120 likes | 255 Views
Approach. Looking toward future generations of information technology ? 30-year timeframeCryptography, network security grow in importance as essential building blocksChallenges lie ahead ? what can we do?Two kinds of solution to consider:?Easy": apply current knowledge to alleviate problems?Be
E N D
1. Cryptography and Data Security:Long-Term Challenges Burt Kaliski, RSA SecurityNortheastern University CCIS Mini Symposium on Information SecurityNovember 9, 2004
2. Approach Looking toward future generations of information technology 30-year timeframe
Cryptography, network security grow in importance as essential building blocks
Challenges lie ahead what can we do?
Two kinds of solution to consider:
Easy: apply current knowledge to alleviate problems
Better: discover new knowledge that overcomes them
3. Challenge #1: No Algorithm Is Safe Todays algorithms remain secure for 30+ years against known attacks on classical computers, with sufficiently large keys
The risk: unknown attacks and quantum computers
Quantum computers would break todays number-theoretic public-key cryptography; halve effective key size of secret-key algorithms
Unknown attacks could have equally dramatic effect
Key problem: With a few exceptions, no algorithms are proven secure unconditionally
4. Algorithm Directions: Easy Employ multiple algorithms based on different hard problems
Presumably less likely all to fall at once
Deploy secret-key-only architectures where feasible
Adopt Merkle hash signatures
(2.) and (3.) reduce the dependence on number-theoretic public-key cryptography, which is riskiest against quantum computers
However, no assurance that specific secret-key algorithms and hash functions resist specific quantum (or classical) attacks
Introduce quantum cryptography as an extra layer of protection
But limited to link encryption with photon transmission
5. Algorithm Directions: Better Develop alternative algorithms based on different hard problems
A broader portfolio against attack
But involves a long testing process few hard problems have survived last 30 years
Find new algorithms that are provably resistant to attack or fully prove strength of existing ones
Requires major breakthroughs in computational complexity theory
e.g., lower bounds for integer factoring
Invent quantum or other form of cryptography that isnt limited to photon transmission, e.g., RF quantum?
Assumes new results in physics
6. Challenge #2: No Data Is Safe Data and keys can be reasonably well protected today against compromise with trusted hardware, software
The risk: Attacks are becoming more sophisticated, and usability competes with security
Side-channel analysis can expose keys in many implementations
Availability requirements often encourage multiple copies of data
Key problem: Security architectures today generally based around explicit data and keys
Each instance an opportunity for compromise
7. Data Protection Directions: Easy Build implementations of existing algorithms to address side-channel attacks not just for speed & space
Employ architectures based on implicit data and keys:
Secret splitting: Data stored in n shares, k required to reconstruct
Distributed cryptography and secure multi-party computation: Keys stored and used in shares never explicitly reconstructed
Adopt techniques that heal the effects of compromise:
Proactive security: Shares are periodically refreshed
Forward security: Keys are updated regularly such that past keys cannot be computed from current ones
8. Data Protection Directions: Better Design new algorithms that are provably less vulnerable to side-channel attacks and other compromises
physically observable cryptography (Micali, Reyzin)
potentially a difficult tradeoff versus conventional attacks
Develop new, practical data protection techniques based on other hard problems
e.g., only on hash functions
Invent something physics-based, e.g., quantum secret-splitting?
9. And Thats Just the Data
Future networks, with numerous mobile components in ad hoc configurations, will also be at risk to a host of new attacks, e.g.:
Routing table corruption, leading to network partition, traffic analysis
Selfish nodes that expend others resources but do not contribute their own
Countermeasures here involve a new way of viewing networks, where trust is earned, not assumed (Jakobsson et al.):
Micropayments as network diagnostics
Reputation management
Game theory
10. Summary Todays cryptography and data protection are reasonably strong, but 30 years is a long time
Better long-term assurance requires new techniques and methods of analysis
An architecture of implicit data built on a foundation of provable algorithms
Research challenge is the same as for networks: a roadmap from todays gigabit security into terabits and beyond
11. Contact Information Burt KaliskiVP Research, RSA SecurityChief Scientist, RSA Laboratoriesbkaliski@rsasecurity.comhttp://www.rsasecurity.com/