Re: The future of security
Email end-to-end: PGP, PGP/MIME, S/MIME. Not tunnel SSL or SSL at the end points. Lars Eilebrecht wrote: According to Ed Gerck: But encryption and authentication are a hassle today, with less than 2% of all email encrypted (sorry, can't cite the source I know). Are these 2% 'only' S/MIME and PGP-encrypted email messages or is SSL-encrypted email communication included? ciao... - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
According to Ed Gerck: But encryption and authentication are a hassle today, with less than 2% of all email encrypted (sorry, can't cite the source I know). Are these 2% 'only' S/MIME and PGP-encrypted email messages or is SSL-encrypted email communication included? ciao... -- Lars Eilebrecht [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Peter Gutmann wrote: No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian candidates waiting to activate. For example MessageLabs recently reported that *two thirds* of all the spam it blocks is from infected PCs, with much of it coming from ADSL/cable modem IP pools. Given that these spammers are legitimate users, no amount of crypto will solve the problem. I did a talk on this recently where I claimed that various protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and the only dissent was from an anti-virus researcher who said it'd buy weeks and not months. SPF will buy me one thing forever: I won't get email telling me I sent people spam and viruses. The alternative proof-of-resource-consumption is little better, since it's not the spammers' resources that are being consumed. Nevertheless these resources are limited, and better security would make them more limited. There is one technological solution which would help things a bit, which is Microsoft implementing virus throttling in the Windows TCP stack. Like a firebreak, you can never prevent fires, but you can at least limit the damage when they do occur. Unfortunately I don't see this happening too soon, both because MS aren't exactly at the forefront of implementing security features (it took them how many years to add the most basic popup-blocking?), and because of liability issues - adding virus throttling would be an admission that Windows is a petri dish. Duh. So viruses would fix the stack. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
At 05:15 AM 6/2/2004, Ben Laurie wrote: SPF will buy me one thing forever: I won't get email telling me I sent people spam and viruses. Unfortunately, that won't work for me. My email address is at pobox.com, the mail forwarding service where the main proponent of SPF works, but my SMTP service is whichever ISP I'm currently connected through (DSL, dial, work, whatever) - which isn't under pobox's control. So my incoming mail can recognize SPFs and block forgeries, but my outgoing mail can't use them, unless pobox changes their business model to provide outgoing SMTP relay for their customers, doubling their bandwidth needs. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
On Mon, May 31, 2004 at 08:27:49PM -0700, bear wrote: The point of an automated web of trust is that the machine is doing the accounting for you. Does it? If there were meaningful reputation accounting You got fooled by the present tense. If there was such an architecture, I wouldn't have written that message. The distributed tamper-proof cryptographic p2p store should have been a dead giveaway. happening, we'd be getting feedback and value judgements from the system on the people we were corresponding with. Have you ever seen any? No, of course. See above. Has there been *ANY* instance of negative consequences accruing to someone who signed the key of an entity which later defected? Machine-moderated or not, the web of trust fails. The web of trust sure fails, dunno about machine-moderated. There's no such animal yet. Have you seen any web-of-trust implementation that even *considers* the trustworthiness of the key servers? Have you seen any web-of-trust implementation that works to cut out defectors, but couldn't be autospammed to cut out anyone you didn't like? If you don't have their key, you can't pretend to sign the spambots'. If you sign the spambots', you burn whatever little prestige you have happened to start out with, and drained the mana of whatever hapless warm body signed your keys. Sorry; but the fact is no web-of-trust implementation to date works, or even comes close to working. Web of trust is useless, if Johnny User is supposed to do the checking. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpPzt821GHi8.pgp Description: PGP signature
Re: The future of security
