Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 107
5
Computer Networks
INTRODUCTION
This chapter describes briefly the technology by which inclepen-
dent computers cooperate with each other to exchange data and
software, and to share specialized computing and storage equipment
using modern data communications. From this technical discussion,
some important public policy issues are drawn concerning export
control of computer networks.
A cooperating network of computers depends on many technolo-
gies that cannot be covered in so brief a span as this chapter, but
which are necessary to understand the context of computer networks.
Fundamental to aB communications is the basic telecommunications
network of cables, wires, fibers, internal switches, and other technical
devices, but there is little coverage of telecommunications here. Data
communications, which is another technology that had to be slighted,
focuses on the devices that interface directly with the telecommu-
nications network. Typically, this includes the telephone handset,
the computer modem, and the Ethernet cable attachment inter-
face. This chapter refers to the telecommunications network as the
"media," and the data communications hardware and software that
interact with it as the "media access" layer of control. Computers
interface with the data communications technology, which allows a
107
OCR for page 108
108
GLOBAL TRENDS IN COMPUTER TECHNOLOGY
data stream of bits to flow between the computers. It is the technol-
ogy of control and interpretation of those data streams by modern
computer systems that is the focus of this computer networking
technology discussion.
In particular, the chapter focuses on the "loose coupling" of inde-
pendent computers through telecommunications, "loose" in the sense
that the computers in the computer network are general-purpose ma-
chines that leave or join the network at arbitrary times. "Tightly
coupled" computer networks employ special processors and high-
speed bus hardware as the communication medium, with the ensem-
ble collectively called a parallel computer. Such nets are addressed in
Chapter 2 in the context of high-performance parallel and multipro-
cessor computers. However, the distinction is becoming moot with
very high speed (above 100 Mbits/s) fiber-optic local area networks
(LANs). The key differentiator, then, is the use of general-purpose
(Ioose coupling) versus special-purpose (tight coupling) "protocols"
in the communication "handshakes" between processors.
Discussed here are the basic trends toward packet-switched com-
puter networks based on International Organization for Standardiza-
tion (ISO) data exchange protocols. Although an uncontested leader
in the development of protocols, the U.S. government is caught in the
dilemma of embracing ];SO protocols for the future and promulgat-
ing standard protocols for the Department of Defense at the present
time. Breakthrough possibilities are examined in a field paced by
slow standards adoption. Computer networking R&D is paced by
the universities and DOD, but the business is paced by national
telecommunications agencies and companies. The USSR is far be-
hind because of its lack of telecommunications infrastructure (see
Chapter 6~.
Protectability of U.S. leads in technology is difficult if that tech-
nology is standardized, but production technology may provide a
competitive edge. Security is a unique problem for computer net-
works and international standards. It is a requirement for serious
commercial growth on the one hand, but on the other hand it must
use export-restricted encryption and security technologies. This sit-
uation leads to an export policy deadlock.
OCR for page 109
COMPUTER NETWORKS
109
MAJOR TECHNOLOGY TRENDS
A basic trend in computer communications has been the explo-
sive growth of packet-switched computer networks over more tradi-
tional line- and message-switched communications technologies dur-
ing the past decade. This trend appears to be continuing and accel-
erating as it feeds on the commoditization of the personal computer
and engineering workstation coupled to commercial telecommunica-
tion nets through Tow-cost modems. The two most popular types
of computer networks are the Tong-haul wide area network (WAN),
which services the nation or a geographical region, and the local area
network, which services a building or a campus.
Like most computer technologies, basic networking depends on
many other technical trends discussed elsewhere in this report.
Among the more significant are Tow-cost, high-performance com-
puter hardware to manage the digital signal processing of modern
telephony, and computer software to manage the hardware and ap-
plication protocols. Alternatively, other technologies depend on com-
puter networks for productivity, providing data access and distribu-
tion, andfor sharing hardware and software resources. For example,
modern supercomputers need high-speed LANs and WANs for their
user access and for the large volumes of data they produce. Fac-
tory automation is moving data among administrative, logistic, and
production facilities automatically through networks. Office automa-
tion employs computer networks to share equipment and data and
to move information to people rather than people to information.
Computer networks strengthen interdependencies among gov-
ernment, business, technologies, products, services, and private and
public communities of interest. The "glue" that makes this happen
is the standardization of communication protocols.
