Network Authorisation
How should users of IT systems authorise themselves on the network?
Hordes of specialists spend an immense amount of work time discussing this question and coming up with technologies that are more secure than their predecessors. Terms like „biometric data“ and „two-factor authentication“ are coined, words that only a few people fully understand. In any case, the technical investment behind this is enormous and the avalanche of data that is triggered by some of these procedures is greater than the actually useful data that needs to be transmitted.
Yet this whole discussion is actually premature. A hacker who wants to break into a system does not crack a colleague’s password in order to search for the data he wants out of a network that is restricted based on user rights – no! – he logs in as an administrator straight away; in too many cases the password needed here is the same, and, logged in as an administrator, the organisation’s whole IT-world is at his fingertips.
This scenario may be a little simplified but it demonstrates the problems that unfortunately keep coming up. Only those who follow rules will be stopped by them. Criminals will just go straight ahead.
Therefore, before we start discussing secure access for authorised users – even simple procedures would be enough for them – we should put the hackers in their place. This cannot be done with the systems we have currently available.
The root of the problem lies, although many people do not recognise this, not in the software, but deeper, in the very hardware.
The digital, programmable devices we use today are built on one of two architectures. Both originated in the early twentieth century and have therefore reached retirement age. They are the von- Neumann- and the Harvard-Architecture. The latter, since it is not consistently used in mass-produced products, is only a little more secure than the von-Neumann-Architecture. The time has come to replace them both.
Both architectures named here suffer for the same reason: programs and data are stored without physical boundaries between them. This circumstance allows hackers to plant data that are actually programmes, on a computer in various ways. If the user clicks on such a file, it will not, as expected, be opened and displayed by an application program, but be run as a program. The program then does what the hacker intended it to do – and this is usually something the user did not intend.
Anti-Virus programs offer only inadequate protection. They either have to identify bit patterns of the malware or its behaviour. In both cases, the hackers are usually way ahead. Identifying the harmful program is not enough. An antidote has to be developed and installed by the user; by that time the hackers have probably already got what they wanted.
This process can be interrupted with a new computer architecture, invented in Germany. Although it may still be technically possible to plant malware, the hardware prevents any file that is not explicitly installed as a program by the user, from being executed by the processors. This means that recognising malware is no longer necessary and the computer is secure, even from future malware.
Unfortunately, the new “hacking-resistant” hardware architecture is not compatible with the software products available on the market today. However it does not require fundamentally new software-functions; sorting the data structures created by the programmers will be sufficient in the majority of cases, and since this is a matter of sorting, software generated this way will also be backward compatible i.e. capable of being run on „old“ computer systems – as long as the program is still compatible with the operating system and processor.
When this new architecture becomes more established there will also be new authorisation possibilities based on it that are currently not technically implementable, or work on creating them can resume – with good cause this time.
The software adjustments necessary for the new architecture have been specified. This hardware architecture is patented and succeeded in the hardware category of competition „INNOVATION PRIZE – IT 2015“. IT security „Made in Germany“.
September 2015