Sun Microsystems' Vipul Gupta: Security Never Rests
In network security, engineers have to run as fast as they can just to keep up. "Something that is here today will not be good enough for tomorrow," said Sun Distinguished Engineer Vipul Gupta. "About five years ago, DES was ruled inadequate. Now we are moving from RSA to a new deployment of ECC."
Sun Microsystems is an industry leader in network security. It offers its own open source operating system, Solaris, and a Java desktop system.
Sun's influence with network encryption and security solutions permeates the computer industry. TechNewsWorld discussed security issues with Dr. Vipul Gupta, Sun distinguished engineer, Sun Labs.
Gupta's expertise includes Internet security protocols and mobile computing. He is an active participant in the TLS (transport layer security), IPSec (Internet protocol security), Mobile IP, DHCP (dynamic host configuration protocol) and IPSRA (IP security remote access) working groups of the IETF (Internet Engineering Task Force) and the WAP (wireless application protocol) Security Group.
Prior to joining Sun, he was an assistant professor at the State University of New York, where he taught courses in computer networking, parallel processing and operating systems. He conducted research funded by the National Science Foundation and industry sponsors that included IBM, NEC and NYSEG.
Gupta's involvement with encryption technology using key cryptography is well known. The process is based on the creation of mathematical puzzles that are used to scramble a message. The solution to decoding the puzzle is concealed in a private key kept by the sender and a public key kept by the receiver.
TechNewsWorld: How critical is the use of encryption for security on today's high-performance network servers?
Vipul Gupta: As time goes on, security is taking a more important role. As more people are on the network, the more security steps are needed. For example, banking transactions require security for remote banking access and money access terminals. Another aspect of the growing need for security is the increasingly higher levels of security needed. For example, we now use 1,024-bit encryption algorithms for better performance than lesser-capable methods.
TNW: Has the popularity of hand-held devices integrated on computer networks had an impact on encryption and security standards?
Gupta: A third aspect of the critical nature of network security is the many devices that exist today. These devices are now simpler to use and thus are used by the same network accessors. These devices include cell phones, PDAs and laptops. We also have to take into consideration the next wave of smaller devices. We cannot use today's performance to secure these ultra-modern devices. We are already working on the new types of security strategies to replace what we have today. We are making good progress.
TNW: How does Sun's participation with the open standards and open source philosophies on public key encryptions benefit the industry and Sun's customers?
Gupta: Our work is completely open standards developed through open standards organizations. Also, we have targeted open source. For instance, we contributed to open SSL (secure sockets layer), which has a 60 percent Web server share. This enabled other prominent open source applications such as the Apache Web Server to be ECC (elliptic curve cryptography)-enabled [a stronger encryption algorithm system based on Elliptic Curve Cryptography].
This work on open standard encryption allowed the developers of Mozilla.org's Firefox 2.0 to use current security features. We also want to get encryption running as fast as we can on our own platform.
We cooperate on developing standards and compete on their implementation. We try to do the best implementation for our our own customers. We own the complete stack from the processor to the related hardware.
TNW: What are the top issues in dealing with network security protocols and mobile computing today?
Gupta: Getting our platform more widely adopted is an interesting challenge. With such a large deployment, it is difficult to integrate new technology. The longer the time it takes to develop new technology, the more the delay in getting it accepted (over other options). We try to anticipate what our vendors will need. We also have to make sure that when the new technology does roll out, the process does not slow down.
TNW: What do you see as the most pressing challenges with network security?
Gupta: Something that is here today will not be good enough for tomorrow. About five years ago, DES was ruled inadequate. Now we are moving from RSA to a new deployment of ECC. We are also working on new hashing and key algorithms to AES (advanced encryption standard). All these various components are vital to full security.
We are always working on improvements. The time process is on an order of decades. The jump from RSA to ECC will be good for 20 years.
Another essential challenge is shared by entire computing industry. As topographers we tend to see just the algorithms. But for the users it often falls to a lack of awareness about security. Attackers go after the weakest chain in the link, and that is the end user. Security education is falling behind. We have to strengthen our efforts in educating users about security.