Standard Peer Protocols
The physical media of computer networks are quite varied, in-
cluding twisted pairs of telephone wire, coaxial cable, fiber-optic
cable, and radio. The common ingredient is the use of serial bit
streams of standard formatted data groups frames, packets, clata-
grams, and messages- parsed by modern computer software logic
into control and data portions, that is, into protocols. Control infor-
mation is used to identify the sender, the receiver, error correction,
and so on, in the routing and delivery of the data by the computer
OCR for page 110
110
GL OBA L TRENDS IN COMP UTER TE CHNOL O G Y
network components. The data constitute the sender's private infor-
mation.
The objective of computer networking is to permit an arbitrary
process in one computer to exchange data with another process in an-
other computer with a "seamless" interface. The computer network
services are organized in a hierarchy of delivery protocols. When
the service is provided between two equivalent or peer processes, it is
called a "peer protocol," employing common syntax and semantics in
the control and data formats. The implementation of a peer protocol
is in support services from its computer environment obtained from
an "adjacent" Tower-level (layer) protocol service in the protocol hi-
erarchy. As a message moves through the network, beginning at the
highest levels of application, the adjacent computer network layer
encloses the message- both data and control in another framing
structure, like putting a small envelope in a larger envelope. Each
layer provides different services that require different control infor-
mation. The success of the scheme is in its conceptual simplicity and
in the flexibility of an all-digital, software-mechanized implementa-
tion. The difficulty has been in finding the correct layering of the
network services.
A Simple Protocol Analog
The (liplomatic use of the term "protocol," as a code of etiquette
and precedence derived from the Latin roots "to glue together,"
comes close to its meaning in computer networks. The messages that
flow between computers follow an established set of rules (etiquette)
in proper sequence to glue the network into a cooperating community.
The following human analog tries to capture the concept of a protocol
hierarchy or stack.
An American chief executive officer (CEO) wishes to complete
a business transaction with his or her counterpart (peer) in Japan.
The American CEO, representing the "application layer," composes
thoughts in a manner that a Japanese peer will understand (peer
protocol), and dictates a letter to a secretary (presentation layer).
The secretary converts the communication from one format (voice)
to another format (written), representing the service the secretary
flower layer) provides to the boss (higher layer). The secretary
then puts the letter in an envelope and puts the Japanese CEO's
address on the envelope, thus making a session on behalf of a higher
layer entity. The letter is mailed (passed down to a Tower layer
OCR for page 111
COMPUTER NETWORKS
111
entity) to the U.S. Postal Service, a reliable "datagram" transport
mechanism. The post office passes the letter to regional collection
centers (switching centers of the network layer) and then on to the
destination post office via the routing information in the letter's
address, usually the ZIP code (control information). The passing is
handled by bundling many different letters with similar ZIP codes in
bags carried by truck, plane, or ship to the destination (the physical
media, lowest layer). The process now repeats in reverse post office
to secretary to Japanese CEO—physical to network to transport to
presentation to application layer. The Japanese secretary sees to it
that the English letter is translated into Japanese, the destination's
presentation layer.
At each layer of the protocol hierarchy, there is a peer protocol
that understands the rules (etiquette) of its peers; the letters are
formatted the same, the envelopes are addressed the same, the mail-
bags are labeled in an agreed-upon format, and so on throughout
the process. Furthermore, each layer provides a service to its higher
layer, and interface protocols express the service requests. Figure 5.1
shows this hierarchy of layers: the popular Open System Interconnect
cost' model of a seven-layer hierarchy.
.
DOD Versus ISO Proto co] Standards
The ARPANET implemented the first successful protocol suite
(known as TCP/IP) in the mid-1970s. It has evolved and been
adopted by the DOD as its model. The ISO proposed the OSI model
of seven layers of service that has been adopted by most countries.
A comparison of the two models is made in Figure 5.1.
Research over the past decade by the commercial common carri-
ers and the DOD has led to the competing protocol suites of Figure
5.1. Efforts are under way to build a common model of seven service
layers. At the high layers (5 through 7) the emphasis is on application
services for electronic mail, file transfer, name services, and remote
terminal services. The middle layers (3 and 4) deal with transporting
messages, packets, and frames across the networks, reliably, compat-
ibly, and flexibly. The lowest layers (1 and 2) manage the various
communications media.