On Sat, 29 May 2004, Russell Nelson wrote: Eugen Leitl writes: If I'm a node in a web of trust (FOAF is a human), prestige will percolate through it completely. That way I can color a whole domain with a nonboolean trust hue, while a domain of fakers will have only very few connections (through compromises, or human mistakes), which will rapidly sealed, once actually used to do something to lower their prestige (I signed the key of a spammer, please kill me now). http://www.web-o-trust.org/ The trouble is that it requires human action, which is expensive and becoming more expensive. The bigger problem is that webs of trust don't work. They're a fine idea, but the fact is that nobody keeps track of the individual trust relationships or who signed a key; few people even bother to find out whether there's a path of signers that leads from them to another person, or whether the path has some reasonably small distance. I have not yet seen an example of reputation favoring one person over another in a web of trust model; it looks like people can't be bothered to keep track of the trust relationships or reputations within the web. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Anton Stiglic [EMAIL PROTECTED] writes: I think cryptography techniques can provide a partial solution to spam. No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian candidates waiting to activate. For example MessageLabs recently reported that *two thirds* of all the spam it blocks is from infected PCs, with much of it coming from ADSL/cable modem IP pools. Given that these spammers are legitimate users, no amount of crypto will solve the problem. I did a talk on this recently where I claimed that various protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and the only dissent was from an anti-virus researcher who said it'd buy weeks and not months. The alternative proof-of-resource-consumption is little better, since it's not the spammers' resources that are being consumed. There is one technological solution which would help things a bit, which is Microsoft implementing virus throttling in the Windows TCP stack. Like a firebreak, you can never prevent fires, but you can at least limit the damage when they do occur. Unfortunately I don't see this happening too soon, both because MS aren't exactly at the forefront of implementing security features (it took them how many years to add the most basic popup-blocking?), and because of liability issues - adding virus throttling would be an admission that Windows is a petri dish. The problem we're facing is social, not technological, so no there's no technological fix. The problem is that neither users nor vendors have any natural incentive to fix things. In the long run, only legislation will help: penalise vendors for selling spam-enabling software (MS Outlook, via viruses/worms), and penalise users for running software in a spam-enabling manner (open relays). This is equivalent to standard corporate-governance legislation that sets auditing/environmental/due diligence/etc requirements. Unfortunately this is unlikely to pass in the US (where it matters most) due to software industry lobbying, it'd require an Enron-style debacle to pass over there, perhaps a virus-induced reactor meltdown or something similar. (Much of the above was lifted from Why isn't the Internet secure yet, dammit?, http://www.cs.auckland.ac.nz/~pgut001/pubs/dammit.pdf, with the section on spam starting at page 5. Apologies for the PDF link, but there are some diagrams in there that don't translate well to text). Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
At 09:27 AM 5/28/2004, Peter Gutmann wrote: No they won't. All the ones I've seen are some variant on the build a big wall around the Internet and only let the good guys in, which will never work because the Internet doesn't contain any definable inside and outside, only 800 million Manchurian candidates waiting to activate. For example MessageLabs recently reported that *two thirds* of all the spam it blocks is from infected PCs, with much of it coming from ADSL/cable modem IP pools. Given that these spammers are legitimate users, no amount of crypto will solve the problem. I did a talk on this recently where I claimed that various protocols designed to enforce this (Designated Mailers Protocol, Reverse Mail Exchanger, Sender Permitted From, etc etc) will buy at most 6-12 months, and the only dissent was from an anti-virus researcher who said it'd buy weeks and not months. The alternative proof-of-resource-consumption is little better, since it's not the spammers' resources that are being consumed. the caveat to that is many of the infected machines were originally infected by spam with spoofed origin ... somehow convincing users to click on something. authentication would help somewhat with that ... and, in fact, some of the spam being sent out by the infected machines, in turn uses spoofed origin. authentication might also help address the identity-theft oriented spam ... claiming to be your bank and needing personal information. it doesn't help with ... click on this to get the latest, greatest game ... where there isn't any attention at all paid to the origin ... just looking for instant gratification. the 60s/70s time-sharing systems nominally had some assurance applied to the introduction of executables into the environment. this is my comment about the desktop systems having diametrically opposing requirements ... the original design point of totally unconnected, stand alone environment where an introduced executable could take over the whole machine ... and at the same time fully wired to an increasingly hostile