In Honor of Ada...A Conversation with Eva
Today is Ada Lovelace Day, In addition to being Lord Byron's daughter, Ada Lovelace (1815-1852) is famed as the world's "first programmer" for her work writing about uses (essentially programs) for Charles Babbage's Analytical Engine. On Ada Lovelace Day, people are encouraged to blog about great women in technology to offer up new role models to the next generation. So in honor of Ada, I dug up this conversation with the formidable network security pioneer Eva Bozoki, whom Jack Woehr interviewed for Dr. Dobb's Journal back in 1997.
A Conversation with Eva Bozoki
by Jack Woehr
Unlike many computer-related topics, network security crosses technical, social, and legal lines, raising ire and eyebrows along the way. After a 30-year career as a mathematician and physicist, Dr. Eva S. Bozoki, the subject of Jack Woehr's interview this month, is in the thick of things, security wise.
Dr. Bozoki is currently chief scientist at Digital Secured Networks Technology (http://www.dsnt.com/), a company that develops Internet/intranet security solutions. Dr. Bozoki began her work in the field of experimental high-energy particle physics at the Central Research Institute of Physics, Budapest. She was a visiting research fellow at the Joint Institute for Nuclear Research, Dubna, USSR, in 1964, at the Laboratoire de L'Accelerateur Lineaire in Orsay, France, in 1970, and the University of Pennsylvania, Philadelphia, in 1971.
In 1978, Dr. Bozoki joined Brookhaven National Lab where she worked at the National Synchrotron Light Source, a state of the art accelerator facility. At Brookhaven, Dr. Bozoki and DSNT-founder Dr. Aharon Friedman worked together on neural networks, designing and implementing one of the first digital-feedback systems for orbit stabilization.
While at Brookhaven, Dr. Bozoki was invited to work on high-level orbit control for large accelerators at the International Research Center, CERN (Geneva, Switzerland) and at the DAFNE accelerator system at Frascati, Italy.
She also designed a chemical engineering process-evaluation system for Merck Pharmaceutical and worked on the development of a computer-controlled switching system for the Western Union telecommunications network.
Dr. Bozoki was born and educated in Budapest, Hungary. She received her PhD Summa Cum Laude in High Energy Elementary Particle Physics from Eötvös Loránd University in Budapest. She has published over 80 scientific articles for journals and international conferences, and lectured extensively in the U.S., Italy, Israel, and Switzerland.
Having lived and worked in a "secure" society gives Dr. Bozoki a unique perspective when approaching the problem of security and networked computers.
DDJ: What kind of work are you currently involved in at Digital Secure Networks?
EB: Our main product is an encryption product. I'm involved in the development and improvement of encryption itself. I also interact with customers to explain how we're doing it and to inspire confidence. If people understand our competence, they trust the product.
The problem today is that as there are more and more users of the Internet, it's a free-for-all. It's very easy to get information. You can listen in. There are packet analyzers, sniffers... Even if a packet is encrypted at the application layer, you can see the header, which is really a wealth of information about how to break in, the IP addresses, the MAC Ethernet hardware addresses.
DDJ: Are you personally an expert in encryption?
EB: This is my latest field! I originally was trained as a physicist. My first area was high-energy elementary particle physics, but that was a very long time ago. Then I shifted to accelerator physics. Monitoring involved a lot of computer work, so I became a "schizophrenic" who doesn't know where physics ends and computers start. Later, I worked on model-based control of the accelerators, another area which I drifted to, and got interested in computers.
Encryption is really pure math, even though it has practical usage. It's one thing to use encryption which has been developed by mathematicians, and it's another thing to develop it and analyze it. I don't claim, by any means, to belong to the second group. I'm not an expert yet...but at least I have the training and education to understand and be able to use it in an intelligent way.
DDJ: I note that you've been at Brookhaven, at Merck, that you've worked all over Europe, and that your education was in Hungary, and that you were a visiting research fellow in Dubna.
EB: As CERN is a joint research unit for Western European countries, Dubna was the joint research institute for the Eastern European countries. It was located about 125 kilometers from Moscow. At the time, I lived in Hungary and we had no access to CERN, but we did have access to Dubna.
