RSASAN FRANCISCO–In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are compromised, one of the fathers of public-key cryptography said Tuesday. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a “post-cryptography” world.

“I definitely believe that cryptography is becoming less important. In effect, even the most secure computer systems in the most isolated locations have been penetrated over the last couple of years by a series of APTs and other advanced attacks,” Shamir, of the Weizmann Institute of Science in Israel, said during the Cryptographers’ Panel session at the RSA Conference here today.

“We should rethink how we protect ourselves. Traditionally we have thought about two lines of defense. The first was to prevent the insertion of the APT with antivirus and other defenses. The second was to detect the activity of the APT once it’s there. But recent history has shown us that the APT can survive both of these defenses and operate for several years.”

Shamir, who shared the panel with Ron Rivest of MIT, Dan Boneh of Stanford University, Whitfield Diffie of ICANN and Ari Juels of RSA Labs, said that the continued assaults on corporate and government networks by sophisticated attackers in recent years has become the most important development in the security world. The time, he said, has come for security researchers and others involved in defending networks to look for methods other than cryptography that are capable of securing their sensitive data.

“It’s very hard to use cryptography effectively if you assume an APT is watching everything on a system,” Shamir said. “We need to think about security in a post-cryptography world.”

One way to help shore up defenses would be to improve–or replace–the existing certificate authority infrastructure, the panelists said. The recent spate of attacks on CAs such as Comodo, DigiNotar and others has shown the inherent weaknesses in that system and there needs to be some serious work done on what can be done to fix it, they said.

“We need a PKI where people can specify who they want to trust, and we don’t have that,” said Rivest, another of the co-authors of the RSA algorithm. “We really need a PKI that not only is flexible in the sense that the relying party specifies what they trust but also in the sense of being able to tolerate failures, or perhaps government-mandated failures. We still have a very fragile and pollyanna-ish approach to PKI. We need to have a more robust outlook on that.”

Shamir pointed to the incident recently in which TurkTrust, a Turkish CA, was found to have issued subordinate certificates for Google domains to two separate parties, one of which was a Turkish government contractor. He said he wouldn’t be surprised to see other such incidents crop up.

“I think you will see more and more events like this, where a CA under pressure from a government will behave in strange ways,” he said. “It brings into question whether the basis of security, the PKI infrastructure, is under severe strain.”

Categories: Cryptography, Government

Comments (44)

  1. Anonymous
    3

    You would have had a more readable article if you explained what “APT” is supposed to mean somewhere.

  2. johnwerneken
    7

    Perhaps the idea of what we are doing ought to catch up with the facts. Computing resources, connections, and information are on the way to becoming universally available in unlimited quatity at very nearly instant speed at very nearly zero cost. The whole idea that anyone has any ownership or control over anything but their own next action is dead as a dodo, it’s just proped up by our previous experiences that to some extent we used to be able to  will such thinhgs as property, security, and law into existence. Not any more. Get over it.

  3. Atavistic Jones
    8

    Shamir is a brilliant man whose influence on the technology of the modern world is extraordinary, but he is not an application security analyst.

    Crypto is more important, not less.

    Looking at the increasing web app, mobile, and the continued expansion of the usage of wifi and other wireless protocols security wise… crypto is one of the main bulwarks there. More sites are moving to SSL, browsers and servers have strongly tightened security on SSL implementation and this closes down an enormous number of bugs.

    MiTM in the wired world is hard, was hard… MiTM in the wireless world is extremely easy. (Yes, wireless has long been around, but it is now very major and increasingly growing with the explosion of smart phones and tablets.)

    A lot of web app attacks depend on non-SSL sites. Certs increase strongly domain security. (Certs and the strenghening of security in modern browsers by forced exposure of weaknesses through apps like FireSheep.)

     

     

     

  4. Anonymous
    9

    Anyone who doesn’t know what APT means, why are you reading a specialist security-related site in the first place? You sound like people reading a knitting journal who complain they don’t know what casting-off means.

  5. Anonymous
    10

    Fact : Bytes stored are acessible and read and write form everywhere.

    Conclusion : Make these bytes cryptographed,they can copied but they can´t be understood.

    So, why Mr.Shamir advocates less use of crypotgraphy ?

