& cplSiteName &

What if Encryption Just Stopped Working?

Mitch Wagner
8/7/2015
50%
50%

The next segment of our science fiction serial is up:

Silence Like Diamonds – Episode 5: Circular Trail

Need to catch up? Read from the beginning: Silence Like Diamonds – Episode 1: Family Business

When you're up-to-date, come back here and we'll talk about encryption and how it's turned upside down in the world of "Silence Like Diamonds."

Over on his own blog, the author, John Barnes, calls out a key passage from Friday's episode: Silence Like Diamonds – Episode 3: Principle One

    Ever since the Yan-Dimri fast factorization algorithm had flipped the advantage from the encryptors to the cryptanalysts, only isolated systems could be really secure (at the cost of being really useless).

That sentence is cryptic (so to speak), but Barnes explains on his blog what he means -- and it's exactly what I thought he meant. (See Predictions Are Hard, Especially About the Future)

For the entire history of the public Internet -- call it 20 years or so -- we've enjoyed an asymmetry in encryption. It is far, far easier to encrypt a signal than it is to break the encryption.

How much easier? So easy that any $150 Chromebook or $100 smartphone can encrypt information so robustly that the most powerful and expensive supercomputer in the world can't break it.

That's very peculiar. We're not used to cheap computers being able to out-do expensive computers.

But we don't really think about it. We take it for granted, as if it's natural law.

In his blog, Barnes explains that this situation is only about 40 years old, dating back to the 1970s. Previous to that, encryption and codebreakers were in an arms race, with codebreakers breaking encryption nearly as fast as the codes were created.

Now here's where things get really interesting: Nobody has ever proven that it's impossible to quickly break a code created with the strong encryption we rely on.

And nobody's proven that it's possible, either.

We just don't know.

We know that it hasn't been done in the 40 or so years these codes have been around.

Well, probably not.

All of global commerce depends on these encryption algorithms, and the trust that they're practically impossible to break.

In the near future of "Silence Like Diamonds," someone has figured out a way to break the best encryption algorithms. Two someones, named Yan and Dimri.

What would that world be like?

So far at least, the Yan-Dimri breakthrough hasn't figured much into the main story of "Silence Like Diamonds."

My first thought when I read the story, and John's follow-up post, was, "Wow! The world would be completely different! We'd have no privacy, and no secrets!"

And yet isn't that the situation we live in now? We live in the world after Edward Snowden, and countless other data breaches. For millions of us, our privacy is already broken. If attackers could break encryption, they'd just have new tools. It wouldn't be a fundamental change for privacy.

The breakthrough John imagines would mean big changes for business, because encryption is how we enable e-commerce. How could anyone do credit card transactions or funds transfers if they knew that criminals were likely eavesdropping over the the wire, and collecting credit card numbers and bank information?


Find out more about the New IP on Light Reading's The New IP Channel


You wouldn't be able to trust the Internet for financial transactions anymore. You wouldn't be able to trust any means of electronic communications. You'd have to go back to transmitting funds and other private transactions by hand, using couriers, like in the 19th century and earlier. Instead of carrying documents, these couriers would carry portable disk drives and USB sticks, but otherwise the procedure would be the same.

Meanwhile, network managers would have to find new ways to innovate and do business on their networks. But that part isn't science fiction -- it's happening right now, part of the New IP revolution.

Read Light Reading every day to find out more about the New IP, and come back Tuesday for the next installment of "Silence Like Diamonds."

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to wagner@lightreading.com.

(18)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Page 1 / 2   >   >>
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/27/2015 | 9:20:14 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Authentication doesn't require encryption.


Maybe I missed the point here. If someone can successfully pretend to be you, they can do transactions in your name with your money.


If they have access to  your traffic, then they can see the tokens etc that you send. Is that enough for them to imitate you, given the skills to appear to send from your ISP etc?


But if your messages are encrypted and they can't read them, then access to the messages doesn't help them pretend to be you.

If you have access to a code that no one  else can break, the very fact that you know the code is pretty good evidence that it's you. Or at least that it came from your own software, that they had access to more than just your packets.