As standards have matured, industry has implemented the pro-
tocols, particularly the lower-layer protocols, which have the greatest
maturity and stability, in hardware chips and PC boards. The United
States leads in protocol development, particularly protocol testing
OCR for page 112
112
GL OBAL TRENDS IN COMP UTER TECHNOL O G Y
OSI
X.400, FTAM, VTP
Model
(7) Application
(6) Presentation
Various Subsets
and Options (5) Session
DOD
SMTP, RFC-822
(5/6) Utility FTP, TELNET
.
TP0-TP4 ~q Owl, ~~ TOP, EGP, GGP
X.75, CLNP | (3b) Internet IP, ICMP
X.25-3
(3) Network
(3a) Network 1822, X.25, ARP
X.25-2 (2) Data Link 802.2, LAP
X.25-1, X.21 (1) Physical 802.3,4,5, FDDI
KEY:
X.400 = CCITT-STD, Electronic Mail Interconnection
FTAM = File Transfer and Manipulation
VTP = Virtual Terminal Protocol
SMTP = Simple Mail Transfer Protocol, MIL-STD-1781
RFC-822 = Internet Test Message Format
FTP = File Transfer Protocol, MIL-STD-1780
TELNET = DOD VTP, MIL-STD-1782
TP0-4 = Transport Protocols with Options: TP4 max services
TOP = Transport Control Protocol, like TP4, MIL-STD-1778
EGP = External Gateway Protocol
GGP = Gateway to Gateway Protocol
X.75 = X.25-3 to X.25-3 Gateway Management Protocol
CLNP = Connectionless Network Protocol, like DOD IP
IP = Internet "datagram" Protocol, MIL-STD-1777
ICMP = Internet Control Message Protocol, RFC-792
X.25-3 = CCITT-STD Level 3, Virtual Circuit (Packet) Protocol
1822 = ARPANET Host-lMP Protocol, being replaced byX.25-1,2,3
X.25 = CCITT Standard Protocol if a number of sub Protocols
ARP = Ethernet Address Resolution Protocol, RFC-826
X.25-2 = CCITT Level 2 Standard, HDLC Framing Protocol
802.2 = IEEE-STD Logical Link Control Protocol, like HDLC
LAP/lAPB = DOD-STD Link Protocol, like HDLC
X.25-1
X.21
802.3
802.4
802.5
FDDI
CCITT Level 1 Standard, Physical Interface Protocol
Physical Level Protocol, like X.2~1
IEEE Ethernet Carrier Sense Multiple Access/Collision
Dstection, CSMA/CD Protocol
IEEE Broadband Token Bus Protocol
IEEE Token Ring Protocol
Fiber Distributed Data Interface
FIGURE 5.1 Open System Interconnect (OSI) and DOD models with representative
protocols.
OCR for page 113
COMPUTER NETWORKS
113
and chip production. This lead should be supported to strengthen
U.S. competitiveness as this technology matures.
Computer networking is a dual-use technology. It serves as the
backbone of modern military command and control systems, of mili-
tary base-level communications systems, and of intelligence systems
interconnection, as well as the DOD backbone Defense Data Net-
work (DDN) replacement of AUTODIN. Computer networks are the
leading technology for office automation, second only to the PC.
Classified military applications use many DOD and OST general-use
protocols TCP/IP, TP4/CENP, file and mail protocols that are
not controllable, because they are now standards with commodity
status, available from many vendors, including university and foreign
sources. Classified systems also use specialized protocols, many of
which should be controlled for national security reasons. The easiest
method for their control is to subsume any separate export controls
for the computer network protocols in the export license currently
required for export of a classified system of which they are an integral
part.
OS! Protocol Profiles
Protocol developments in Europe continue to refine the OS] suite
of protocols for application communities. This work entails packaging
specific protocols in hierarchies based on various options required by
the community. The packages are caned "profiles." Europe is ahead
of the United States in implementing OST, and its software exports
to the United States are increasing. The successful transfer of OST
to the United States may weaken U.S. competitiveness by giving
OST global validity even though it originated as only a European
local standard to address needs and conditions on the Continent.
The irony is that the technology was invented by the DOD and has
generated more sophisticated implementations.