  6. Paul
    12

      Gotta go way back for some of the answers. Can anyone remember “Read Only Chips” ? Read only chips can not be altered, once in place in key security points of a CPU that’s it, no changes unless the chip is physically removed and replaced. R.O.C. can guard incoming and outgoing data on a machine and start a process of copying incoming or outgoing data for review. Firewalls have become so complicated in recent years that they have far too many potential vulnerabilities. Reminds me of another acronym; Keep it Simple…

      Right now there are malware creations out there that keep changing their names as they propagate, definitions are slowly becoming useless, & as this story suggests; encryption is almost useless as well, anything can be cracked or recorded through keylogging etc.

       Some older CPUs can be updated with a RAM that includes a security section of ROC, no CPU will function if it’s RAM shuts down.

      The average home computer user has no idea if they are infected, they have an antivirus and malware program & think all is well, even as their computer slows down and participates in a denial of service attack. The most terrible home user is the one that leaves their system running 24/7. Quickest way to slow malware & virus distribution and associated attacks is for home users to know they should cut power to their PC and/or modem when not in use. Second step for right now, is to limit continuous time online for home users. A lot of damage can be done in an hour, but if the user shuts down their PC for a minute, every hour, some of the more sophisticated attacks can stumble. We gotta think outside of the box and remember to think inside the box as well. Physical blocks inside a machine are just as effective as security programing code, & if combined the 2 will make CrackerHacks very bored.

  7. Anonymous
    13

    Typical statements from a PR conference.

    Crypto is less important for security, but not because it doesn’t matter.

    If the channels were insecure, if there were no TLS, people would say “endpoint security doesn’t matter, we cannot even talk securely!!”. The reason why crypto “does not matter” in system security is because the secure channel is largely solved, and we have libraries today that abstract most of the really hard stuff away. Apart from channels, encryption and signing, there are not many other relevant applications. Hence, the security issues in real world come from building too complex systems that nobody really understands. The software consists 90% of bugs, the information flow within systems is not analyzed and crypto is deployed more or less randomly to “protect” something, somewhere.

    The problem today is not if you use AES-CBC-128 or AES-OCB-256. The problem is what you encrypt, where the key is coming from and what the rest of your system is doing before and after encryption. Still, without that AES-XY, you wouldn’t even get that far.

  8. APT
    14

    To all the people moaning about the failure of the author to spell out to you what APT means… Its a pretty well known term and dare i say it a BUZZ word at the moment with the reports on APT1 in China being released. I would say the author thought that the Acronym would be similar to that of ATM, or SSL or HTTP and did not require a justification seeing as the target audience is meant to be IT Security people.

    As for the person touting fifth grade english and acronyms… If you cant keep up with the content, just head back to cnn.com where the language is kept very simple and all acronyms are defined as they target their articles for reading by a 12 year old.

     

    Good article Dennis, looking forward to hearing what a post Crypto world looks like.

  9. APT
    15

    To all the people moaning about the failure of the author to spell out to you what APT means… Its a pretty well known term and dare i say it a BUZZ word at the moment with the reports on APT1 in China being released. I would say the author thought that the Acronym would be similar to that of ATM, or SSL or HTTP and did not require a justification seeing as the target audience is meant to be IT Security people.

    As for the person touting fifth grade english and acronyms… If you cant keep up with the content, just head back to cnn.com where the language is kept very simple and all acronyms are defined as they target their articles for reading by a 12 year old.

     

    Good article Dennis, looking forward to hearing what a post Crypto world looks like.

  10. Mr10001
    16

    Let’s not forget about Moxie Marlinspike’s Convergence.  This provides us with the option for who (CA) to trust.

    Also, Dan K’s DNSSEC is worth mentioning.

  11. Anonymous
    19

    50% of the problem, to my mind, is the open-loop architecture of the net. That was a big mistake. Part of growing up is learning that nothing can be trusted without authentication (and even then..). An open-loop architecture makes that impossible.

  12. Mustafa Gulmud
    21

    Advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity.(wiki)

  13. Anonymous
    22

    If you don’t known what APT means, then you’ll also have difficulty understanding this article. And if you don’t know how to use Wikipedia or Google, then you’re allready lost.

  14. Anonymous
    27

    Making important files 1TB in size and obfuscating filenames is considered security? I guess the old guard crypto guys are officially out of ideas.

  15. Aineko
    28

    “We need a PKI where people can specify who they want to trust, and we don’t have that,” said Rivest, another of the co-authors of the RSA algorithm.

    Isn’t that what Bitcoin is?

  16. fred
    29

    APT: Association for the Prevention of Torture

    no seriously, Advanced Persistent Threat
    PKI: Public Key Infrastructure
    CA: Certificate Authority

Comments are closed.