RSASAN FRANCISCO–In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are compromised, one of the fathers of public-key cryptography said Tuesday. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a “post-cryptography” world.

“I definitely believe that cryptography is becoming less important. In effect, even the most secure computer systems in the most isolated locations have been penetrated over the last couple of years by a series of APTs and other advanced attacks,” Shamir, of the Weizmann Institute of Science in Israel, said during the Cryptographers’ Panel session at the RSA Conference here today.

“We should rethink how we protect ourselves. Traditionally we have thought about two lines of defense. The first was to prevent the insertion of the APT with antivirus and other defenses. The second was to detect the activity of the APT once it’s there. But recent history has shown us that the APT can survive both of these defenses and operate for several years.”

Shamir, who shared the panel with Ron Rivest of MIT, Dan Boneh of Stanford University, Whitfield Diffie of ICANN and Ari Juels of RSA Labs, said that the continued assaults on corporate and government networks by sophisticated attackers in recent years has become the most important development in the security world. The time, he said, has come for security researchers and others involved in defending networks to look for methods other than cryptography that are capable of securing their sensitive data.

“It’s very hard to use cryptography effectively if you assume an APT is watching everything on a system,” Shamir said. “We need to think about security in a post-cryptography world.”

One way to help shore up defenses would be to improve–or replace–the existing certificate authority infrastructure, the panelists said. The recent spate of attacks on CAs such as Comodo, DigiNotar and others has shown the inherent weaknesses in that system and there needs to be some serious work done on what can be done to fix it, they said.

“We need a PKI where people can specify who they want to trust, and we don’t have that,” said Rivest, another of the co-authors of the RSA algorithm. “We really need a PKI that not only is flexible in the sense that the relying party specifies what they trust but also in the sense of being able to tolerate failures, or perhaps government-mandated failures. We still have a very fragile and pollyanna-ish approach to PKI. We need to have a more robust outlook on that.”

Shamir pointed to the incident recently in which TurkTrust, a Turkish CA, was found to have issued subordinate certificates for Google domains to two separate parties, one of which was a Turkish government contractor. He said he wouldn’t be surprised to see other such incidents crop up.

“I think you will see more and more events like this, where a CA under pressure from a government will behave in strange ways,” he said. “It brings into question whether the basis of security, the PKI infrastructure, is under severe strain.”

Categories: Cryptography, Government

Comments (44)

  1. Anonymous
    3

    You would have had a more readable article if you explained what “APT” is supposed to mean somewhere.

  2. johnwerneken
    7

    Perhaps the idea of what we are doing ought to catch up with the facts. Computing resources, connections, and information are on the way to becoming universally available in unlimited quatity at very nearly instant speed at very nearly zero cost. The whole idea that anyone has any ownership or control over anything but their own next action is dead as a dodo, it’s just proped up by our previous experiences that to some extent we used to be able to  will such thinhgs as property, security, and law into existence. Not any more. Get over it.

  3. Atavistic Jones
    8

    Shamir is a brilliant man whose influence on the technology of the modern world is extraordinary, but he is not an application security analyst.

    Crypto is more important, not less.

    Looking at the increasing web app, mobile, and the continued expansion of the usage of wifi and other wireless protocols security wise… crypto is one of the main bulwarks there. More sites are moving to SSL, browsers and servers have strongly tightened security on SSL implementation and this closes down an enormous number of bugs.

    MiTM in the wired world is hard, was hard… MiTM in the wireless world is extremely easy. (Yes, wireless has long been around, but it is now very major and increasingly growing with the explosion of smart phones and tablets.)

    A lot of web app attacks depend on non-SSL sites. Certs increase strongly domain security. (Certs and the strenghening of security in modern browsers by forced exposure of weaknesses through apps like FireSheep.)

     

     

     

  4. Anonymous
    9

    Anyone who doesn’t know what APT means, why are you reading a specialist security-related site in the first place? You sound like people reading a knitting journal who complain they don’t know what casting-off means.

  5. Anonymous
    10

    Fact : Bytes stored are acessible and read and write form everywhere.

    Conclusion : Make these bytes cryptographed,they can copied but they can´t be understood.

    So, why Mr.Shamir advocates less use of crypotgraphy ?

  6. Paul
    12

      Gotta go way back for some of the answers. Can anyone remember “Read Only Chips” ? Read only chips can not be altered, once in place in key security points of a CPU that’s it, no changes unless the chip is physically removed and replaced. R.O.C. can guard incoming and outgoing data on a machine and start a process of copying incoming or outgoing data for review. Firewalls have become so complicated in recent years that they have far too many potential vulnerabilities. Reminds me of another acronym; Keep it Simple…

      Right now there are malware creations out there that keep changing their names as they propagate, definitions are slowly becoming useless, & as this story suggests; encryption is almost useless as well, anything can be cracked or recorded through keylogging etc.

       Some older CPUs can be updated with a RAM that includes a security section of ROC, no CPU will function if it’s RAM shuts down.

      The average home computer user has no idea if they are infected, they have an antivirus and malware program & think all is well, even as their computer slows down and participates in a denial of service attack. The most terrible home user is the one that leaves their system running 24/7. Quickest way to slow malware & virus distribution and associated attacks is for home users to know they should cut power to their PC and/or modem when not in use. Second step for right now, is to limit continuous time online for home users. A lot of damage can be done in an hour, but if the user shuts down their PC for a minute, every hour, some of the more sophisticated attacks can stumble. We gotta think outside of the box and remember to think inside the box as well. Physical blocks inside a machine are just as effective as security programing code, & if combined the 2 will make CrackerHacks very bored.

