PSU Magazine Winter 1997

of the wrong hands? And how might information be encrypted and decoded so that eavesdroppers can't make use of it if they do intercept it? Binkley and McHugh are in charge of the technical aspect of the projects. As more and more people travel the world with laptops and cellular phones security becomes a larger issue. Brinkley and McHugh are working on moving mobile computers around while maintaining secure contact via radio wave with a home computer or network. Physically networked computers are marginally eas ier to protect from hack– ers by putting up protective programs called "firewalls." Outside users might be ab le to get certain kinds of informa– tion, like names and e-mail addresses, that are outside the firewall, but private and sensitive informat ion can be protected. However, let's say you're on a busi– ness trip and you plug your ce ll phone into your laptop hoping to download your e-mai l. You want the equ ivalent of ca ll forwarding, but unfortunately this is not yet possible. The goal of McHugh's research is to allow "foreign agents" to act as intermediaries between you and your home computer. The home computer, McHugh say , will "create what's called a tunnel between itself and the foreign agent, take all the information, wrap it up in a header, and send it by radio." But there's a big snag. "If we do that in the clear," McHugh says, "we're vulnerable to wiretapping." Hackers cou ld swipe your passwords, reroute your data, or impersonate you online. C learly, trust– ing the intermediary is as much of a ri k in cyberspace as in the markets of Renaissance Europe. The PSU research is till in its preliminary stages. McHugh estimates that it will be five to 10 year before the work his team is doing now will result in marketable computer security systems. The team's other project is "covert ignaling mechanisms in asynchronous transfer mode" (ATM). In cyber-jargon, ATM isn't where you get ome fast cash, but how companies like AT&T move nanobytes of data over high– speed connections. They need to know how easy it would be for someone to hack past ATM security systems. As Binkley and McHugh work on the practical bugs, Mocas and Schubert work out the formal logic needed to make sure that security measures are truly secure. "J im and John are always running around with these little laptops," says Mocas. "I don't usually touch the hardware. I sit there and think." She and Schubert use a fo rm of logic called "belief logic." Her job, Mocas says, is to ask, "If A send Ba message, what is it that B can believe about the message? Can B believe that it wasn't modified and it came from the person it says it came from?" nowing that a message is intact is called integrity, and knowing that its source is trustworthy is called authentication. In the "old world" of 20 years ago, we worried about whether a person's driver's license signature matched his credit card signature. We did business with people in the same town, often face to face . The ways we learned to rely on people were simpler, looser, more intuitive. Now we may be buying and selling with someone in China, or fa lling in love with an e-mail pen pal. We have no idea who these people might really be. How the Internet' security hole will be plugged, and which solutions will turn out to be in xpensive and easy to use, i sti ll unknown. A ll of them will likely involve some form of encryption. Computer encryption is a more complicated version of the kinds of codes and keys that spies and intel– ligence agencies have used for centuries. Unles you know the key, an encrypted message looks like gibberish. But while governments want to u e state-of-the-art encryption technology themselves, they're not happy about private citizen and corporation doing so. Governments want to protect their own communications, but al o be able to decode anybody else' messages. According to McHugh, encryption programs can be exported on ly after one has obtained a licen e either from the State Department or the Department of Commerce. Neither of these agenc ies is enthu iastic about approv ing the export of "strong" (hard to crack) encryption. The licensing restrictions are frustrating to many American high-tech busines es that want to trade worldwide. Ironically, many foreign-made encryption programs are available in the United States and can be sold domestically but not internationally. Because more and more people want encryption capability, many American companies feel that their export product without encryption capability are at a competi– tive disadvantage. "It's a topic of continuing discus– ion between industry and govern– ment," says McHugh. The P U researchers are coordinat– ing with a number of other groups acros the country, working ·toward political and technical consensus so that security standards eventually can operate Internet-wide. As McHugh says, the i sues are "in a state of flux." And, he adds almost ruefully, "It was much easier when we had large main– frame and only a few of them." (Valerie Brown is a Portland freelance writer.) WINTER 1997 PSU MAGAZINE 17