Vol. 9, No. 9, Page 8

the processor in a plain text from. Properly set up, a logic analyser can take a copy of keys and passwords. Beware of Greeks bearing logic analysers!!

Physical controls and on-site personnel prevent anyone doing a similar thing in a mainframe computer centre without the required permissions. Similar controls are recommended for use in a microcomputer environment. The point is that this type of environment is usually not protected to the same extent as a mainframe site.

In summary, access to the processor is possible in a microcomputer environment, and usually impossible in a mainframe environment. If you cannot prevent this type of attack through other controls, the ONLY defence is some form of tamper-resistance (lock up the processor).

It should be made clear that the above arguments don't apply only to Fortress. They apply to all systems using untested, possibly weak, algorithms. They may ultimately apply to algorithms that have become accepted standards as development proceeds apace.

Because of the special importance of an encryption algorithm in microcomputer security, Kochanski is correct in stating that "The algorithm is the foundation of any security system." It is not only the bottom layer, it is at the core of the whole system. An analogy with rotten applies is tempting.

Anyone can write a complex algorithm. It is difficult to create a strong algorithm. Complexity and strength do not necessarily go hand in hand. However, lack of complexity and weakness are strongly related. The development of a new algorithm is a difficult process not to be undertaken lightly. Exhaustive testing is impossible, and only one weakness need be found for the whole edifice to come tumbling down.

The strength of the algorithm and the associated key management are the lynchpins on which microcomputer security relies. To try and describe matters as otherwise is misleading.

Keith M. Jackson, Data Security Specialist, UK.

LESSONS LEARNT FROM The importance of secure vital records was graphically OPEN UNIVERSTIY illustrated with the widespread publicity given to the destruction COMPUTER FIRE of the UK Open University's f500 000 VAX 11/780 in March. For

readers of Computer Fraud And Security Bulletin, the spectre was again raised as to the resulting effects when basic security measures fail. In the case in point, with reports of temporary wooden huts and other hazards, such measures were apparently non- existent. The question must be raised as to how many other installations are similarly exposed.

With 10 to 15 years of research work originally thought to have been lost, the last resort was to rely on DEC who managed to salvage much of the data from a charred hard disk drive. While

o 1987 Elsevier Science Publishers B.V., Amslerdm./87/$0.00 + 2.20 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means. electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publishers. (Readers in the U.S.A.-please see special regulations listed on back cover.)

Vol. 9, No. 9, Page 9

the lack of adequate back-up procedures verged on the scandalous,

what can be learnt from the incident?

Fireproof safes have been the normal storage vehicle for back

up media since the early days of data processing, but familiarity

breeds contempt. The specification of the traditional safe,

designed to repel burglars, will render it highly unsuitable as a

data store. Fire endurance, explosion, and fire-and-impact tests

must all be passed before the safe can be declared truly

fire-proof. Even so, elementary errors such as mislocating the

key are not unheard of. Automatic door-closing mechanisms have

also been made available.

Where it is decided that the volume of media to be stored

becomes excessive, or where the level of security cannot be

maintained, a company offering off-site storage facilities could

be utilized. Provided that the criteria for secure collection,

retrieval, storage, and transportation are adhered to, this may be

a viable solution. In the UK, Britannia Data Management plc is

the prominent supplier of this service.

For those organizations who wish to store a large volume of

securities, at the same time retaining them under their direct

control, a new departure is that of the Datachamber. This is a

strong room, constructed of hot galvanized sheet steel, having

exceeded the VDMA fire protection tests at the Technical

University, Brunswick, West Germany. The room can be built either

as a stand-alone unit or used as a wall-lining to an existing room

In the event of fire, the door and air conditioning vent

close automatically and are hermetically sealed. Datachambers are of modular construction and are simply bolted together on site.

Protection from impact is afforded by a 'goal-post' construction

design. Initially intended for organizations requiring to store

in excess of 500 magnetic tapes, additional uses have evolved.

Critical storage devices have been installed within

specifically fitted out Datachambers as extensions to existing

computer rooms, to provide the maximum level of protection and

security. Faraday shields may be incorporated to prevent terminal

eavesdropping. Communications equipment may be secured within a

cubicle design. Datacare Business Systems are the UK agents for

the ABS Dataroom.

However, in parallel with the variety of options available

for the secure storage of back-ups, the UK consultancey Xephon

reports that despite the availability of software products to

streamline it, the task of file back-up is an extremely lengthy

process and, in some cases, is entirely omitted.

Despite appearances, the Open University was lucky inasmuch

as the activity it was engaged in was not, on the surface, time-

critical; the luxury of requesting intervention from the

manufacturer to recover data and then carry on, would just not be

a viable proposition for the majority of sites suffering a similar

fate. Securing vital records should be considered an integral,

but nevertheless important, element of an all-encompassing

contingency plan designed to return processing of critical systems

within a pre-defined timescale.

0 1987 Elsevier Science Publishers B.V., Amsterdam./87/$0.00 + 2.20 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any means, electronic, mechanical, photocopying, recording or otherwise. without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.)

Vol. 9, No. 9, Page 10

One household name company organized its retention of securities by the alternative storage of media in the boots of management cars. The Open University incident has certainly drawn attention to the subject of disaster planning, but the recovery method employed may have convinced many that a bootful of tapes was a close substitute.

Datacare Business Systems is based at Axe and Bottle Court, 70 Newcomen Street, London SE1 lYT, UK. Britannia Data Management plc's address is la West Smithfield, London EClB lAM, UK

Steve Watt, Alkemi Ltd, UK.

BEATING BIG BANG Electronic financial transactions in the post Big Bang era FRAUD - DEALING ROOM offer new opportunities for fraud. A secure system to deny SECURITY SYSTEM unauthorized access to dealing computers and to validate the

details of all transactions has been developed by the London subsidiary of Fraser Williams, the UK computer services group. With transactions being transmitted from remote terminals, and without the traditional security of signatures on pieces of paper, frauds or errors of millions of pounds are possible. The rapid expansion in networked computer systems has not been matched by comparable advances in computer security.

The Fraser Williams solution is based on a programmable piece of plastic, similar to a credit card. Known as a smart card, and manufactured by GEC Technology, it contains 8 kbytes of programmable memory, accessible only via special equipment. A unique algorithm, which interacts with the mainframe, is programmed into the card. Access to the mainframe involves placing the smart card in a special reader and entering a personal identification number (PIN) in addition to the usual passwords. The card then generates a random 64-bit number which is transmitted to the mainframe and used within the deal validation algorithm.

As the deal is entered, each component is also sent to the smart card which applies an algorithm to combine the random number and all the details into a further 64-bit number. This is transmitted to the mainframe where the algorithm is applied in reverse and the result is verified against the original random number. Hence, the deal is protected on all its travels through the computer systems's known and unknown weak points. The Fraser Williams solution can be used with all existing computer systems, merely by linking a small reader to the terminal. In operation it is totally inconspicuous and users require no special training. The smart card is a totally isolated programming environment, with users denied access to its contents, thus guaranteeing its security.

For further information, contact: Ken Fifield, Consultant, Fraser Williams (London) Ltd, Landseer House, 19 Charing Cross Road, London WC2H OES, UK; tel: 01-930-4041.

Q 1987 Elsevier Science Publishers B.V., Amsterdam./87/$0.00 + 2.20

No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form orby any means, electronic, mechanical, photocopying. recording or otherwise. without the prior permission of the publishers (Readers in the U.S.A. - please see special regulations listed on back cover.)