Late last month, the President’s Council of Advisors on Science and Technology (PCAST) delivered a report to the President, titled Immediate Opportunities for Strengthening the Nation’s Cybersecurity.
PCAST is a pretty heady group of mostly senior and well-respected academics, but also includes people like Eric Schmidt, Google’s Executive Chairman, and Craig Mundle at Microsoft.
Even the Plain Old Telephone Service (POTS… yes, that’s the industry term), is more user friendly when it comes to identifying accounts than the web. For example, today I called Time Warner Cable to cancel a service appointment. I always know to call them from my home phone, because that phone is known to them. The machine on the other end identifies my caller ID, confirms my account, and off we go.
It seems there is no end to the use of trusted computing capabilities to strengthen well-known security applications and protocols. Followers of this blog are more than likely familiar with the many use cases for Trusted Platform Modules (TPMs), notably improving the security of many PKI-based, high-use applications such as 802.1x, virtual private networks (VPNs), virtual smart cards, and more. The simple act of replacing a software-cert private key with a hardware-based, TPM protected key, improves security immensely.
One session at the Trusted Computing Conference in Orlando, Florida, in September further expanded my horizons. The Naval Research Lab’s Olga Chen presented her work on improving trust and authentication in Kerberos, a network authentication protocol. Kerberos is designed to provide strong authentication for client/server applications by using secret-key cryptography.
Last week another milestone on the path to reduce or eliminate usernames and passwords was achieved. The NSTIC (National Strategy for Trusted Identities in Cyberspace) program office announced five additional pilots have been awarded for the next fiscal year. Wave will proudly participate in two of those pilots; PRIVO (Privacy Vaults Online) and TSCP (Transglobal Secure Collaboration Program), and perhaps more over time. As you may recall several years ago the White House announced a plan to eliminate a serious challenge with the internet – usernames and passwords. They established a small program, NSTIC PMO, within NIST (part of the Department of Commerce) to work to accelerate a new solution.
Upon reflecting on the first-ever Trusted Computing Conference…I was reminded that all good things must come to an end. It was a memorable week with great discussions and momentum for the trusted computing movement – and the Rosen Centre venue was a perfect fit. I had the pleasure of covering Richard Stiennon’s final keynote and didn’t leave disappointed.