Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

9 ways developers can rebuild trust on the Internet

Peter Wayner | July 23, 2015
Public keys, trusted hardware, block chains -- developers should use these tech tools to help secure the Internet for all

Add homomorphic encryption
Servers can store information in ways that are both encrypted and still useful. In other words, the server can continue to store data without compromising user privacy. I detailed some simple versions in my book "Translucent Databases."

In the past few years, there has been great excitement about a wide range of theoretical approaches to the problem of working with data in encrypted form. The databases can sort or search through large collections of personal information without actually holding the unencrypted versions. They can calculate without understanding the underlying information.

Computing with data that you can't see or read may sound a bit like magic, but we already have several good practical solutions. The best may be the Unix password file, which stores a cryptographically secure hash of the password instead of the password itself. When someone logs in, the system can hash the incoming string and compare it to the value in the database. But anyone who gains access to the password file can't figure out the real password because the file only stores the hashed version.

The new approaches are much more ambitious and, alas, far from practical. Some can take years to solve very simple arithmetical challenges, but they are getting better rapidly. More research is necessary, but this remains an exciting solution that promises to make it simpler for companies to do intelligent things with databases and not worry about people's privacy.

Add encryption
It seems silly to end with the biggest, simplest solution, but adding more encryption makes eavesdropping that much harder. A number of prominent sites like Google, Facebook, and Apple are turning on SSL encryption by default, and other sites can follow their lead. The overhead of adding SSL to all traffic is more manageable.

There are a number of other standards that can add encryption. Both IPSec and TLS will do a good job of encrypting the packets between client and server. These algorithms, though, still trust the server, a solution that works for some services but is far from ideal for tasks where the server is an intermediary.

Integrating end-to-end encryption tools with email and chat products is essential for boosting the basic security of our communications. It can be subverted at the server and deep in the OS, but it still is the simplest way to help people trust that the bits they ship across the Internet remain safe and in their control.

 

Previous Page  1  2  3  4  5 

Sign up for CIO Asia eNewsletters.