environment needing signficant safeguards and processes associated with assurance of introduced executables. the intermediate step was that some of these stand-alone machines acquired interconnect capability for a local, safe, isolated departmental/office network. This had hardly any restricted execution and access capability ... again not worrying about protection against a hostile and unsafe operation. the shared environment analogy is highway traffic and rules about operating an unsafe vehicle could result in both having your license revoked and the vehicle confiscated (it doesn't require the driver to be a highly trained car mechanic ... it just holds the driver responsible). connecting systems that were designed for fundamentally safe and isolated environment to wide-open anarchy hostile operation exposes all sorts of problems. somewhat analogous to not actually needing a helmet for riding a motorcycle ... or seat belts and airbags to drive a car. -- Anne Lynn Wheelerhttp://www.garlic.com/~lynn/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
On Fri, May 28, 2004 at 09:46:03AM -0700, bear wrote: Spam won't stop until spam costs the spammers money. If I'm a node in a web of trust (FOAF is a human), prestige will percolate through it completely. That way I can color a whole domain with a nonboolean trust hue, while a domain of fakers will have only very few connections (through compromises, or human mistakes), which will rapidly sealed, once actually used to do something to lower their prestige (I signed the key of a spammer, please kill me now). Of course, tracking prestige globally, robustly in a p2p fashion is difficult, and will require agoric load levelling elements (to prevent bad nodes from DoSing the global store) which also requires prestige tracking. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgpnR1gxzugWi.pgp Description: PGP signature
Re: The future of security
On Fri, 28 May 2004, Anne Lynn Wheeler wrote: connecting systems that were designed for fundamentally safe and isolated environment to wide-open anarchy hostile operation exposes all sorts of problems. somewhat analogous to not actually needing a helmet for riding a motorcycle ... or seat belts and airbags to drive a car. Perspective on things... Where I grew up, safety equipment inside your car (or on your head on a motorcycle) was limited to that which prevented you from becoming more of a hazard to *OTHER* drivers. Motorcyclists didn't need helmets, because helmets don't prevent crashes or change the consequences of crashes for anyone who's not wearing them. But they did need eye protection, because eye protection reduced the probability of crashes that could be dangerous to others. I thought this was actually a well-considered system. The law required us to take whatever reasonable precautions we needed to protect others from our actions, but it was entirely up to us whether we attempted to protect ourselves from our own actions. Now, in most states, law doesn't work this way any more -- protecting people from each other has gotten fuzzed into the idea of protecting the people (monolithic unit) from themselves (monolithic unit). But I think there is some wisdom here that may apply to the spam situation. Have partial solutions been getting rejected because we're seeing that we can't protect users against their *own* stupidity? What we actually need is systems to protect *other* users from their stupidity. Bear - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Ian Grigg wrote: ... fundamentally, as Steve suggests, we expect email from anyone, and it's free. We have to change one of those basic features to stop spam. Either make it non-free, or make it non-authorised. Hashcash doesn't achieve either of those, although a similar system such as a payment based system might achieve it. Mind you, I would claim that if we change either of the two fundamental characteristics of email, then it is no longer email. For this reason, I predict that email will die out (ever so slowly and painfully) to be replaced by better and more appropriate forms of chat/IM. Indeed, email is not so good anymore. When lack of message security in email becomes clearer to the users, as clear as spam is today, the value of email will approach zero. Practically anyone can read the email you send and receive, your ISP included. What's the fuss with google's gmail? Gmail's differential is that they do not hide they will search through your mailbox. Users are realizing that an email is like a postcard, open for anyone to read and write on it. But encryption and authentication are a hassle today, with less than 2% of all email encrypted (sorry, can't cite the source I know). The problem with current schemes has been that they only work when both sender AND recipient already use the feature, which probability is zero in the beginning of adoption. It's a chicken- and-egg proposition. It is also a change to email. Even though the existing ideas are sound in principle (e.g., PGP/MIME, S/MIME, email gateways, etc.) they are all a replacement product with many barriers for adoption. Instead of a replacement, I believe that what we need is a complement to solve the lack of message security in email (including sender spoofing). Email is just the transport. The solution should be able to start from a single end user, should require no change to records/software that end users do not control, and should require no cooperation from email providers and ISPs. Comments? Cheers--/Ed Gerck - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
