Communications of the ACM
Internet Security: Besieged
Credit: iStockPhoto.com
The Internet Engineering Task Force (IETF) recently met to discuss concerns about recent reports of the U.S. National Security Agency (NSA) undermining cryptographic software and standards. The computer security research community had long-standing suspicions about the government using the Internet to spy on whole populations, and several IETF members helped create the technologies that have been exploited. At the meeting, some IETF members focused on how to thwart surveillance, while others emphasized the need to restore confidence in online security.
Security experts cautioned against the use of tools that could have been compromised, with RSA Security warning customers not to use a random-number generator and Brazilian mathematicians releasing new codes for the elliptic-curve cryptography technique touted by NSA. Google has introduced a program to encrypt traffic between its data centers, and Yahoo announced similar plans. Although some companies are pushing Congress to limit NSA's power, technological fixes offer the advantage of speed and universal protection from eavesdropping governments, including those outside the United States. Fixing the situation technologically might not be that difficult, because the NSA in leaked slides describes some programs as "fragile," which indicates they can possibly be easily deterred, says Johns Hopkins University's Matthew Green.
From The Economist
View Full Article – May Require Registration
Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA
No entries found