Cryptography and data security long term challenges
1 / 12

Cryptography and Data Security: Long-Term Challenges - PowerPoint PPT Presentation

  • Uploaded on

Cryptography and Data Security: Long-Term Challenges. Burt Kaliski, RSA Security Northeastern University CCIS M ini Symposium on Information Security November 9, 2004. Approach. Looking toward future generations of information technology – 30-year timeframe

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Cryptography and Data Security: Long-Term Challenges' - kylie-adkins

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Cryptography and data security long term challenges

Cryptography and Data Security:Long-Term Challenges

Burt Kaliski, RSA SecurityNortheastern University CCIS Mini Symposium on Information SecurityNovember 9, 2004


  • Looking toward future generations of information technology – 30-year timeframe

  • Cryptography, network security grow in importance as essential building blocks

  • Challenges lie ahead – what can we do?

  • Two kinds of solution to consider:

    • “Easy”: apply current knowledge to alleviate problems

    • “Better”: discover new knowledge that overcomes them

Challenge 1 no algorithm is safe
Challenge #1: No Algorithm Is Safe

  • Today’s algorithms remain secure for 30+ years against known attacks on classical computers, with sufficiently large keys

  • The risk: unknown attacks and quantum computers

    • Quantum computers would break today’s number-theoretic public-key cryptography; halve effective key size of secret-key algorithms

    • Unknown attacks could have equally dramatic effect

  • Key problem: With a few exceptions, no algorithms are proven secure unconditionally

Algorithm directions easy
Algorithm Directions: “Easy”

  • Employ multiple algorithms based on different hard problems

    • Presumably less likely all to fall at once

  • Deploy secret-key-only architectures where feasible

  • Adopt Merkle hash signatures

    • (2.) and (3.) reduce the dependence on number-theoretic public-key cryptography, which is riskiest against quantum computers

    • However, no assurance that specific secret-key algorithms and hash functions resist specific quantum (or classical) attacks

  • Introduce quantum cryptography as an extra layer of protection

    • But limited to link encryption with photon transmission

Algorithm directions better
Algorithm Directions: “Better”

  • Develop alternative algorithms based on different hard problems

    • A broader portfolio against attack

    • But involves a long testing process – few hard problems have survived last 30 years

  • Find new algorithms that are provably resistant to attack – or fully prove strength of existing ones

    • Requires major breakthroughs in computational complexity theory

      • e.g., lower bounds for integer factoring

  • Invent quantum or other form of cryptography that isn’t limited to photon transmission, e.g., “RF quantum”?

    • Assumes new results in physics

Challenge 2 no data is safe
Challenge #2: No Data Is Safe

  • Data and keys can be reasonably well protected today against compromise with trusted hardware, software

  • The risk: Attacks are becoming more sophisticated, and usability competes with security

    • Side-channel analysis can expose keys in many implementations

    • Availability requirements often encourage multiple copies of data

  • Key problem: Security architectures today generally based around explicit data and keys

    • Each instance an opportunity for compromise

Data protection directions easy
Data Protection Directions: “Easy”

  • Build implementations of existing algorithms to address side-channel attacks — not just for speed & space

  • Employ architectures based on implicit data and keys:

    • Secret splitting: Data stored in n shares, k required to reconstruct

    • Distributed cryptography and secure multi-party computation: Keys stored and used in shares – never explicitly reconstructed

  • Adopt techniques that “heal” the effects of compromise:

    • Proactive security: Shares are periodically refreshed

    • Forward security: Keys are updated regularly such that past keys cannot be computed from current ones

Data protection directions better
Data Protection Directions: “Better”

  • Design new algorithms that are provably less vulnerable to side-channel attacks and other compromises

    • “physically observable cryptography” (Micali, Reyzin)

    • potentially a difficult tradeoff versus conventional attacks

  • Develop new, practical data protection techniques based on other hard problems

    • e.g., only on hash functions

  • Invent something physics-based, e.g., “quantum secret-splitting”?

And that s just the data
And That’s Just the Data …

  • Future networks, with numerous mobile components in ad hoc configurations, will also be at risk to a host of new attacks, e.g.:

    • Routing table corruption, leading to network partition, traffic analysis

    • “Selfish” nodes that expend others’ resources but do not contribute their own

  • Countermeasures here involve a new way of viewing networks, where trust is earned, not assumed (Jakobsson et al.):

    • “Micropayments” as network diagnostics

    • Reputation management

    • Game theory


  • Today’s cryptography and data protection are reasonably strong, but 30 years is a long time

  • Better long-term assurance requires new techniques and methods of analysis

    • An architecture of implicit data built on a foundation of provable algorithms

  • Research challenge is the same as for networks: a roadmap from today’s “gigabit security” into terabits and beyond

Contact information
Contact Information

  • Burt KaliskiVP Research, RSA SecurityChief Scientist, RSA [email protected]://