At 09:36 AM 5/11/2004, Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Ian Grigg writes: Security architects will continue to do most of their work with little or no crypto. And rightly so, since most security problems have nothing to do with the absence of crypto. j. a cryptographic solution for spam and viruses won't be found. This ties into the same thing: spam is *unwanted* email, but it's not *unauthorized*. Crypto can help with the latter, but only if you can define who is in the authorized set of senders. That's not feasible for most people. one of the issues has been that many crypto security solutions have been oriented towards hiding information. that may work with outsiders ... but traditionally, 90percent of fraud has been insiders ... and recent news last friday about study to be published was that interviewing something like 1000 people involved in identity theft cases ... it was determined that at least 70percent had some sort of employee involvement. in that sense ... the internet and introduction of the possibility of outsider related fraud ... has distracted/obfuscating focus from the real, long standing issues. my repeated observation that current generation of desktop systems were originally introduced to operate in a standalone environment where applications could be introduced that freely took over the whole machine. attempting to continue to satisfy the standalone ... total take-over requirements at the same time using the same platform for generalized interconnect to an increasingly hostile environment creates some diametrically opposing objectives. there have been some number of time-sharing systems from the 60s 70s that were designed from the ground up to handle multiple, concurrent users that potentially had conflicting, competitive, and/or opposing objectives (say multiple users from competing corporations and industrial secrets might be involved). these systems with designed in security from the ground-up have shown to be immune to many of the current day vulnerabilities and exploits. to some extent, there could be valid claims about attempts to use cryptography as bandaids to address fundamentally flawed infrastructures (or at least infrastructures that were specifically designed to not handle many of the existing situations that they have been used for) ... aka lets use bandaids to treat strep infections. -- Anne Lynn Wheelerhttp://www.garlic.com/~lynn/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
In message [EMAIL PROTECTED], Anton Stiglic writes: - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] j. a cryptographic solution for spam and viruses won't be found. This ties into the same thing: spam is *unwanted* email, but it's not *unauthorized*. Crypto can help with the latter, but only if you can define who is in the authorized set of senders. That's not feasible for most people. Something like hashcash / client puzzles / Penny Black define a set of authorized email (emails that come with a proof-of-work), and then provide a cryptographic solution. This is not a full-proof solution (as described in the paper Proof-of-Work Proves Not to Work), but a good partial solution that is probably best used in combination with other techniques such as white-lists, Bayesian spam filters , etc... I think cryptography techniques can provide a partial solution to spam. The spammers are playing with other people's money, cycles, etc. They don't care. --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
In message [EMAIL PROTECTED], Ben Laurie writes: Steven M. Bellovin wrote: In message [EMAIL PROTECTED], Anton Stiglic write s: - Original Message - From: Steven M. Bellovin [EMAIL PROTECTED] j. a cryptographic solution for spam and viruses won't be found. This ties into the same thing: spam is *unwanted* email, but it's not *unauthorized*. Crypto can help with the latter, but only if you can define who is in the authorized set of senders. That's not feasible for most people. Something like hashcash / client puzzles / Penny Black define a set of authorized email (emails that come with a proof-of-work), and then provide a cryptographic solution. This is not a full-proof solution (as described in the paper Proof-of-Work Proves Not to Work), but a good partial solution that is probably best used in combination with other techniques such as white-lists, Bayesian spam filters , etc... I think cryptography techniques can provide a partial solution to spam. The spammers are playing with other people's money, cycles, etc. They don't care. We took that into account in the paper. Perhaps you should read it? http://www.dtc.umn.edu/weis2004/clayton.pdf We're saying something different. If I understood your paper correctly, it says, more