The importance of protocols can be best appreciated by ex-
LANs
~ r ~ 1- ~ ~
amining the growth of computer networks in the factory.
are growing in the administrative, financial, inventory, and factory
contexts and are being integrated into computer-integratec! manufac-
turing. The computers, or hosts, on the different computer networks
cover a wide range, from business machines in the a(lministrative
and financial nets, to automated cutting, weakling, and manipulation
OCR for page 114
114
GL OBA L TRENDS IN COMP UTER TEClINOL O G Y
processors and robots. With each need, new peer protocols have
develop ed.i American manufacturing competitiveness is at stake.
Advanced Research in Protocols
Protocol R&D in the United States continues to explore two dif-
ferent dimensions: media an ~ performance exploitation, and different
functionality. Unlike other countries, the U.S. research community
has ready access to computer networks, tools, and laboratories to
accelerate advances in protocols. By running faster, the United
States maintains leadership in future products and services. Pro-
tocol production technology is key to a competitive leacI.2 DARPA
is exploring a variety of new protocols that trade functionality for
speed or simplicity.3
Computer Network Management
Packet nets are complex and difficult to control. Their com-
ponents are numerous and some are always broken. Self-balancing
regulatory mechanisms are still evolving. The need for dynamic con-
figuration control and management of resources is called "network
management" and the biggest area for future growth. The problem is
manifold. There are conflicting commercial interests; standards have
helped mature the technology, but there are few standards in the
1 U.S. examples of such protocol profiles are: GOSIP (Government OSI Protocol),
an NIST-specified OSI protocol suite for U.S. government users that uses various level
1 and 2 protocols; CLNP, TP4, OSI "stacks" at levels 3 through 6, X.400, FTAM
VTP; MAP (Manufacturing Applications Protocol), a General Motors-specified OSI
suite employing 802.4, 802.2, various OSI stacks at levels 3 through 6, and a research
Manufacturing Message Protocol (MMP) at level 7; TOP, a Boeing profile equivalent to
MAP for office automation employing 802.3 Ethernet as the LAN.
2Many universities and industrial laboratories are exploring the performance limits
of TCP/IP overhead. Given ideal conditions, bandwidths of several megabits per second
are being reported over Gambit Ethernets. This work has led to exploring protocols
for high speed. ANSI X3T9.3 committee is exploring standards for 2-Gbits/s FDDI
CPU-CPU protocols, and X3T9.5 is looking at 50 Mbits/s.
3These include: NETBLT, a high-speed Block Transfer protocol alternative to
TCP/IP; a class of "lightweight" protocols, such as Lawrence Livermore Laboratory's
"Delta-T," which eliminates error checks assuming highly reliable networks and/or re-
dundant data (e.g., voice, graphics); and VMTP, Versatile Message Transfer Proto-
col, which permits variable rate control and other negotiated options. Another area
of research protocols is for distributed operating systems, Remote Procedure Calls
(RPC) for Inter Processor Communication (IPC). Examples include MACH (Carnegie-
Mellon), VKernel (Stanford), LOCUS (UCLA), GEMSOS (Gemini Computer Co.), and
PLURIBUS (BBN).
OCR for page 115
COMPUTER NETWORKS
115
network control and management area. Such standards deal more
with the structure of the components, traditionally a proprietary
area, than with the data exchanges. There are fuzzy boundaries
between networks, which create control and management problems.
When a LAN injects erroneous traffic into a WAN gateway, there is
no management responsibility to detect and react to repair.
Public Computer Network Services
Beginning with ARPANET and followed by TYMNET and
TEI'ENET, there has been a steady growth of packet-switched com-
mercial computer network utilities such as CompuServe, Mark TIT,
BITNET, and ACCUNET. Initially, these utilities satisfied private
commercial and government needs, but lately they have expandecl
to service the growth of personal computers and home workstations.
These utilities provide access to a variety of information services
directly by modem or by "server hosts" attached to the networks
via specialized databases and "bulletin board systems" (LEXIS,
DIALOG, The Source, STARDYNE). The growth of entrepreneurial
"on-line retailers" is a phenomenon unique to the United States. One
monthly magazine lists nearly 1,000 "systems operators" around the
United States that support special interest, dial-up bulletin boards.
The most similar retailing case overseas is the videotext system in
France, the network part of which is government sponsored and op-
eratecI, as are many of the services. With globalization of business,
increasing numbers of U.S. products and services are managed by
computer networks, which may often provide effective (and possibly
uncontrolled) export by multinational corporations, governments,
and educational and scientific laboratories. Even individual states
are getting into the network services business as a means of aiding
focal industry (Brown, 1988~.
