History of Information Security (eBook)

Front cover 1
The History of Information Security 4
Copyright page 5
Preface 6
Advisory Board 8
Contents 10
Chapter 1. Introduction 14
1.1 An example from Dutch history 14
1.2 Definitions, topics, aim 15
1.3 Historiography 16
1.4 Limitations 17
1.5 Intellectual ownership 18
1.6 Identity management 21
1.7 Cryptology and communication security 24
1.8 Computer security 30
1.9 Privacy and export regulations 34
1.10 Information warfare 36
1.11 Concluding remarks 37
References 37
Part 1. Intellectual Ownership 40
Chapter 2. Limitations on the publishing of scientific research 42
2.1 Introduction 42
2.2 Authors and publishing 45
2.3 Editorial activities 48
2.4 Other forms of publication 53
2.5 Grey literature and restrictions on availability 59
2.6 Conclusion 62
References 63
Chapter 3. Industrialists, Inventors and the German Patent System, 1877-1957: A Comparative Perspectivet1 66
3.1 The case for patents: Origins and theories 67
3.2 Inventor rights in the United States and Germany 68
3.3 Werner Siemens and the peculiarities of the German patent code 72
3.4 Technological culture and the inventor's reward 78
3.5 The inventor debate in Germany and national socialist inventor policy 83
References 90
Chapter 4. Reflecting media: A cultural history of copyright and the media 96
4.1 Introduction 97
4.2 Text 98
4.3 Visual 109
4.4 Audio 113
4.5 Audio-visual 118
4.6 Multimedia 124
4.7 Conclusions 127
References 129
Chapter 5. The History of Copyright Protection of Computer Software The Emancipation of a Work of Technology Toward a Work of Authorship 134
5.1 Introduction 135
5.2 Framework: technological evolution 135
5.3 The United States of America 136
5.4 Germany 140
5.5 The Netherlands 143
5.6 Developments in the international arena 146
5.7 Summary and conclusions 149
References 151
Chapter 6. A History of Software Patents 154
6.1 Introduction 154
6.2 Patent law primer 155
6.3 A pre-history of software patents 160
6.4 Early software patents 163
6.5 Recent software patents 170
6.6 The present 173
6.7 Conclusions 174
Acknowledgement 176
References 176
Part2. Identity-Management 178
Chapter 7. Semiotics of identity management 180
7.1 Identifying assumptions 181
7.2 Identity in enneadic dynamics 187
7.3 Social practices in identity management 198
References 206
Chapter 8. History of document security 210
8.1 Introduction 211
8.2 The first period until 1800, block printing, the invention of typography and the genes of paper currency 213
8.3 From 1800 until 1940, security printing matures 217
8.4 The evolutionary years from 1940-1980. Classifying counterfeiters and the arrival of matured security features 222
8.5 From 1980 until the beginning of the 21st century. The influence of the digital revolution 228
8.6 The history of substrate-based security features 237
8.7 The history of security features added to the substrate 244
8.8 A few comments on the role of printing ink within the history of document security 248
8.9 Retrospection 250
8.10 Epilogue 253
References 253
Chapter 9. From Frankpledge to Chip and Pin: Identification and Identity in England, 1475-2005 256
9.1 Introduction 257
9.2 Identifying the Great and the Good, and the Insignificant and the Bad, in early-modern England 258
9.3 Creating the modern citizen and anti-citizen, 1830-1920 262
9.4 Twentieth-century identification in total war, total welfare and total shopping 268
9.5 Conclusion 272
References 273
Chapter 10. The scientific development of biometricsover the last 40 years 276
10.1 Introduction 276
10.2 The technology pioneers of the 1960s 277
10.3 Automatic personal identification of the 1970s 279
10.4 `Biometrics' of the 1980s 281
10.5 Organized activities of the 1990s 282
10.6 The 21st century 284
10.7 Conclusions 284
Acknowledgements 285
References 285
Part 3. Communication Security 288
Chapter 11. The Rise of Cryptology in the European Renaissance 290
11.1 The Ancestry 290
11.2 Early inventions - 14th and 15th centuries 293
11.3 The 17th century 310
