The Role of Trust in Internet Security
Security is concerned with locks, fences and guards. Trust is about whether they work. Here, trust must not be confused with authorization. As many companies discovered during the recent Code Red Worm attack, authorized users moving laptops from exterior to interior networks can suddenly infect "secure" networks and firewalls do not help.
Over time, we are finding that everything we see on our screens just might be false, including mail that says it was mailed by our trusted friends or even digitally signed by them. And we are never totally sure that the website pages we are looking at are really from where they say they are from, or trust that what they say was not tampered with. If the problem of inducing trust in human-to-human communications is still a hard one, the problem of using Internet communications to induce trust in machine-to-machine and human-to-machine communications is clearly even more difficult.
The presentation discusses the critical role of trust in Internet security, what trust is in terms of qualified reliance on information, and how can we bind adequate systems of trust to security systems.
Dr. Ed Gerck, CEO, NMA, Inc.
Ed Gerck is a recognized leader in Internet security and cryptography, with six recent pending patents.
He received his doctorate in physics (Dr.rer.nat.) from the Ludwig -Maximilians-Universitaet and the Max-Planck-Institut fuer Quantenoptik in Munich, Germany, 1983, with maximum thesis grade ("sehr gut").
With a background in lasers and quantum mechanics, he has worked in cryptography since 1987. He has done and coordinated the development of software since 1972, in languages such as FORTRAN, ALGOL, BASIC, x86/x87 Assembler, Pascal, C, C++, Java, Perl, and PHP for DOS, Windows and Unix platforms. His research is published in hundreds of papers, including citations in reference essays and books in laser physics, cryptography and digital certificates.
Dr. Gerck's work in information security gained worldwide momentum in 1997 when he began to use the Internet to publicly discuss his "bottom-up" approach to the entire subject of trust, PKI and Internet security. His work has received extensive worldwide press coverage from New York Times, Le Monde, O Globo, Forbes, CBS, CNN, Business Week, Wired, San Jose Mercury News, Aftonbladet and USA Today. In 1999 Dr. Gerck was a member of the Registry Advisory Board of Network Solutions, Inc. (NSI). Dr. Gerck is also the founder of the Meta-Certificate Group (MCG) and chairman of the board of the Internet Voting Technology Alliance (IVTA).
Dr. Gerck can be reached by e-mail at email@example.com. The current PGP key is available upon request.
A resume is available at http://www.mcg.org.br/authors/eg.htm.