The big point is that our current encryption systems were set up to allow anybody to do encrypted stuff with anybody else on the net. You don't have to exchange secret keys over a public system, or find an alternative medium to send them. It just works, for everybody. If we lose that, we'll have to fall back on secret communication only between entities that have actually exchanged secret keys some other way.

Unless I misunderstand.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/27/2015 | 8:40:31 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
There are two separate problems here: Authentication and payment. 

Authentication doesn't require encryption. You might use a token, something like the way Google and other sites now handle two-factor authentication.

Payment can be managed by the bank and amazon -- as it is now. The new system might require exchange of one-time pads. They can figure it out. 
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/27/2015 | 7:24:41 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Your bank has an incentive to work out an arrangement with you. They might for example hand you a read-only data packet of some sort when you visit your bank. It can serve as a one-time pad. The intermediate entity makes money from banks and such, who each trade one-time pads with it. This is easier for them than each of them sharing one-time pads with each other.
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/26/2015 | 6:28:13 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
J Thomas - How does an entity like Amazon make money on immediate purchases, though? 

For exmple, last night I was lying in bed at 11 pm and decided I needed a new computer bag (to go with my new MacBook Air, which replaced my MBP), and some other little travel and consumer electronics doodads. Total purchase came to about $65. I hit the check out key immediately, and the entire transaction was done in about 15 minutes. How would that work in an era where encryption could no longer be trusted?

Bear in mind that if I wait a day I might remember that I already have a room of the house devoted to computer bags and electronic gadgets I'm not using, and don't need anymore.

Hmmm... answering my own question here: I think the answer is credit. Amazon extends credit to me as a customer, and I only have to pay my bill monthly. That bill-payment can be done over a period of however long time it takes to transmit and receive a one-time pad. 

Whew! We've saved Amazon! Jeff Bezos will be relieved! :)
J Thomas
50%
50%
J Thomas,
User Rank: Light Beer
8/25/2015 | 3:22:55 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
"Similarly, how could Amazon sell sweatsocks?"

You can have a known mailing address. It might take, say, a week for you to change it if you move.

Amazon sends your sweatsocks to your address. If someone ordered them for you with your money, then you return the sweatsocks and they return your money. The somebody who pretended to be you did not get the sweatsocks. Amazon can do this if it doesn't happen so often that they lose more than they can afford on mailing.

Harder version: Somebody says he sold you sweatsocks and takes your money. The sweatsocks never arrive, you didn't order them anyway, and your money is gone. The account was closed out and the mony sent through some complicated laundering operation. What can anyone do about it?

One possibility -- You send the money to a professional escrow organization that verifies to the seller they have it. They send you the product, you then validate payment. You don't get your  money back. If you don't send the money on then you claim what happened, the other guy claims what happened, and anybody who wants to do business with either of you gets to review the record if they want to. Now the big trust issue isn't between you and everybody, it's mostly between you and your trusted escrow agency.

Better -- you have a trustworthy link with your bank. Your bank has a trustworthy link with your vendor's bank.

Instead of needing a trusted communication link with every entity in the system, you only need a path of trusted links, between pairs of entities that can presumably afford one-time pads or couriers to physically transfer private keys.

 
brooks7
50%
50%
brooks7,
User Rank: Light Sabre
8/14/2015 | 11:56:11 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
"Yes, it is breakable -- but it takes billions or trillions of years to do it through compute. So instead attackers use man-in-the-middle attacks, social engineering, or exploiting software bugs. Those things can be be protected against."

I think you have the timescale wrong.  Just ask the NSA.  Try more like a year not billions of years.  The problem is that most people don't have the compute resources of the NSA.  That is just one reason why hackers try to take over machines (to assign them work).

And it is impossible to defend against Social Engineering attacks.  Imagine that I give Light Reading's IT head $1B to let me break in.  Think he would let me?  It is all a question of resources - not of technology.

So let me ask a question.  You ever gotten a Flash Drive at a trade show?  Ever plug it in?  How do you know that it does not have a Root Kit that the person that gave it to you did not know was there?

seven

 
John Barnes
50%
50%
John Barnes,
User Rank: Blogger
8/14/2015 | 3:27:41 AM
A little historical perspective on this over at my blog...
... as in what do a message wrapped in cigars, the Dreyfuss affair, and the history of shinplasters have to do with fast factorization?


