Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Reviews

    Live at RSA Cryptographers panel

    By
    Cameron Sturdevant
    -
    April 8, 2008
    Share
    Facebook
    Twitter
    Linkedin

      Moderator: Burt Kaliski, Scientist, RSA Laboratories and Director, EMC Innovation Network 10:25 RSA Conference, San Francisco, CA 4/8/2008

      Panelists: Whitfield Diffie, Vice President and Fellow Chief Security Officer, Sun Microsystems Martin Hellman, Professor Emeritus of Electrical Engineering, Stanford University Ronald Rivest, Viterbi Professor of Electrical Engineering and Computer Science, MIT Adi Shamir, Professor, Computer Science Department, Weizmann Institute of Science

      WD: [We’re seeing a] call to action where there should be a call to question. Instead of a call based on a Cold War approach. The essential problems of building secure crypto systems seem for all practical purposes to be solved. We’ve worked on it for 80 years. We have a pure barrier objective that stands. On the other hand, Internet security is a mess.

      Gossler at Sandia Nat’l labs says the adversary sits on the other side and picks at your infrastructure. In information assurance, the development cycles in years, while opponents work in hours or weeks.

      The key question is, Are we going to have to surrender to a great cyber-policing authority or can we come up with individual security methods?

      MH: Complacency and the 99.9 percent safe maneuver in a glider. A false confidence that can lead to complacency. The lesson is that humans are not that good at dealing with low-probability events.

      Cyber-security is a black swan waiting to happen, referring to the probability of a major cyber-security event that may come in the next several years. We won’t know until it happens, but the increased computerization of society increases the devastation these cyber-attacks can cause.

      RR: 1. Turing. We owe a debt to Alan Turing for setting up the test that sets the bar for asking of a machine, Are you a human? And for setting out what the ideal security model would be.

      2. Hash functions. NIST is wisely running a competition to replace the SHA family of algorithms.

      3. Voting. Crytographer is showing its relevance in more ways to, in this case, show that your vote counts. Scantegrity 2, a paper.

      On the standards for voting systems, a notion that is relevant to the audience today is a proposal that voting systems be software-independent. A voting system is a software-dependent system that can have a flaw that can bring into question the result. He encourages a software-independent model.

      AS: Code making and code breaking. Last year was quite slow. The attack on SHA-1 that was first revealed in RSA 2005, Over

      At RSA 2006 it came out that AES encryption on today’s PCs is susceptible to cache attack. Starting in 2009, Intel will start to put AES into the chip. There will be four instructions available that will stop software attacks on AES.

      For those using RFID cards for transit systems: About two months ago it was announced that these cards, mentioned Boston and London, it’s easy to break the crypto and get free rides on these systems.

      Blu-ray and HD-DVD: Both systems could be broken but Blu-Ray could be upgraded. ===

      Question from BK to MH: You talked about probabilities for events. MH: In looking at nuclear deterrence, we tend to focus on the Maginot Line. We need to think of side channel attacks and timing and power analysis attacks, these went behind the perimeter lines we set up.

      Question: Who has the purview to protect against low- to medium-level attacks? WD: There is a lot of talk about end-user education. And that may come from old-timers who talked about security [in terms of keeping] your transmittal documents in a safe. The Sun Niagara chips have the built-in crypto that was mentioned in the Intel chips. Adi: But Intel sells more chips. WD: But whose chips run more instructions at the major Web sites? /Laughter in the audience./

      BK: How do we deal with the likely threats of a cyber-attack? The next 30 years of your career in security. Where would you put your research time?

      RR: We haven’t talked about the kind of information world we want to live in. WD: Genetic engineering, it will transform the world. MH: Security needs to be built in, not grafted on. We need, as a society, we need to say what do we want. If we wanted secure e-mail, that may t-off the spy agencies that are getting info that they want.

      BK: closing remarks on how you want to be remembered. WD: For some reason, still optimistic … our successors are going to get along just fine. The most important development for security, for a commercially usable thing to do, the salary database, but let it run next to other workloads, and so client/server computing made this possible. MH: Expect the unexpected. RR: Will disagree with WD on an earlier point. Cryptography is still early, not solved. We are still early to tie worst-case complexity to likely case. Key goal is still to have a secure platform that is usable and [to work on] user interface. AS: We are doing OK in security, the basic elements are there. We haven’t reached nirvana but we have the basics in place. We do need GPS for data so we can locate where data is. There is no silver bullet.

      BK: 1024 keys.

      AS: I keep predicting but I think the first public-announced factorization in the next five years.

      MH: Elliptic curves are the way to go.

      Avatar
      Cameron Sturdevant
      Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at [email protected]

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×