  7. Anonymous
    13

    Typical statements from a PR conference.

    Crypto is less important for security, but not because it doesn’t matter.

    If the channels were insecure, if there were no TLS, people would say “endpoint security doesn’t matter, we cannot even talk securely!!”. The reason why crypto “does not matter” in system security is because the secure channel is largely solved, and we have libraries today that abstract most of the really hard stuff away. Apart from channels, encryption and signing, there are not many other relevant applications. Hence, the security issues in real world come from building too complex systems that nobody really understands. The software consists 90% of bugs, the information flow within systems is not analyzed and crypto is deployed more or less randomly to “protect” something, somewhere.

    The problem today is not if you use AES-CBC-128 or AES-OCB-256. The problem is what you encrypt, where the key is coming from and what the rest of your system is doing before and after encryption. Still, without that AES-XY, you wouldn’t even get that far.

  8. APT
    14

    To all the people moaning about the failure of the author to spell out to you what APT means… Its a pretty well known term and dare i say it a BUZZ word at the moment with the reports on APT1 in China being released. I would say the author thought that the Acronym would be similar to that of ATM, or SSL or HTTP and did not require a justification seeing as the target audience is meant to be IT Security people.

    As for the person touting fifth grade english and acronyms… If you cant keep up with the content, just head back to cnn.com where the language is kept very simple and all acronyms are defined as they target their articles for reading by a 12 year old.

     

    Good article Dennis, looking forward to hearing what a post Crypto world looks like.

  9. APT
    15

    To all the people moaning about the failure of the author to spell out to you what APT means… Its a pretty well known term and dare i say it a BUZZ word at the moment with the reports on APT1 in China being released. I would say the author thought that the Acronym would be similar to that of ATM, or SSL or HTTP and did not require a justification seeing as the target audience is meant to be IT Security people.

    As for the person touting fifth grade english and acronyms… If you cant keep up with the content, just head back to cnn.com where the language is kept very simple and all acronyms are defined as they target their articles for reading by a 12 year old.

     

    Good article Dennis, looking forward to hearing what a post Crypto world looks like.

  10. Mr10001
    16

    Let’s not forget about Moxie Marlinspike’s Convergence.  This provides us with the option for who (CA) to trust.

    Also, Dan K’s DNSSEC is worth mentioning.

  11. Anonymous
    19

    50% of the problem, to my mind, is the open-loop architecture of the net. That was a big mistake. Part of growing up is learning that nothing can be trusted without authentication (and even then..). An open-loop architecture makes that impossible.

  12. Mustafa Gulmud
    21

    Advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity.(wiki)

  13. Anonymous
    22

    If you don’t known what APT means, then you’ll also have difficulty understanding this article. And if you don’t know how to use Wikipedia or Google, then you’re allready lost.

  14. Anonymous
    27

    Making important files 1TB in size and obfuscating filenames is considered security? I guess the old guard crypto guys are officially out of ideas.

  15. Aineko
    28

    “We need a PKI where people can specify who they want to trust, and we don’t have that,” said Rivest, another of the co-authors of the RSA algorithm.

    Isn’t that what Bitcoin is?

  16. fred
    29

    APT: Association for the Prevention of Torture

    no seriously, Advanced Persistent Threat
    PKI: Public Key Infrastructure
    CA: Certificate Authority

  17. Anonymous
    31

    I was wondering the same thing. How do “journalists” not know basic English? If you use an acronym you must define it in its first use. Rule number one when using acronyms. Freakin’ fifth grade English for crying out loud!

  18. Anonymous
    33

    Yes, I don’t agree with the article either.

    So it seems to suggest that, because it’s becoming more difficult to protect our data, we simply shouldn’t bother?

    Would this logic apply to e-commerce too? Simply get rid of encrypted credit card transfers entirely?

  19. Anonymous
    36

    Nothing at all anymore.  It used to be a nation state actor (aka China), but now it means nothing since people like this just co-opt any term to sell their ineffective technology solutions

  20. Anonymous
    38

    It captures the Zeitgeist perfectly. Always be afraid. Of an unknown threat (opaque acronym).

  21. Anonymous
    39

    What they’re saying is that crypto alone is not enough. States are becoming able to crack security and steal private keys, and also undermine the certificate authority structure.

    What they managed to say without saying is that things need to move to a web-of-trust or P2P model, like Bitcoin, where states have no way of attacking the infrastructure itself.

  22. Mustafa Gulmud
    41

    Advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. (wiki)

  23. rambilly
    42

    that’s retarded – good writing is good writing so defining an acronym is a 5th grade skill as someone mentioned. I have worked on a number of security initiatives but did not know what APT meant…

  24. Anonymous
    43

    Unless of course you’re Chinese or Iranian in which case it’s a codeword meaning “USA”

  25. Anonymous
    44

    In a public-key cryptography system, the private key is kept SECRET by the owner, who then publishes his public key through a certificate authority (CA). The CA essentially provides (identity, public key) pairs, where this value is signed with the private key of the CA, and can be checked using the “well-known” corresponding CA public key. To look up someone’s public key, I send the CA a request, which he answers with a signed message, which I then check the signature on.

    This reasoning indicates at least two weaknesses centered on the comprimisability of the CA:

    1. If an attacker learns the CA’s private key, he can forge signed (identity, public key) pairs which will look like they are signed by the CA, and thus spread false public key records.
    2. If an attacker somehow makes the CA change the public key record for entity X to  ”forged_key” whose private key is compromised, he can use forged_key to impersonate entity X; this is essentially the same result as the above attack except that the CA may have a record of the forged key.

Comments are closed.