Detailed History

In 1961, a team led by Fernando J. Corbató at the MIT computation center developed Compatible Time Sharing System (CTSS). A computer user was able to work on his own partition of the system while many other users were able to work on the same system at the same time. Computer users were concerned about their files being modified by others so they devoted into computer security issues.

After we identify the security policy which is the purpose of an security even, we need the mechanism which is the action to enforce its policy. One mechanism is file access control. It lets the owners specify who can access their files and under what circumstance. CTSS, MAC, and CMAS were the projects on file access control issues. In 1962, project MAC was suggested by J. C. R. Licklider at MIT. MAC stood for Multiple Access Computers. MAC was developed later on to form Multics which is a good security mechanism on secure system monitoring. CMAS which stood for Cambridge's Multiple Access System were introduced by University of Cambridge in the same year.

Following implementation of the CTSS, MIT had a project focusing security and privacy as its central design principles. MIT created the first monitoring system, Multics (Multiplexed Information and Computing Service). This system guaranteed that all security policies would be enforced. Actually this system is a small kernel of system calls. If Multics security kernel produces a correct result, we know the system is well protected. Multics were described in a set of six papers presented at the 1965 Fall Joint Computer Conference. The development of the system was undertaken as a cooperative effort involving the Bell Telephone Laboratories (from 1965 to 1969), the computer department of the General Electric Company, and Project MAC of M.I.T. History of Multics

The reason to store an enciphered password is to prevent the passwords from being easily learned if an attacker reads the file.

Passwords are common in the present time. They are used to authenticate a person before the system grants the right for him to get in. How does the system manage those important passwords? Originally the system stored the passwords in a file and kept it in a secrete place. However, the problem happens when some hacker gets this file. In 1967, an enciphered version of user passwords was made for the first time. The reason to store an enciphered password is to prevent the passwords from being easily learned if an attacker reads the file. An enciphered password is generated by some mathematical algorithm and is usually a one-way function. One-way function means an algorithm which we can only use it to get the enciphered results but we cannot run the same algorithm on the enciphered result to get the original password.

Unix-Unix system mail(UUCP) was created in 1975 to allow users on one UNIX machine to execute commands on a second UNIX system. Mails and files could be transferred electronically and automatically between systems by using mail programs such as SendMail. Such convenient mechanism, however, rose the chance for attackers to erase or overwirte configuration files. Through each transmission, attackers have a way to break into a software if it was not correctly configured. This problem drew close attention to security issues.

Before two parties start their communication, they want to identify each other.What is the mechanism for such authentication in the computer system?

Before two parties start their communication, they want to identify each other. What is the mechanism for such authentication in the computer system? People exchange their secrete keys and then they show those keys when they want to identify themselves. However, problems occur when these two parties try to exchange the keys. They need to set up a very safe situation in order to prevent losing the confidentiality. In 1976, Public-key cryptography was produced so two people could communicate or authenticate each other confidentially without prearranging to exchange a shared cryptographic key. The Public-Key Cryptography Standards (PKCS) were established to provide a catalyst for interoperable security based on public-key cryptographic techniques, and they have become the basis for many formal standards and are implemented widely. This technology helped to put the idea of digital signatures into practice. Note that the RSA public-key is the oldest unbroken public key cryptosystem which was developed in 1978. Example: procedure to generate a RSA public key.

An interesting research on password guessing in 1978 demonstrated that guessing user names, addresses, social security numbers, phone numbers, and other personal information are more effective than deciphering passwords. This study was done by Morris and Thompson. How to choose a good password? Furthermore, reusable password would produce an easy password guessing. Better password schemes were developed in mid-1980s. Methods including callback modems which relied on verification of the user's location; challenge-response protocols which allowed the authentic user to generate personalized responses to challenges issued by the system; and smart cards which generate a new password with each use(one-time password) helped to enforce computer security policy.

As the Internet grew, commerce also moved onto the Internet. There were several discussions and research on electronic cash since 1978. The art of cryptography produces electronic signatures, which permit numbers to serve as electronic cash or to replace conventional identification. In his paper "Achieving Electronic Privacy, 1992", David Chaum hopes it may return control of personal information to the individual.

No matter how well the system is protected, intelligent attackers still tried to break in to systems. Some of them did it for personal entertainment, some of them did it to gain the benefit. In 1986, an attacker hired by a foreign government intruded computers at Lawrence Berkeley Laboratory looking for secret information. Clifford Stoll detected the hacker by tracking the accounting information to find out this hacker. This criminal was arrested by authorities. Later he wrote a best-selling book about it in 1992.

Most of the computer users have experienced the power of computer virus in some degree. A kind of virus, called the Trojan horses was identified in 1984. Viruses embed copies of themselves in other programs and execute when the program runs. They are widely spread throughout the personal computer realm, through sharing of disks and files over the Internet. Since that time, computers were impacted by the influence of computer virus. Other notorious computer viruses including Michelangelo (in 1989) were seen.

In addition to computer viruses, computer worms were seen pretty soon. In 1988, Bob Morris wrote a program to let a self-reproducing Internet worm spread through the entire Internet connections. Within hours, it invaded between 3000 and 6000 hosts.

A distributed authentication system for Open Network Systems( Kerberos in 1988) let the authentication servers allow users to authenticatet themselves on any system using one set of data. This data can be updatedgglobally and the server can also pass the proof of identity back to the user.Authentication policy and mechanism

To protect the electronic mails against mistreatment, Pretty Good Privacy(PGP) and Privacy-enhanced Electronic mail(PEM) were developed. These services were in demand especially on the Internet.

Firewalls have been used since 1993 to ensure no one could access the actual wires and listen to the packets which were transferred through the Internet protocols. Also, since the massive programs written in the computer language Java in 1996, higher possibility of the appearance of Trojan horses and viruses could take place. Due to the characteristic of this language which comes with the small Java applications, called applets. Viruses can be brought while the user download the Java applets from an Internet server and executed locally.