[ih] Internet-history Digest, Vol 39, Issue 4

Jack Haverty jack at 3kitty.org
Fri Dec 2 10:01:07 PST 2022 

Been there, done that -- I was involved in a similar project back in the 
80s.

Definitely a Hard Problem.  But not the only one that had to be solved.

Even if you got all of the security mechanisms perfect - hardware, 
protocols, algorithms, etc., there was also the hard problem of 
believing that all the underlying computers were also doing only what 
they were supposed to do when in secure operation.   There's a long 
pathway from specification to running machine instructions and bits on 
wires.

At the time of the early Internet research, government funding was also 
working on "trusted computing".   E.g., how do you make an operating 
system that you can prove is working as designed, and running programs 
that do only what their programmers intended them to do.

That's a very hard problem.   Essentially means there can't be any bugs 
or flaws (what we now call "vulnerabilities") in any code, and you have 
to somehow be able to prove that as a fact before you can trust the 
system to do what you designed it to do.

I remember there were projects with names like PSOS (IIRC "Provably 
Secure Operating System") and KSOS ("Kernelized Secure Operating 
System").   And of course Multics which had a focus on security. 
Probably many others too.

But once that problem was solved, and secure networking algorithms and 
protocols also designed and implemented to run on those Proven 
computers, the Internet would be trustworthy.

Haven't heard much about such efforts for decades... were those efforts 
abandoned?  It seems every computer I use today is continuously getting 
updates to fix severe vulnerabilities.  Has Insecurity now become the norm?

Jack

On 12/1/22 19:50, John Shoch via Internet-history wrote:
> "Are you familiar with 802.1AE, a.k.a. MACsec?"
>
> Of course, the security overlay on 802 came much later.
>
> In the 1980's the government was interested in enhanced "high grade"
> security for what was then the DIX Ethernet.  They facilitated a joint
> effort between Xerox and a 3rd party.
>
> It was a hard problem:  a box between a host and a transceiver, custom
> silicon, government review of everything, etc.  Required manual
> distribution of a digital key, on a physical PROM-key device.
>
> Developed in the mid-1980's, it led to a product introduction ca.1989, as
> the Xerox Encryption Unit:
> https://techmonitor.ai/technology/xerox_device_for_encrypted_open_traffic_on_one_net
>
> >From a history of network encryption,  http://www.toad.com/gnu/netcrypt.html
>   :
>
> "Mark Vondemkamp, MarkVon at aol.com
> Xerox started selling the Xerox Encryption Unit around 1990. The XEU was a
> layer 2 (Ethernet/802.3) network encryption device.
> Wang started selling the Trusted Interface Unit around 1990. The TIU was a
> layer 2 (Ethernet/802.3) and layer 3 (IP) network encryption device.
> These products were based on technology developed by Ultron Labs which
> started around 1985 by Ultron Labs."
>
> "Stephen Kent, kent at bbn.com
> The XEU and TIU are good examples of inline network crypto from the latter
> 80s...."

More information about the Internet-history mailing list