The top ten security heroes

3 Dec 2009

PC Pro's award-winning security guru, Davey Winder, counts down his top ten security heroes

We in the media love to stick it to the IT security bad guys: the notorious hackers or the bumbling civil servants who put nothing more than a first-class stamp on a disc containing millions of personal files.

We’ve decided it’s time to redress the balance and shine a light on the little-known heroes of the security world. In this feature, we laud the people who have made the internet a (relatively) safe place to work, shop and communicate; the people who work behind the scenes to make sure our PCs aren’t stuffed full of malware. In short, it’s time to salute the good guys.

1. Whitfield Diffie, Martin Hellman & Ralph Merkle

If you’ve ever bought something online using your credit card, have an internet bank account, used a mobile phone, or sent an email with a digital signature, you owe a debt of gratitude to Diffie, Hellman and Merkle.

These were the heroes who invented modern cryptography, the men behind the truly incredible invention that was Public Key Cryptography (PKC), which has formed the basis of much of the IT security innovation that has followed in the 33 years since Diffie and Hellman published their “New Directions in Cryptography” paper in November 1976.

While Diffie and Hellman were working on public key cryptography at Stanford University, Merkle was working independently on public key distribution (work referenced in that groundbreaking paper) at the University of California, Berkeley.

Together, they changed the world. PKC smashed apart the rule that the only way to establish secure communication between two parties was for a secret key to be exchanged beforehand. This rule had been applied for literally thousands of years.

In 5 BC, the Spartans used a cipher that involved wrapping a leather parchment belt around a stick of a certain diameter. This stick (or scytale) was the secret key, and only if the exact same diameter Spartan Stick was used would the message written along the belt length be revealed.

PKC enabled the use of a public and a private key to implement an encryption algorithm that doesn’t rely upon the prior exchange of secret keys.

This asymmetric cryptosystem changed everything by eliminating the need for a secure channel to exchange code keys, meaning that as long as the private key remained private it didn’t matter who had access to the public one.

Others including British engineer James H Ellis and Clifford Cocks were working on similar encryption methods. But without Diffie, Hellman and Merkle – without PKC – the internet could never have become a safe place to do business. Imagine an online world where credit card transactions were unencrypted, for instance (a point we’ll return to later).

2. Fred Cohen

There’s much debate as to who invented antivirus software. Some point to a chap with the rather apt name of Bernt Fix, who became the first person to effectively neutralise a virus – the Vienna virus back in 1987. The following year, Alan Solomon wrote the first commercially packaged product, Dr Solomon’s Antivirus Toolkit.

However, for our antivirus hero, we prefer to dig back even further to 1983. A student at the University of Southern California’s School of Engineering, Fred Cohen is thought to have coded one of the first viruses during a class, when he wrote a program that enabled a parasitic application to take control of a computer.

Read more

Analysis

Pages