Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

9 ways developers can rebuild trust on the Internet

Peter Wayner | July 23, 2015
Public keys, trusted hardware, block chains -- developers should use these tech tools to help secure the Internet for all

Expand trusted hardware
Given the layers of software and the complexity of the modern computer, it's unreasonable to imagine that they can be secured. There are too many potential backdoors to assume that our desktop machines, our smartphones, or even our printers can stay in our complete control.

The research community has long experimented with creating special, small computers with one job. Some would compute a special login once, and others would compute a digital signature. A person's private key could be locked inside a chip, and it would be difficult to extract the secret data. While it may never be possible to prove that the information remains safe, the device could have a few reasonable defenses that would limit the ability to attack. It could, for instance, have a mechanical switch so that it couldn't be turned on secretly. It might also refuse to sign more than one value for every time the switch is enabled.

If everyone carried such a small, trusted device with them, it would make it possible for people to create digital signatures that are much easier to trust. While loss and compromise will still be a problem, the widgets would still boost the level of trustworthiness of the Internet.

Add Merkle trees to the file system
Digital files are notoriously easy to change. While paper records will usually reveal our attempts at tampering, digital files can be changed to say whatever we want. To make matters worse, most file systems aren't very careful about protecting the records of when changes are made. Good hackers will not only change the file, but also backdate the records to show that no changes were made.

The simplest way to detect changes is to use a cryptographically secure hash function, a value that acts like a checksum for files that is hard to forge. Any change in the data will be reflected in the hash value, and it will be practically impossible for someone to change the file in a way that the hash value doesn't shift.

When files change over time, the sequence of hash values can itself be hashed together using a Merkle tree. This gives us some assurance that we know the history of the files, including when they changed. Computing good hash values like this is already part of the Git protocol. The more we can move these ideas into the general file system, the more we can have some assurance that files are accurate. The system may only be able to detect that changes were made, not actually fix them all of the time, but this is still better than not knowing anything at all.

 

Previous Page  1  2  3  4  5  Next Page 

Sign up for CIO Asia eNewsletters.