It is often difficult to illustrate the need for and value of security. Security enables safety, which, in essence, is nothing more than the absence of disorder or chaos. Take modern society for example, without security established through governments and laws and enforced by courts, police and the military, we would still live in the same world our forebears faced thousands of years ago. All forms of human organization are means to provide stability in our interactions and to establish socio-political systems that enforce the reliability of economic and interpersonal transactions. In this sense, the ten commandments of the Bible are as much an effort to secure our world as is the advent of modern warfare. We have long learned that we have to rely on a secure world in order to live peacefully and to accomplish our dreams.

The same applies to modern information systems in that they are only as good as the trust that we place in them. An information system where the validity of its data is constantly second-guessed is not useful. Without the knowledge that we can safely exchange money for goods on the Internet for example, e-commerce could not exist. When Dr. Whitfield Diffie, Martin Hellman and Ralph Merkle developed public key cryptography in 1976 while others began to define the concept of Public Key Infrastructure (PKI), their work ultimately enabled modern electronic commerce. Arguably the Internet would not be what it is today without their invaluable contributions to cryptography and the use of public keys.

 

The core advantage of PKI became apparent very quickly. For example, if Bob has a valid certificate, which includes Bob’s name and a unique public key, and Alice has a valid certificate, then they are able to trust that they are who each claims to be. Thus, Bob and Alice establish secure communications and are assured that their data remains confidential. Public key cryptography has been successfully applied to websites, email and commercial transactions.

As our world keeps changing, smaller and smaller devices such as smart phones, PDAs and tablets carry out traditional computational tasks. However, they are hardly the smallest. Newer and often more resource-constrained devices include smart power meters, industrial controllers and RFID tags. They are extremely difficult to protect since traditional IT security is often too large, too slow and drains too much power. We find that all of these new devices at the edge of the network are vulnerable to attacks which can lead to catastrophic failures in large systems such as the electric grid or an industrial manufacturing complex.