Live at RSA Cryptographers panel

Moderator: Burt Kaliski, Scientist, RSA Laboratories and Director, EMC Innovation Network 10:25 RSA Conference, San Francisco, CA 4/8/2008 Panelists: Whitfield Diffie, Vice President and Fellow Chief Security Officer, Sun Microsystems Martin Hellman, Professor Emeritus of Electrical Engineering, Stanford University Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science, MIT

Moderator: Burt Kaliski, Scientist, RSA Laboratories and Director, EMC Innovation Network 10:25 RSA Conference, San Francisco, CA 4/8/2008

Panelists: Whitfield Diffie, Vice President and Fellow Chief Security Officer, Sun Microsystems Martin Hellman, Professor Emeritus of Electrical Engineering, Stanford University Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science, MIT Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science

WD: [We're seeing a] call to action where there should be a call to question. Instead of a call based on a Cold War approach. The essential problems of building secure crypto systems seem for all practical purposes to be solved. We've worked on it for 80 years. We have a pure barrier objective that stands. On the other hand, Internet security is a mess.

Gossler at Sandia Nat'l labs says the adversary sits on the other side and picks at your infrastructure. In information assurance, the development cycles in years, while opponents work in hours or weeks.

The key question is, Are we going to have to surrender to a great cyber-policing authority or can we come up with individual security methods?

MH: Complacency and the 99.9 percent safe maneuver in a glider. A false confidence that can lead to complacency. The lesson is that humans are not that good at dealing with low-probability events.

Cyber-security is a black swan waiting to happen, referring to the probability of a major cyber-security event that may come in the next several years. We won't know until it happens, but the increased computerization of society increases the devastation these cyber-attacks can cause.

RR: 1. Turing. We owe a debt to Alan Turing for setting up the test that sets the bar for asking of a machine, Are you a human? And for setting out what the ideal security model would be.

2. Hash functions. NIST is wisely running a competition to replace the SHA family of algorithms.

3. Voting. Crytographer is showing its relevance in more ways to, in this case, show that your vote counts. Scantegrity 2, a paper.

On the standards for voting systems, a notion that is relevant to the audience today is a proposal that voting systems be software-independent. A voting system is a software-dependent system that can have a flaw that can bring into question the result. He encourages a software-independent model.

AS: Code making and code breaking. Last year was quite slow. The attack on SHA-1 that was first revealed in RSA 2005, Over

At RSA 2006 it came out that AES encryption on today's PCs is susceptible to cache attack. Starting in 2009, Intel will start to put AES into the chip. There will be four instructions available that will stop software attacks on AES.

For those using RFID cards for transit systems: About two months ago it was announced that these cards, mentioned Boston and London, it's easy to break the crypto and get free rides on these systems.

Blu-ray and HD-DVD: Both systems could be broken but Blu-Ray could be upgraded. ===

Question from BK to MH: You talked about probabilities for events. MH: In looking at nuclear deterrence, we tend to focus on the Maginot Line. We need to think of side channel attacks and timing and power analysis attacks, these went behind the perimeter lines we set up.

Question: Who has the purview to protect against low- to medium-level attacks? WD: There is a lot of talk about end-user education. And that may come from old-timers who talked about security [in terms of keeping] your transmittal documents in a safe. The Sun Niagara chips have the built-in crypto that was mentioned in the Intel chips. Adi: But Intel sells more chips. WD: But whose chips run more instructions at the major Web sites? /Laughter in the audience./

BK: How do we deal with the likely threats of a cyber-attack? The next 30 years of your career in security. Where would you put your research time?

RR: We haven't talked about the kind of information world we want to live in. WD: Genetic engineering, it will transform the world. MH: Security needs to be built in, not grafted on. We need, as a society, we need to say what do we want. If we wanted secure e-mail, that may t-off the spy agencies that are getting info that they want.

BK: closing remarks on how you want to be remembered. WD: For some reason, still optimistic ... our successors are going to get along just fine. The most important development for security, for a commercially usable thing to do, the salary database, but let it run next to other workloads, and so client/server computing made this possible. MH: Expect the unexpected. RR: Will disagree with WD on an earlier point. Cryptography is still early, not solved. We are still early to tie worst-case complexity to likely case. Key goal is still to have a secure platform that is usable and [to work on] user interface. AS: We are doing OK in security, the basic elements are there. We haven't reached nirvana but we have the basics in place. We do need GPS for data so we can locate where data is. There is no silver bullet.

BK: 1024 keys.

AS: I keep predicting but I think the first public-announced factorization in the next five years.

MH: Elliptic curves are the way to go.