RSA Conference 2013: Experts Say It's Time to Prepare for a 'Post-Crypto' World

[herzmeister]

https://threatpost.com/en_us/blogs/rsa-conference-2013-experts-say-its-time-prepare-post-crypto-world-022613

SAN FRANCISCO--In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are compromised, one of the fathers of public-key cryptography said Tuesday. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a "post-cryptography" world.

"I definitely believe that cryptography is becoming less important. In effect, even the most secure computer systems in the most isolated locations have been penetrated over the last couple of years by a series of APTs and other advanced attacks," Shamir, of the Weizmann Institute of Science in Israel, said during the Cryptographers' Panel session at the RSA Conference here today.

"We should rethink how we protect ourselves. Traditionally we have thought about two lines of defense. The first was to prevent the insertion of the APT with antivirus and other defenses. The second was to detect the activity of the APT once it's there. But recent history has shown us that the APT can survive both of these defenses and operate for several years."



Shamir, who shared the panel with Ron Rivest of MIT, Dan Boneh of Stanford University, Whitfield Diffie of ICANN and Ari Juels of RSA Labs, said that the continued assaults on corporate and government networks by sophisticated attackers in recent years has become the most important development in the security world. The time, he said, has come for security researchers and others involved in defending networks to look for methods other than cryptography that are capable of securing their sensitive data.

"It's very hard to use cryptography effectively if you assume an APT is watching everything on a system," Shamir said. "We need to think about security in a post-cryptography world."

One way to help shore up defenses would be to improve--or replace--the existing certificate authority infrastructure, the panelists said. The recent spate of attacks on CAs such as Comodo, DigiNotar and others has shown the inherent weaknesses in that system and there needs to be some serious work done on what can be done to fix it, they said.

"We need a PKI where people can specify who they want to trust, and we don't have that," said Rivest, another of the co-authors of the RSA algorithm. "We really need a PKI that not only is flexible in the sense that the relying party specifies what they trust but also in the sense of being able to tolerate failures, or perhaps government-mandated failures. We still have a very fragile and pollyanna-ish approach to PKI. We need to have a more robust outlook on that."

Shamir pointed to the incident recently in which TurkTrust, a Turkish CA, was found to have issued subordinate certificates for Google domains to two separate parties, one of which was a Turkish government contractor. He said he wouldn't be surprised to see other such incidents crop up.

"I think you will see more and more events like this, where a CA under pressure from a government will behave in strange ways," he said. "It brings into question whether the basis of security, the PKI infrastructure, is under severe strain."

[herzmeister]

bye bye Bitcoin, it was nice knowing you. 

[tpantlik]

Yeah, the last words on broken pki should be written on stone - or blockchain 

[Sukrim]

Their point is that computers are getting so insecure that it doesn't matter if they communicate encrypted or not - not that crypto gets broken.

E.g. somebody hosting a wallet on a server not at home makes it easy for the hoster to spy on that. As long as security measures are followed, your coins are safe too.

It kinda boils down to: "You can't trust the others to handle their stuff properly and it gets harder and harder for you to handle your own stuff."

[Scrat Acorns]

Video here: http://www.youtube.com/watch?v=eKhudJCGoJc

[cypherdoc]

Their point is that computers are getting so insecure that it doesn't matter if they communicate encrypted or not - not that crypto gets broken.

E.g. somebody hosting a wallet on a server not at home makes it easy for the hoster to spy on that. As long as security measures are followed, your coins are safe too.

It kinda boils down to: "You can't trust the others to handle their stuff properly and it gets harder and harder for you to handle your own stuff."

yes.

"We need a PKI where people can specify who they want to trust, and we don't have that," said Rivest, another of the co-authors of the RSA algorithm. "We really need a PKI that not only is flexible in the sense that the relying party specifies what they trust but also in the sense of being able to tolerate failures, or perhaps government-mandated failures. We still have a very fragile and pollyanna-ish approach to PKI. We need to have a more robust outlook on that."

[Doctor Mushies]

People like feeling they are protected, people feel they are safe, people trust other people far too much, and cryptography is 100% necessary for the world to advance.

[TooCasual]

Post crypto world?  Replaced with what?  ...To say such statement is idiocy.

Maybe just going back to paper and punch-cards? LOL. No computers?  Back to the dark ages!  Unplug the Internet! haha

Most vulnerabilities are from compromised systems and stolen information (passwords etc.)

Crypto just has to grow with current technology.  Well most government institutions, universities, large corporations probably do NOT "upgrade" their security technology often enough as it is a major cost...