The key elements in this growth have been the availability of
personal computers equipped with Tow-cost, high-quaTity communi-
cation modems, which modulate and demodulate data signals carried
on public-switched networks. Even as modem speeds improved by
a factor of 10 in a decade, costs declined by 50 to 75 percent (Fig-
ure 5.2~. The combined effect was an impressive 43 percent com-
pound annual growth rate (CAGR) of unit sales to the multimillion
commodity volumes, as shown in Figure 5.3. Volume growth con-
tinues to be fueled by the expanding PC base and the constant
equipment upgrades to higher speeds by users.
OCR for page 116
116
4000
3000
CO
~ 2000-
_ _
1 000-
500—
GL OBA L TR ENDS IN COMP UTER TE CHNOL O G Y
9600 bits/e
2400 bits/e
-
1984 1985 1986 1987 1988 1989 1990
FIGURE 5.2 Modem price estimates by ye=.
SOURCE: Courtesy of Gartner Group.
5000
4500
In
o
s
In
._
o
CO
a)
Q
E
of
4000
3500
3000
2500
2000
1500
1 000
500
o
1 991 1 992
1981 -
1 986 -
1594 1 654
930
- 380
120 F';;;;1
~ . . . F:::::::::1
1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991
189
1991 CAGR = 43%
1988 CAGR = 23%
4189
FIGURE 5.3 U.S. personal computer modem shipments by year.
SOURCE: Courtesy of Future Computing, Inc.
OCR for page 117
COMPUTER NETWORKS
117
BREAKTHROUGH POSSIBILITIES
Product Innovation
Computer networks is a field in which product innovation has
slowed to the rate of standards agreements, which are notoriously
slowed by technological complexity and competing commercial in-
terests. Protocol software is among the most complex product yet
invented. There are minions of asynchronous machine states, poorly
specified protocols, and protocol implementations manufactured by
competing vendors that lack seasoned, thorough, standardized life-
cycle test suites. Furthermore, there are competing standards by
DODandISO.
Breakthroughs are most likely to occur in new protocols in the
upper layers of the OSI/DOD models, driven by higher speed me(lia,
large volumes of interconnected workstations, and new services of
the variety noted earlier. Early computer nets were constructed by
host computers simulating such T/O devices as a disk or a Teletype
terminal. Later, these simulated devices were made more general to
create a "typical" computer host with standard functional character-
istics, so-called "virtuaTization." A real host would then use software
to map its real characteristics to those specified in the virtual de-
vice, for example, a virtual computer with virtual terminals, virtual
memory, and virtual ports. By virtuaTizing the hosts, any user on
the computer network could use the resources of a distant host in a
manner similar to his local host, regardless of the computer vendor,
system software, or peripheral device configuration.
Today's technology has moved to virtuaTize the software services
of the host computers; there are virtual operating system, files,
mail, process calls, and command languages. Future technology wiB
climb the software ladcler to higher levels of software applications.
The time is now for virtual spreadsheets, virtual word processing,
and virtual database management systems (DBMS), called in the
popular literature "network versions." With agreed and de facto
standards has come growing portability of data objects (disk files)
between products by different manufacturers of these application-
level tools. Most of the high-end word processing, spreadsheet, and
DBMS software has network versions that permit shared use by
multiple users on the net and distributed applications protocols built
from these standards. IBM's Structured Query Language (SQL) is
rapidly becoming such a protocol for distributed database systems.
OCR for page 118
118
GLOBAL TRENDS IN COMPUTER TECHNOLOGY
Production Technology
Breakthroughs are likely in production innovation. Produc-
tion technology for computer nets would make the product faster,
cheaper, smaller, less in need of power, and so on. The technologies
of interest here are in protocol chips and processors, such as RISC,
pipeline, or parallel design.
Nets have very large numbers of states; that is, they are complex
machines with mostly complex software. Breakthroughs are needed
in software specification, software testing, and proof of correctness
for protocols. Much of this technology is similar to that reported
in Chapter 4 (on software) and will not be repeated here. However,
network software has the added complexity and benefit of permitting
communal development via a net. The United States is a leader
in design, manufacturing, and testing of protocols because of its
longer experience and its widely available network testbeds. This
is a perishable lead that can be maintained by continued support
from government and industry, and resolution of export licensing
difficulties for such noncritical technologies as DOD protocol stacks,
Tow-grade encryption, and network commodities.