11.4 European cryptology in the Renaissance - Conclusion and outlook 334
Acknowledgements 335
References 335
Chapter 12. Cryptology in the Dutch Republic: A Case-Study 340
12.1 Introduction 340
12.2 The case of the Dutch Republic: general background 345
12.3 The war with Spain 346
12.4 The introduction of code-books for regular use by the States-General 351
12.5 Lyonet's contribution 358
12.6 The rise of the patriot movement 365
12.7 The use of ciphers during the latter part of the 18th century 368
12.8 Conclusion 373
References 376
Chapter 13. Intelligence and the emergence of the information society in eighteenth-century Britain 382
13.1 Introduction 382
13.2 Postal interception 383
13.3 News management 388
13.4 News and analysis 390
13.5 Changing information needs 391
References 391
Chapter 14. Rotor machines and bombes 394
14.1 The origin of the rotor idea 395
14.2 The Scherbius line of commercial rotor machines 403
14.3 Rotor machines for the German armed forces 409
14.4 Polish Cryptanalysis of the Wehrmacht ENIGMA 426
14.5 British and US cryptanalysis of the Wehrmacht ENIGMA 435
14.6 Conclusions 458
References 458
Chapter 15. Tunny and Colossus: Breaking the Lorenz Schlüsselzusatz traffic 460
15.1 Introduction 460
15.2 The Tunny machine 461
15.3 A sample decrypt 464
15.4 Central figures in the attack on Tunny 467
15.5 Breaking the Tunny machine 468
15.6 Turingery 469
15.7 Tutte's statistical method 471
15.8 Heath Robinson 474
15.9 Flowers, the neglected pioneer of computing 475
15.10 Colossus 478
15.11 Misconceptions about Colossus 481
15.12 Postwar 482
15.13 Colossus and the modern computer 484
References 487
Appendix 1. The teleprinter alphabet 488
Appendix 2. The Tunny encipherment equation and Tutte's 1 + 2 break in 489
Chapter 16. Boris Hagelin and Crypto AG: Pioneers of Encryption 492
16.1 Via the Nobel family to A.B. Cryptograph 492
16.2 Hagelin's life's work begins … 493
16.3 The crucial journey 497
16.4 The long stay in America 498
16.5 The new start in Switzerland 500
16.6 The advent of new technology at crypto AG 507
References 509
Chapter 17. Eavesdroppers of the Kremlin: KGB SIGINT during the cold war 510
17.1 Introduction 510
17.2 The genesis of KGB SIGINT 511
17.3 World War II and the rebirth of Soviet SIGINT 515
17.4 Soviet comint reorganizes in post-World War II era 516
17.5 The MGB radio counterintelligence service 518
17.6 The failed Soviet experiment with cryptologic unification 518
17.7 The KGB and GRU go their own separate ways 520
17.8 Radio counterintelligence in the 1950s 523
17.9 Soviet SIGINT in the 1960s 523
17.10 Soviet SIGINT during the 1970s 525
17.11 Soviet SIGINT during the 1980s 530
17.12 The strengths and weaknesses of Soviet SIGINT 531
References 533
Chapter 18. National Security Agency: The Historiography of Concealment 536
18.1 Introduction 537
18.2 NSA's institutional lineage 538
18.3 NSA's genesis in context 543
18.4 1952-1960: attaining an institutional identity 544
18.5 1961-1973: acceleration and continuity 549
18.6 1974-1990: from Watergate to INFOSEC 555
18.7 1991-2001: breakdown 560
18.8 2001 and after: reorganizing uncertainty 563
18.9 Epilogue: the intrigue of limitations 566
References 567
Chapter 19. An Introduction to Modern Cryptology 578
19.1 Introduction 578
19.2 Encryption for secrecy protection 580
19.3 Hashing and signatures for authentication 591
19.4 Analysis and design of cryptographic algorithms 596
19.5 Concluding remarks 602
References 603
Part4. Computer Security 606
Cahpter 20. A history of computer security standards 608
20.1 Setting technical standards: A brief overview 609
20.2 Digital beginnings, physical security and electronic radiation 610
20.3 The early leadership of Willis Ware in computer security research 613
20.4 Continuing challenges with computer security at the DoD 616
20.5 James P. Anderson and the air force's focus on computer security 617
20.6 Bell and LaPadula: modeling of computer security and the foundation for standards 618
