[Viewpoint]Unsafe securityA few days ago, I received a phone call ordering me to appear in court. I panicked. Did I forget to pay a speeding ticket last year? How did they find my phone number?
My personal information had been leaked. I also felt the serious adverse side effects of an information society created by computers. I was struck with fear when I realized that not only personal information, but also national intelligence, were susceptible to leaks.
Hacking is the biggest challenge to information security. An intruder might penetrate a computer connected to a network, then steal or change the information. No matter how well guarded a house might be, a thief can break in through the entrance or the sewer. A computer is bound to have vulnerable points, too.
As information passes through the network, a malicious program can jump in. Just as you go through a security checkpoint at the entrance of a building, a computer searches information that goes in and out of it using a security program.
However, surveillance is not and cannot be perfect. Since the program distinguishes intruders based on a connection method, it is often helpless to any new formats that an intruder might use. Once an intruder successfully penetrates into a system, it pretends to be a part of the system and steals information freely.
The second problem is viruses. While hacking is a penetration from the outside, viruses live inside computers and do harm in that way.
Just like hackers, viruses break the security system and penetrate the computer. Viruses come in the form of a program. Once they enter the system, they become a self-operated parasite.
A virus program follows a different pattern from other programs, so a security program can usually search and block them. You can also run antivirus programs and search files already in the computer for viruses that have already penetrated into the system. Viruses in new patterns cannot be detected in advance; you might find out about their presence only after the harm is done.
The third kind is encryption. When you store and deliver important documents, you can encrypt them to prevent other people from seeing them. The most basic method of encryption is to substitute letters of the alphabet for numbers.
When you get a document with numbers, you can decipher it if you know the numbers refer to letters of the alphabet. The information that “A” corresponds to “1” is the key. In other words, those who have the key can decipher the encryption. However, the problem is that even the most complicated encryption can be decoded, just as even the most complicated safe can be opened eventually.
Here, time is of the essence.
It is important whether an encryption can be decoded in a given amount of time. When one has unlimited time and the help of a computer, almost any encryption can be broken. However, you can rest assured if an encryption cannot be decoded within the period of time needed to keep a document confidential. Verification and intellectual property rights are also important issues. Verification is like a seal of certification.
When a person does a job on a computer, verification is used to confirm his or her identity. Just like when you register your personal seal, the most basic method of verification is to get a verification number and then enter it every time you use the computer. Protecting intellectual property rights prevents the unauthorized reproduction of music and videos. A watermark is inserted in a file that cannot be reproduced through illegal copying. The idea is similar to the method of identifying counterfeit money based on a watermark.
The information protection issue is like a battle between a virus and its vaccine. No one can be sure of the outcome of a contest between the spear and the shield.
However, it helps if you use an i-PIN, or a temporary identification number, instead of your resident registration number for verification.
Agencies handling personal information should store information in encrypted forms to reduce the damage from possible leakage. It is very important that we train the professional workforce and system needed to safeguard national intelligence. North Korea established the Automation College to educate special forces more than two decades ago. It boasts world-class hackers. The engineers are being asked to play a bigger role in protecting the nation and individuals.
*The writer is a professor at the Department of Bio and Brain Engineering at the Korea Advanced Institute of Science and Technology. Translation by the JoongAng Daily staff.
by Lee Kwang-hyung