It's entirely possible that in the near future, an important new standard of security will have a name that resembles a globally popular lunch sandwich: BLT (bacon, lettuce, tomato).
Right now, the acronym RSA, which provides the name for the most well-known data security company in the world, EMC-owned RSA Security, is the standard for signature algorithms and has been for more than 30 years. It will remain useful for a long while to come, of course, but because everything in the world has a life cycle, its time to retire may be at hand.
BLT, an all-new signature approach created by new-generation security provider Guardtime and named for the initials of its inventors, Ahto Buldas, Risto Laanoja and Ahto Truuis, is a legitimate candidate to replace the RSA secret sauce. The Estonia-based company, which handles security for its home country's government in addition to a number of other high-level clients, released its platform May 22 for worldwide availability.
Deluge of Data a Key Factor
The main factor in this changeover is the number of devices and the overall amount of data that is being created and is moving through the Internet. It's an obvious deluge in 2015 as opposed to the drip-drip-drip of data in the 1980s.
"RSA [created by Ron Rivest, Adi Shamir and Leonard Adleman, who developed the RSA encryption algorithm in 1977 and founded RSA Data Security in 1982] is outdated and cannot scale for the explosion of data or devices we're seeing with IoT [Internet of things], mobile and machine-to-machine IT," Mike Gault, CEO of Guardtime, told eWEEK.
"Most importantly, on the advent of quantum computers, RSA could be rendered completely useless. No practical and scalable alternative for the market exists, until now. BLT provides a scalable, secure alternative to RSA. This is practical for authenticating not only data in motion, but also for data at rest in the cloud or as part of infrastructure."
Gault claims that Guardtime's BLT, which is designed specifically for ensuring the integrity of data and systems at industrial and enterprise scale, eventually will replace RSA for the purposes of authentication and digital signatures, while at the same time making security easier to manage.
Standard Encryption Soon May Be Outdated
RSA's encryption of data using combinations of prime numbers has been the standard for data security for nearly 40 years. It is outlined for mainstream audiences in PBS' 2014 "Nova" segment "Rise of the Hackers."
In contrast to RSA's reliance on asymmetric key cryptography, BLT is based on Guardtime's proprietary quantum-secure Keyless Signature Infrastructure (KSI) IT, which uses only hash-function cryptography. Hash-function cryptography requires no keys and thus no maintenance (issuing, updating or revoking) of keys. As a result, it can scale to protect mass quantities (theoretically exabytes) of data with little overhead, Gault said. It's the very latest data-centric type of security.
An important feature of Guardtime's BLT approach is that time stamp-related notifications are standard. If an intruder were to get access to a data store and even so much as touch any file therein, an administrator is notified immediately. The automation of the BLT software immediately re-secures the store and traps the intruder so that no more files can be compromised.
The KSI blockchain secret sauce is what the company uses to ensure the integrity of digital assets. It can be used to create a hashed signature of a digital asset when it is in a known untouched state. Based on constant monitoring of these time-stamped hashes, the Guardtime BLT system can verify whether that file or other data, operating systems or applications have been handled. Hash signatures are reviewed literally every second, so any changes are caught immediately.
Key Guardtime Features
Other Guardtime features include:
- Simplified revocation management: There is no need to check the certificate validity when verifying signatures, eliminating the need for complicated Certificate Revocation Lists (CRLs).
- Long-term validity: There is no need for periodic re-timestamping of the signatures due to expiring keys—time and integrity of the signature can be proven mathematically without reliance on trusted parties or the security of keys.
- Limited liability: Unlike RSA, BLT signatures cannot be generated offline, removing the potential for unlimited liability in the case of private key theft.
- Quantum immunity: BLT's hash functions cannot be broken using quantum algorithms.
"BLT completely stops current common and uncommon security problems and removes traditional trust anchors with this new signature scheme. It's demonstrating the power of KSI to transform the world's security landscape," Guardtime CTO Matt Johnson told eWEEK. "BLT greatly improves the strength of any signing and authentication process."
Guardtime has partnered with Sweden's Ericsson, which will add the software to a number of its products in the months to come.
Guardtime was founded in 2006 and originally financed privately by Gault, but the company now has other private investors. Gault is a former stock trader who met Estonian security researchers while a graduate student in Japan. He moved to Estonia to help start the company.
The company says its annual revenue has grown in almost quantum fashion, from $100,000 in 2012 to $10 million in 2014. Revenue for the first quarter of this year alone was $20 million, the company claims.