20.7 Moving toward a computer security organizational infrastructure 618
20.8 The Orange Book (TCSEC) 619
20.9 Common criteria and the globalization of computer system security standards 621
20.10 The origin and early developments of cryptographic research in the academic community 623
20.11 Early attention to and investing in computer security systems development in the private sector 625
20.12 Cryptographic research and the early digital computer industry 625
20.13 RSA Data Security: pioneering a security software industry 626
20.14 Computer security and society 629
20.15 Conclusion 632
References 633
Chapter 21. Security models 636
21.1 Introduction 636
21.2 Policy models 637
21.3 Security models and the theory of access control 644
21.4 Current work 647
References 647
Chapter 22. Computer security through correctness and transparency 650
22.1 Introduction and problem statement 651
22.2 Computer security 652
22.3 Program correctness 656
22.4 Programming transparency 660
22.5 Conclusion 663
Acknowledgements 664
References 664
Chapter 23. IT Security and IT Auditing between 1960 and 2000 668
23.1 Introduction 669
23.2 The electronic data processing period (the sixties) 671
23.3 Automation period (the seventies) 676
23.4 Integration and diversification period (the eighties) 682
23.5 Contagion period (the nineties) 688
23.6 Conclusions 692
References 693
Chapter 24. A History of Internet Security 694
24.1 Prologue 694
24.2 Closed world origins 695
24.3 Black thursday 696
24.4 Into the public consciousness 697
24.5 The birth of CERT 698
24.6 The commercialization of security 699
24.7 Encryption as munitions 701
24.8 The era of cyberterrorism 703
24.9 Ongoing public plagues: worms and viruses 705
24.10 DDoS wars 707
24.11 Growth of wireless Internet access 710
24.12 Spyware infestation 712
24.13 Securing the Internet: is it possible? 714
References 715
Chapter 25. History of computer crime 718
25.1 What is cybercrime? 718
25.2 Emergence of cybercrime (1960s-1990) 719
25.3 Cybercrime increases in incidence and complexity (1990-2004) 721
25.4 Cybercrime: the reaction 727
25.5 Dealing with cybercrime: past efforts 727
25.6 Dealing with cybercrime: future efforts? 730
25.7 Cybercrime: the future 731
References 732
Part 5. Privacy- and Export Regulations 736
Chapter 26. The export of cryptography in the 20th and the 21st Centuries 738
26.1 Introduction 738
26.2 Background 739
26.3 Export control 739
26.4 Export status of cryptography 741
26.5 The impact of export control on cryptography 742
26.6 Events after the cold war 742
26.7 America's international strategy 745
26.8 The rules change 745
26.9 European decontrol 746
26.10 Why did it happen? 746
26.11 The aftermath of September 11th 748
26.12 Conclusion 748
26.13 Recommendations 748
References 749
Chapter 27. History of privacy 750
27.1 Introduction 751
27.2 Privacy 752
27.3 Privacy under attack 755
27.4 The protection of privacy 763
27.5 Analysis 771
27.6 Conclusions 779
References 780
Chapter 28. Munitions, wiretaps and MP3s: The changing interface between privacy and encryption policy in the Information Society 784
Acronyms 784
28.1 Introduction 786
28.2 Corking the Genie: restricting non-governmental encryption research, development and use 789
28.3 Now the Genie's out - governments' first wish: limited civilian cryptography and export controls 793
28.4 Now the Genie's out - governments' second wish: cryptographic key escrow/key recovery 807
28.5 Now the Genie's out - governments' third wish: mandatory key surrender and encryption avoidance 810
28.6 Rebottling the Genie: commercial attacks on encryption research, public use and personal privacy 817
28.7 Conclusions 822
References 823
Part 6. Information Warfare 832
Chapter 29. The Information Revolution and the transformation of warfare[*]t1 834
29.1 Introduction 834
29.2 Cyberspace 834
29.3 Critical infrastructure protection 836
29.4 Information operations 839
29.5 Struggle for global influence 842
29.6 Conclusion 843
References 844
Biographies 846
Author Index 854
Subject Index 874