or less, that setting the cost high enough to reduce spam will make the cost too high for legitimate users. My point is that even if you do raise the cost high enough, they'll become more aggressive at 0wning machine so that they can throw more (stolen) cylces or (stolen) zorkmids at the problem. The economic question, then, is what is the cost of compromising enough new machines. Given the code base and the user behavior that we see in the field, my answer is pretty low. The consequence, in your metric, would be an increase in C, which would further inconvenience legitimate users, thus creating a feedback loop. --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Ben Laurie wrote: Steven M. Bellovin wrote: The spammers are playing with other people's money, cycles, etc. They don't care. We took that into account in the paper. Perhaps you should read it? http://www.dtc.umn.edu/weis2004/clayton.pdf (Most of the people on this list are far too professional and busy to fall for that. If the argument has merit, please summarise it. If it really has merit, the summary might tease people into reading the full paper.) I for one don't see it. I like hashcash as an idea, but fundamentally, as Steve suggests, we expect email from anyone, and it's free. We have to change one of those basic features to stop spam. Either make it non-free, or make it non-authorised. Hashcash doesn't achieve either of those, although a similar system such as a payment based system might achieve it. Mind you, I would claim that if we change either of the two fundamental characteristics of email, then it is no longer email. For this reason, I predict that email will die out (ever so slowly and painfully) to be replaced by better and more appropriate forms of chat/IM. iang - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security (bulk reply, long)
I've moved this to the top because I feel it is the most important statement that can be made Hadmut said : Security doesn't necessarily mean cryptography. - Original Message - From: Hadmut Danisch [EMAIL PROTECTED] Subject: Re: The future of security On Mon, Apr 26, 2004 at 08:21:43PM +0100, Graeme Burnett wrote: Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. - I don't expect that there will be much progress in maths and theory of cryptography. Very few inventions will make it out of the ivory tower, if any at all. I actually expect quite the opposite, we seem to be reaching an age in cryptanalysis where we are developing techniques faster than they can be functionally applied, and the speed of development is only increasing here. We've now gone from a time when we were seeing a new functional attack about every five years (differential to linear), to now just during the AES selection proces we had a number of potential new avenues opened up. I expect this trend to continue for a while, and the news taht this generates should bring greater light, and more active people to studying cryptography. I expect this trend to continue for approximately 1 human generation (about 20 years), but that human nature being what it is, that the second human generation in this timeframe will have substantially fewer cryptanalytic advances. Key lenghts will increase. We'll play RSA with 4096 or 8192 bit. Actually I'm seeing an increasing trend in moving away from RSA and DH because the keys are becoming too big. The required key length to match the strength of AES-256 is simply too large to offer functional speed, instead we're going to have to switch over to the assymptotically superior encryption/decryption/signing/verifying algorithm, because of this we should see a major increase in the research moneys applied towards public key techniques, this compounded with my expected increase in the number of cryptanalysts should result in some very interesting times. They will find that Quantum Computers may be fast, but still bound to computation complexity. I agree. - SSL/TLS will become even more of a de facto standard in open source software and (new?) protocols. It will make it's way into the standard libraries of programming languages (e.g. as it did for Ruby). Again I have to disagree with you, we're already seeing some backlash against SSL/TLS, where many people are beginning to see the value in protecting the data not the link. This methodology fairly well eliminates the usability of SSL/TLS, the added complexity of the new PK algorithms will almost certainly spell doom for the current protocols in use. - I don't expect that we'll ever have a common PKI for common people with a significant distribution. It's like with today's HTTPS: The big ones have commercial certificates, plain people use passwords and simple authentication mechanisms (like receiving a URL with a random number by e-mail). Again I have to disagree, I can only speak for what Trust Laboratories is doing, but we are at this moment working on projects that will lower the necessary threshhold for PKI implementations (through client proliferation). This combined with the already solidly known presence of NGSCB in the majority of future PCs should have the added effect that, while Verisign-like PKI may