Modernizing Authentication — What It Takes to Transform Secure Access
SAN FRANCISCO — A highlight of the RSA Conference is always the cryptographers panel, and the 2017 edition today was no exception. The panel of noted security luminaries discussed the rise of bots and what's wrong with modern security (hint: everything).
While lots of vendors at the RSA conference are talking about machine intelligence, Ron Rivest, the 'R' in RSA, is skeptical it will have any real impact. Rivest said that the only impact he sees is from chat bots that spread disinformation. He added that perhaps other machine intelligence could be used to help sift though the bad bots to find the real information.
Adi Shamir, the 'A' in RSA, figures that the internet as we know it is broken and we should just start over. On a more serious note, Shamir admitted that machine intelligence can be helpful on the defensive side of security. That said, he doubts that machine intelligence can be used offensively to find new zero-day threats.
Where machine intelligence does work is in finding deviations from the norm, as well as in comparing all kinds of strange behaviors to potentially identify issues.
"I think machine intelligence is useful for defense, not offense," Shamir said.
The panel also discussed the role of quantum computing and whether or not it will impact current cryptographic systems. For Shamir, quantum computing is not at the top of his list of worries. He is worried, however, that the RSA algorithm could be broken by a mathematical attack at some point in the next 20 or 30 years.
"I'm not going to lose to much sleep over quantum computing," Shamir said.
Voting integrity discussed
The panel also talked about the integrity of voting systems. Rivest noted that normally the purpose of talking about voting integrity is to convince the loser they lost fair and square, but with the recent US. election, it's the winner that needs to be convinced.
The topic of backdoors was also discussed with Shamir reminding the audience that cryptography doesn't just happen in the U.S.
"Cryptography is an international game," Shamir said. "It might be strongly influenced by the U.S., but it's not uniquely American."
IoT security challenges
Looking forward, Shamir sees some real risks in the Internet of Things. He noted that he's working on a presentation now where he intends to show how malware can jump from one internet-connected lightbulb to another, with the ability to infect a large population rapidly.
"The government should not allow devices that aren't sufficiently secured to be connected to the public internet," Shamir said.
Whitfield (Whit) Diffie is even less optimistic than his peers about the modern state of security.
"I think we're doing everything wrong," Diffie said. "If the resources spent on virus screening were spent on improving the logical functioning of devices, which is about improving programming, we'd get much better results."
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.