I just received a copy of the announcement on a Call for White Papers on the Next Generation Internet(27 March, 1997). I am currently directing research in Data Security in the Department of Computer Science at Brigham Young University. One of our current projects is a performance analysis of the ITEF draft IP security protocol introduced as IPv4 and IPv6. Our analysis of this protocol reveals a substantial area of inattention in the whole protocol design proceedure which a white paper might suitably address. My copy of the announcement did not make it clear how the substance of the paper was to be transmitted to your office. On the chance that this submission is not too late and is in something like an appropriate format I tender for your consideration the following. John C. Higgins Professor of Computer Science Brigham Young University Provo, Utah 84602 801-378-2195 e-mail = higgins@cs.byu.edu Certification Of Network Security Tools Discussion of network security is currently focused on standardization of protocols for implementation of security tools in a distributed network. Specifically, there is substantial interest in the creation of a standard security protocol for the Internet. The assumption underlying much of this effort is that tools for the implementation of secure communications exist and that the only problem is agreement on the specific set of protocols that will allow the universal application of these tools. It is the thesis of this paper that such an assumption relative to the adequacy of the security tools is unwarranted. There are two subpropositions embedded in this thesis which which will be argued in this paper. Both of these propositions must be addressed and the problems they imply must be solved before the Internet or any future evolution of the Internet can fully realize its potential for dissemination and creation of information. The first subpropostion concerns the technical adequacy and functionality of current data security tools. Let us address this issue narrowly by focusing on a specific topic. It is widely assumed that there are many safe and effective methods for encrypting data. Such an assumption is unwarranted. As is well understood in the cryptographic community there is no current method for the encryption of data which is demonstrably secure. Indeed, there is an argument based on theorems from the mathematical foundations of computer science and logic which proves that no such demonstration can in the broadest sense be given for any encryption algorithm. What is available is a very small set of public encryption algorithms which have, as far as public information demonstrates, proven difficult to compromise. As a very brief aside, it should be noted that the one method for provably securing data, the Vernam cypher or one time pad, is not an encryption algorithm. It should also be noted that this methodology is utterly unsuitable for the purpose of interactive high-speed public communication. There is not space in this paper to catalogue the inadequacies of current encryption algorithms. It here asserted that all currently available algorithms suffer from a variety of problems that render them unsuitable for the very high speed and widely distributed network whose outline this conference will sketch. Dually, there is not space to fully outline the problems inherent in the design of encryption tools that will achieve the level of security public acceptance of the network will demand. However, one brief example may help. The skipjack algorithm proposed by agencies of the Federal Government was designed by institutions that have the highest levels of expertise in these matters. No knowledgable person can question the ability of the designing agencies or the level of resources that they were able to devote to the creation of this tool. Yet, the algorithm as implemented was seriously flawed in the one area where the sponsoring agencies had the greatest need for its competence. It allowed probably secure communication without allowing authorized interception of the communication. Clearly, this fact called into question the capability of the entire algorithm and its fate is currently highly problematic. The public history of the skipjack algorithm leads directly to the next subproposition. Public confidence in the effectiveness of the security tools is as important as the technical effectiveness of the tools. If there is no general confidence that communication on a publicly available network can be made secure, the utility of the network is profoundly degraded. Lacking such broadly accepted confidence in network security, the medium is little more than a distributed collection of soap boxes in public parks. Serious communication will take place via another transmission agency. It is probably not possible to overstate the importance of public perception of assured privacy relative to the internet. The widely expressed concern over the insecurity of broadcast medium telephones has had a demonstrably chilling effect on their use. The fact that the presumably more secure digital models of such telephones, even those operating in encrypted mode using the current algorithm, are insecure from low level amature attack will have a serious impact on the utility of these devices. However, note that public perception of the security of these devices was rooted in the relative physical security of the original cable transmission telephone network. This network was assumed to be relatively secure since one had to physically tap the network near a source to compromise a message. Years of this relatively valid public perception conditioned users to assume that telephone communication was reasonably secure. Non-cable telephones inherited the public belief that! telephone communication was confidential. By contrast,in the case of the internet the polarity of the perception is precisely reversed. The public is correctly convinced that internet communication is highly insecure. Any future network will inherit this presumption of inscurity and must be able to convice a doubting public that some level of privacy can be guaranteed. It is essential that some neutral, trusted public agency be created to develop security tools that are competent and believed to be competent. There is not space in this paper to discuss the methodology of such development and the nature of such an agency. Such discussion is, however, a vital aspect of the successful development of any future extension of the internet. John C. Higgins Professor of Computer Science Brigham Young University higgins@cs.byu.edu