- no title specified

Network Authorisation

How should users of IT systems authorise themselves on the network?

Hordes of specialists spend an immense amount of work time discussing this question and coming up with technologies that are more secure than their predecessors. Terms like "biometric data" and "two-factor authentication" are coined, words that only a few people fully understand. In any case, the technical investment behind this is enormous and the avalanche of data that is triggered by some of these procedures is greater than the actually useful data that needs to be transmitted.

Yet this whole discussion is actually premature. A hacker who wants to break into a system does not crack a colleague’s password in order to search for the data he wants within a network that is restricted based on user rights – no! – he logs in as an administrator straight away; in too many cases the password needed here is the same, and, logged in as an administrator, the organisation's whole IT-world is at his fingertips.

This scenario may be a little simplified but it demonstrates the problems that unfortunately keep coming up. Only those who follow rules will be stopped by them. Criminals will just go straight past.

Therefore, before we start discussing secure access for authorised users – even simple procedures would be enough for them – we should put the hackers in their place. This cannot be done with the systems we have.

The root of the problem lies, although many people do not recognise this, not in the software, but deeper, in the very hardware.

The digital, programmable devices we use today are built on one of two architectures. Both originated in the early twentieth century and have therefore reached retirement age. They are the von- Neumann- and the Harvard-Architecture. The latter, since it is not consistently used in mass-produced products, is only a little more secure that the von-Neumann-Architecture. The time has come to replace them both.

Both architectures named here suffer for the same reason: programs and data are stored such that there are no clear boundaries between them. This circumstance allows hackers to plant data, that are actually programmes, on a computer in various ways. If the user clicks on such a file, it will not, as expected, be opened and displayed by a utility program, but be run as a program. The program then does what the hacker intended it to do – and this is usually something the user did not intend.

Anti-Virus programs offer only inadequate protection. They either have to identify the malware or its doings. In both cases, the hackers are usually way ahead. Identifying the harmful program is not enough. An antidote has to be developed and installed by the user; by that time the hackers have probably got what they wanted.

This process can be interrupted with a new computer architecture, invented in Germany. Although it may still be technically possible to plant malware, the hardware prevents any file that is not explicitly told to run as a program by the user, from being able to control the processors. This means that recognising malware is no longer necessary and the computer is secure, even from future malware.

Unfortunately, the new “hacking-resistant” hardware architecture is not compatible with the software products available on the market today. However it does not require fundamentally new software-functions; sorting the data structures created by the programmers will be sufficient in the majority of cases, and since this is a matter of sorting, software generated this way will also be backward compatible i.e. capable of running on "old" computer systems – as long as the program is still compatible with the operating system and processor.

When this new architecture becomes more established there will also be new authorisation possibilities based on it that are currently not technically implementable, or work on creating them can resume – with good cause this time.

The software adjustments necessary for the new architecture have been specified. The hardware architecture is patented and won first prize in the "Hardware" category at the competition "INNOVATION PRIZE – IT 2015". IT security "Made in Germany".