What Is Transmission Security?

Transmission security is the capability to send a message electronically from one computer system to another computer system so that only the intended recipient receives and reads the message and the message received is identical to the message sent. The message would not be identical if it was altered in anyway, whether transmitted over faulty channels or intercepted by an eavesdropper. Transmission security translates into secure networks. Although many people regard networks as computers connected by wires, this definition of a network, while technically correct, misses the point. Rather, networks are transmitted data, the data flowing over wires. All transmissions can be intercepted. And the cautious user looks at all transmissions as if they will be intercepted. You can minimize the risks of transmission interception, but you can never, under any circumstances, completely rule it out. After all, it is people who design and put wires in their place, and people can get to them. Accessing wires is somewhat comparable, although much more difficult, to accessing a transmission sent over airwaves, as on a CB radio. For example, as a ham, you may have a message intended only for other hams. Although hams are the main communicators on these frequencies, anyone with the right radio equipment can tune in and listen, so it's likely your message will be received and heard by other listeners who pick up the frequency, whether you want them to hear it or not. Similar risks occur with cellular phones, even though most transmission takes place over wire and not air. One risky transmission occurred between Prince Charles and his mistress Camilla Parker Bowles when an eavesdropper intercepted a now infamous cellular phone conversation between the two. So, like it or not, networks are our transmissions. If you ascertain that security is too high to risk over networks and you decide not to transmit over networks, throw your computer systems away; you've wasted your money. Unfortunately, transmission interceptions are inevitable; it's likely they will occur at times. Designing a 100 percent transmissionsecure network is akin to designing a car that can't be broken into; no matter how secure the car is, someone can always break the windows. This doesn't mean you should sit back and wait for the interception, however; instead, build your system to deter people from attempting to break in, and make it costly for the hacker to enter.

How Information Is Transmitted
Most networking schemes involve data transmission over certain whole sections of the network. Most network transmissions don't go directly from computer A to computer B. Ethernet networks, for example, involve transmission to all directly connected computers on the local network. Two computers are "directly connected" if there is no device between them that filters the transmission based on its destination. So if computer A sends a message to computer E, computers B, C, and D will receive the message but will ignore it, because it is not intended for them, as shown in Figure 16.1. Many other types

of networks, including Token Ring, FDDI, and some switched ethernets operate on the same idea: Transmitted packets go to many devices on the network and expect the recipients to ignore messages destined for other computers. This is much like radio or television transmission, in which signals are sent out in every direction, but radios and TVs not on the correct station don't use the signal.

How Information Is Intercepted and Read
Any computer with access to the physical network wire or in the vicinity of over-air transmissions, however, could be instructed not to ignore the signals intended for other computers. This is the essence of electronic eavesdropping. Information is considered intercepted when someone other than the intended recipient receives the information. Data can be intercepted in many ways, such as electronic eavesdropping or by using the recipient's password. It can occur anywhere, including in a chat room or through an e-mail exchange. The tools required to read the transmission depend on how the information is intercepted. If an intruder is stealing transmissions at the most basic level (stealing the data packets straight off the wire or out of the air), the interloper will need something that translates electronic signals from voltage changes to the numbers and letters that those changes represent. Computers for which the transmission is intended do this automatically, because they are expecting the signal and already know its characteristics, how to decode it, and what to do with it. A much simpler method would be intercepting a message by just looking over someone's shoulder to read what they have written. Again, the legitimate user already has a context in which to interpret the on-screen information. The snooper, however, still has to interpret the message, and this isn't always so simple.

Sniffing Devices
There are troubleshooting programs and devices designed to analyze LAN traffic. These are commonly referred to as packet sniffers, because they are created to "sniff" packets of data for the network engineer. As mentioned in the preceding section, all transmissions are broadcast over all the wires. When one computer wants to communicate with another, it sends out an electrical signal through the network, which could be copper wire, fiber optic cable, or air. The signal travels over this whole section of the network until it reaches the end of its signal strength in the air, the end of the wire or cable, or a network device that turns the packet back because the packet's destination is not on the other side of the device. At each point along this journey that the signal encounters a network interface, that interface examines the signal. If the interface sees the signal is for someone else, it ignores it. If the interface recognizes a signal for it, it reads it and gives it to the other parts of the computer for interpretation and use. The nice thing about LANs is that the systems administrator can use a sniffer to tap into the wire to examine it. A systems administrator should occasionally examine these lines

to check on the raw material going over the LAN. This is where packet sniffers are helpful. Packet sniffers will instruct your computer to look at every signal over the wire or only signals that meet certain criteria. This allows the systems administrator to analyze and actually read electrical signals. However, anyone with malicious intent also can use packet sniffers for analyzing and reading network traffic. Now, you might think there are users out there maliciously using packet sniffers to read data worldwide, continuously. It's true that there may be many users with malicious intent snooping around networks, but it is not as simple as just purchasing a packet sniffer. There are devices-generally referred to as internetworking devices and more specifically referred to as routers and bridges-that actually filter the electrical signals sent out as data packets. These devices filter signals logically, which means that any data passing through a bridge or router must be intended to go through that bridge or router; the destination of the data must be on the other side of the internetworking device to get through the filter. If the destination of the data is not on the other side of the filter, the internetworking device won't pass the signal; and if it doesn't pass the signal, someone on the other side is unable to sniff the information, as shown in Figure 16.2. Anytime you have a network that requires any sort of logical divisions, you need an internetworking device. If you are connected to the Internet, you have an internetworking device. If your local network spans a large physical distance, you have some sort of internetworking device.

Devices for Spoofing
Spoofing is somewhat of an overrated threat. Spoofing means getting your computer to pretend it is a different computer. The user forces the computer to present credentials to the network that are false. To do so, the user doesn't need tools but rather information to make those credentials realistic. The Internet identifies computers by numbers: Every computer has a unique number on the Internet. Some computers will grant access to systems they are charged with protecting or resources that they guard on the basis of the identification number presented to them by another computer. In this way, if a computer presents a fake identification number, the computer that requested the number could be fooled. These are generally difficult attacks to carry out because of how information is transmitted from computer to computer. When information is transmitted, it must follow a route based on your address. If you are using a fake address, the information returning to you will look for your fake address and thus take a route that does not lead to you, as shown in Figure 16.3. For example, if you send mail to someone but you want them to think you are someone else, you put someone else's return address on the envelope. When they write back to the person at the return address, the mail carrier delivers the message to that address and not back to you. The Internet equivalent of the dutiful mail carrier is termed "forbidding source routing" and is easy to enable. You can't get return messages, so the attack is difficult to carry out. In addition, firewalls know the difference between inside and outside, and a firewall will ignore messages from outside by computers claiming to have an inside address. Similarly, the mailroom at IBM will view

suspiciously any internal company mail brought in by a mail carrier. These simple safeguards make it difficult to carry out a spoof attack from the outside. A drawback of a spoof attack from inside the company is that if a computer on the Internet at any time detects any other computer on the Internet with the same Internet address, both computers will complain. In this case, if someone is spoofing you by pretending to be you and your computer is on or being monitored, the trick would be detected easily because your computer will tell you that there is another computer on the network with the same address. Still another drawback of a spoofing attack is that every network interface on any computer has a unique identifying number. Anyone trying to spoof your IP address on a local network could disable the computer he or she is spoofing, avoiding the earlier mentioned conflict. This would fail, however, if any other computer on the network were using the address routing protocol (ARP). The address routing protocol matches Internet addresses to the number given to a network card. Therefore, turning off your computer would eliminate the IP conflict, but the interface card number mismatch would require either stealing the network card, making a special one, or adjusting the ARP on the third computer. Attacks in which individuals pretend to be another user can occur on several levels. The attacker can pretend that his or her network interface is one that it isn't by manufacturing a network card with a fake address. The user then might pretend to have the Internet address of another computer and thus steal that computer's transmission or create transmissions under the guise of the impersonated computer. A user could also pretend to be a different person by stealing that person's username and password in one of about a billion ways. In addition, a user could steal information simply by gaining access to a computer whose data was not protected against direct physical intrusion.

Methods of Transmissions and Their Levels of Security
At the most basic level transmission occurs over wires or in the air; every electrical signal travels one way or the other. Transmission is more secure over wire because an eavesdropper or hacker must be physically near the wire, whereas an interception of an air transmission can occur anywhere in reach of the signal. An attempt to intercept a transmission traveling via fiber by tapping into the cable would be more easily detected than a tap into copper wire, because the tapper could easily damage or impair a particular segment of the network, which should be easy to spot. Detecting an interception that took place over the air would be nearly impossible.

There are two aspects to consider when planning for transmission security. The first aspect, discussed in the preceding paragraph, is how transmissions are physically sent

(that is, over wire or air). The impossibility of preventing physical interception should now be clear. The second aspect of secure transmission relates to the content that is being transmitted. Securing the content of the message is done through encryption. Encryption involves transforming messages to make them legible only for the intended recipients. Encryption is the process of translating plain text into ciphertext. Humanreadable information intended for transmission is plain text, whereas ciphertext is the text that is actually transmitted. At the other end, decryption is the process of translating ciphertext back into plain text. (Figure 16.4 demonstrates the process.)

Encryption algorithm
It refers to the steps that a personal computer takes to turn plain text into ciphertext. A key is a piece of information, usually a number, that allows the sender to encode a message only for the receiver. Another key also allows the receiver to decode messages sent to him or her. Now that you have the basic encryption jargon down, let's look at why and how encryption is essential for secure transmissions.

Why Use Encryption?
As you've learned by now, your transmissions can have only so much physical security. It is reasonable to assume that at some point someone may intercept your transmissions. Whether you expect an interception or whether you just generally suspect that interceptions may occur, you should transmit your information in a format that is useless to any interceptors. At the simplest level, this means when transmitting a message to someone, you use a coded message or slang (nicknames) that no one else understands. When Ulysses S. Grant captured Vicksburg during the Civil War, he sent a coded but predetermined message to Abraham Lincoln that read "The father of waters flows unvexed to the sea," meaning that the Union now owned the whole Mississippi river. Perhaps a good plan at the time, but still, Grant and Lincoln (or their advisers/confidantes) had to communicate a predetermined message and the message's meaning. A more recent example of a coded message might involve the use of nicknames. For instance, you and your sister give nicknames to family members whom you discuss unfavorably. Should a malicious family member decide to intercept a transmission, you would hope he wouldn't understand which family members you and your sister refer to in your messages. The obvious drawback of this coded message, like the Grant-Lincoln message, is that you and the recipient must establish a system of code before you begin transmitting messages. A better system is one that allows you to send any message, even one you had not anticipated, to anyone without fear of interception. This is why an encryption system is so valuable; it allows any message to be transmitted that will be useless to anyone who intercepts it.

Private Key Encryption
Another rather simple form of encryption is commonly known as private key or symmetric encryption. It's called private key encryption because each party must know before the message is sent how to interpret the message. For example, spies in the movies always have a sequence of statements that they exchange to be sure of each other's identity, like "the sun is shining" must be followed by "the ice is still slippery." This is an example of encrypting so that only the person for whom a message is intended will understand it. Other systems have been developed so that information can be encrypted in a general way. Again, using history as an example, one encryption method is commonly referred to as Caesar's code. According to history, Caesar would send messages that were encoded by replacing each letter in the message with the letter three places higher in the alphabet (A was replaced by D, B by E, and so on). The recipient just had to change the letters back to find out what the message said. An enemy who intercepted the message and did not know the method of encoding it would be unable to decipher it. Clearly though, this encoding method is not terribly difficult to break. This is called private key encryption because the method of encryption must be kept quiet. Anyone who knows the method could decode the message. It also is called symmetric because the same key is used to both encrypt and decrypt the message. Other private key methods have been devised to be more difficult to break. Data Encrypt Standard (DES) is a private key system adopted by the U.S. government as a standard very secure method of encryption. An even more secure private key method is called a one-time pad. A one-time pad involves sheets of paper with random numbers on them: These numbers are used to transform the message; each number or sequence of numbers is used only once. The recipient of the message has an identical pad to use to decrypt the message. One-time pads have been proven to be foolproof-without having a copy of the pad. Supposedly, mathematicians can prove that a one-time pad is impossible to break. The drawbacks to private key systems, however, are twofold. First, anyone who learns the method of encryption and gets the key, or a number or sequence of numbers or the sequences' equivalent of numbers that are used as a random input into the encrypted system, can break the key. Second, keys must be exchanged before transmission with any recipient or potential recipient of your message. So, to exchange keys you need a secure method of transmission, but essentially what you've done is create a need for another secure method of transmission.

