“We need a PKI where people can specify who they want to trust, and we don’t have that,” said Rivest, another of the co-authors of the RSA algorithm. The recent spate of attacks on CAs such as Comodo, DigiNotar and others has shown the inherent weaknesses in that system and there needs to be some serious work done on what can be done to fix it, they said. One way to help shore up defenses would be to improve–or replace–the existing certificate authority infrastructure, the panelists said. “We need to think about security in a post-cryptography world.” “It’s very hard to use cryptography effectively if you assume an APT is watching everything on a system,” Shamir said. The time, he said, has come for security researchers and others involved in defending networks to look for methods other than cryptography that are capable of securing their sensitive data. Shamir, who shared the panel with Ron Rivest of MIT, Dan Boneh of Stanford University, Whitfield Diffie of ICANN and Ari Juels of RSA Labs, said that the continued assaults on corporate and government networks by sophisticated attackers in recent years has become the most important development in the security world. But recent history has shown us that the APT can survive both of these defenses and operate for several years.” The second was to detect the activity of the APT once it’s there. The first was to prevent the insertion of the APT with antivirus and other defenses. Traditionally we have thought about two lines of defense. “We should rethink how we protect ourselves. In effect, even the most secure computer systems in the most isolated locations have been penetrated over the last couple of years by a series of APTs and other advanced attacks,” Shamir, of the Weizmann Institute of Science in Israel, said during the Cryptographers’ Panel session at the RSA Conference here today. “I definitely believe that cryptography is becoming less important. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a “post-cryptography” world. SAN FRANCISCO–In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are compromised, one of the fathers of public-key cryptography said Tuesday.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |