With cyber attackers wreaking havoc with everything from national elections to cryptocurrencies, the net effect has been to undermine once widely-held assumptions about what technologies people can truly trust. Technology advances now under development may ultimately help restore a lost sense of confidence but leading figures in the cryptography world say it’s still going to take more time.
“Trust implies believing in something without verifying,” said Paul Kocher, the president and chief scientist of Cryptography Research, Inc. during a wide-ranging discussion at the RSA Conference with fellow cryptographers on the latest trends affecting their field, from voting security to homomorphic encryption to government policy.
For Kocher and his colleagues, the only certainty on the horizon – was more uncertainty. At least for the near-term.
“We’re in for an interesting time,” Kocher said, “and we don’t know how it will play out.”
Just how interesting was left up to fellow panelist Whitfield Diffie, one of the pioneers of public-key cryptography, who mused that a couple of centuries ago, people had more privacy than nowadays. Diffie further raised the prospect of the mainstreaming of computer brain interfaces in a dystopian future in which someone’s personal thoughts would be subject for examination by any authority armed with a court order.
One of the legendary figures in the field of contemporary cryptography, Diffie has a reputation for being an iconoclast and he may have exaggerated for effect. But there was no disguising his frustration at recent government actions taken that Diffie felt undermine the public’s trust in technology. For instance, a bill passed into law last December in Australia calls on providers to insert surveillance backdoors into their software, thus allowing the authorities to monitor private conversations.
The controversy did provide a great line from Prime Minister Malcolm Turnbull to the effect that while the laws of mathematics “are very commendable,” the only law that apply in Australia is the law of Australia.
Technology advances now under development may ultimately help restore a lost sense of confidence but leading figures in the cryptography world say it’s still going to take more time.
"If you extend this to physics,” Diffie joked, “they could ban fission and ensure they are safe from nuclear weapons, or ban certain chemical reactions and solve their global warming problem. It's a step that isn't going to be productive."
Ronald Rivest, a professor at the Massachusetts Institute of Technology and one of the inventors of the RSA algorithm said the concept of trust and trustworthiness is bound up with technology performing properly when it comes to maintaining faith in the fair outcome elections.
“The public needs to believe that technology is doing the right thing,” he said.
“Voting is essential to this democracy and we have to make sure we’re doing it right,” said Rivest. “In 2000, we learned that the voting system is fragile. In 2016, we learned we have adversaries, who are ready to mess with our system.”
When MIT professor Zulfikar Ramzan, who moderated the panel, wondered how long it would take for the general public to gain trust in the torrent of algorithms now flooding into the market, Tal Rabin, named as the latest recipient of RSA’s Annual Award for Excellence in the Field of Mathematics, offered a pithy response: For different technologies, there will be different wait times.
She pointed to the example of Bitcoin, a crypto currency that enjoyed relatively immediate adoption. Yet at the same time, Rabin noted there were far more examples of technologies that developed over decades but only now are getting deployed.
“Things have taken time to move from the theory to the practice, she said.
And even then, there are setbacks that can shake the public’s trust in the technology. Rabin mentioned recent attacks where cyber criminals were able to hack blockchains, something that was once thought to be all but impossible. Since the start of 2017, it’s estimated that hackers have stolen nearly $2 billion worth of cryptocurrency, largely from exchanges.
“Is it something that should deter us from these technologies? Maybe we need to move into more advanced type of blockchains as a way of closing off these types of attacks,” she said. “Going forward, we will see blockchains and crypto currency being more adaptive…. New blockchains will have capabilities in them so we can move to a new era of cryptocurrencies.”
To be sure, the news items coming off the transom that draw the most public attention are the ones that scream. And as Kocher noted at the end of the session, bad things happen quickly but good things take enormous effort and time.
“These things are hard,” he said. “A lot of us are used to working on ‘internet company time’ but these initiatives are measured in decades. They are incredibly important and they are moving forward.”
In other words, for each one step back, it’s still two steps forward.
ISTR Volume 24 is here, providing insights into global threat activity, cyber criminal trends, attacker motivations, and other happenings in the threat landscape in 2018.
Describing the scope of the current cyber threat landscape as “unparalleled,” Christopher Wray makes pitch for greater pooling of resources
We encourage you to share your thoughts on your favorite social platform.