Data Security Conference - was held in San Francisco during
January 1998. Over 2500 people attended, mostly from the USA but also
several international participants, among them some from Sweden. The
next show is expected to draw 5000 attendees!
The well-organized trade show offered product demonstrations, panel
debates, and a lot of lectures. Everything from encyption algorithms,
electronic trade, to the political treatment of encryption was
covered.
No change in US policy
When key deposit was debated it showed that the US governement still
resists export of strong encryption. This is in spite of protests
from all the large companies. Even BSA (yes, the pirate-copy-chasers)
where there to hand out material against key deposit. Detlef Eckert
from the European Union said that key deposit is not an issue in
Europe, the governements seem to have realized the problems.
Large companies turn out security products
One of the most important impressions was that so many of the large
companies where there, and they all showed serious development of
security products. IBM, HP, Apple, Sun, Security Dynamics, and many
more showed new products, and that they work hard to produce
easy-to-use but secure solutions, either on their own or in
cooperation with smaller companies.
One the more interesting subjects for lectures was encryption using
elliptical curves, this is one of the newer methods. Using elliptical
curves (FEE) is not fully tested yet, but there are already some
products using it on the market.
Richard Crandall from Apple's encryption research program talked about
chaos-dynamical encryption (CHAD) as a new possibility, and about
Comcryption. A large number of different compression algorithms are
used in Comcryption, and an eavesdropper does not know which
compressor was used. The advantages are that the method is fast, and
most of the time it results in a compressed file.
Buzzwords and products
Some of the most frequently used words was 'PKI' and 'CDSA'. PKI
stands for Public Key Infrastructure, and almost all new products are
based on use of public keys. CDSA is the name of Intel's security
structure.
Några av de mest använd orden var "pki" och
"cdsa". Pki står för Public Key Infrastructure
vilket betyder offentlig nyckelstruktur, och nästan alla nya
produkter bygger på användning av offentliga nycklar. Cdsa
is the name of Intels security structure.
Many products are based on Java, and the Java-developers are working
on making security functional and easy to use. JavaSoft presented a
crypto-API. It is a framework for encryption, and you can plug in
different algorithms - that is vary the encryption according to what
different countries allow. Gemplus showed Java smartcards (SIM-cards),
so soon we can have Java cards in the mobile telephone!
A large number of products where intended to check security, that is
watch and alarm when breakins occur, also to encrypt network
communications, and much of the software was supplied for Windows NT.
Other popular tasks where encryption of e-mail, usually by the new
standard S/MIME. Counterpane Systems has recently presented a screen
saver which decrypts S/MIME-messages, to show that common 40-bit
S/MIME can be decrypted in just a few months on an ordinary PC.
Transactor presented a system for ownership of digital objects, for
example weapons in games, which is an important function in multi-user
games. ID Arts showed a new way of performing logins - by recognizing
a face among many (www.id-arts.com/passfaces). An interesting
alternative to passwords for local logins!
|