Talking Security with Mr. Cryptography

In a groundbreaking 1976 paper on public-key cryptography, Whitfield Diffie famously illustrated how people with no prior knowledge of each other could use a shared public key and private secret key to enable a secure communications. Now as chief security officer at Sun Microsystems, Diffie is responsible for ensuring that Sun remains on the forefront of security innovation. Sun Inner Circle recently caught up with Diffie to discuss how Sun sees the future of information security and encryption.

Inner Circle (IC): It's been nearly 30 years since the 1976 Diffie-Hellman paper ushered in the age of public-key cryptography. What's the impact of the paper today?

DIFFIE: It's like having 15 minutes of fame: I did one good hour of work in 1976 and I've been making a living off of it ever since. The impact of the paper has been very gratifying. With SSL in every browser, public-key encryption is the most widely deployed cryptographic technology of all time.

It's also gratifying to have achieved some goals that are broader than the technology. I was one of the founders of the Association for Cryptologic Research, which now has more than 1,000 members and plays a role in putting on more than a dozen conferences a year. I just came back from Crypto 2006 in Santa Barbara, which had 500 attendees. The first Crypto conference was in the same location in 1981. It was the first public research conference on cryptography that I can recall and it had about 50 attendees.

One of my goals was unification of the techniques used to protect government information with those used to protect commercial information. It always seemed silly to think that a secret document required more protection than a billion dollar funds transfer. Well, it's finally begun to happen. Last year, the National Security Agency announced a new suite of cryptographic algorithms authorized to protect all levels of classified information. All of them are public and most of them are public standards. They call it Suite B. (Suite A is a collection of secret algorithms with colorful names like "Juniper" and "Mayfly.")

The centerpiece of Suite B is the Advanced Encryption Standard, a cryptographic algorithm designed in Belgium and selected by the U.S., in an international contest, to be its national standard. The key management part of Suite B is second-generation public-key cryptography. It's called elliptic curve cryptography, or ECC.

IC: What is ECC and how does it work?

DIFFIE: It's named after the mathematical structures it uses, which go back centuries to techniques for calculating the areas of ellipses. Basically it uses more complicated arithmetic than what we did in the '70s, so you can make the numbers smaller and still have the same security.

The most widely used public-key algorithms used today are called Diffie-Hellman and RSA. They use what's called modular arithmetic: what a clock does; you get to 12 and start over again at one. ECC is a new version of the Diffie-Hellman approach. The easiest way to explain the new arithmetic — and it isn't exactly easy — is to draw a picture of an elliptic curve.

Two points determine a line but any line you draw through the curve will touch it in three places. Essentially, the sum of any two points is the other point at which the line through them crosses the curve.

IC: What are the factors driving the adoption of ECC?

DIFFIE: Smaller keys, faster computations, lower power consumption, less memory — what's not to like? Even when memory is cheap, the difference between hundreds of bits and thousands of bits is noticeable when there are billions and billions of keys in the world.

One of the especially attractive applications is tiny devices. These days, good things come in small computers and need to be protected. The trouble is no matter how small a device you have to secure, your opponents are going to attack it with the biggest computers they can get. Basically, no matter how small your computer system is, you still have to protect it with the strongest crypto systems. That's where elliptic curve cryptography comes in. As more and more, and smaller and smaller, devices connect to the Internet and as e-commerce and other secure Web communications continue to grow, ECC becomes ever more attractive.

IC: Widening the discussion a bit, where is information security today?

DIFFIE: It's at a turning point. Information security is just about a century old; it dates to the invention of radio. Radio was so valuable that nobody could avoid using it and hope to prevail over opponents who did. The trouble was everyone can listen to the radio. Radio bypassed every information security method of the time: locked buildings, safes, guards, red tape. The only thing that was applicable was cryptography and we spent most of the 20th century working on that. Now cryptography is no longer the problem. It is far and away the best-baked part of information security. It's everything else that we have to worry about.

