
Hard Network Security ProblemsHard Cryptographic Security Problems In Our Strategic Network InfrastructureBy Roy D. Follendore III Copyright (c) 2002 RDFollendoreIII October 22, 2003
The class of truly hard technical network security issues that we face as a society include the resolution of difficult communication problems related to content. These are so difficult because they demand much more than logical solutions. They require rational decisions before logical solutions can become useful. For instance, we live in a dynamic society where changes in the reins of authority and responsibility within organizations can determine the strategic security our society. Fixed hard wired diagrams of how authority is to be achieved is out of sync with the realities of the ways that critical issues arise and are resolved. The distributed content that people may need one day may not be the same as they may need in another. It is irrational to withhold data, information and knowledge from those who at critical moments should be the decision makers. For this reason the technical leaders of our nation need to begin to understand the reasons why we have been using the wrong tool set.
Our lack of
security and confidence in our strategic infrastructure does not
arise out humanity's lack of understanding of mathematics. The
state of our knowledge and scientific use of mathematics is sound. Nor
does it arise from a simple problem of logical connectivity; we know how to do
that well enough. In fact our current capabilities in cryptography are
mathematically based. Moreover, the only real means that we
currently have to control connectivity problems is through the use of
cryptography. It is not the connection but the cause and effect
relationship between effective control and management of content within cryptographic
science that must be expanded.
The trouble we
now face is that cryptography as we understand it by federal
policies and guidelines effectively prevents the scientific philosophy of
the field from evolving. It prevents the casting a new potential as
to what cryptography can and must become if we are going to
solve the kinds of complex problems that we are faced.
The principle
problem within our current national network infrastructure is our
inability to maintain the quality, integrity and security of data, information
and knowledge content. All data, information and knowledge is time
sensitive and there is risk which is assumed when that information is
prevented from being appropriately used. Locking up essential files
containing data, information and knowledge within highly secured networks minimizes the
availability of relationships of content that might otherwise be present.
The is one of the problems of content aggregation that can not
be managed with current state of cryptographic technologies. This
engineering problem is a matter of consistently delivering quality of
content that must arrive to human beings just in time. This is a
metric that must be measured with respect to both individual and
organizational efficiency and effectiveness. There are currently no real
metrics for describing this critical relationship and therefore no measure of
security.
The reason for
this begins with the nature of mathematics itself. Mathematicians proved
to themselves that mathematical logic is incapable of solving
all classes of problems. Unfortunately because this fact has was has not
been widely understood, there exists the false assumption that mathematics can
accomplish anything. As every grade school student is taught,
mathematical logic is founded on axioms and postulates which govern how
numbers may be used and referenced. It is a rigid
framework. This means that the structure of mathematical logic excludes the
degrees of freedom necessary to manage the complex real world problems in
security that we must face. Inferential methods are not limited by such mathematical
exclusions.
In spite of this
fact, cryptography continues to be rigidly defined by our
Government in terms of "purely" algorithmic mathematical solutions. We
continue to produce efficient cryptographic algorithms that can not produce
effective security results.

Copyright (c) 20012007 RDFollendoreIII All Rights Reserved