DDJ: What was it like getting a science education in Hungary in the 1960s?
EB: Actually, I was lucky, for many reasons. One of them is that the Communist philosophy is that "everybody has to work." It's not a choice. Women have to work. I was lucky also because Europe has a tradition of women attending universities, even in the early 1900s. So it was much more accepted and natural for women to study in the hard sciences than it was here at the same time.
DDJ: One garners the impression that Hungary was one of the more scientifically advanced of the Eastern European satellites of the Soviet Union.
EB: In my field at that time, East Germany was good, too, and there were laboratories in Warsaw and Kraków where they did similar research. For some strange reason, Hungarian science gave a lot. If you just look through the names which are well known here in America, starting from von Neumann to Szilard and Teller and Wigner and the like who came over from Hungary....
So in that sense, I was lucky. Science education was really good in Hungary even before World War II. The standard was very high. There was no discrimination against women going into the hard sciences. Women working in physics and chemistry were not unheard of, it was not so strange, all over Europe. Actually, when I started to work as a physicist, I found there to be a lot of women physicists in France and Italy, much more than when I came to America in 1971, at which time there were very few women physicists.
Even when I came in the early '70s, there was a social pressure on women that their first job is their family, that they have to stay home, that it's their husband who they have to support morally. Now it really is changing. I just left the Brookhaven Lab a couple of months ago, and by this time, there are a number of young women coming out from the universities and working in research.
Also, there is a support network. In Brookhaven, for example, before I went there, there had been two European-educated women who were working there. They set an example. When I got there, we started a group, Brookhaven Women in Science, just to support each other because we each had similar problems. We each wanted to achieve our scientific goals. There have been problems. And until you get together, you don't realize that it's not you at fault, it's general. Everybody else has the same problems.
I was on the board of this group. We invited accomplished women scientists just to show off that they exist, just to give an example that it can be done. You don't become less feminine by doing research work in the hard sciences!
We even established a scholarship, named after one of the women, Rena Chasman, who did pioneering work in accelerator designs. Rena said that if a woman wants to stay home and raise a family, it's fine. But if she wants to go out and study and do scientific work, she should be able to. So we named the scholarship after her. We are giving out $2,000 every year for re-entry women who are going back to get their PhD or Master's degree. Because, at the time they should have finished it, the atmosphere wasn't really ripe for that.
As you can see, I feel very strongly about equal opportunity in the sciences for women!
DDJ: I've noted in recent years a lot more women programmers.
EB: There always has been a larger number of women computer programmers than women who were electrical engineers, or physicists, or chemists, or biologists, or mathematicians.
DDJ: So, is your emphasis in hardware or software now?
EB: It's hardware, but there is memory, and there is software running in the memory. Firewalls are safety devices which try to ensure safe communications so nobody can break into a system. But firewalls are computers, strictly software running on computers. They are dedicated computers which work on packets, policies, passwords, and the like. The manager of that computer has to log into and work on that computer. If the manager can do it, the hacker can, too.
Our product, the NetFortress, is a closed hardware box, which does all the protocols by itself. The program is running inside, but nobody can get into it. There is no way to log into it. There is no manager who would log into it.
When two computers are networked via a NetFortress, any packet which goes out from one is encrypted at the network level, so the whole IP packet is encrypted -- message and header. Only the information necessary to deliver the packet is left unencrypted. Someone with a sniffer on the wire not only cannot understand what the message is, but also can't gather useful information to break into a system.
At Brookhaven Lab, I was working with Aharon Friedman, a young Israeli physicist. He worked out the first program and product, and established the company. Then he invited me to be the scientist of the company.
We're a small company, about 25 people. Everyone is very good in their field.
DDJ: How would you contrast your present situation to your pursuit of science before your arrival on these shores?
EB: When I lived in Hungary, I was absolutely convinced that, as a woman, I had all the support; that the socialist and communist countries support and promote women, that we are equal, and that this wasn't the case in the West. When I came here, it was an awakening, because while it's true [in those countries] that everybody had to work and there was no discrimination against women studying, this was because there was no choice, that everyone had to work, that all women had to work. They had to do very hard work, also, whether they wanted to or not.
