Surviving in a hostile world

1
Surviving in a hostile world

• Delivering inherently securecommunications
• Lance GainesSenior VP Engineering, Vadium
  Technology Inc.

2
Defining Secure Protocols?

• SSH, Kerberos, HTTPS, SMTP/TLS etc.
• What makes them Secure?
• Most use PKI for Key Exchange
• Secure only because of time it takes to break
• Whatever data is sent is secure because the
  Protocol is secure?

3
Time to break?

• How long is reasonable?
• Used to be consistent
• Moores Law
• We live in exponential times
• The reality of Quantum Computers
• If strong cryptography is considered a munition
  and subject to ITAR restrictions, then what will
  a 1024 qubit quantum computer be classified as?
  It will be a Weapon of Mass Destruction.
• Steven Lutz Security Lecturer, President of
  WaySecure

4
Fast Computers are Here!

• February 9, 2007 D-Wave Systems, Inc.
• Announce 16 Qubit Working Quantum Computer (QC)
• February 9, 2007 Intel
• Announces 80 Core Parallel Processor
• February 13, 2007 D-Wave Systems Inc.
• Demonstrates 16 Qubit Quantum Computer at Museum
  of Computer History in San Francisco
• February 15, 2007 D- Wave Systems Inc.
• Announces product release roadmap
• Commercially Available 32 Qubit QC Q4-2007
• Commercially Available 512 Qubit QC Q1-2008
• Commercially Available 1,024 Qubit QC Q3-2008

5
Quantum Computers are Here!

• One field that will be revolutionized is
  cryptography. All, or nearly all, existing
  cryptographic systems will be rendered insecure,
  and even retrospectively insecure, in that
  messages sent today, if somebody keeps them, will
  be possible to decipher ... with a quantum
  computer as soon as one is built.
• father of quantum computing, David Deutsch
  Theoretical Physicist, Oxford University
  http//www.wired.com/news/technology/0,72734-0.ht
  ml?twwn_index_1

6
Who Cares?

• In the world of quantum computing and
  encryption, the question of which will come
  first, quantum computing or quantum encryption,
  is very important. In fact, it is vital. If
  quantum computing comes first, chaos will reign,
  since most of security systems installed by the
  world's vital institutions, including banking,
  commerce and government, have come to depend on
  current encryption methods -- which would
  instantly become archaic.
• Tim McDonald
• Quantum Computing Puts Encrypted Messages at Risk
  Newsfactor.com

7
There are over 106 million registered user of
MySpace (as of September 2006) If MySpace were
a country, it would be the 11th largest in the
world (between Japan and Mexico)
8
There are over 2.7 billion searches performed on
Google each month.
9
The number of text messages sent and received
every day exceeds the population of the planet.
10
It is estimated that 1.5 exabytes (1.5 x 1018) of
unique new information will be generated
worldwide this year.Thats estimated to be
more than in the previous 5,000 years.
11
The amount of new technical information is
doubling every 2 years.It is predicted to
double every 72 hours by 2010.
12
Third-generation fiber optics that push 10
trillion bits per second are being
deployedThats 1,900 CDs, or 150 million
simultaneous phone calls, every second.
13

• Predictions are that by 2013 a Supercomputer will
  be built that exceeds the computation capability
  of the human brain.
• Predictions are that by 2049 a 1,000 computer
  will exceed the computational capabilities of
  thehuman race.

14
What does all this mean to Delivering Inherently
Secure Protocols?
15
Act not React

• No Heads in Sand
• Protocols that are Secure which are based upon
  PKI (asymmetric cryptography) are broken
• Focus on what needs to be protected
• The Information is the crown jewels
• Make the Information network agnostic
• Quantum Encryption
• Secure distribution of OTP (One Time Pad) keys
• Coming soon but not before QCs
• May be broken already
• Can use OTP now before Quantum Encryption

16
One Time Pad

• Been around since 1917 and still unbroken
• Hard to manage?
• Dense storage
• And PKI is so easy to manage?
• Cant deploy?
• We deploy physical things all the time Laptops
  etc
• The only inherently secure cipher
• Protocol Agnostic
• Protects Data in motion or at rest
• Strong authentication
• Strong non-repudiation
• RD
• Secure electronic OTP key distribution (SEOKD)
• Working in Lab environment

17
Who is using OTP?

• Governments have always used it for data that
  cant be compromised
• One example of many
• Large Latin American Government
• SIGINT black hole is getting bigger
• OTP wrap and then use
• HTTPS, SMTP/TLS, SSH, etc
• Any protocol even unsecured ones (HTTP, FTP)
• Security is in the data that was encrypted
• Field use
• IT use
• General communications use

18
Conclusion

• Its taken us 20 years to get to where we are now
• We must start to address the problem
• Jericho is right, we need Inherently Secure
  Protocols
• Redefine security protocols
• Educate
• Work with others
• Take Risks What were doing isnt working
• Think outside the box
• Were getting our butts kicked.
• Kirk Bailey CISO University of Washington
• We must have Inherently Secure Protocols for the
  present and the future