Making of a Security

By Keith Epstein

How Geo-Encryption Makes Copyright Protection Global

For nearly 30 years, Dorothy Denning has been devising ways to keep the wrong people from cracking into computers and stealing secrets locked up by cryptographic algorithms. She'll hack into a technology, then use what she has learned to figure out new ways to keep hackers at bay.

In the 1970s, she led a project to help federal agencies like the CIA, IRS and FBI share sensitive data without giving up their deepest secrets. A decade later, she devised a system that detects hackers the moment they crack into a system, enabling the U.S. Navy and other agencies to better guard classified data. Before then, hackers sometimes wouldn't be discovered until much later, during reviews of old network logs.

Now, Denning is pioneering a new type of copyright protection, called geo-encryption. It's a big deal in the information security arena, earning her the moniker of "America's cyberwarrior" from Time magazine and stoking the imaginations of everyone from Hollywood movie executives seeking ways to scare off Napster copycats to hospital administrators looking for a safe way to transport patient data across the Internet without fear of privacy breaches.

Today, of course, there's little to stop someone from posting the latest hit CD or DVD for anyone to download for free. But Denning thinks she's pretty much solved that problem.

Working with a Hollywood movie executive and an Internet entrepreneur, Denning has invented a way to keep information scrambled until it reaches a precise location, as determined by GPS satellites. Armed with Denning's geo-encryption system, which she co-patented in 1998, only people in specified locations, such as movie theaters, living rooms or corporate conference rooms, would be able to unscramble the data.

But the idea also has drawn interest from the Pentagon. Coded messages that the Defense Department sends its commanders in the field, for example, could be deciphered only in a certain room of a certain building in, say, Kandahar—greatly reducing the risk of malicious interception.

Business intelligence, such as a private meeting among corporate directors, could be scrambled and uploaded to a satellite from a conference room, and downloaded and decoded in a conference room 1,000 miles away. Medical records could be sent from a doctor in Peoria for a second opinion to a doctor in Manhattan—and all without the usual worries over privacy leaks to insurers or investigators along the way. In addition, she says, "If someone hacked into your system, you'd know exactly where he came from."

The idea has its share of critics: "The problem is making the encryption device and GPS receiver tamperproof," says Bruce Schneier, a fellow cryptographer. Denning agrees that "you'll never solve the security challenge completely." But she believes geo-encryption has seriously upped the ante in the brain race against hackers.

A year ago, Denning helped form GeoCodex, an Arlington, Va.-based start-up that's developing devices to enable location-based authentication. Working with Hollywood film executive Mark Seiler and MapQuest.com Inc. founder Barry Glick, the technology is already attracting interest: Even top White House officials, including the nation's top cyberterrorism cop, Richard Clarke, are looking into its potential uses against cyberwarriors.

Before Denning's invention, location-authentication methodologies relied on who you were or what you knew. With Denning's work, suddenly, it is possible to have an authenticated location, supplied by data from the network of 27 GPS satellites. In addition, documents can be electronically stamped with the time and place of their creation to establish ownership of intellectual property. Says SRI International computer scientist Peter G. Neumann, who worked with Denning in the 1980s to develop secure systems for the Navy: "To Dorothy, the word 'no' is a green light."

Making of a Security


Math Lessons

Denning was always bucking the odds. As a brainy teenager growing up in Grand Rapids, Mich., in the 1950s, Denning had been encouraged to teach high school math. Instead, she became interested in computer security while taking a seminar on operating systems as a doctoral student at Purdue University—and later married the professor who taught the class.

In the years that followed, she literally wrote the book on modern cryptography: Her Ph.D. thesis on encryption devised the now-famous "lattice model" for secure information flow so that sensitive data, such as tax records or classified information that is viewed and manipulated by software, could not be disclosed to unauthorized individuals. In the mid-1980s, at SRI, Denning developed a model for an intrusion detection system for the Navy, one of the first designed to spot real-time deviations from ordinary patterns.

But it wasn't until 1987, when Denning joined Digital Equipment Corp.'s then-new distributed systems research lab in Palo Alto, Calif., that she got her first taste of the new security threats that the Internet poses for governments and commercial interests—and wanted to do something about it. When a member of the infamous 1980s hacker group called "Legion of Doom" interviewed Denning for his 'zine, Worm, Denning became fascinated by the hacker underground, its movements, motivations and techniques. "It made me realize how little I knew," Denning recalls.

She kept in touch with the hacker community to learn more, and in 1990, she became a key defense witness against the government in a well-publicized computer case in which federal prosecutors attempted to send a 20-year-old college student to jail for 65 years because he published a purloined telephone company document in an electronic newsletter called Phrack.

Denning easily demonstrated that the information in the stolen document could not have been used to break into telephone systems and disrupt service, effectively demolishing the core of the prosecution's case.

But the experience also served to solidify Denning's conviction that existing levels of security were no match for the new world of digital-data hackers. "All of a sudden," she recalls, "it really hit me. A lot of security research had no relevance to what hackers were actually doing. We had been addressing the obscure threats, not the real ones."

Her newfound passion made her work at DEC seem less relevant, and in 1991, Denning returned to the classroom, this time as chair of Georgetown University's computer science department. There, Denning moved beyond mathematics and technology to influence the development of national security and technology policy. A short time after moving to Georgetown, Denning was invited by the National Security Agency to scrutinize the inner workings of a controversial "clipper chip" encryption code designed by the agency to enable investigators to digitally wiretap communications of hackers using strong encryption.

Six experts before Denning had declined the NSA's invitation, in part due to widespread opposition to the plan, which most felt at the time would end up giving the NSA, the nation's premier surveillance agency, increased powers to spy on citizens. But Denning, typically, refused to be swayed by public opinion. Instead, she relished the challenge as yet another intellectual puzzle to solve.