The next big challenge in information security came in the 1960s. Before the development of timesharing, it was hard to tell computer security from the security of the computer room. Timesharing and multiprocessing mean you need to be able to run two mutually hostile processes on the same machine and keep them from spying on each other.

IC: What are the security challenges with grid computing?

DIFFIE: The real challenge of grid computing is that the customers are no longer running their computations on their own computers; they have to trust the grid providers with everything. It's like the radio problem all over again. Grid computing is going to be so powerful and so cost effective that no one can avoid using it and succeed.

IC: How do these grid security challenges translate to security requirements?

DIFFIE: The requirements are the same but the tools have all changed. There was no way to isolate processes from each other in the systems of the '60s; they were all sharing one processor. If one process hogged the run queue, all the other processes could see it. It's like eight people living in one room: you can't avoid undressing in front of each other. A grid is properly provisioned to serve lots of customers; it has thousands of processors and tens of thousands of threads. It's more like an office park. An office park houses multiple businesses some of which are competing with each other. It's built in such a way that they can be provided with services and still be protected from each other.

Paradoxically, the open-standards platforms that make economical scalable computing environments possible may give rise to a lot of businesses based on trade secret algorithms. Instead of selling programs to do things you could just run the programs for people with computing you rent on the grid. That's the way Google works today and there could be lots more of them.

IC: Within that context, many people say that privacy doesn't exist any longer. What do you think?

DIFFIE: Many people? Actually, it was our old boss Scott McNealy. He said: "You have no privacy on the Web; get over it." I wonder what Jonathan thinks?

That line didn't make my job any easier but, unfortunately, he was more right than wrong. The good thing about the modern world is how quickly information gets around. That isn't entirely compatible with privacy.

IC: So how do these new developments tie into your work at Sun?

DIFFIE: Sun's big customers are big businesses and they are the ones who have to protect their customer's privacy — whatever the law and the press decide that means this week. You can't protect anything if you can't control the flows of information within your enterprise. That is what information security is about and that is the point from which Sun has to view privacy. We make products that enable the management of information in a networked environment.

IC: How does all this relate to the design of Solaris 10?

DIFFIE: Solaris 10 is the most substantial revision of Solaris that Sun has undertaken since we moved from BSD UNIX to SVR4 in Solaris 2 in 1992. One of the things we changed big-time is security. We used to have two operating systems. In addition to basic Solaris, we made Trusted Solaris for particularly security-conscious customers. It supported security labeling and controlled the flows of information between windows, processes, files, and devices according to their labels using to formal security policies. With Solaris 10, we incorporated new security machinery into the basic Solaris product and replaced Trusted Solaris as a separate product with an integrated add-on feature called Trusted Extensions. This basically adds the labeled security features of Trusted Solaris to our standard commercial OS release.

IC: Can you talk a little more about the Trusted Solaris security pedigree?

DIFFIE: Trusted Solaris grew out of intelligence agency requirements, for a workstation to handle data at a variety of classifications in a variety of compartments. Windows at different classifications had to be visible to the user on the same screen but strongly protected against mixing. This same separation also had to apply to network packets, file systems, applications and all other manner of object in the system. Trusted Solaris used to be the most secure general-purpose operating system available. Now, I think that Solaris 10 is fundamentally more secure than the old Trusted Solaris.

We have also paid a lot of attention to usability in real computing environments. Unlike SE Linux, the security mechanisms in Solaris 10 and its Trusted Extensions have been designed to preserve application compatibility and to work well with existing administrative security models.

IC: So what are the most important security features of Solaris 10?

DIFFIE: From my perspective, there are four critical pieces to Solaris 10 security: Zones, the fine-grained (and upwards compatible) Privilege System, Trusted Extensions, and the Cryptographic Framework.

IC: You've put the Zones at the top of the list. Why is that?

DIFFIE: The name really explains it. What operating-system security is about is confining processes so that you can control their communication with other processes. You can also limit a processes consumption of resources so that no one application can starve the whole system, possibly due to a denial of service attack.

