Security Issues

Security

The Internet is an open system. An search for a web site or the path of an email message traverses multiple venues. This represented a significant barrier to transacting electronic business. The solutions, in cryptology, had previously been the venue of the National Security Agency and were encumbered in complex espionage legislation. Perhaps because of this background, cryptography is commonly perceived as a clandestine operation in which the protection is achieved by using secret manipulations. Nothing could be further from the truth. The best methods are those that are fully disclosed and vigorously tested by the best methods available for decryption. The best encryption systems have withstood these tests of a peer-reviewed system. Power is achieved through the use of mathematical and manipulative strategies that are easy to implement and very hard to crack. The prototype emerged from a famous paper: W. Diffie and M.E. Hellman: New directions in cryptography from IEEE transactions on Information Theory, IT 22:644-654, 1976. They, and subsequently others, demonstrated that public-key encryption can be used for authentication, confidentiality, integrity and non-repudiation. Click here for demonstrations of public key and encryption methods. Information can be password protected and/or encrypted on servers where it is stored; a hacker could steal the database and still be unable to read it. A Blowfish encryption demonstration illustrates this.

Virtual Private Network (VPN)

CMH has VPN accessibility, utilizing Diffie-Hillman encryption (see view of the Status window to the right)   
The VPN login requires a user password and a token.  
CMH utilizes a token generator to add extra security to its VPN access. The token is generated by a RSA SecurID token generator (see RSA website); this generates a new 6 digit random number every minute which permits the logon server to verify that the token generator is in the possession of the user logging in. It is extremely unlikely that a hacker would have the token generator and the password simultaneously.  


David A Stumpf, MD, PhD