Vol. 11, No. 1, Page 21
solutions, or where the hard-wired solution is uneconomic.
So should we trust computers? Within limits, yes - but we do not know where those
limits are, or whether many systems have already crossed the line. Although most
current systems are adequately safe, and the major systems of highest criticality are almost
certainly so, there are economic and marketing
pressures which will lead to ever more complex systems in the future. The rate of
growth in both the number and the complexity
of safety-critical systems seems to be high,
and urgent action is therefore needed to create a framework within which we can exploit the
power of computers safely and economically.
I believe that the proposals I have given would lead to such a framework, and I hope I
have demonstrated that the ideas are worth further consideration.
Praxis Sys terns plc Bath, UK.
COMPSEC 88, the Fifth National Computer Security Conference, was held from
11 to 13 October 1988 at the Sheraton Skyline Hotel, Heathrow, London. The first day was
devoted to the British Computer Society (BCS) Annual Conference. I did not attend the BCS meetings, so I wont mention anything which happened on that day.
The second and third days provided an interesting mix of speakers. From the list of
speakers it was obvious that the organizers have made a conscious attempt to attract new speakers, especially from academia. This is to be applauded. Alongside the conference was an exhibition spread over two halls, with
several new products on display. This was the first time COMPSEC had run an exhibition.
The structure of the conference was organized on the lines of two parallel streams,
each of which contained the same talks but in
a different order. Therefore each of the speakers had to give their presentation twice.
The streaming structure seemed to be rather
forced upon the conference organizers by the
layout of the rooms, but perhaps with a conference of this size, streaming is
As well as the usual summaries of the
state of play in various fields of security, I
noticed a definite attempt to provide talks
suitable for people new to data security. Such
presentations were not particularly relevant for the delegates thoroughly versed in security,
and some delegates commented upon this matter in general conversation. I believe such a view is short-sighted - introductory talks are vitally important for the future. They attract the
interest of new people. Perhaps the level at which a talk is to be pitched should be clearly marked on the conference agenda.
For me the outstanding talk was given by David Chaum from the Centre for Mathematics and Computer Science in the Netherlands,
entitled Highly Secure but Untraceable Transactions. Indeed, this was one of the most fascinating presentations I have seen at a conference in a long time. Stripped to its
bare bones, and I apologize to the author for my severe paraphrasing, the presentation described mathematical processes which
facilitate a system of electronic cash which can
operate securely without requiring the recipient of a payment (the shop) to be on-line to the organization providing the cash for the system (the bank).
Each user would request that his bank securely transfer an amount of money to him in the form of computer digits. The user stores
these, and transfers the required amount in the shop when he wishes to make a payment. The shop settles with the bank at some future
o 1988 Elsevier Science Publishers Ltd., England. /88/$0.00 + 2.20
COMPUTER FRAUD 81 No part of this publication may be reproduced, stored in a retrieval system, or transmitted by any form or by any
SECURITY BULLETIN means. electronic. mechanical, photocopying. recording or otherwise, without the prior permission of the publishers. (Readers in the U.S.A. -please see special regulations listed on back cover.)
Vol. 11, No. 1. PaQe 22
date. This system has been developed at the very time when EFTPoS systems are being installed which connect shops on-line to the banking network so that payments can be securely validated in a timely manner. If secure settlement can be achieved with the
shop communicating with the bank at a later time of the shops choice, what price EFTPoS systems? Think about it.
Even if I were capable of completely keeping up with the intricate mathematics, this
article is not the place to go into a detailed discussion of the means whereby such transfers take place not only in a very secure
manner, but also untraceably. However, it should be explained in passing that the system
acts very like physical cash, as the bank has no means of knowing exactly where an individual makes specific payments. If a user
so chooses, he can reveal certain numbers to
prove that he made a certain payment. Note
that this is under the control of the user, not
the shop or the bank.
Although extremely thought-provoking, the
subject matter of this presentation is new, and could have problems which only come to light after further scrutiny. Time will tell. Better people than I are no doubt looking at the
mathematics to check that the process is secure within reasonable bounds.
Other presentations that provoked further thought were:-
Data security within the Financial industry from Henry Beker of Racal Guardata which discussed an actual implementation of a world-wide banking system, and the security choices made during its implementation. Many of these were constrained on the grounds of cost. The talk stressed the need to keep security in perspective. Both fraud and security cost money - the aim must be to draw a balance minimizing fraud costs totalled with the extra money spent on security systems. I could not agree more.
Standards of Security from Wyn Price of the UK National Physical Laboratory. A
Q 1988 Elsevier Science Publishers Ltd., England. /88/$0.00 + 2.20
COMPUTER FRAUD & No part of this publication may be reproduced, stored in a rctricval system. or transmitted by any form or by any
SECURITY BULLETIN means. electronic. mechanical, photocopying, recording or otherwise. without the prior permission of the publishers. (Readers in the U.S.A.-please see special regulations listed on back cover.)
presentation about the ISO, ANSI and BSI standards which are already extant (or soon will be) in the field of security. This is an important area. If computer systems are to communicate globally in a secure manner, it is imperative that they talk to each other in the same way. Standards are the best way of achieving this. Conversely as a personal opinion, I would venture that an incomprehensible or difficult to achieve standard is worse than not having a standard in the first place. The work on getting standards correct is important.
Transputers and Security from Denis Nicole of the University of Southampton. This talk outlined the possibilities of transputer technology but left me pondering the reasons for its relative lack of success. This is a shame as the technical possibilities of the transputer seem to have got lost amongst the past financial problems of Inmos, the move to Thorn EMl,and the relatively high cost of each transputer chip. I just wonder whether if other companies had been concerned in the marketing and development, we would have had high-power building blocks such as the transputer available for a few pounds each.
Lastly, COMPSEC 88 also included a
play. Indeed a play specifically about data security, hacking and banks called The
Hacker and the Malevolent Employee. The cast did a good job of presenting an intriguing story of people getting into financial difficulties, being offered a way out using fraudulent transactions, and implementing a series of payments which concluded with f 1 million in
various Swiss banks. The most thought-provoking points were that it was
relatively easy to carry out the fraud, and that people were easily drawn into it even though
they had no previous intentions in this direction. In the end many people were responsible. Everybody has their price, I
suppose, and the bank was the one that ended up paying this price. The play was written, acted and presented in a most professional manner.