Prospects and Conclusion



next up previous contents
Next: Cryptographic Service Calls Up: Security in Open Systems Previous: Other Standardization activities

Prospects and Conclusion

This section examines what we can expect in the near and foreseeable future. The short answer is that we shall see a lot of progress, but relatively few Standards.

Indeed, a cursory examination of the standards activities shows that:

  1. there is tremendous pressure to develop Security Standards as soon as possible;
  2. There are inadequate resources (in part because of the current financial landscape); and
  3. even if adequate resources were available, it would take at least three years before a substantial body of work can be completed.

A case that will illustrate the current situation is the need for a key management protocol. The security work in ISO assumes that in most instances cryptographic techniques will be used for security purposes. But, such techniques require shared secrets, such as crypto-keys. Therefore, a key management protocol is a sine qua non condition for practically all security protocols, be they upper or lower layer protocols.

If we now look at the work pursued at ISO, we see the following:

If one now considers any realistic schedule for these events, it appears that there is little or no probability that SC21 will produce stable text for key management within the next two years. This, despite the fact that most of the technical issues for key management that are relevant to this protocol have already been solved elsewhere and there have been proposals (such as the one in the SDNS series) for key management protocols.

Of course, as mentioned earlier, there are strong pressures for developing security standards as early as possible. Already, several standards (Directories, Management, MHS) have invented or are inventing their own security techniques so as to solve urgent problems of their own. At the same time, security protocols such as NLSP and TLSP are inventing ad hoc key management schemes so as to meet their own need for negotiating cryptographic parameters. Other protocols are likely to follow suit unless quick identifiable progress takes place. Therefore, it would appear that those who are interested in Security Standards should follow two, seemingly contradictory policies:

Another thing to keep in mind is that however extensive the present program of work seems to be, it will have to be expanded. Experience has shown that the point of greatest vulnerability lies in the areas that are performance bottlenecks. In these areas, such as I/O in Operating Systems which is the door of most penetrations, our need for high performance conflicts with our desire to provide adequately secure mechanisms. The danger of taking potentially disastrous shortcuts is real. Already, there are attempts to add security to the route-construction protocols (which can be seen as layer 3 management protocols). These are attempts to beat back the least sophisticated and the least persistent attacks. No doubt, stronger mechanisms will be needed in the future to protect the protocol that constructs routes and the protocol that forwards data. This is an example of future work that lies just at the periphery of what is presently done. It is quite likely that as we grapple with the security problems that arise in distributed computing, we shall discover the need for additional services and mechanisms and that we will engage in work which today we cannot even imagine.





next up previous contents
Next: Cryptographic Service Calls Up: Security in Open Systems Previous: Other Standardization activities



John Barkley
Fri Oct 7 16:17:21 EDT 1994