Demo 2006: At the close of Demo, John Patrick led a discussion on the state of security with Partha Dasgupta, an associate professor at Arizona State University specializing in cryptography; Hillarie Orman, chief technology officer & VP of engineering, Shinkuro, Inc., and Charles Palmer of IBM Research.
All of the panelists agreed that security problems aren't going away any time soon. Dasgupta called cybersecurity a "gloomy business." Not all computer users today can be knowledgeable about computers and security. "Some products and techniques are bringing security downt to the mainstream to protect people who can't protect themselves. "It's a cat and mouse game, but we need to bring it to level we can live with it," Dasgupta said.
"The Internet is incredibly vulnerable and incredibly big. We have a tolerable state of security, but it's not a particularly good state of security in any sense," Orman said.
John Patrick, Partha Dasgupta, Hillarie Orman and Charles Palmer
Palmer contended that because computers weren't build with security in mind, we are paying for it with "band-aids and patch and pray." In addition, what began as a kind of hacker joyriding has turned into a money game. "The Internet is where the money is," he said. No kidding.
Current technolgies for authentication are based on shared secrets, such as social security numbers and passwords. "The information will leak regardless of how secure banks and commerce site are," Dasgupta noted. He pointed to the use of PKI and smart cards as a way to improve security. "Information never escapes from a smart card--it's about a trillon times harder to steal."
However, financial institutions are resisting a move to smart cards, in part because they don't want to admit they made a mistake and due to cost and complexity of deployment, Dasgupta said. Instead corporations spend more time protecting their perimeters with all kinds of tools, but it's clearly not as effective as it needs to be.
Hardware-based security, such as TPM from the Trusted Computing Platform and Copilot, will have some impact, although the protocol stacks are extremely complicated, which can be a problem, Dasgupta said. Virtual machines can also prevent operating system corruption.
Dasgupta also maintained that teaching programming students how to write safe code isn't done today, which contributes to the overall problem.
Orman said that computer security started with a trusted operating system and that's where it will return. "All code is evil. You have to separate data and protect it. Trusted operating systems will come around again for high value applications, but the really interesting thing over my career is to see how much economics influences security. You can have all the research in the world but it won't come into to being if there isn't an economic incentive."
One problem is that secure operating systems develop at a slower pace than their mainstream cousins--by the time a secure OS is ready for prime time, it is incompatible with applications. For example, the NSA has a hardened version of Linux, but it doesn't track with the pace of innovation in the Linux community, Orman said. She added that when device physicists reach a plateau, and hit the wall of Moore's Law, it will be an opportunity for a secure OS to come into being. Of course, that could be a decade or more in the future. Palmer noted that doing operating systems on a small scale, such as for smart cards, at least helps solve identity fraud problem.
Smart card are not invulnerable, however. Timing and radiation attacks on the physical devices can be used to extract data, which is a concern for high value transactions, the panelists said.
The panelists were also asked if they thought the NSA could crack 128-bit encryption. Dasgupta said that the answer isn't known, but that the government is upset with technologies like Skype and other services, such as email, that can use encryption. Orman said that using brute force computing for a year to break 128-bit symmetrical key would take all the energy of the Sun that hits the earth in a year. Not practical, in other words. "The management of the keys, not cryptography, is the challenge," she said.
Other forms of security, such as biometrics came up. Fingerprint is the dominant biometric method. Orman joked (maybe she was serious) with the crowd that pineapple juice can remove fingerprints, and to avoid it. One way to improve fingerprint recognition, which can be beaten by taking the minutae of an imprint (measurements) and working backwards to create a fake finger, would be to have different versions of a fingerprint at different places, Palmer said. Another authentication approach is voice recognition--saying phrases that all the time, or using handwriting input in a similar way. Face recognition and even hand vein patterns are also possiblities, but are not yet mature.
Stay tuned for the RSA security conference next week if you really want to dig into the topic...