Many network products are rapidly reaching commodity status.
Modem sales in the United States should top 10 minion annually
in 1991 as described earlier. LAN components are also commodi-
ties. A typical Ethernet LAN consists of a 10-Mbits/s cable system,
cable taps, CSMA/CD level 1 protocols and X.25 level 2 protocols
packaged on PC boards, and level 3 and above protocols packaged
as PC software products. For mainframes and high-performance
workstations, the protocol layers 1 through 4 are packaged as stand-
alone network front ends (NFEs). LAN NFEs are rapidly replacing
modems as preferred network interfaces, particularly in office and
campus applications. The PC board products are rivaling modem
prices, but with 10 to 100 times the performance.
LEADING INDUSTRY PLAYERS
All the worId's a stage for the network business. Key players
are ISO, the International Consultative Committee on Telephone
and Telegraphy (CCITT), multinational telephone companies, and
defense departments of the United States and other nations, as well
as computer and communications companies in the United States,
France, England, Japan, West Germany, and Italy. The Soviets are
players through ISO.
OCR for page 119
COMPUTER NETWORKS
119
Between 1982 and 1987 the world telecommunications market
grew 5.4 percent per year: Europe, 4.1 percent per year; Asia, 8.1
percent per year; South America, 4.2 percent per year; and world
remainder, 5.8 percent per year (CBEMA, 1987~. At the same time,
the world market for computer, business, and telecommunications
equipment grew 8.6 percent per year. These figures hint at the growth
in international activity and interest in computer networking, some
of which is highlighted in other sections of this chapter.
PROTECTABILITY
It is hard to protect a technology so dependent on international
cooperation in specification and development of protocol standards.
Furthermore, by the time one developer has the products, so do
others. Consequently, out-producing the competition may be prefer-
able to restricting product export. The U.S. lead in testing complex
protocols can be a significant competitive edge. Also, production
technology (e.g., protocol testing and verification technology) may
be more effectively controlled with limited adverse impact on indus-
try as compared with restricting product exports. Nevertheless, some
communications products will continue to be regarded as critical to
national security and, therefore, to be controlled.
Computer Network Security
Security is an emerging technology rapidly becoming a neces-
sary requirement for a complex, democratic society in a world with
a growing number of computer-sophisticated governments. The ba-
sic problem is misplaced trust; humans trust their computers and
networks with sensitive assets when there is often no basis for that
trust. These are complex systems, rarely flawless, and the flaws
permit exploitation of users and their sensitive codes and data.
Through DOD research, several technologies such as trust en-
gineering and cryptography are emerging to provide a sound basis
for building secure systems. The United States has a significant
lead through DOD applications, but export control policies make it
difficult for U.S. industry to be more competitive.
Basic Vulnerability
Networks are subject to human exploitation of flaws inherent
in the complexity of modern computer systems containing millions
OCR for page 120
120
GL OBAL TRENDS IN COMP UTER TECHNOL O G Y
of instructions and data items. An unauthorized value in any one
instruction or data item could lead to a violation of security. Modern
computer hardware is designed for easy logic board maintenance and
replacement. Unauthorized boards with bogus logic can easily sub-
stitute for original parts if physical machine access is uncontrolled.
Software production technology provides years of opportunity and
dozens of methods for substituting malicious code for original code
(so caned Trojan Horse, virus, or trap-door software) in the end-user
computer system. The trusting, but possibly naive, employee risks
assets to a flawed computer system in the unsuspecting belief that it
is safe for holding sensitive assets. Even relatively sophisticated com-
puter users are vulnerable, as the recent virus/worm attack on the
ARPANET illustrates (Markoff, 1988~. Providing assurance that the
risk is small is the special task of computer security. Security assur-
ance forces trust engineering to design defenses and countermeasures
to threats that reduce risk to acceptable limits.4
Legal and Institutional Mends
In the United States, the National Institute of Standards and
Technology (NIST) (formerly, the National Bureau of Stan(lards)
and the National Security Agency (NSA) have played the largest
roles in providing technical measures to improve the trustworthiness
of computer systems. N[ST has led in government and commercial
security standards; most noteworthy are risk assesment, audit, dis-
aster recovery, and the data encryption standard (DES). NSA has
led in DOD efforts to establish security standards for military-grade
encryption and trusted computer systems and nets.