remain unusual, the availability of what can be treated as a smartcard in every computer will certainly increase the availability of PKI to the common man. - I guess the most important crypto applications will be: - HTTPS of course For the short term yes, but longer term I actually think that HTTPS will diminish, in fact some measurements are already showing a trend where per capita web usage is already decreasing, so HTTP may soon be decreasing, lead ing to an obvious decrease in the usage of HTTPS. This combined with the protect the data not the link movement should have substantial further impact. - portable storage equipped with symmetric ciphers such as USB-Sticks and portable hard disks. Agreed, but I also think we'll start seeing distributed file system, I know we are working on them, and have already had some interest form companies. These distributed file systems will make use of smart cards (although the form factor WILL be different). With the proliferation of high speed data connections (US cell phones are already available at 150 Kbps, and 3G can bring speeds of up to 1Mbps, in the next few years WiMax, and great future cell potential e.g. Flarion) I suspect that removable storage will actually decrease, that leaves moving those USB/removable drives over to distributed file systems or even in some cases p2p networks (more on this from Trust Laboratories in the future) which will massively reduce cost. I'm
Re: The future of security
At 8:21 PM +0100 4/26/04, Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. Here are my thoughts on the future of cryptography: A major use of crypto will be in efforts to restrict the dissemination of information to the public (corporate security, digital rights management, state censorship) Human factors will be regarded as equal in importance with algorithms and protocols. Servers and workstations will incorporate video and other sensors to provide self protection against physical intrusions. As cellphones and PDAs merge there will be a new generation of privacy applications for text messaging and/or voice that use light weight protocols and, perhaps symmetric keys. Cellphone cameras will be used for stenographic communication. Cellphones and PDAs will be used as security tokens for desktop/laptop access, perhaps using Bluetoth Self-booting, open source CDs will become available that turn any PC into a secure messaging system with private keys and messages stored on an encrypted disk image on a memory stick. 4096-bit RSA keys will become the standard (RSA is already recommending 1024-bit keys be phased out by 2010.) Key stretching techniques will be enhanced and standardized to allow password-based security to remain viable. Password entry will be done using mouse and display screen, rather than keyboards because of all the risks keyboards represent (software and hardware loggers, video cameras, acoustic analysis, etc.) Desktop systems with no hard drive and no I/O ports will become required for processing confidential information. One or more secure networks will emerge that parallel the existing Internet. They will use IPv6 and have mandatory encryption and authentication. Cameras and audio recorders will be equipped with GPS, digital signing and secure time stamping technologies to restore confidence in recorded evidence. Stored value smart-cards will finally become popular in the U.S. through use in public transportation systems. Hashcash will be used to bring spam under control and to protect networks against zombie attacks. Anti-spam white listing will be the killer app that finally creates a universal public key infrastructure. Patent concerns will be a major barrier to progress. Arnold Reinhold - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
In message [EMAIL PROTECTED], Ian Grigg writes: Security architects will continue to do most of their work with little or no crypto. And rightly so, since most security problems have nothing to do with the absence of crypto. j. a cryptographic solution for spam and viruses won't be found. This ties into the same thing: spam is *unwanted* email, but it's not *unauthorized*. Crypto can help with the latter, but only if you can define who is in the authorized set of senders. That's not feasible for most people. --Steve Bellovin, http://www.research.att.com/~smb - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
[EMAIL PROTECTED] wrote: Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. I'd like to think we would see a new flowering of cryptography delivering new functionality to end users rather than be used only to secure existing boring stuff. For example, suppose SDSI or Dan's idea of delegation certificates were carried through - you could talk about handing someone the keys to your house to look after, and the USB fob would hold delegation certs that let your friend control your thermostats or your replayTV. -Larry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
