TOWARDS ARMAGEDDON - PART 3
by BERNARD A HODSON
Part 1 discussed a fictional fact of identity theft while Part 2 discussed a possible solution. Part 3 discusses how the proposed solution might be implemented. Patrick and Justin are fictional characters.
Will it work?
"Let's take your situation first, Justin", said Patrick, "How could your identity be protected with Turing-like software?" "As I see it at the moment", replied Justin, "it would help in two or three ways, It is a single and small computer program and could be placed in a secure area of a personal smart card, along with either an encrypted digital finger print or encrypted digital iris scan. The same software would also be in the reader, be it an ATM or store scanner. It would not protect me against criminal coercion (where I as a victim would be forced to submit to a fingerprint or iris scan) but would be satisfactory for me and most users. We would also know that our bank accounts and credit cards are reasonably safe. To make them safer there would need to be a public key (PK) which I as a user, and only I, could activate. This would prevent hackers from accessing my accounts provided that the banks and credit card institutions had suitable software on their computers.
"That seems to satisfy that issue" said Patrick "and I see how the problem of optical fibre interception might be addressed by such software. The single computer program, in a secure area of the host computer, will send the data down the pipe in an encrypted form, with a key. This key will be known only at the receiving computer(s). Unless the interceptors know both the key and encryption used then their interception will not be worthwhile. Of course the single computer program idea is not specifically needed in this case but would be of considerable help, as it would be a standardised program, whereas currently there is a great deal of variation between programs used by financial institutions, and the programs are using unreliable operating systems as well as being subject to the whims of often security inexperienced programmers. Hopefully this can be achieved before a crash of the financial systems occurs but it may take something drastic like a crash (hopefully minor) to motivate the financial bureaucracies."
While the problem of optical fibre tapping appeared to be solvable there did not seem to be an immediate solution to the problem of introducing data into an optical fibre data stream to corrupt it, so they tabled this to give it more thought.
Justin indicated that the single computer program could handle the frequency switching after detecting jamming in a satellite, and encrypt the data transmission, but there was very little that could be done to avoid the satellite data stream being received by others, in addition to the parties for which it was intended.
Patrick then went on to say that the single program concept was ideally suited to solving the problem of viruses, worms, stealing of e-mail addresses and unreliable operating systems, as well as closing the tremendous range between poor and sophisticated programmers. In the first place the single program would serve as its own, quite simple, operating system, eliminating the need for external operating systems. The single program is a constant, changing only rarely, with known size, and likely provable to be error free. Because of this it will be possible to introduce to the program a size check where even the introduction of a single byte would indicate a foreign interference attempt, causing it to reject the intrusion, thus eliminating worms, viruses and the stealing of email addresses for spam and other nefarious purposes. The standard set of software genes, which also do not change, would have the same safeguards. Hacking would no longer be possible because no additional computer code could be introduced.
Patrick then said that the software genes equate to a language and that his father had demonstrated several Java programs and their equivalent in the software gene language. The two provided identical results with the software gene system running somewhat faster than the Java programs. He stressed, however, that Java programs had to be compiled, generating byte codes which are essentially coputer code, a serious drawback to the use of Java and a potential source of compromised security, whereas there was a one to one correspondence between the software gene language and the software genes, so that no compiling needed to be done, a very significant advantage over Java or any other language. There is a further advantage in that the software genes are stable and optimised, and not subject to the whims of any programmer.
They both concluded that the insecurity of magnetic strips would disappear with a software gene smart card containing a digitised fingerprint or iris scan. The criminal forcing of a user to withdraw would still need addressing, likely still through unusual usage monitoring.
They then discussed the perils of wireless linkages. They both agreed that it was impossible to prevent wireless interception and that the solution would be to make any data transmitted unreadable to other than the intended recipient. Patrick's father had demonstrated software genes that generated or read encrypted data, and that encryption with a built in key that only the recipient could unlock, would likely have to be the solution. They realised that further study was needed on this, and put it on their future agenda. They did feel, however, that much of today's security software addresses conditions as they are today, accepting the status quo and does not address the real problem of needing a software "sea change", particularly with the elimination of operating systems, which would go a long way to helping solve the problem.
They decided to leave cell phone interception for the time being but felt that some of the solutions would work with cell phones.
As far as encryption giving a false sense of security they did not see that this problem would disappear and would need constant reminders to the user public and businesses not to compromise their security arrangements.
"I think we can start on a solution" said Justin excitedly. He then went on to describe two projects that were being considered by the US Army. In the first project an Army researcher at the Walter Read Army Hospital had proposed that soldiers carry a disc on their wrist, or swallow it, the chip on the disc then relaying to the base unit their current state of physical and mental health. Apparently it still took as long to reach a soldier in distress as it had taken during the Civil War. Any speed-up in reaching the soldier could save lives. The second project was more sophisticated, but again included a chip embedded on a disc. This had to be of low power but capable of communicating to local and more distant receiving stations the location of the soldier (from a global positioning satellite), as well as simple messages. It also had to be able to control and aim a variety of laser based weapons.
Because the ideas proposed by Patrick's father did not require an operating system Justin was able to create a chip, (with suitable encryption capability from his previous work) containing the virtual processor, which also included the software genes to carry out the Army's requirements for both projects. The result was a very low cost solution to the Army's needs, the technology then being applied in other areas within the Army, again without the need for a resource hungry operating system.
The two colleagues then became aware of a need in a Gulf country for a national identity smart card, which required stringent security measures (such as the storage of digitised finger prints, along with Iris scans), and room for a variety of data pertinent to the holder, including license information (various), passport data, health information and a variety of other items. Each individual would require a personal key (PK) to ensure encryption confidentiality. Again this was an ideal application for the ideas of Patrick's father, albeit somewhat more difficult than for the needs of the US Army, but Justin and Patrick, with suitable support funding, were able to provide a solution at a fraction of the costs proposed by other bidders.
After these two initial areas had shown the viability and economics of the software gene technology, requests to use it started to pour in. Automobile manufacturers found they could save a fortune by using the technology in their sensors, aircraft and jet engine builders saved millions because it reduced the stringent safety critical software regulations (as no compilers were involved and software genes were stable, needing only an initial verification). In fact the virtual processor was so compact that it was proven error free, something that had been impossible with earlier technology.
One of the Gulf state requirements was that the national smart card also be used as an electronic purse. The success of this led to joint projects between the banking institutions and retail food stores around the world. Each item within the store was marked, of course, with a readable bar code, which now also contained an electronic switch. Customers were given an electronic purse by the banks which could access any of their accounts or credit cards. When they got to the now largely unmanned check out area they waved their product purchase over their electronic purse, which updated their financial record and switched off the electronic switch on the product bar code. Any product leaving the store with its electronic switch still active, generated an alarm signal.
Many more smart card applications were developed but the aircraft and automobile applications had shown the viability of embedded software genes. While many household appliances had previously had computer chips within them for a variety of purposes the software gene technology, because of an added wireless transmission capability, allowed appliances to be connected to the Internet and also to control computer chips within the household, enabling heating units to be programmed, fire or cold sensed, with appropriate alarms being activated as needed, doors opened or closed, music and videos down loaded, plus a variety of other useful household activities.
From these extensive beginnings it was an easy step to incorporate the technology into all existing and future applications of embedded systems. It had earlier been shown useful in a pilot hospital information system. This was extended to all hospital activity, so that one single and relatively simple computer program was all that was needed for all hospital activity, reducing the costs to a few dollars per patient day for such processes. The same program was used to control pipelines and nuclear reactors, database creation and access, control of data transmission from orbiting satellites and space ships.