1 / 12

Cryptography and Data Security: Long-Term Challenges

Cryptography and Data Security: Long-Term Challenges. Burt Kaliski, RSA Security Northeastern University CCIS M ini Symposium on Information Security November 9, 2004. Approach. Looking toward future generations of information technology – 30-year timeframe

Download Presentation

Cryptography and Data Security: Long-Term Challenges

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cryptography and Data Security:Long-Term Challenges Burt Kaliski, RSA SecurityNortheastern University CCIS Mini Symposium on Information SecurityNovember 9, 2004

  2. Approach • Looking toward future generations of information technology – 30-year timeframe • Cryptography, network security grow in importance as essential building blocks • Challenges lie ahead – what can we do? • Two kinds of solution to consider: • “Easy”: apply current knowledge to alleviate problems • “Better”: discover new knowledge that overcomes them

  3. Challenge #1: No Algorithm Is Safe • Today’s algorithms remain secure for 30+ years against known attacks on classical computers, with sufficiently large keys • The risk: unknown attacks and quantum computers • Quantum computers would break today’s number-theoretic public-key cryptography; halve effective key size of secret-key algorithms • Unknown attacks could have equally dramatic effect • Key problem: With a few exceptions, no algorithms are proven secure unconditionally

  4. Algorithm Directions: “Easy” • Employ multiple algorithms based on different hard problems • Presumably less likely all to fall at once • Deploy secret-key-only architectures where feasible • Adopt Merkle hash signatures • (2.) and (3.) reduce the dependence on number-theoretic public-key cryptography, which is riskiest against quantum computers • However, no assurance that specific secret-key algorithms and hash functions resist specific quantum (or classical) attacks • Introduce quantum cryptography as an extra layer of protection • But limited to link encryption with photon transmission

  5. Algorithm Directions: “Better” • Develop alternative algorithms based on different hard problems • A broader portfolio against attack • But involves a long testing process – few hard problems have survived last 30 years • Find new algorithms that are provably resistant to attack – or fully prove strength of existing ones • Requires major breakthroughs in computational complexity theory • e.g., lower bounds for integer factoring • Invent quantum or other form of cryptography that isn’t limited to photon transmission, e.g., “RF quantum”? • Assumes new results in physics

  6. Challenge #2: No Data Is Safe • Data and keys can be reasonably well protected today against compromise with trusted hardware, software • The risk: Attacks are becoming more sophisticated, and usability competes with security • Side-channel analysis can expose keys in many implementations • Availability requirements often encourage multiple copies of data • Key problem: Security architectures today generally based around explicit data and keys • Each instance an opportunity for compromise

  7. Data Protection Directions: “Easy” • Build implementations of existing algorithms to address side-channel attacks — not just for speed & space • Employ architectures based on implicit data and keys: • Secret splitting: Data stored in n shares, k required to reconstruct • Distributed cryptography and secure multi-party computation: Keys stored and used in shares – never explicitly reconstructed • Adopt techniques that “heal” the effects of compromise: • Proactive security: Shares are periodically refreshed • Forward security: Keys are updated regularly such that past keys cannot be computed from current ones

  8. Data Protection Directions: “Better” • Design new algorithms that are provably less vulnerable to side-channel attacks and other compromises • “physically observable cryptography” (Micali, Reyzin) • potentially a difficult tradeoff versus conventional attacks • Develop new, practical data protection techniques based on other hard problems • e.g., only on hash functions • Invent something physics-based, e.g., “quantum secret-splitting”?

  9. And That’s Just the Data … • Future networks, with numerous mobile components in ad hoc configurations, will also be at risk to a host of new attacks, e.g.: • Routing table corruption, leading to network partition, traffic analysis • “Selfish” nodes that expend others’ resources but do not contribute their own • Countermeasures here involve a new way of viewing networks, where trust is earned, not assumed (Jakobsson et al.): • “Micropayments” as network diagnostics • Reputation management • Game theory

  10. Summary • Today’s cryptography and data protection are reasonably strong, but 30 years is a long time • Better long-term assurance requires new techniques and methods of analysis • An architecture of implicit data built on a foundation of provable algorithms • Research challenge is the same as for networks: a roadmap from today’s “gigabit security” into terabits and beyond

  11. Contact Information • Burt KaliskiVP Research, RSA SecurityChief Scientist, RSA Laboratoriesbkaliski@rsasecurity.comhttp://www.rsasecurity.com/

More Related