Barely a minute after University of Minnesota mathematics professor Andrew Odlyzko began his Wednesday lecture, the projector he was using unexpectedly lost its connection signal. This interruption proved to be the ideal start for Odlyzko's discussion of cryptography and security's role in society.
"This is exactly what I'm going to talk about," Odlyzko joked as he fixed the connection by propping up the projector's wire with a textbook. "Modern technology compensating for its problems with old world solutions."
During the lecture in Steele Hall, Odlyzko discussed the widespread insecurity in computer networks and the lack of recent security developments to combat the issue. "Today many wonder, Why haven't cryptology and security lived up to their promise?'" Odlyzko said. "We see insecurity in information technology everywhere. Is the future of cyber security and its impact on humans going to be any better?"
According to Odlyzko, network security is "horribly insecure" but researchers have yet to devise a successful solution. For decades, the possibility of security attacks has constantly threatened computer users, but there remains little improvement in attack prevention, he said.
"There are strong economic, social and psychological reasons for the existence of insecurity in the cyber world," Odlyzko said. "What most don't realize is that we don't need absolute security."
While there has been progress in increasing levels of program security, it has been continually "outpaced" by developments in technological complexity, Odlyzko said.
"Even thoroughly small systems designed by top-notch people can eventually be no longer secure," he said.
While a totally secure information system would seem logically ideal, Odlyzko highlighted problems that secure systems would impose on society. For example, most people are "technophobic" and would have difficulty using secure systems, he said.
"We cannot have secure systems because we can never underestimate how naive the bulk of the population is," he said.
Odlyzko proposed that programmers embrace the existence of insecurity by "building messy, not clean" technologies. Designing complicated programs creates "speed bumps" that can prevent would-be hackers from entering a system, he said.
To design a complicated system embodies the acceptance of insecurity as a programming reality, Odlyzko said. He stressed that while this solution may directly counter the principles of computer engineering, the ideology "draws on the lessons from the past and now, and is related to a lot of concepts such as being resilient that [programmers] have long been familiar with."
For Odlyzko, security is not an ultimate goal, but an "enabler" that will allow information technology to move forward, he said.
"We tolerate a lot of things in the cyber and physical world," Odlyzko said. "For example, how secure are we sitting in this room? Society wants us to be able to use [technology] as a tool so we are willing to live and tolerate with some insecurities. We don't have 100 percent security in our physical lives, so we shouldn't expect it in cyberspace."
According to Odlyzko, the role of cyberspace is ever-increasing, and attacks are faster and more far-reaching than ever, he said. He warned of "a constant proliferation of systems" and users' "growth in rank and expertise."
"At the same time, there will also be a growth in users who don't want to learn how to adapt to these new developments," he said.
Odlyzko said, however, that he remains hopeful for the future of network security. He concluded that "much of insecurity in cyberspace can be compensated by physical means," such as decreasing threats in electronic voting systems by having a printed ballot ready for recount.
Mashfiqui Rabbi Shuvo, a second-year PhD computer science student, said he found Odlyzko's discussion of insecurity to be "different."
"I liked that he discussed what everyday, regular users care about," he said. "Overall, I found it to be a unique direction, and it was nice to think about the observations he raised."
Denise Anthony, a sociology professor and the research director of the Institute for Security, Technology and Society, also said she enjoyed Odlyzko's lecture.
"I really appreciate the broader socioeconomic view behind this way of thinking about security and computer systems overall," Anthony said. "It's fascinating material."
The lecture, titled "Providing Security with Insecure Systems," was part of the computer science department's colloquium series co-sponsored by ISTS.
