Information Technology Reference
In-Depth Information
EMC customers' support centres into the devices in the field. Whether you are aware of
it or not, if you are users of EMC devices, EMC has the ability to connect into those
disks, into those devices, various maintenance issues, upgrades, etc. We provide the
authentication and the privacy through encryption that secures the access of customers'
support into these devices.
If I can summarise the experience of the last 16 years that we have in this field today, I
would say that the most important issue, today, has been to make security systems
simpler. In the past, our mission was to explain to people why security was important.
Almost every presentation that we gave explained why security was important, why it is
important to keep information private, why strong authentication is important, what is
public key cryptography, symmetric cryptography, key exchange mechanisms, etc. We
were involved a lot in educating organisations and people but this is no longer true. For
the past few years we no longer have to explain to people why security is important. We
no longer have to explain what public key cryptography is. When we go to talk to large
organisations, they have very good, very well-educated people who understand the
issues, who know the mechanisms, who know exactly what they want and understand
that it is important.
2.
THE PROBLEM OF COMPLEXITY
The problem that we have faced over the past few years is that security systems have
become so complex and therefore so expensive that people do not use them because of
this. So you go into a large organisation and talk to the security guys and they know
exactly what they want and they understand why they need it, but they end up using
inferior systems or not using anything at all, because they understand that actually
deploying systems with different technology and getting people to use them is really
difficult.
A very well-known article on this matter came out of MIT, called “Why Johnny can't
encrypt”. It is a very frequently quoted article which is based on an experiment that was
done at MIT not too long ago, in which they collected a group of intelligent MIT people,
both students and staff and asked them to use a very well known security product called
PGP. PGP is a very popular security product on the Internet. It was explained to them
how PGP works and what they needed to do to set it up; they asked them to set the
system up and start sending secure files between people. The article reports on the results
of this experiment and it turns out that very few people, if any, actually managed to use
the security system properly. There were a number of people who started sending secret
keys from one person to another just to see if they could get the system to work and all in
all, even though this was a highly intelligent group of people they either were not able to
install the system or if they did, they completely misused it and basically got a false sense
of security which is even worse that having no security at all. So our challenge is to try
and make the security systems today simple to install, simple to use, and therefore useful.
3.
DIGITAL SIGNATURES
I am going to be very down-to-earth and not as philosophical as some previous
speakers. I am going to talk about a very specific test case, a very specific key study, and
I am going to talk about digital signatures and to see what can be done in order to make
Search WWH ::
Custom Search