IC: What is the importance of privileges in Solaris 10 security?

DIFFIE: Usually, if a program or a user requires any sort of special privileges at all, it only requires one or two. Older operating systems weren't very good about separating these things. Root is the worst example. Root can do everything but you often have to assume the root role just to do something simple like mount a device. By enumerating the 60 or so privileges that a process might need and arranging for correct inheritance by sub-processes, we can avoid having unnecessarily privileged processes.

We have also done a pretty good job of upward compatibility. You can have privilege-aware processes and non-privilege-aware processes, both utilizing the privilege model, while you are migrating to a fully privilege-aware environment.

IC: So, Zones allow for the virtualization of the underlying hardware?

DIFFIE: Yes. From the point of view of a program running inside a Zone, users can see the root file system and all sorts of things that they would see if they had access to an entire machine. When a program accesses its Zone, it behaves in entirely reasonable ways. The program can build file structures under the Zone's root if it has that privilege. It can read and write files. It can use I/O. It can do all sorts of things.

The program is running in a virtualized environment in which its actions look as if they've taken over the whole machine but other processes will be running simultaneously, entirely unaffected by these actions. You can't see anything outside of your zone, and nothing you do to that zone will affect other zones. In fact, you can reboot a Zone, and all of your processes running inside the zone will restart almost instantly, just as if a whole server had restarted. This level of security comes without the typical performance penalty associated with other virtualization environments.

IC: And what is the role of Trusted Extensions?

DIFFIE: Trusted Extensions is a set of enhancements to the security policies of Solaris 10 that bring multi-level security to standard Solaris. It allows customers to classify their data based on its sensitivity level rather than just keeping track of who owns what files. Access to windows, network connections, files, devices and processes can be controlled by a Mandatory Access Control (MAC) policy. Customers can have a very secure environment that runs all of their existing applications and allows them to separate or selectively share resources between multiple partners, suppliers, or networks. Trusted Extensions will be a standard feature in the next update to Solaris 10, due before the end of the year.

IC: And finally, what about cryptography in Solaris 10?

DIFFIE: When people talk about networked computing, they're talking about something that involves multiple machines. If those machines are not all in the same physically protected space, they also have to think about cryptography for protecting the data flowing between machines. Solaris 10 has the Solaris Cryptographic Framework, which manages cryptographic capabilities in both the kernel and user space. This increases security by reducing the risks — and administrative overhead — of application-based cryptography.

Cryptography is often handled in a haphazard manner. A developer writes an application, and builds cryptographic machinery — to protect or authenticate something — into the application. Then another developer writes other applications with a different kind of cryptographic machinery. The cryptographic framework allows applications to call on the system for their cryptography in standard ways. It's based on industry-standard interfaces and supports all the major encryption algorithms. It also gives applications transparent access to hardware crypto-accelerators if they are available.

IC: Any final thoughts about Solaris 10 and designing for security?

DIFFIE: Well, any organization can look back at how much earlier the role of security could have been emphasized in the design process. Sun does better than most companies at thinking about security early in the design process.

To that end, the new Solaris Trusted Extensions feature takes what we've learned over many years with Trusted Solaris and builds it into Solaris 10. That way, it works on any of the hundreds of SPARC and x86 machines Solaris 10 runs on, and it works with your existing software and practices. That's a huge advantage for our customers.

About Whitfield Diffie

Whitfield Diffie, chief security officer of Sun Microsystems, is vice president and Sun Fellow and has been at Sun since 1991. Diffie is the chief exponent of Sun's security vision and responsible for developing Sun's strategy to achieve that vision.

Best known for his 1975 discovery of the concept of public key cryptography, Diffie spent the 1990s working primarily on the public policy aspects of cryptography and has testified several times in the Senate and House of Representatives. Diffie is a fellow of the Marconi Foundation and is the recipient of awards from a number of organizations, including IEEE, The Electronic Frontiers Foundation, NIST, NSA, the Franklin Institute and ACM.