Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Reviews

    Live at RSA Cryptographers panel

    By
    Cameron Sturdevant
    -
    April 8, 2008
    Share
    Facebook
    Twitter
    Linkedin

      Moderator: Burt Kaliski, Scientist, RSA Laboratories and Director, EMC Innovation Network 10:25 RSA Conference, San Francisco, CA 4/8/2008

      Panelists: Whitfield Diffie, Vice President and Fellow Chief Security Officer, Sun Microsystems Martin Hellman, Professor Emeritus of Electrical Engineering, Stanford University Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science, MIT Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science

      WD: [We’re seeing a] call to action where there should be a call to question. Instead of a call based on a Cold War approach. The essential problems of building secure crypto systems seem for all practical purposes to be solved. We’ve worked on it for 80 years. We have a pure barrier objective that stands. On the other hand, Internet security is a mess.

      Gossler at Sandia Nat’l labs says the adversary sits on the other side and picks at your infrastructure. In information assurance, the development cycles in years, while opponents work in hours or weeks.

      The key question is, Are we going to have to surrender to a great cyber-policing authority or can we come up with individual security methods?

      MH: Complacency and the 99.9 percent safe maneuver in a glider. A false confidence that can lead to complacency. The lesson is that humans are not that good at dealing with low-probability events.

      Cyber-security is a black swan waiting to happen, referring to the probability of a major cyber-security event that may come in the next several years. We won’t know until it happens, but the increased computerization of society increases the devastation these cyber-attacks can cause.

      RR: 1. Turing. We owe a debt to Alan Turing for setting up the test that sets the bar for asking of a machine, Are you a human? And for setting out what the ideal security model would be.

      2. Hash functions. NIST is wisely running a competition to replace the SHA family of algorithms.

      3. Voting. Crytographer is showing its relevance in more ways to, in this case, show that your vote counts. Scantegrity 2, a paper.

      On the standards for voting systems, a notion that is relevant to the audience today is a proposal that voting systems be software-independent. A voting system is a software-dependent system that can have a flaw that can bring into question the result. He encourages a software-independent model.

      AS: Code making and code breaking. Last year was quite slow. The attack on SHA-1 that was first revealed in RSA 2005, Over

      At RSA 2006 it came out that AES encryption on today’s PCs is susceptible to cache attack. Starting in 2009, Intel will start to put AES into the chip. There will be four instructions available that will stop software attacks on AES.

      For those using RFID cards for transit systems: About two months ago it was announced that these cards, mentioned Boston and London, it’s easy to break the crypto and get free rides on these systems.

      Blu-ray and HD-DVD: Both systems could be broken but Blu-Ray could be upgraded. ===

      Question from BK to MH: You talked about probabilities for events. MH: In looking at nuclear deterrence, we tend to focus on the Maginot Line. We need to think of side channel attacks and timing and power analysis attacks, these went behind the perimeter lines we set up.

      Question: Who has the purview to protect against low- to medium-level attacks? WD: There is a lot of talk about end-user education. And that may come from old-timers who talked about security [in terms of keeping] your transmittal documents in a safe. The Sun Niagara chips have the built-in crypto that was mentioned in the Intel chips. Adi: But Intel sells more chips. WD: But whose chips run more instructions at the major Web sites? /Laughter in the audience./

      BK: How do we deal with the likely threats of a cyber-attack? The next 30 years of your career in security. Where would you put your research time?

      RR: We haven’t talked about the kind of information world we want to live in. WD: Genetic engineering, it will transform the world. MH: Security needs to be built in, not grafted on. We need, as a society, we need to say what do we want. If we wanted secure e-mail, that may t-off the spy agencies that are getting info that they want.

      BK: closing remarks on how you want to be remembered. WD: For some reason, still optimistic … our successors are going to get along just fine. The most important development for security, for a commercially usable thing to do, the salary database, but let it run next to other workloads, and so client/server computing made this possible. MH: Expect the unexpected. RR: Will disagree with WD on an earlier point. Cryptography is still early, not solved. We are still early to tie worst-case complexity to likely case. Key goal is still to have a secure platform that is usable and [to work on] user interface. AS: We are doing OK in security, the basic elements are there. We haven’t reached nirvana but we have the basics in place. We do need GPS for data so we can locate where data is. There is no silver bullet.

      BK: 1024 keys.

      AS: I keep predicting but I think the first public-announced factorization in the next five years.

      MH: Elliptic curves are the way to go.

      Cameron Sturdevant
      Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at [email protected]

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×