Adi Shamir, the “S” in “RSA,” thinks conventional cryptography is no longer good enough to defend against advanced threats. The current crop of “advanced persistent threats” have gotten too good at doing an end run around modern cryptographic security measures, and it’s time to find a new way of defending against them.
Shamir’s proposed solutions are along the lines of better PKI or fixing the security holes commonly referred to as “certificate authorities.” I think that’s a band-aid on a chest wound. If cryptography has turned into the trap that I’ve long suspected it to be, the real solution is an entirely new defensive paradigm.
(Obligatory: “Like security measures that people actually understand.” Whether that means simpler security or better educated people is up to the implementer.)
” Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a “post-cryptography” world.
“I definitely believe that cryptography is becoming less important. In effect, even the most secure computer systems in the most isolated locations have been penetrated over the last couple of years by a series of APTs and other advanced attacks,” Shamir, of the Weizmann Institute of Science in Israel, said during the Cryptographers’ Panel session at the RSA Conference here today.
“We should rethink how we protect ourselves. Traditionally we have thought about two lines of defense. The first was to prevent the insertion of the APT with antivirus and other defenses. The second was to detect the activity of the APT once it’s there. But recent history has shown us that the APT can survive both of these defenses and operate for several years.”[…]
“It’s very hard to use cryptography effectively if you assume an APT is watching everything on a system,” Shamir said. “We need to think about security in a post-cryptography world.”
One way to help shore up defenses would be to improve–or replace–the existing certificate authority infrastructure, the panelists said. The recent spate of attacks on CAs such as Comodo, DigiNotar and others has shown the inherent weaknesses in that system and there needs to be some serious work done on what can be done to fix it, they said.
“We need a PKI where people can specify who they want to trust, and we don’t have that,” said Rivest, another of the co-authors of the RSA algorithm. “We really need a PKI that not only is flexible in the sense that the relying party specifies what they trust but also in the sense of being able to tolerate failures, or perhaps government-mandated failures. We still have a very fragile and pollyanna-ish approach to PKI. We need to have a more robust outlook on that.”
Shamir pointed to the incident recently in which TurkTrust, a Turkish CA, was found to have issued subordinate certificates for Google domains to two separate parties, one of which was a Turkish government contractor. He said he wouldn’t be surprised to see other such incidents crop up.
“I think you will see more and more events like this, where a CA under pressure from a government will behave in strange ways,” he said. “It brings into question whether the basis of security, the PKI infrastructure, is under severe strain.””