Also, the women did double chores. It wasn't a question of, "they can work if they want to," and then they had an easier life at home. It was expected they run the household, raise the children, do the shopping, the cleaning, everything. For European men, and especially Eastern European men, it's unheard of, unaccepted, that they chip in with the household chores! Not like here, where they talk about the father participating in the raising of the children and the household chores.
Looking at it now, there was no equality at all! Women were expected to do everything in the house, and then also to perform as well as men in the workplace.
DDJ: Now, did your husband have these attitudes....
EB: (Laughs.) I don't know.... You were asking about science in Hungary.... in those times, the minute you needed to buy equipment that you could buy off the shelf in any Western country, that became a problem. Hungary and the other Eastern countries had no convertible money to buy photomultipliers, or chips, or whatever. So they had to be inventive. In one sense it was very limiting. On the other hand, it was also an incentive to come up with in-house solutions.
Hungary wasn't able to do "big science" in the sense it had no big equipment, no access to parts to build big equipment.
DDJ: So, this is why places like Dubna were established.
EB: Dubna was the international one, the equivalent of CERN. But the Russians also built Serpukhov, which was more advanced. It was built in collaboration with the U.S. and France and Italy. It was much better equipped. They invited American and French research groups, but Eastern European countries couldn't go there!
The Russian physicists are very good. The theoretical training is very good, both in Russia and Hungary. The problem is when experiments cost money and need access to Western equipment.
DDJ: So they saved the best for their own.
EB: Yes. I spent a year in Dubna, and that was an experience.
DDJ: In what way?
EB: I'm here, am I not?
DDJ: That was the eye-opener that got you to leave?
EB: That was the last of the eye-openers.
You know, the life there was so different than life in the West or even in the satellite countries, that it's sort of unexplainable. When you have to ask for permission to drive from one city to another, when there are checkpoints on the road that call each other...this certain car with a certain license plate passed by...
DDJ: This was a feature of life in the Soviet Union...
DDJ: ...which was not a feature of life in Hungary?
Dubna had a Russian director, but every four years had a different vice director from a different country -- Hungarian, East German, Bulgarian, and so on. There were always many physicists from satellite countries. They were treated almost like Westerners, because compared with life in the Soviet Union, they led a Western-style life.
We had a corruptive effect if we had a lot of interaction and talked about life in those countries to the Russians.
DDJ: The idea of being able to get any work done at all under conditions where everyone is looking at you suspiciously...I can't imagine it.
EB: When I started to work in Budapest in the Central Research Institute for Physics, there were Hungarian books, but there were also certain books purchased from the West, so that we could read them and learn. And when we went home at night, every one of those books written in English or German had to be locked up, put in the safe. Just to give you a flavor of the "flow of information."
Well, that way didn't last long, but that was how it started. Eventually we had better libraries, and they didn't lock up the books. But everything was suspicious.
DDJ: Was that a facet of the national character, or a feature of the political system?
EB: Characteristic of the communists, who were paranoiac. It's completely different now. I go back regularly every year and visit my relatives. Hungary these days is a capitalist country.
DDJ: Between the lack of equipment and the constant suspicion, how did you get any work done?
EB: Well, we got some access to Western literature. The training was very good. And when you can't afford expensive equipment, you take measurements made by others and evaluate those measurements from different points of view. Our physicists were very imaginative and inventive. We could always come up with questions and calculations which did not require big computers or big equipment. We did a lot of collaborations. Electronic equipment was difficult to build, but emulsions and bubble chambers exposed at CERN and Dubna we were able to receive and evaluate.
It was meaningful research under difficult conditions.
DDJ: Your current field of computer security looms large in the mind of most networked-computer users. Penetrations are mentioned prominently in the news media nowadays.
EB: I attended a school for programmers and managers in London last August on all aspects of intranetting, using the Internet backbone instead of expensive private lines to create an internal net. But with Internet technology comes the eavesdropping, because it's free and available. Everyone was talking about the advantages, but I was the only one talking about security. With all these plusses comes the danger that your privacy is gone. But you can use encryption devices to create virtual private networks.
DDJ: Have you examined the Clipper chip proposal?