Mosey on over to my blog announcing Episode 7 for things in a bit more detail.  Sure hope there are a lot of cigar and shinplaster aficionados out there ....
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/11/2015 | 10:31:28 AM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
brooks7 - "Here is the thing...again it is completely breakable right now.  There is no new tech required to break things.  But it takes say a year.  So, you can change your password before it becomes decrypted."

Yes, it is breakable -- but it takes billions or trillions of years to do it through compute. So instead attackers use man-in-the-middle attacks, social engineering, or exploiting software bugs. Those things can be be protected against.

Decryption can't be protected against, so instead you rely on couriered messages, or one-time pads as described in the next installment of "Silence Like Diamonds." 
brooks7
50%
50%
brooks7,
User Rank: Light Sabre
8/10/2015 | 12:59:23 PM
Re: Brooks7 has put his finger on both the problem and why I don't think it's as much of a problem
Mitch,

Here is the thing...again it is completely breakable right now.  There is no new tech required to break things.  But it takes say a year.  So, you can change your password before it becomes decrypted.

Multi-factor Auth is much better than changing the sign on procedures.  You just need an out of band comms mechanism.

seven

 
Mitch Wagner
50%
50%
Mitch Wagner,
User Rank: Lightning
8/10/2015 | 10:52:13 AM
Re: Biometrics
brooks7 - You are technically correct. Today's encryption is indeed breakable, just not in a "reasonable time frame."

But that unreasonable time frame is longer than the known life of the universe
Page 1 / 2   >   >>
More Blogs from Wagner’s Ring
Hungry for attention as a public cloud provider, Oracle lands a major customer in AT&T.
Comcast is looking to a private cloud based on Cloud Foundry to turn around record bad customer satisfaction scores.
Facebook is building out its networking infrastructure to provide for the needs of nearly 2 billion active users.
Awards ceremony! Party! Media executives wearing disco duds!
From The Founder
Kicking off BCE 2017, Light Reading founder Steve Saunders lays blame for NFV's slow ramp-up and urges telecom to return to old-fashioned standards building and interoperability.
Flash Poll
Live Streaming Video
Charting the CSP's Future
Six different communications service providers join to debate their visions of the future CSP, following a landmark presentation from AT&T on its massive virtualization efforts and a look back on where the telecom industry has been and where it's going from two industry veterans.
LRTV Interviews
CenturyLink: Let's Get Past SD-WAN Hype

6|23|17   |   04:02   |   (0) comments


Technology becomes a "shiny object" unless it's properly focused on solving business needs for enterprise customers, says Bill Grubbs, network solutions architect for CenturyLink. He explains to Light Reading why SD-WAN deployments have to be tailored to specific needs – and more.
Women in Comms Introduction Videos
Infinera's Sales Director Paints Tech's Big Picture

6|21|17   |   4:14   |   (1) comment


Shannon Williams, Infinera's director of sales, shares how she achieves work's many balancing acts -- between her role and the broader company, today and tomorrow's tech and more.
LRTV Custom TV
SD-WAN Innovation & Trends

6|20|17   |     |   (0) comments


Versa CEO Kelly Ahuja discusses with Carol Wilson the current status and trends in the SD-WAN market, Versa's innovation around building a software platform with broad contextualization, and the advantages that startups can bring to the SD-WAN market.
LRTV Interviews
Ovum's Dario Talmesio on 5G in Europe

6|20|17   |   02:16   |   (0) comments


At 5G World 2017, Dario Talmesio, principal analyst and practice leader on Ovum's fixed and mobile telecoms European team, explains the emerging trends amongst European operators as they prepare for 5G.
LRTV Custom TV
Putting Power on a Pedestal

6|19|17   |     |   (0) comments


ARRIS's John Ulm says a major accomplishment of SCTE•ISBE's Energy 2020 program is increased focus on power cost and consumption, including inclusion of energy requirements in operators' RFPs and RFIs.
LRTV Custom TV
Gigabit Access: The Last-Mile Pipe for All Future Services