On Mon, Apr 26, 2004 at 08:21:43PM +0100, Graeme Burnett wrote: Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. My guess is that it is unpredictable. As so many other things, it depends on so many coincidences, marketing, politics. But what I do expect: - I don't expect that there will be much progress in maths and theory of cryptography. Very few inventions will make it out of the ivory tower, if any at all. Key lenghts will increase. We'll play RSA with 4096 or 8192 bit. They will find that Quantum Computers may be fast, but still bound to computation complexity. - SSL/TLS will become even more of a de facto standard in open source software and (new?) protocols. It will make it's way into the standard libraries of programming languages (e.g. as it did for Ruby). - I don't expect that we'll ever have a common PKI for common people with a significant distribution. It's like with today's HTTPS: The big ones have commercial certificates, plain people use passwords and simple authentication mechanisms (like receiving a URL with a random number by e-mail). - I guess the most important crypto applications will be: - HTTPS of course - portable storage equipped with symmetric ciphers such as USB-Sticks and portable hard disks. - VPN routers - Voice over IP - DRM - maybe in digital passports and credit cards - simple auth tokens like RSA SecurID, Aladdin eToken will become more commonly used. - As a consequence, I guess that politicians will reopen the 1997's discussion of prohibiting strong encryption. They already do. - Maybe we'll have less crypto security in future than we have today. 5-10 years ago I knew much more people using PGP than today. Most modern mail user agents are capable of S/MIME, but it's hard to find someone making use of it. I'm a consultant for many companies, but not a single one of them uses it. Most modern MTAs support TLS, but to my knowledge less than 3% of messages are actually TLS encrypted in SMTP. It's strange, but law will become more important than cryptograpy. As a summary, I don't expect any innovations. Not more than within the last 10 years. But I'm pretty sure that security will be more and more important and that's were I expect innovations and progress. Security doesn't necessarily mean cryptography. regards Hadmut - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. prediction: just as in the 1990s the commercial world caught up to the mil world in uses of crypto, so, too, will it catch up this decade in traffic analysis --dan - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Many thanks to the list members who have contributed ideas to the above - I'll share the results by previewing the paper in the next few weeks if I may. Having been a devotee of the financial crypto community for many years, a thought has just occurred to me about the possible use of Systemics Ricardian Contract idea as a practical implementation of a distributed access control mechanism. I came across Akanti http://www-itg.lbl.gov/Akenti/ - augmented x509 certs used as access control tokens in a distributed environment. It seems that this problem space is similar to the fincrypto domain. Proprietary non-human readable binary/ascii formats have arguably lost ground to human readable name/value pair formats (i.e. XML and before that IATA), so it would seem a logical progression to extend Herr Grigg's Ricardian ontology to include a DAC contract? Cheers G - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. I would see these things, in no particular order, and no huge thought process applied. a. a hype cycle in QC that will peak in a year or two, then disappear as purchasers realise that the boxes aren't any different to ones that are half the price. b. much more use of opportunistic cryptography, whereby crypto systems align their costs against the risks being faced. E.g., self-signed certs and cert caching in SSL systems, caching and application integration in other systems. c. much less emphasis on deductive no-risk systems (PKIs like x.509 with SSL) due to the poor security and market results of the CA model. d. more systems being built with basic, simple home-grown techniques, including ones that are only mildly secure. These would be built by programmers, not cryptoplumbers. They would require refits of proper crypto as/if they migrate into successful user bases. In project terms, this is the same as b. above - more use of opportunistic tactics to secure stuff basically and quickly. e. greater and more costs to browser users from phishing [1] will eventually result in mods to security model to protect users. In the meantime, lots of snakeoil security solutions will be sold to banks. The day Microsoft decides to fix the browser security model, phishing will reduce to a just another risk. f. arisal of mass crypto in the chat field, and slow painful demise of email. This is because the chat protocols can be updated within the power of small teams, including adding simple crypto. Email will continue to defy the mass employment of crypto, although if someone were to add a create self-signed cert now button, things might improve. g. much interest in simple crypto in the p2p field, especially file sharing, as the need for protection and privacy increases due to IP attacks. All of the techniques will flow across to other applications that need it less. h. almost all press will be in areas where crypto is sure to make a difference. Voting, QC, startups with sexy crypto algorithms, etc. i. Cryptographers will continue to be pressed into service as security architects, because it sounds like the same thing. Security architects will continue to do most of their work with little or no crypto. j. a cryptographic solution for spam and viruses won't be found. Nor for DRM. iang [1] one phisher took $75,000 from 400 victims: http://www.financialcryptography.com/mt/archives/000129.html - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