Commuting between her Washington office in Georgetown and the NSA's high-security enclave outside Baltimore, she worked from a computer workstation, trying to break code written by the government's most gifted cryptographers. After three weeks of trying, Denning was happy to report that she had failed. Her endorsement of the government's electronic code book brought a storm of criticisms from the computer hackers she once defended, with some routinely referring to her in chat rooms and listservs as the "Wicked Witch of the East."

"People suggested my books should be boycotted," Denning says. "My credentials were questioned. They said I was a dupe for the government." But Denning stood firm. "During that time, Dorothy displayed a core of toughness and a willingness to keep going despite a lot of obstacles," says Stewart Baker, the NSA's former general counsel.

Even adversaries, including privacy activist Marc Rotenberg, founder and director of the Washington-based Electronic Privacy Information Center, admired her "intellectual honesty." Says Rotenberg: "Although we clearly disagreed, she was not afraid to take unpopular positions."

Applying Geo


Real-World Geo-Encryption

Denning's pull-no-punches manner and intellectual curiosity remain pretty much intact, whether she's chairing the Georgetown Institute for Information Assurance—a security research group that she founded—or sitting on the new White House Advisory Group on Homeland Security. Just ask Seiler and Glick.

Last year, when the pair tracked down Denning—her name appeared on a 1998 patent for location-based authentication—they fully expected her to fawn over their idea to use her geo-encryption technology to enable the digital distribution of movies and films. "I remember thinking that Napster is going to kill the entertainment business, and isn't there some way to encrypt by location?" says Seiler.

But Denning promptly burst their bubble. She peppered Seiler and Glick with doubts over whether geo-encryption would be tamperproof in all applications. "Barry and I were devastated," recalls Seiler. Denning, nonetheless, decided to join them as a partner. Though remaining at Georgetown full-time, she is the "go-to" person to work out the kinks in the technology—and to brainstorm with Seiler and Glick to develop broader applications for it.

Denning says her initial doubts only whetted her intellectual curiosity—and her desire to apply what she'd dreamed up in the lab. "I find the challenge of dynamically encrypting streams of video or classified data by using GPS satellites intellectually intriguing," Denning says. After months of chipping away at the project, GeoCodex now has venture capital backers for three joint ventures to safeguard entertainment broadcasts, defend classified data and protect medical records.

Specifically for Hollywood, Denning has figured out how studios can interact directly with movie houses or home-bound video-on-demand customers. For example, Paramount Studios could encrypt its movies for, say, the St. Louis area—providing the material to the video-on-demand distributor without giving that distributor the decoding key. Paramount could manipulate the key directly from its offices in Hollywood, ensuring that only those who subscribe to the service get it. Seiler and Glick hope their company's $10 GeoCodex chip can be installed on HDTV sets. But they're also working with SRA International Inc., a Fairfax, Va., contractor, on national security applications.

Copyright Arms Race

Copyright Arms Race

Denning, though, acknowledges that the race against those who would defraud security systems is a continuous battle. For one thing, the chips will be far from ubiquitous; wide distribution could take years. Critics, including Steve Bellovin, a network security researcher at AT&T Labs, also point to the difficulty of making the chip tamperproof and the possibility of "spoofing" the GPS location.

But Seiler and Glick believe Denning has shored up most of the potential weaknesses—or will. In one instance, Glick recalls, he fretted that encrypted data could be intercepted on its way to the user. What if pirates tapped into a router? Could a hacker be prevented from circumventing the GPS sensor and pretending to be, say, at the Pentagon instead of Kandahar? Denning struggled for days on that one, then came up with a way to make routers themselves "locationally intelligent"—in other words, the GPS-based encryption itself would change dynamically as it moved through the path from owner to user.

In my life," says Denning, "it's been one challenge after another. If something's not challenging, I get bored and move on. Technology needs to make sense in the real world. I don't want just to be published somewhere." No worries there.

Keith Epstein is a writer in Media General's Washington bureau, covering Congress, regulatory agencies and technology policy for the Tampa Tribune. CIO Insight Researcher Kathleen Paton contributed to this report.

Stats on Dorothy Denning

Stats on Dorothy Denning

Born: Aug. 12, 1945, in Grand Rapids, Mich.

Motivation: Frustration with software vulnerability.

Mentor: University of Michigan astronomy professor Fred Haddock, who first encouraged Denning to work with computers—in this case to compute Doppler shifts in stars rather than add them up on a calculator.

Career Highlights: Mathematician, University of Michigan Radio Astronomy Observatory, 1967-1969; Systems Programmer, University of Rochester, 1969-1972; Instructor and Associate Prof., Computer Science, Purdue University, 1972- 1983; Senior Staff Scientist and Senior Computer Scientist, SRI International, 1984- 1987; Principal Software Engineer, Digital Equipment Corp. Systems Research Center, 1987-1991; Professor, Computer Science, Georgetown University, 1991-present

Education: B.A., Mathematics, University of Michigan (1967); M.A., Mathematics, University of Michigan (1969); Ph.D., Computer Science, Purdue University (1975)

Books: Information Warfare and Security, ACM Press/Addison-Wesley (1999); Internet Besieged, edited with Peter J. Denning, ACM Press/Addison-Wesley (1997) Awards: Association for Computing Machinery's Recognition of Service Award in 1995 and ACM's Fellow Award in 1998; National Computer Systems Security Award in 1999

Professional Activities: Founding President and Director, International Association for Cryptologic Research; Task Force on Cyber Threats for the Future, Homeland Defense, Center for Strategic and International Studies; U.S. Working Group on Global Organized Crime

This article was originally published on 04-01-2002