6|19|17   |     |   (0) comments


A Gigabit access platform being deployed today must be able to deliver all types of services to an increasing number of devices. A non-blocking architecture is necessary to support the ever-increasing growth in bandwidth demand. The Huawei Gigabit access solution is based on a distributed design that is fully scalable to deliver a unprecedented performance.
LRTV Custom TV
Key Factors to Successfully Deploy an SD-WAN Service

6|19|17   |     |   (0) comments


As service providers transition their SD-WAN solution from trials and limited deployments into production at large scale, there are important considerations to successfully operationalize these solutions and realize their full potential, without adding complexity, introducing uncertainty or disrupting current business operations. Sunil Khandekar, CEO and Founder ...
LRTV Custom TV
IoT Solutions: Rational Exuberance

6|19|17   |     |   (0) comments


IoT solutions are morphing from hype into viable business opportunities. Huawei has the platform and ecosystem support to help carriers successfully address new business opportunities in the IoT space.
LRTV Custom TV
Realizing ICN as a Network Slice for Mobile Data Distribution

6|19|17   |     |   (1) comment


Network slicing in 5G allows the potential introduction of new network architectures such as Information-centric Networks (ICN) as a slice, managed over a shared pool of compute, storage and bandwidth resource. Services over an ICN slice can benefit from many architectural features such as Name Based Networking, Security, Multicasting, Multi-homing, Mobility, ...
LRTV Interviews
Ovum's Mike Roberts on 5G Uptake

6|19|17   |   04:08   |   (0) comments


Mike Roberts, research director for Ovum's service provider markets group, explains why he has boosted his 5G subscriptions forecast.
LRTV Interviews
AT&T's Hubbard on Intersection of SD-WAN & MPLS

6|15|17   |     |   (0) comments


Rick Hubbard, SVP of Network Product Management for AT&T Business Solutions, discusses how AT&T's approach to SD-WAN fits in with its overall virtualization strategy, explains how SD-WAN can improve enterprise customers' use of the cloud and addresses the intersection of SD-WAN and MPLS.
Telecom Innovators Video Showcase
Keep Connected IoT Devices Under Control With Allot

6|15|17   |     |   (0) comments


Allot AVP of International Pre-Sales, Daniel Keidar, explains how communications service providers can protect infrastructure and service availability from flooding attacks caused by malfunctioning or bot-infected devices connected to their network.
Upcoming Live Events
October 18, 2017, Colorado Convention Center - Denver, CO
November 1, 2017, The Montcalm Marble Arch
November 1, 2017, The Montcalm Marble Arch
November 30, 2017, The Westin Times Square
All Upcoming Live Events
Infographics
With the mobile ecosystem becoming increasingly vulnerable to security threats, AdaptiveMobile has laid out some of the key considerations for the wireless community.
Hot Topics
Netflix's Lesson in Culture Expectation Settings
Sarah Thomas, Director, Women in Comms, 6/21/2017
No Imagination: UK Chip Biz Goes Up for Sale
Iain Morris, News Editor, 6/22/2017
Kalanick Steps Down as Uber CEO
Sarah Thomas, Director, Women in Comms, 6/21/2017
BT Tech Chief Makes Plea to 5G Chip Vendors
Ray Le Maistre, International Group Editor, 6/20/2017
Like Us on Facebook
Twitter Feed
BETWEEN THE CEOs - Executive Interviews
Following a recent board meeting, the New IP Agency (NIA) has a new strategy to help accelerate the adoption of NFV capabilities, explains the Agency's Founder and Secretary, Steve Saunders.
One of the nice bits of my job (other than the teeny tiny salary, obviously) is that I get to pick and choose who I interview for this slot on the Light Reading home ...
Animals with Phones
Live Digital Audio

Playing it safe can only get you so far. Sometimes the biggest bets have the biggest payouts, and that is true in your career as well. For this radio show, Caroline Chan, general manager of the 5G Infrastructure Division of the Network Platform Group at Intel, will share her own personal story of how she successfully took big bets to build a successful career, as well as offer advice on how you can do the same. We’ll cover everything from how to overcome fear and manage risk, how to be prepared for where technology is going in the future and how to structure your career in a way to ensure you keep progressing. Chan, a seasoned telecom veteran and effective risk taker herself, will also leave plenty of time to answer all your questions live on the air.