EB: Some months ago, there was a hearing in the Senate on that question. The leading personalities of the industry -- Netscape, Microsoft, IBM, and the lot -- gave testimony. Everybody was up in arms.
The government is looking at encryption devices like weapons. The rules on their export have the same limitations, that you cannot export, for example, anything that has strong encryption.
DDJ: Such as the devices you at DSNT are manufacturing?
EB: That's right. Weak encryption is allowed. How strong an encryption device is depends on two factors.
First, there is the encryption algorithm itself. The one we are using has been around since the late '70s. Up to now, there is no known record of its having been broken. DES, on the other hand, which the government is approving, is a weaker algorithm, as are a number of others. How difficult an algorithm is to break comes down to plain mathematics.
The other factor is the length of the encryption key. The longer the key, the more difficult to break with brute force. Assume DES works with a 56-bit key, 7×1016 possibilities, 256. If you have a machine that can do one million 1×106 encryptions a second, the brute-force method of trying all combinations for the key until you hit the right one could take 219 years to go through all the possibilities.
If you work with parallel computers...the joke in encryption circles is that, in China, where there are 1.2 billion people, if the government equipped each TV and radio with an encryption chip and broadcast an encrypted message, in 60 seconds someone would find the solution! That's called a "Chinese lottery."
That's only one way to break a code, the brute-force method.
We at DSN are using a 128-bit key. That's 2128 possibilities, 3.4×1038. It's challenging to a supercomputer, even a Chinese lottery array of computers.
The present law allows the export of a DES algorithm using something like 40-bit keys. You can see how ridiculous that is. As everyone stressed at the Senate hearing, the bad guys don't ask for permission to use strong encryption and a long key. It's available. You can download any algorithm you want from Internet sites, IDEA, DES, Triple DES, FEAL -- FEAL is Japanese, IDEA is Swiss. The funny thing is that if we build IDEA into our product, a Swiss mathematician's brainchild, we cannot export that product!
DDJ: Do you think the government's concern is reasonable?
EB: The government's concern is reasonable. I just read a book about how, during World War II, the Germans used Enigma and the British group intercepted and tried to decrypt it. It's always a concern to any government to fight against spies and spying. But at this time and age, it's slightly ridiculous in that you can go to the web and download any encryption algorithm and any length of key and use it. It's hurting the legitimate businesses while not preventing spying.
There's a book on my shelf that I'm looking at right now called Applied Cryptography [written by DDJ contributing editor Bruce Schneier]. You can scan the pages of the book where the programs appear, or for $40 extra you get a CD-ROM with the code for 150 different encryption algorithms in it.
DDJ: So this is something that a drug lord's teenage kid could whip together?
EB: Exactly. So the government has a valid concern, but to restrict legitimate businesses won't solve the problem. We are losing business because of the restrictions, but that doesn't prevent a company in France or Italy from getting it from other companies in those countries and in Britain, who are not thus restricted.
DDJ: If your product were released on the world market, would it be competitive?
EB: Right now, we are leading the pack. It's a hardware box, it does the protocol by itself, no human intervention, it doesn't need managing. We have different flavors of NetFortress, one box which works with one host, one which works with a whole LAN. So nobody can actually get to it, log into it, and do reverse engineering and the like.
The encryption is done at a very low layer, in the network layer. If you do the encryption in the application layer, then all the headers of the succeeding layer are readable. We are using a strong algorithm, using a long key, and hiding certain information in the packets.
DDJ: So these packets don't reveal anything at all about the internal structure of a corporation's network?
DDJ: So, all you can tell from the packet is that there exists a box, the firewall itself.
EB: You don't know that much. You see a MAC address and have no idea whose MAC address it is, but if you try to log in, you can't log into it. You can't even ping it. You have to know the customer behind the NetFortress, their IP address, and then you can ping them, but their MAC address is hidden.
The most difficult question with encryption is the key. There are two systems, the secret key where you and I have one key which is used both to encrypt and decrypt. In this scenario, how do we agree on the secret key without jeopardizing it? Do I call you on the phone?
