Bill Roth, Ulitzer Editor-at-Large

Bill Roth

Subscribe to Bill Roth: eMailAlertsEmail Alerts
Get Bill Roth: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Related Topics: Security Journal, SOA & WOA Magazine

Security Journal: Article

Cloud Computing: RSA Conference 2011: Cryptography Panel

Diffie Calls for NSA Open-ness

In a nearly full conference hall, the Tuesday morning RSA 2011 keynotes included talks from EMC, VMWare and Symantec, and an all-star cryptography panel, where an impassioned plea was made for more openness from the National Security Agency.  The panel started by opening remarks by Ari Juels, Director of RSA Labs, who asked as a moderator. The main theme was the the history of the first modern cipher, the Data Encryption Standard, or DES. The back-story on this algorithm is that it was government standard, and was widely believed to have been modified to have a backdoor so that it was easily broken into by the US Government.

The panel included Martin Hellman and Whitefield Diffie, two important figures in public-key cryptography. Ron Rivest, the R in RSA, was also on the panel, as was a government cryptographer from the NSA. The early parts of the panel was a discussion on how the early days of cryptography had assisted their all careers.

While there was a lot of mathematical history, the interesting point in the panel is when Diffie brought up the "crypto-politics". Diffie, who sports long hair and has a vague resemblance to Kenny Rogers, said he believed  that the NSA (and IBM) could not be trusted to build a national standard algorithm without a back-door. It was pointed out that the initial algorithm was only slated to last for 10-15 years, but that the designers misjudged how the algorithm would be used in the commercial world, and how they would have to deal with the "legacy" issues. The algorithm was originally intended for government and military use.

One of the fascinating aspects of the RSA Conference is that they audience of an estimated 5000-7000 people appeared riveted to their seats for this panel.

There was a discussion about how, in the 1970s, some key aspects of the algorithm was decided by factions inside the National Security Agency, between two groups called COMSEC, and COMMINT. These government acronyms stand for Communications Security and Communications Intelligence.

Hellman then discussed his suspicions that the Government was hiding the back door, primarily because the  team was not telling the academic world the whole truth about issues like they key size. Some on the panel believed there could not be a  backdoor primarily because large corporations, Soviets and Chinese were using the algorithm.

Then an important questions was raised. "Is security even possible any more?" As proof of this might be the case, it was mentioned that the National Security Agency treats its networks as being in a permanent state of semi-compromise. One panelist pointed out that the 2 major security breaches of the last 12 months, WikiLeaks and stuxnet, had nothing to do with cryptography. Security, said the panel, is a larger problem than just technology.

The final conclusion from the panel on DES appears that there was no backdoor, it was breakable. The DES algorithm was first publicly broken in 1997.

The panel closed with an impassioned plea from Diffie for the NSA to publish its important non-classified work. This suggests that the NSA is holding on to some very important non-classified tracts that would in some way revolutionize the field.

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.