Professor Preaches Security Through Simplicity

by Hinesh Jethwani    Jun 01, 2004

While complexities involved with security climb exponentially across the globe, a veteran in the Indian research industry has gone back to the drawing board, developing simple techniques that enterprises can use to safeguard their systems.

In a CXOtoday exclusive, Sugata Sanyal, a professor of computer science at Tata Institute of Fundamental Research (TIFR), said, “Enterprises can eliminate complex security calculations by using simple variation techniques. A simple Â’disconnect-connect’ solution can prove to be an effective variation policy in protecting sensitive data on vulnerable servers. The solution simply logs off the user trying to connect to the server in the first session, and then dials back immediately, to verify the authenticity of the source. If the user has Telnet to another machine and initiated the server dialogue from it, the system can immediately detect it and terminate the session.”

Sanyal is consulting various organizations on different aspects of network security. Recollecting an actual instance where a simple variation solved a major network security issue, Sanyal said, “About 3-4 years back, ISP’s in Delhi were facing recurring complaints from their customers, over a new virus that was multiplying at an alarming rate. In some instances, the virus had clogged the network to such an extent that certain enterprises were finding it difficult to transact business operations. We proposed a simple Â’Push’ technology that solved the problem using principles of variation. Under the solution, every system trying to connect to the ISP was forced to go into a loop. The ISP server then forced a booting sequence, which would stop any system from coming up and unless until the Anti-virus package was updated to combat the virus.”

Sanyal effectively propagates the use of multi-factorial security, where an encrypted password is only the first step to gaining system access. More complex parameters like a pre-arranged bit sequence can be used to add tougher layers of security. According to Sanyal, Macintosh systems were the least vulnerable, because of their low usage on the network, and Linux has a definite edge over Windows as far as vulnerabilities are concerned, due to its read/write process and layered model.

“Another simple solution that I would like to call as Â’Vacation Mail’, can prove to be an effective tool in isolating spam mail addresses from genuine ones. On Unix/Linux boxes, a Vacation Mail system allows a person to preset an auto-reply to all incoming messages while he/she is away. If each person configures a vacation mail setting for the spam folder, there is a guarantee that every spammer will receive at least one auto-reply. If the mail address is a fictitious entry created by a spammer, the auto-reply will obviously bounce back, indicating that the source is malicious. This simple procedure can prove to be a boon for enterprise users, who continuously face the headache of having to sift through their spam mail folder, to verify whether any genuine mails have been wrongly trapped by the anti-spam software.”

Describing his latest initiatives, Sanyal explained, “We have developed a complex algorithm for supporting an Ad Hoc Network Â- which connects a group of communicating elements as and when the need arises. This system has a variety of implications, especially for defense purposes. In a typical surveillance scenario, sensors are scattered across a geographical location, which can be connected to each other using this software and the accompanying transmitters/receivers. We have also designed several algorithms on Denial of Service (DoS) and malicious node detection.”

Sanyal has been a part of TIFR for the past 31 years, and is an ex IIT-ian, Kharagpur.

Tags: Professor