Security Technical Standards
Trusted Computer System Evaluation Criteria (TCSEC) are de-
fined for DOD application by the National Computer Security Center
(NCSC) of the NSA (DOD 5200.28-STD). These criteria are having
an influence on secure systems beyond the DOD, including domestic
4 Most industrialized countries have begun to recognize the problem. Initial con-
cerns focused on the threat of omnipotent government computers interfering with the
privacy of citizens. One outcome was laws protecting individual privacy in mandatory
government record keeping. Citizen privacy continues to be a concern. In addition,
government and private systems now need protection from hackers, criminals, political
opponents, and spies.
OCR for page 121
COMP UTER NETWORKS
121
commercial systems, and on international military and commercial
applications. Essentially, the TCSEC seeks a "security triad" in
the design and implementation of trusted computers and networks-
security policy, enforcement mechanism, and assurance evidence. AD
three triad elements must be present and in balance to achieve a
trust rating. There are seven trust ratings: A1 (highest), B3, B2,
B1, C2, C1, D (no trust).5 NSA has stated in public that A1 and
B3 rated systems are subject to export control because such systems
will be employed most heavily in classified applications. However,
classified systems wiB require export license regardless of their use of
security technology, and it may be asked what is gained by control-
ling export of commercial products at any TCSEC rated level when
DOD systems already require export control as classified military
weapons. The whole computer and communications security export
policy is an area warranting further study of the national security
and competitiveness trade-off.
Cryptography
By law (Title 22 Code of Federal Regulations Part 121, Subchap-
ter M, International Traffic in Arms Regulations [ITAR]), crypto-
graphic products are subject to export control. Fromits founding
by President Truman's Presidential Memorandum of October 1952,
NSA has had a virtual monopoly on control of U.S. encryption tech-
nology (Jelen, 1985~. That exclusivity was weakened somewhat in
the past decade by commercial and academic nontraditional applica-
tions of cryptography to computers and nets. The traditional uses of
cryptography are to maintain data confidentiality in point-to-point
communications. Newer technologies are coming on-line that provide
other services. These include:
~ Sender identification/authentication: implied by possession
of the encryption key.
.
Receiver identification/authentication: implied by possession
of the decryption key.
.
Integrity: use cryptography to protect the integrity of data
by an unforgeable integrity code (e.g., a "cryptoseal"~.
5 C-level trust serves most commercial applications, whereas the A and B levels
employ mandated security controls favored by the DOD. Some highly sensitive non-DOD
applications also require B-level systems, for example, the Treasury, DEA, Justice, and
the stock market.
OCR for page 122
122
GLOBAL TRENDS IN COMPUTER TECHNOLOGY
~ Certification authority: a trusted third party provides or ex-
changes cryptosealed credentials among a cooperating group. The
credentials can include predefined and negotiated data: identifica-
tion, passwords, credentials, electronic signatures, dates, time, and
so on.
Non-repudiation: an electronic signature and message receipt
are recorded (e.g., certified mail) by a trusted third party for later
verification of the transaction, transaction initiator, and transaction
receiver.
These applications are growing in the commercial market and
will become more important to U.S. competitiveness. This is an-
other area that warrants further study of the national security and
competitiveness trade-off.
Data Encryption Standard
The National Bureau of Standards (now NIST) developed in
the late 1970s a data encryption-aIgorithm standard (DES) for U.S.
government and domestic commercial use. It has been openly pub-
lished and copied around the world ever since, and has recently been
endorsed by NIST for another five years. The ITAR require export
license for U.S. products using DES, and this appears to be a case of
unnecessary export control diminishing U.S. competitiveness. DES
or comparable cryptography is available from multiple international
vendors.
Public Key Cryptography
Public key cryptography (PKC) is a two-key encryption system
one key for encryption and a different key for decryption devel-
oped by researchers at Stanford and MIT. PKC is based on factoring
theory and modulus arithmetic multiplying and dividing very large
primes. PKC may be used to simplify key management because
the public keys only require integrity protection (not confidentiality)
while being stored or transferred. PKC systems have become quite
popular in commercial applications worldwide. CCITT X.509 is a
proposed international standard, and its security is based on PKC.
Smart Cards: An Example of a Lost Network Security Business
Among the growth applications of these security techniques is
the smart card, a credit card containing memory and computer logic.