Ian Grigg wrote: Graeme Burnett wrote: Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. i. Cryptographers will continue to be pressed into service as security architects, because it sounds like the same thing. Security architects will continue to do most of their work with little or no crypto. Hmmm I'm afraid I concur - my personal experience of being a security architect for a major merchant bank was one of meeting regulatory requirement by post development due diligence, or as my wife calls it nagging, making the role effectively that of grumpy rubber stampers G - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: The future of security
On Thu, 2004-05-06 at 17:52, Ian Grigg wrote: c. much less emphasis on deductive no-risk systems (PKIs like x.509 with SSL) due to the poor security and market results of the CA model. at the nist pki rd workship (mentioned elsewhere in some other post in this mailing list) there was discussion of 1) using private key signing for things like signature (like in human signature) agreement/authorization as opposed to straight authentication. one of the issues is that if you ever use a private key to digitally some random challenge/response data in a authentication paradigm ... you might be at risk ever using the same private key for signature purposes ... since it might be possible that some of the random data you may have signed might not have been truely random after all 2) naked public keys ... aka w/o certificates at all 3) and in some of the breaks the certificate use in payment transactions. sort of two issues in payment transactions were/are a) privacy and b) size bloat. in the mid-90s, the traditional x.509 identity certificate from the early 90s was drastically cut back to relying-party-only, account number certificate because of privacy issues with identity information. The work on certificate-based financial transaction started with taking a 60-80 byte payment transaction, instead of ISO8583, using ASN.1 encoding to blow it up to 200-300 bytes; added a 128-byte RSA signature (then adding in the ASN.1 encoding) and a relying-party-only certificate that typically ran 4k-12k bytes; having starting from a 60byte normal transaction, the certificate-based stuff would blow it up by factor of one hundred times to 6k to 12k bytes. The certificate was totally redundant and superfluous since the financial institution was the relying party and already had all the information. In the X9.59 work it was observed that it was possible to encode an ECDSA signature in an ISO8583 transaction in 42 bytes ... so absolute minimum for authenticated payment transaction would go from 60 bytes to a little over 100 bytes ... w/o throwing in a bunch of extraneous, duplicated and/or superfluous data that provided absolutely no added value (the payment transaction still contained the same data, digital signature authentication was added ... and all the payload carried in a certificate was totally redundant and superfluous since the relying-party had a superset). It isn't exactly that payment security requirements have to be proportional to the cost of certificate security ... it was that certificate security increased the payload costs by a factor of one hundred times and provided NO added value. some of my further observations about mixing authentication signing and signature signing ... as well as nature of naked public keys ... recently posted to thread in sci.crypt: http://www.garlic.com/~lynn/2004e.html#20 Soft signatures and the future of security ... somewhat orthogonal to cryptography ... there was recently a letter from NSF to some former multician that was posted to the alt.os.multics n.g. that started a thread on (not necessarily crypto) system security (and multics never having been broken). a couple posts in the thread http://www.garlic.com/~lynn/2004e.html#27 NSF itnerest in Multics security http://www.garlic.com/~lynn/2004e.html#36 NSF itnerest in Multics security -- Anne Lynn Wheeler | http://www.garlic.com/~lynn/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
The future of security
Hello folks, I am doing a presentation on the future of security, which of course includes a component on cryptography. That will be given at this conference on payments systems and security: http://www.enhyper.com/paysec/ Would anyone there have any good predictions on how cryptography is going to unfold in the next few years or so? I have my own ideas, but I would love to see what others see in the crystal ball. Graeme - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]