Anyways, cryptography must always be exponentially ahead of the curve.  Audited and updated yearly.

Use larger key pairs and passwords over 4096bit+.  Hasn't anyone ever heard of or use www.openbsd.org?  Why would anyone NOT use that for their servers?

TC

[Bitobsessed]

Just throwing this out there but could it be replaced by quantum networks and quantum communication?  This technology is in its infancy but could explode over the next 10-20 years if it develops.  Our tech is expanding faster than we can even keep up.

http://www.sciencedaily.com/releases/2012/04/120411161604.htm

[tpantlik]

Hasn't anyone ever heard of or use www.openbsd.org?  Why would anyone NOT use that for their servers?

Yeah, we know and use BSD, but even with this secure unix, you are relying on other people – http://bsd.slashdot.org/story/10/12/15/004235/fbi-alleged-to-have-backdoored-openbsds-ipsec-stack

It's all about trust. We, the bitcoiners, know it. 

[Timo Y]

I think that 'Post-Crypto' in the context of this talk doesn't mean abolishing crypto entirely, but rather to stop relying on crypto for certain tasks.

Private keys are only effective if they are stored in private places, but on the internet nothing is truly private because every system has holes and leaks.  Crypto alone can't be used to create the private places that it relies on, so we need something else, like Trusted Computing, to do that job.  I think that's the gist of it.

[Timo Y]

Just throwing this out there but could it be replaced by quantum networks and quantum communication?  This technology is in its infancy but could explode over the next 10-20 years if it develops.  Our tech is expanding faster than we can even keep up.

http://www.sciencedaily.com/releases/2012/04/120411161604.htm

The only difference between quantum cryptography and classical cryptography is that quantum cryptography is (allegedly) provably unbreakable and classical cryptography just hard to break.

However, quantum cryptography doesn't solve the fundamental problems discussed in the OP: Knowing who to trust and hiding your private keys.

[nwbitcoin]

Read between the lines!

the hash table script kiddie is going to get you - Give us a job and it won't happen!




Crypto is working so well, these people are looking for a new gig.  Their skills are not as much in demand as they were, so they are talking about a new threat.  This threat is so big that people will turn to them to fix it! They are back in work, and the scare factor of the new threat is toned down - and problem is never fixed enough to stop!

The problem for all security is that it needs to be upgraded as technology gets better.  Where 128 bit was great in the 90s, 1048 bit is the way forward for the 2020s and eventually we will have quantum crypto that will sample your dna as you breathe on the screen to enable your wallet!

However, if you do not have security policies in place, which you religiously follow, you will lose everything - and that is the post crypto world!

Simples!

[interlagos]

The problem with security is not in a cryptography itself (yet), but in the fact that people are unable to protect their secret keys and passwords.

I bet much more secure authentication mechanizm would be for client to register its public key with the server and for the server to issue one-time strings that the client would need to sign with its private key stored in a air-gapped USB hardware gadget (like those USB BItcoin hardware wallets in development). The server can then check if signature is valid against client's public key.

At least trojans and keyloggers won't have a chance against such system.

[Littleshop]

Someone just wanted to say "post-crypto" like "post-pc era" and then figured out how to make a speach around it.  The media then picked it up because it looks interesting. 

Nothing about what is really happening in the world makes me think we are going "post-crypto" world, to the contrary I think the use of cryptography will continue to expand. 

[luv2drnkbr]

The only difference between quantum cryptography and classical cryptography is that quantum cryptography is (allegedly) provably unbreakable and classical cryptography just hard to break.

Why is this?  I don't know anything about QM and only a little about crypto-- I'm assuming that somehow QM crypto can have an infinite keyspace, and that's how it's provably unbreakable, but that's just a wild-ass guess.  Do you have more information on your statement?  It intrigues me!

[nwbitcoin]

The only difference between quantum cryptography and classical cryptography is that quantum cryptography is (allegedly) provably unbreakable and classical cryptography just hard to break.

Why is this?  I don't know anything about QM and only a little about crypto-- I'm assuming that somehow QM crypto can have an infinite keyspace, and that's how it's provably unbreakable, but that's just a wild-ass guess.  Do you have more information on your statement?  It intrigues me!

Quantum Cryptography works on the quantum physics theory that states that a thing can be one thing or another depending on when you look at it.  Its better explained here - http://en.wikipedia.org/wiki/Schr%C3%B6dinger's_cat

The point is that eventually, we will have crypto that is so complex that it will takes years to break.  What this theory doesn't take into consideration is that the tools for breaking them also gets better, so we end up at a stalemate - which suits the people at RSA just fine, as it keeps them all in a job!