OCR for page 123
COMPUTER NETWORKS
123
VISA International has 140 minion bank cards in circulation in Eu-
rope, and many of them are being upgraded to smart cards. Toshiba
and Casio are pursuing dramatic advances in smart cards, with func-
tionality rivaling a watch, calculator, credit card, and address book
combined. In Europe, Thomson, Bull, Phillips, Siemens, and V
OEST (Austria) are prominent in smart card production, with BuD
and Phillips garnering 15 percent of their revenue from smart cards
and their chips.6 The United States has essentially ignored and lost
this growth market.
DOD Security Requirements at Odds with ISO
The Department of Defense has always held that security is its
main reason for resisting ISO standards. Although efforts are under
way by NIST to merge these standards, security is a wedge keep-
ing them apart. DOD is active in network security though various
classified voice and data programs (e.g., STU 2, STU 3, BLACKER,
and SDNS). Of significance is that security affects protocols, driv-
ing them away from standards if the standards do not satisfy their
often classified requirements. Given the threat requirements that
drive them, export of these security protocols is tightly controlled.
Security protocols are unlikely to be merged with ISO, and this is
a policy deadlock without clear signs of solution. It may be wise to
formalize this de facto duality to protect both national security and
competitiveness.
U.S. Industry Resistance
With literaBy billions of dollars required to manufacture, main-
ta~n, and market major computer components, industry will resist
having serious government restrictions imposed on its markets. There
was a rush to build NSA C-rated secure operating systems compat-
ible with commercial offerings, and such systems are now successful
and not export controlled. There has been resistance by industry to
upgrading or building new products having the higher ratings. After
five years, there have been no products added to the NSA Evaluated
Products List (EPL) at ratings B2 or above.
6Typical card configurations include 1.2-micron CMOS 8-bit CPU, 4k ROM, 2k
EPROM, 256 bytes RAM, DES, and perform user identification, authentication, encrypt
tion, data processing, and secure writing. ISO STD 78 defines the physical and electrical
characteristics. IFIP TC11 is working on computer and data standards.
OCR for page 124
124
GLOBAL TRENDS IN COMPUTER TECHNOLOGY
Another example is the Toss of the encryption market to Japan
and Western Europe attributable to the ITAR and NSA's monopoly
on domestic encryption technology. NIST supports recertification of
DES for another five years. NSA does not concur with the recertifica-
tion of DES but NSA favors new standards based on its Commercial
COMSEC Endorsement Program (CCEP). Via CCEP, NSA is build-
ing new encryption standards for both classified (Type 1 devices) and
unclassified sensitive government and industry use (Type 2 devices).
It favors general industrial use of Data Standard DS-72, a CCEP
Type 2 standard in lieu of DES. Industry is reTuct ant to abandon
a known technology with products available and compatible with
overseas equipment, even if it is not manufactured in the United
States.
l
CONCLUSIONS
Computer networking epitomizes the dual-use nature of com-
puter technology. It serves as the backbone of modern military com-
mand and control systems as well as commercial office and factory
automation systems and other civilian applications.
Standards, particularly international standards, increasingly
drive the development of computer network products. In the United
States, product development is affected by a split between DOD-
favored standards and international, commercial standards. This
split has adversely affected U.S. company positions in computer net-
work markets.
The United States is a leader in design, manufacturing, and
testing of protocols because of its longer experience and its widely
available computer network testbeds. But this is a perishable lead
that can only be maintained by continued support from government
and industry and by resolution of export licensing difficulties for such
noncritical technologies as DOD protocol stacks, Tow-grade encryp-
tion, and computer network commodities.
Further study is needed on a host of computer-network-related
issues, including security and control of access to U.S. and inter-
national research computer networks, transborder flows of computer
and communications technologies via computer networks, and special
trade regulations. For example:
OCR for page 125
COMPUTER NETWORKS
125
~ Transborder computer network access is rampant among in-
dividuals and multinational corporations via private and public com-
puter networks. How is export control of "soft" technologies—
software, algorithms, specifications, end reports to tee controlled
on such computer networks?
~ Is it in the best national security interest of the United States
to permit CMEA access to commercial and university computer net-
works, both directly while in the United States and through remote
t e ~ e c o m m u n i c a t i o n s ?
~ Are the existing ITAR necessary or relevant to modern com-
mercia] (nonmilitary) security needs encryption and trusted
systems in banking and computer network retailing? They may
retard U.S. competitiveness as non-CoCom sources grow stronger.
Representative terms from entire chapter:
computer network