Public Key Encryption
To overcome the drawbacks of private key systems, a number of mathematicians have invented public key systems. Unknown until about 30 years ago, public key systems were developed from some very subtle insights about the mathematics of large numbers and how they relate to the power of computers. Public key means that anyone can publish his or her method of encryption, publish a key for his or her messages, and only the recipient can read the messages. This works because of what is known in math as a trapdoor problem. A trapdoor is a mathematical formula that is easy to work forward but very hard to work backward. In general it is easy to multiply two very large numbers together, but it is very difficult to take a very large number and find its two prime factors. Public key algorithms depend on a person publishing a large public key and others being unable to factor this public key into its component parts. Because the creator of the key knows the factors of his or her large number, he or she can use those factors to decode messages created by others using his or her public key. Those who only know the public key will be unable to discover the private key, because of the difficulty of factoring the large number. Public key methods vary, but one of the most common, and also free, is PGP (pretty good privacy). This is a public key encryption method that allows you to exchange messages with anyone that will send you his or her key. When you receive a key from someone, your PGP software can use that key to encode a message that only that person can interpret. The PGP method also allows you to encode a signature that only can be decoded using your public key, ensuring that it was you who sent the message. There are many free software packages that allow users to encode e-mail and other files they send. These software packages also will generate a public key for you. The software, along with the source codes, are available for almost all common operating systems. Public key encryption works because users can send any message to any person without first meeting them or exchanging secret keys or secret encryption schemes. This obviously makes an extremely powerful tool in commerce for transmission of confidential customer information between buyers and sellers. In addition, public key encryption is extremely secure because decrypting public key encryption methods is a matter of time. If someone had enough time, that person could decipher your message. With commonly used methods, however, even an entire nation of hackers with the most powerful computers would take many years to decipher encrypted messages. Now that I've told you about what many in the world of computer security consider the most secure method of transmission, I must tell you that there are times when public key encryption doesn't work. When the method used for encryption isn't secure, the message isn't secure. Because the methods of encryption are usually public, anyone who is interested in finding a hole has all the information necessary to find any holes. Holes often are discovered in methods previously thought to be secure. The fact that the algorithm is public makes the method more secure over the long term but less secure over the short term. In the long term all the flaws will be discovered and fixed, but over the short term flaws will be discovered and perhaps exploited. A second insecurity of public

key methods in general is that public key encryption won't work when a recipient has no method of authenticating the sender. If someone sends you his or her public key, you can use that to encode a message for that person only-but it doesn't mean they are who they say they are. Services of certifying authorities, such as Verasign, Inc., are needed to ensure the authenticity of correspondence. These certifying authorities use common identification methods to authenticate the identity of their subscribers. When verified, the authority issues a digital certificate to the subscriber. The subscriber then can use this certificate in his or her Web server to carry on secure communications with those browsing the Web site. Individuals who want to use public keys for their correspondence or companies that wish to prove their identity in electronic correspondence also can get an identity service from a certifying authority. Certifying authorities aim to overcome the aforementioned weakness of public keys being only as authentic as the user who sends it. The service only removes the dilemma one level, however, because the authority's services are only as good as their methods of authenticating subscribers. Public key also doesn't work if your private keys are compromised. Keeping your private key secure is essential to the security of the system. Remember that the security of a public key system depends on no one being able to get your private key by knowing your public key. Your private key is what you use to decode messages sent to you and to prove your identity to others to whom you send messages. If someone is able to gain possession of your private key, that person could read your messages and forge messages from you.

