For nearly 30 years, Dorothy Denning has been devising ways to keep the wrong people from cracking into computers and stealing secrets locked up by cryptographic algorithms. She’ll hack into a technology, then use what she has learned to figure out new ways to keep hackers at bay.
In the 1970s, she led a project to help federal agencies like the CIA, IRS and FBI share sensitive data without giving up their deepest secrets. A decade later, she devised a system that detects hackers the moment they crack into a system, enabling the U.S. Navy and other agencies to better guard classified data. Before then, hackers sometimes wouldn’t be discovered until much later, during reviews of old network logs.
Now, Denning is pioneering a new type of copyright protection, called geo-encryption. It’s a big deal in the information security arena, earning her the moniker of “America’s cyberwarrior” from Time magazine and stoking the imaginations of everyone from Hollywood movie executives seeking ways to scare off Napster copycats to hospital administrators looking for a safe way to transport patient data across the Internet without fear of privacy breaches.
Today, of course, there’s little to stop someone from posting the latest hit CD or DVD for anyone to download for free. But Denning thinks she’s pretty much solved that problem.
Working with a Hollywood movie executive and an Internet entrepreneur, Denning has invented a way to keep information scrambled until it reaches a precise location, as determined by GPS satellites. Armed with Denning’s geo-encryption system, which she co-patented in 1998, only people in specified locations, such as movie theaters, living rooms or corporate conference rooms, would be able to unscramble the data.
But the idea also has drawn interest from the Pentagon. Coded messages that the Defense Department sends its commanders in the field, for example, could be deciphered only in a certain room of a certain building in, say, Kandahar—greatly reducing the risk of malicious interception.
Business intelligence, such as a private meeting among corporate directors, could be scrambled and uploaded to a satellite from a conference room, and downloaded and decoded in a conference room 1,000 miles away. Medical records could be sent from a doctor in Peoria for a second opinion to a doctor in Manhattan—and all without the usual worries over privacy leaks to insurers or investigators along the way. In addition, she says, “If someone hacked into your system, you’d know exactly where he came from.”
The idea has its share of critics: “The problem is making the encryption device and GPS receiver tamperproof,” says Bruce Schneier, a fellow cryptographer. Denning agrees that “you’ll never solve the security challenge completely.” But she believes geo-encryption has seriously upped the ante in the brain race against hackers.
A year ago, Denning helped form GeoCodex, an Arlington, Va.-based start-up that’s developing devices to enable location-based authentication. Working with Hollywood film executive Mark Seiler and MapQuest.com Inc. founder Barry Glick, the technology is already attracting interest: Even top White House officials, including the nation’s top cyberterrorism cop, Richard Clarke, are looking into its potential uses against cyberwarriors.
Before Denning’s invention, location-authentication methodologies relied on who you were or what you knew. With Denning’s work, suddenly, it is possible to have an authenticated location, supplied by data from the network of 27 GPS satellites. In addition, documents can be electronically stamped with the time and place of their creation to establish ownership of intellectual property. Says SRI International computer scientist Peter G. Neumann, who worked with Denning in the 1980s to develop secure systems for the Navy: “To Dorothy, the word ‘no’ is a green light.”