@CloudExpo Authors: Pat Romanski, Elizabeth White, Yeshim Deniz, Liz McMillan, Zakia Bouachraoui

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog

@CloudExpo: Article

Cloud Computing: RSA Conference 2011: Cryptography Panel

Diffie Calls for NSA Open-ness

In a nearly full conference hall, the Tuesday morning RSA 2011 keynotes included talks from EMC, VMWare and Symantec, and an all-star cryptography panel, where an impassioned plea was made for more openness from the National Security Agency.  The panel started by opening remarks by Ari Juels, Director of RSA Labs, who asked as a moderator. The main theme was the the history of the first modern cipher, the Data Encryption Standard, or DES. The back-story on this algorithm is that it was government standard, and was widely believed to have been modified to have a backdoor so that it was easily broken into by the US Government.

The panel included Martin Hellman and Whitefield Diffie, two important figures in public-key cryptography. Ron Rivest, the R in RSA, was also on the panel, as was a government cryptographer from the NSA. The early parts of the panel was a discussion on how the early days of cryptography had assisted their all careers.

While there was a lot of mathematical history, the interesting point in the panel is when Diffie brought up the "crypto-politics". Diffie, who sports long hair and has a vague resemblance to Kenny Rogers, said he believed  that the NSA (and IBM) could not be trusted to build a national standard algorithm without a back-door. It was pointed out that the initial algorithm was only slated to last for 10-15 years, but that the designers misjudged how the algorithm would be used in the commercial world, and how they would have to deal with the "legacy" issues. The algorithm was originally intended for government and military use.

One of the fascinating aspects of the RSA Conference is that they audience of an estimated 5000-7000 people appeared riveted to their seats for this panel.

There was a discussion about how, in the 1970s, some key aspects of the algorithm was decided by factions inside the National Security Agency, between two groups called COMSEC, and COMMINT. These government acronyms stand for Communications Security and Communications Intelligence.

Hellman then discussed his suspicions that the Government was hiding the back door, primarily because the  team was not telling the academic world the whole truth about issues like they key size. Some on the panel believed there could not be a  backdoor primarily because large corporations, Soviets and Chinese were using the algorithm.

Then an important questions was raised. "Is security even possible any more?" As proof of this might be the case, it was mentioned that the National Security Agency treats its networks as being in a permanent state of semi-compromise. One panelist pointed out that the 2 major security breaches of the last 12 months, WikiLeaks and stuxnet, had nothing to do with cryptography. Security, said the panel, is a larger problem than just technology.

The final conclusion from the panel on DES appears that there was no backdoor, it was breakable. The DES algorithm was first publicly broken in 1997.

The panel closed with an impassioned plea from Diffie for the NSA to publish its important non-classified work. This suggests that the NSA is holding on to some very important non-classified tracts that would in some way revolutionize the field.

More Stories By Bill Roth

Bill Roth is a Silicon Valley veteran with over 20 years in the industry. He has played numerous product marketing, product management and engineering roles at companies like BEA, Sun, Morgan Stanley, and EBay Enterprise. He was recently named one of the World's 30 Most Influential Cloud Bloggers.

CloudEXPO Stories
Most modern computer languages embed a lot of metadata in their application. We show how this goldmine of data from a runtime environment like production or staging can be used to increase profits. Adi conceptualized the Crosscode platform after spending over 25 years working for large enterprise companies like HP, Cisco, IBM, UHG and personally experiencing the challenges that prevent companies from quickly making changes to their technology, due to the complexity of their enterprise. An accomplished expert in Enterprise Architecture, Adi has also served as CxO advisor to numerous Fortune executives.
Eric Taylor, a former hacker, reveals what he's learned about cybersecurity. Taylor's life as a hacker began when he was just 12 years old and playing video games at home. Russian hackers are notorious for their hacking skills, but one American says he hacked a Russian cyber gang at just 15 years old. The government eventually caught up with Taylor and he pleaded guilty to posting the personal information on the internet, among other charges. Eric Taylor, who went by the nickname Cosmo the God, also posted personal information of celebrities and government officials, including Michelle Obama, former CIA director John Brennan, Kim Kardashian and Tiger Woods. Taylor recently became an advisor to cybersecurity start-up Path which helps companies make sure their websites are properly loading around the globe.
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a member of the Society of Information Management (SIM) Atlanta Chapter. She received a Business and Economics degree with a minor in Computer Science from St. Andrews Presbyterian University (Laurinburg, North Carolina). She resides in metro-Atlanta (Georgia).
SUSE is a German-based, multinational, open-source software company that develops and sells Linux products to business customers. Founded in 1992, it was the first company to market Linux for the enterprise. Founded in 1992, SUSE is the world’s first provider of an Enterprise Linux distribution. Today, thousands of businesses worldwide rely on SUSE for their mission-critical computing and IT management needs.
Mid-sized companies will be pleased with StorageCraft's low cost for this solution compared to others in the market. There are no startup fees, our solution has a predictable monthly cost, highly competitive pricing and offers ongoing value for our partners month after month. By enabling pooling and StorageCraft's 30-days of free virtualization the company removes several concerns surrounding machine size management and disaster recovery testing costs that add to the complexity of implementing a disaster recovery solution. In addition, their One-Click orchestration makes it simple to recover when needed, as all the work to setup a network and different connections is already complete.