Download presentation
Presentation is loading. Please wait.
Published byJoy Page Modified over 9 years ago
1
Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November 9, 2004
2
Approach Looking toward future generations of information technology – 30-year timeframe Cryptography, network security grow in importance as essential building blocks Challenges lie ahead – what can we do? Two kinds of solution to consider: —“Easy”: apply current knowledge to alleviate problems —“Better”: discover new knowledge that overcomes them
3
Challenge #1: No Algorithm Is Safe Today’s algorithms remain secure for 30+ years against known attacks on classical computers, with sufficiently large keys The risk: unknown attacks and quantum computers —Quantum computers would break today’s number-theoretic public- key cryptography; halve effective key size of secret-key algorithms —Unknown attacks could have equally dramatic effect Key problem: With a few exceptions, no algorithms are proven secure unconditionally
4
Algorithm Directions: “Easy” 1. Employ multiple algorithms based on different hard problems —Presumably less likely all to fall at once 2. Deploy secret-key-only architectures where feasible 3. Adopt Merkle hash signatures —(2.) and (3.) reduce the dependence on number-theoretic public- key cryptography, which is riskiest against quantum computers —However, no assurance that specific secret-key algorithms and hash functions resist specific quantum (or classical) attacks 4. Introduce quantum cryptography as an extra layer of protection —But limited to link encryption with photon transmission
5
Algorithm Directions: “Better” 5. Develop alternative algorithms based on different hard problems —A broader portfolio against attack —But involves a long testing process – few hard problems have survived last 30 years 6. Find new algorithms that are provably resistant to attack – or fully prove strength of existing ones —Requires major breakthroughs in computational complexity theory e.g., lower bounds for integer factoring 7. Invent quantum or other form of cryptography that isn’t limited to photon transmission, e.g., “RF quantum”? —Assumes new results in physics
6
Challenge #2: No Data Is Safe Data and keys can be reasonably well protected today against compromise with trusted hardware, software The risk: Attacks are becoming more sophisticated, and usability competes with security —Side-channel analysis can expose keys in many implementations —Availability requirements often encourage multiple copies of data Key problem: Security architectures today generally based around explicit data and keys —Each instance an opportunity for compromise
7
Data Protection Directions: “Easy” 1. Build implementations of existing algorithms to address side- channel attacks — not just for speed & space 2. Employ architectures based on implicit data and keys: —Secret splitting: Data stored in n shares, k required to reconstruct —Distributed cryptography and secure multi-party computation: Keys stored and used in shares – never explicitly reconstructed 3. Adopt techniques that “heal” the effects of compromise: —Proactive security: Shares are periodically refreshed —Forward security: Keys are updated regularly such that past keys cannot be computed from current ones
8
Data Protection Directions: “Better” 4. Design new algorithms that are provably less vulnerable to side-channel attacks and other compromises —“physically observable cryptography” (Micali, Reyzin) —potentially a difficult tradeoff versus conventional attacks 5. Develop new, practical data protection techniques based on other hard problems —e.g., only on hash functions 6. Invent something physics-based, e.g., “quantum secret- splitting”?
9
And That’s Just the Data … Future networks, with numerous mobile components in ad hoc configurations, will also be at risk to a host of new attacks, e.g.: —Routing table corruption, leading to network partition, traffic analysis —“Selfish” nodes that expend others’ resources but do not contribute their own Countermeasures here involve a new way of viewing networks, where trust is earned, not assumed (Jakobsson et al.): —“Micropayments” as network diagnostics —Reputation management —Game theory
10
Summary Today’s cryptography and data protection are reasonably strong, but 30 years is a long time Better long-term assurance requires new techniques and methods of analysis —An architecture of implicit data built on a foundation of provable algorithms Research challenge is the same as for networks: a roadmap from today’s “gigabit security” into terabits and beyond
11
Contact Information Burt Kaliski VP Research, RSA Security Chief Scientist, RSA Laboratories bkaliski@rsasecurity.com http://www.rsasecurity.com/ bkaliski@rsasecurity.com
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.