FEATURES

Nortel's Entrust

To view theReport card.

Document contents can be altered without telltale modifications to time stamps or file sizes--the typical indicators of change. E-mail messages can be faked. Network activity can be captured, modified and played back without detection. In business, so much depends on the magnetic flux on a disk or the pulses on a wire. Knowing how easy it is to twiddle bits around, it's a wonder CEOs ever get any sleep.

Solutions to the trust problem abound, but many are difficult to implement, rendering them impractical. Among the most popular security schemes are those that propose ways to digitally sign files so that any alteration is detectable. Most involve creating a "hash" or "message digest"--a sequence of numbers that u niquely represents the original; change the original file in any way, a nd you get a different hash value. You package your document with its hash value, encode it with a key that only you know, and give the world a public key that matches your private key and others can verify that you signed it.

Ensuring that information is valid is one thing, but keeping it secret is another. In this great, wide, connected world we inhabit, there are simply too many places--at any number of network access points, in the data center or even in the next office--where the curious can lurk. Possible solutions are rampant, but practical solutions are hard to find.

For instance, using our hypothetical public key, I would be able to encrypt a document so that only you could read it using your private key. This sounds easy enough, but problems arise: How do you get my public key and have confidence that it's right? If you lose your encryption key, how do you get your data back? And the problem that has executives quaking in their boots: When someone with a public key leaves the company, how do you get to the secrets they guarded?

As if these hurdles aren't enough, there's also the overriding obstacle to the success of any security option: getting people to use it. First, the security solution has to work fast or many people won't bother implementing it. Second, the technical details must be well-hidden--if you try to teach users how to obtain a key, how to know which key to use and how to use the key, you'll probably never get your security system off the ground.

Northern Telecom's Entrust is a file-signing and encryption package with a client interface so intuitive, users will have little excuse for not using it. With Entrust, no one needs to know anything about keys, and users should have no objection to the interface or the time it takes to use it. To sign a file, you simply drag, drop, sign and save. To encrypt the file, you select recipients from a list. You don't have t o create a specific output file for every recipient. If your e-mail system supports Microsoft Corp.'s Messaging Application Programming Interface (MAPI) or is cc:Mail or Microsoft Mail, you can e-mail the file directly from the client.

It's so effective that Nortel's Entrust earns the coveted Network Computing "Editor Refuses to Give It Back" award. This is some of the most usable security software we've seen. The Entrust/Client software is extremely fast, typically taking less than two seconds per file. This means you get a signed, encrypted and compressed file in about the same time it takes other utilities to perform compression.

An important aspect of Entrust is the way it divides ownership of keys. Personal signing keys are held exclusively by the individual--they are not kept in a centralized database. Encryption keys, however, are kept within Entrust/Manager, a centralized key repository, so that encrypted data files may be decrypted after the administrator releases a new pair of keys. Thus, an organization retains ownership of its da ta, but it doesn't own an individual's identity.

Another important attribute of Entrust is the way it centralizes the management of keys while balancing administrative roles. The central players are the security officer, the administrator and the end users themselves. Nortel recognizes that these folks may not share the same view of the importance of security, relative to how intrusive it deserves to be: Security officers are often willing to sacrifice user access to diminish risk; though end-user participation is crucial in any security effort, users tend to shy away from procedures that make their jobs more difficult; and administrators often get stuck in the middle, trying to make it all work yet unable to please anybody.

Entrust provides a system of checks and balances to assist these three groups. For example, using the Entrust/Officer application, security officers can define policies for their Certification Authority (CA) security domain, of which there migh t be several in a large organization . They can set certificate lifetimes (a certificate contains the signing or encrypting key pairs). They can set up cross-certifications among other trusted CAs, when there is network connectivity between servers. Officers also can assign administrators to manage the day-to-day activity of using Entrust.