State-of-the-Art Encryption and Its Future
Encryption has often involved making a choice between public and private key security methods. Public key encryption involves a heavy computing load, meaning that transmission with a public key takes more time and resources. Private key systems are less cumbersome but also less secure and less versatile. To overcome the drawbacks of both security methods, users have combined public and private key systems, such as an exchange of DES keys using a public system and then using those keys for the private DES system. Remember that private key systems can be stronger because it is possible to make an unbreakable private key system. A public key system is not theoretically unbreakable; it's just too difficult to do it in real life. The weak point in a private key system is the exchange of keys, so the very secure public key method can be used to exchange keys, and then the completely secure private key system can be used to do the actual transmission. A second advantage is that public key systems require a big commitment of computing power for every message. Private key, by comparison, is far less computing intensive and therefore cheaper and more efficient overall for transmission. This combination likely will continue and become more common in the future, but it's unlikely that most systems will become public key. As computing resources advance to make public key encryption easier, the resources for cracking those keys also advance. This means that keys will become longer while the calculations will become bigger.

Email security
E-mail traverses the internet in a series of hops from one server to another until it reaches your ISP (Internet Service Provider) from whose server you download it. At any one of the intermediate or end servers it can be read, diverted or stored. Sometimes this is the inevitable consequence of normal practice. E-mail stays in your POP account until you download and delete it. These are not the same thing. If you read your e-mail at various locations, you might wish to leave it in your POP account for download to a single archive before you delete it. While stored in your POP account, it can be read as plain text by anyone with legitimate or abusive access to the server. Furthermore, these servers are backed-up by any good ISP, and backup tapes, with your e-mail recorded, can remain archived for years. Every good ISP offers the option to have copies of incoming e-mail sent to a second or third recipient. This is extremely useful for business purposes, but of course someone with access to your ISP's server can just as well divert a copy of all your e-mail to an address unknown to you. Here you depend on the soundness of your ISP, usually without problems. ISPs are, after all, very concerned to protect the interests of their customers in today's competitive environment. E-mail completely incorrectly addressed might be delivered to an unintended recipient but most likely ends up in a bounced e-mail buffer on your ISP's server. These are usually deleted periodically but could of course be read. If the domain name is correct but the specific recipient is incorrect (for example indo@ammonet.com instead of info@ammonet.com), the message usually goes to the webmaster of the corresponding web site if no other default maildrop is specified. From our own experience, we can provide three anecdotal examples of persistently incorrectly addressed e-mail that does go to unintended recipients. The first involves use of a country extension such as com.nz rather than .com. The senders of the e-mail don't know or forget that the extension is not .com. Since the .com address in this example belongs to ammonet, we receive an unintended steam of e-mail with highly confidential attachments. As a goodwill service to the intended recipient company, we have aliased all of the appropriate e-mail addresses so that most of this e-mail is now automatically redirected to the correct recipient. A second example involves an incorrect return address configuration which the individual involved seems incapable of correcting, despite numerous requests from us to do so. Again, the unintended domain name belongs to ammonet and we receive frequent emails, with both personal and business attachments, sent by users who know the correct e-mail address but who have clicked the return button on their e-mail software. The third example is simply a matter of two hotel e-mail addresses that differ by a single hyphen. The two hotels continually received one another's communications because of the similarity of the domain names. Use of different reservation addresses doesn't help in this case because default mail is inevitably misdirected.

Aside from the vulnerability of your e-mail to being read by individuals to whom it is not addressed while it is stored on the server of your ISP or at some intermediate server on the internet, there are other security flaws. These are characteristic of the increasingly popular HTML mail format whereby e-mail messages look like web pages. A few lines of javascript can be embedded in such a message in a manner which is not visible to you as the recipient. This enables text to be secretly returned to its original sender every time the message is forwarded to another recipient, as long as the recipient's e-mail software is javascript-enabled. The most widely used e-mail programs that are vulnerable to this exploit are Microsoft Outlook, Outlook Express and Netscape Messenger 6. Since many users click "reply" during long e-mail exchanges, a javascript insert of this kind can enable an individual to receive copies of all messages that form part of the exchange. Such an exchange of messages could be, for example, a confidential discussion of the original message.