Security

In today's world of increasingly interconnected and interdependent networks and computers, concerns about security and privacy have skyrocketed, from credit card theft and hacking to invasions of privacy and other forms of electronic trespassing. To meet this challenge, IBM Research is pursuing a variety of topics in the areas of network and computer security in its Almaden, Delhi, Haifa, Tokyo, Watson, and Zurich labs.

Cryptography Research

Cryptography is the foundation for all security and privacy. Our cryptography researchers investigate topics ranging from the mathematical foundations of cryptography to the design of new ciphers and hash functions, and from secure computations by distributing them across several systems to the definition of new standards for cryptographic applications. One notable example is the Advanced Cryptographic Engine, a software library that implements new public key encryption and digital signature schemes. Not only are these schemes almost as efficient as the fastest commercially used ones, but they also can be proven secure under reasonable and well-defined intractability assumptions.

Engineering Secure Systems

The development and successful deployment of e-business applications require carefully engineered and comprehensive security solutions. Our solutions address all aspects of system security at the platform, operating system, network, application, and infrastructure levels. We carefully design secure implementations, secure networking protocols, and operating environments and mechanisms to monitor and maintain overall system integrity. One of the applications we are developing is a system to process secure international business-to-business payments utilizing the Identrus public key infrastructure.

Security Auditing and Intrusion Detection

To develop tools that will help make e-business systems as secure as possible, a combination of proactive and reactive measures is needed. Our research in proactive measures includes topics like vulnerability assessment and ethical hacking, while our work on reactive measures includes survivable real-time intrusion detection, alert correlation, and computer forensics.

Secure Coprocessors

Secure coprocessors are computational devices that can be trusted to execute their software correctly and to protect their data, despite logical or physical attacks. Secure coprocessors span a range of form factors, from large stand-alone devices with active tamper response circuitry, to tiny, inexpensive smart card and mobile phone chips. Much of the exciting potential of the secure coprocessing model arises from the notion of putting computation, as well as cryptographic secrets, inside the secure boundary. The IBM 4758 cryptographic coprocessor was the first ever to earn the FIPS (Federal Information Processing Standard) 140-1 Level 4 validation by the U.S. government, the highest level possible. The device withstood all conceivable physical attacks by an independent evaluation lab, and the security of the internal software was validated by a formal mathematical model. We are now building applications that take advantage of the unique capabilities of such hardware, such as controlled network interfaces. We are also developing the next generation of secure devices, from PCMCIA/Cardbus devices for laptops to PCI adapters for high-end servers.

Smart Cards and Mobile Devices

The smallest and most pervasive security device is the smart card. The JavaCard™ standard offers ways for dynamically and securely extending smart cards with new functionality. We developed the world's fastest and smallest implementation of JavaCard. Our technology not only is used in various smart card products, but, due to its low power consumption, it also found its way into the world's first contactless JavaCard used in watches. Thus, it is now possible to download JavaCard applets into the watch for authentication, payments, access control, or whatever the user needs. We are also developing a high-assurance operating system for embedded devices, such as smart cards and mobile phones. This operating system is being evaluated by an independent laboratory, according to an international standard for the security of operating systems and applications.

Please contact Paridhi Verma to obtain copies of the Computer Science Brochure