In the public key, there's a public key and a private key. You have a private key, then you calculate your public key, and the public keys are exchanged. Suppose George sends his public key to Martha. Martha picks a secret key, encrypts it with George's public key, and sends it back. Both now have the secret key. But Benedict is in the middle. He intercepts George's public key and sends his public key to Martha. Martha picks a secret key and encrypts it with Benedict's public key, thinking it is George's key. Benedict is still in the middle, intercepts it, decrypts it, reencrypts it with George's public key, and sends it on to George. This is called the "man-in-the-middle attack."
We use the Diffie-Hellman key-exchange protocol, in which George and Martha each have their own private key, which only they know. Both of them calculate the public key as before. When they exchange the public key, they don't send the common secret key, encrypted. They only exchange their two individual public keys. Before, what was exchanged was one party's secret key encrypted by the other's public key. Here, only each party's public key is communicated. Then, with George's public key and her own private key, Martha calculates a secret key. George has his private key and Martha's public key and, with the same algorithm, calculates a secret key, and mathematically it is the same, the math being such that every party can calculate the common secret key without ever exchanging it.
We add a twist by encrypting the public key exchange.
Your original question was if we were up to par with competition. We're ahead, but it won't take long for the competition to catch up on the world market.
DDJ: Do you think the Internet will ever be reasonably safe? Right now, the Internet is open to all kinds of attack...
EB: Absolutely open.
DDJ: ...and it's only that no one wants to disrupt it more than it has been.
DDJ: So will it someday be safer?
EB: Will the world ever be "safe?" After the War, part of my family lived in Sweden. The life in Sweden was so safe that people just delivered packages and left them at the roadside to be picked up by the farmer, and they never locked any door. Now the crime rate in Stockholm is almost as high as in New York City.
So, with the ease of traveling and information exchange, it's a global life. Crime is everywhere. Twelve-year-old kids are killing.
I'm a pessimist. It comes from being a child during World War II under the Nazi regime and growing up under the Communist regime. I really don't believe in the goodness of humankind. My experience with humankind hasn't been that great.
DDJ: So, will it always be the Wild West on the Internet, or is the idea that products such as yours come in and tighten things down a bit?
EB: The widespread use of this product will cut down on eavesdropping. But at the same time, you can't entirely prevent it, because there has to be a free flow of information as well. The system has to be worked out very carefully, what information is for the public, and what systems and servers and the like, and how to separate them into "safe" and "public" areas.
DDJ: Is the process of differentiation well underway?
EB: It's just starting. People just started to realize that there is danger. Up until now, everyone was talking about the positive side, the tremendous benefits. They just started to realize that everything is not so peachy. I'm sure that solutions will come up, as a whole, but it's just starting.
The public and the elected officials barely grasp the magnitude. They are struggling with the two sides of the question -- the need for a government to defend its country and the availability of everything through the Internet.
DDJ: Contradictory goals!
EB: Yes, exactly. So you have to make sure that certain secrets don't go out and that you can legally wiretap certain conversations in a situation which wasn't designed for that.
I was looking into the history of the Internet, how it started with Arpanet, a DOE and DOD problem that they handed out to universities...to improve scientific communication and the information exchange between those universities. They came up with the very limited Arpanet, which had such success and grew so tremendously that they developed a number of small nets, and the collection of all this is what we call "Internet" now. So, it's been an explosive growth, but the original need was for scientific information exchange between a couple of universities and research laboratories, which is totally different than the problems it faces today.
Now we need to rethink it, add security, but without stupid limitations. Key escrow concentrates security on a single point of failure: If someone ever gets hold of those keys...I don't like key escrow because I don't trust anybody! Why would a company which wants to hide their proprietary research data trust another organization and give them the key to the house?
DDJ: So we find ourselves engaged in a national search for Deus ex machina.
EB: It's a very difficult question, but the existing situation is that the strongest algorithms with the longest keys are available, free, to anybody. This is reality.
The crime rate was very low in the socialist countries. For the smallest offense, the punishment was tremendous. On the other hand, there were no human rights. They could come to your home, take you away, search you, your car. They didn't have to have a reason.
Less crime. No human rights. On the other hand, with human rights comes crime. Where do you draw the line? That's the problem we're facing now on the Internet.