As we move further into the information age, immense volumes of different types of data are being stored, and important tasks are being performed on various computer systems connected by networks. Such storage and computer systems might be accessed by someone, perhaps remotely, resulting in key data altered or moved, and system functions impaired. This new environment creates serious security concerns which never existed before. IBM Research is pursuing many exciting topics in the areas of network and computer security, as well as Internet privacy concerns, in several of its labs around the world, including Almaden, Haifa, Tokyo, Watson, and Zurich.

Cryptography Research

On January 2, 1997, NIST (National Institute of Standards and Technology) initiated the Advanced Encryption Standard (AES) competition, with a formal call for a new data encryption algorithm to replace the current Data Encryption Standard (DES). The goal of AES is to develop a Federal Information Processing Standard (FIPS) for protecting sensitive government information well into the 21st century. The AES is expected to be used also by the private sector, in the same way that DES, which was developed at IBM Research, was specified and used over the past 25 years.

We have developed a new encryption algorithm, called MARS, that has been selected as one of five finalists in the AES competition. MARS is unique among the five, with robustness against future attacks based on both a hybrid round structure and a rich set of cryptographic operations.

Immune System for Cyberspace

Computer viruses have been a companion to personal computers for over a decade, and are estimated to cost billions. IBM has been building a defense against fast-spreading viruses for several years. The Digital Immune System for Cyberspace can automatically detect viral activity during early spread, automatically develop a cure, and distribute it across the Internet faster
than a virus spreads. Deploying a commercially viable system demands expertise reaching from basic research in neural networks to extremely fast pattern recognition systems.

Security Auditing and Intrusion Detection

To develop tools which will help make e-business systems as secure as possible, we need a combination of proactive and reactive measures. Our research in proactive measures includes topics like vulnerability assessment and ethical hacking, while our work on reactive measures includes real-time intrusion detection and computer forensics. We also conduct research in high-assurance systems.

Secure Hardware

If an adversary can attack a device by altering or copying its algorithms or stored data, he or she often can subvert an entire application. The mere potential of such an attack may suffice to make a new application too risky to consider.

Secure coprocessors - computational devices that can be trusted to execute their software correctly, despite physical attack - address these threats. Distributing such trusted havens throughout a hostile environment enables secure distributed applications. Higher-end examples of secure coprocessing technology usually incorporate support for high-performance cryptography. However, even though this technology is closely associated with cryptographic accelerators, much of the exciting potential of the secure coprocessing model arises from the notion of putting computation, as well as cryptographic secrets, inside the secure box.

Our research in secure hardware aims to fulfill all of these needs. The IBM 4758 Cryptographic Coprocessor represents the first of many results. This device was the first ever to earn the FIPS 140-1 Level 4 validation by the US government, the highest level possible. This means that the
device withstood all the physical attacks the independent evaluation lab could think of, and that the security of the internal software was validated by a formal mathematical model.

We are now moving on to build applications that take advantage of the unique capabilities of this hardware. We are also pursuing the next generations of this device. All of these new efforts are
rich in research topics and should make for some fascinating discoveries in the near future.

Please contact Paridhi Verma to obtain copies of the Computer Science Brochure