120 likes | 247 Views
Approach. Looking toward future generations of information technology
E N D
1. Network Encryption: Long-Term Challenges Burt Kaliski, RSA Security, Sept. 8, 2004, Terabit Networking Forum
2. Approach Looking toward future generations of information technology – 30-year timeframe
Cryptography, network security grow in importance as essential building blocks
Challenges lie ahead – what can we do?
Two kinds of solution to consider:
“Easy”: apply current knowledge to alleviate problems
“Better”: discover new knowledge that overcomes them
3. Challenge #1: No Algorithm Is Safe Today’s algorithms remain secure for 30+ years against known attacks on classical computers, with sufficiently large keys
The risk: unknown attacks and quantum computers
Quantum computers would break today’s number-theoretic public-key cryptography; halve effective key size of secret-key algorithms
Unknown attacks could have equally dramatic effect
Key problem: With a few exceptions, no algorithms are proven secure unconditionally
4. Algorithm Directions: “Easy” Employ multiple algorithms based on different hard problems
Presumably less likely all to fall at once
Deploy secret-key-only architectures where feasible
Adopt Merkle hash signatures
(2.) and (3.) reduce the dependence on number-theoretic public-key cryptography, which is riskiest against quantum computers
However, no assurance that specific secret-key algorithms and hash functions resist specific quantum (or classical) attacks
Introduce quantum cryptography as an extra layer of protection
But limited to link encryption with photon transmission
5. Algorithm Directions: “Better” Develop alternative algorithms based on different hard problems
A broader portfolio against attack
But involves a long testing process – few hard problems have survived last 30 years
Find new algorithms that are provably resistant to attack – or fully prove strength of existing ones
Requires major breakthroughs in computational complexity theory
e.g., lower bounds for integer factoring
Invent quantum or other form of cryptography that isn’t limited to photon transmission, e.g., “RF quantum”?
Assumes new results in physics
6. Challenge #2: No Data Is Safe Data and keys can be reasonably well protected today against compromise with trusted hardware, software
The risk: Attacks are becoming more sophisticated, and usability competes with security
Side-channel analysis can expose keys in many implementations
Availability requirements often encourage multiple copies of data
Key problem: Security architectures today generally based around explicit data and keys
Each instance an opportunity for compromise
7. Data Protection Directions: “Easy” Build implementations of existing algorithms to address side-channel attacks — not just for speed & space
Employ architectures based on implicit data and keys:
Secret splitting: Data stored in n shares, k required to reconstruct
Distributed cryptography and secure multi-party computation: Keys stored and used in shares – never explicitly reconstructed
Adopt techniques that “heal” the effects of compromise:
Proactive security: Shares are periodically refreshed
Forward security: Keys are updated regularly such that past keys cannot be computed from current ones
8. Data Protection Directions: “Better” Design new algorithms that are provably less vulnerable to side-channel attacks and other compromises
“physically observable cryptography” (Micali, Reyzin)
potentially a difficult tradeoff versus conventional attacks
Develop new, practical data protection techniques based on other hard problems
e.g., only on hash functions
Invent something physics-based, e.g., “quantum secret-splitting”?
9. And That’s Just the Data … Future networks, with numerous mobile components in ad hoc configurations, will also be at risk to a host of new attacks, e.g.:
Routing table corruption, leading to network partition, traffic analysis
“Selfish” nodes that expend others’ resources but do not contribute their own
Countermeasures here involve a new way of viewing networks, where trust is earned, not assumed (Jakobsson et al.):
“Micropayments” as network diagnostics
Reputation management
Game theory
10. Summary Today’s cryptography and data protection are reasonably strong, but 30 years is a long time
Better long-term assurance requires new techniques and methods of analysis
An architecture of implicit data built on a foundation of provable algorithms
Research challenge is the same as for networks: a roadmap from today’s “gigabit security” into terabits and beyond
11. Contact Information Burt KaliskiChief Scientist, RSA SecurityDirector, RSA Laboratoriesbkaliski@rsasecurity.comhttp://www.rsasecurity.com/