Earlier this week, the New York Times interviewed Paul Kocher, president and chief scientist of the Rambus Cryptography Research division, about the recent slew of high-profile digital attacks that have targeted numerous corporations and government entities.
“[Kocher] says he thinks the explanation for the world’s dismal state of digital security may lie in two charts,” writes Nicole Perlroth.
“One shows the number of airplane deaths per miles flown, which decreased to one-thousandth of what it was in 1945 with the advent of the Federal Aviation Administration in 1958 and stricter security and maintenance protocols. The other, which details the number of new computer security threats, shows the opposite.”
Indeed, as Perlroth points out, there has been more than a 10,000-fold increase in the number of new digital threats over the last 12 years.
“The problem, Mr. Kocher and security experts reason, is a lack of liability and urgency. The Internet is still largely held together with Band-Aid fixes,” Perloth continues.
“Computer security is not well regulated, even as enormous amounts of private, medical and financial data and the nation’s computerized critical infrastructure — oil pipelines, railroad tracks, water treatment facilities and the power grid — move online.”
Consequently, ideas that were once confined to research labs are now being evaluated for potential use in future products. As Kocher noted in an October New York Times op-ed, the market is steadily progressing towards safer technologies, with cryptographic algorithms providing the mathematical building blocks for security and privacy. To be sure, dedicated security hardware that once occupied racks of equipment can now be manufactured on the corner of a chip for just a few cents.
As we’ve previously discussed on Rambus Press, legendary cryptographer Paul Kocher discovered timing cryptanalysis – a method of obtaining secret keys from cryptographic devices operating in non-constant time. More specifically, he determined that many RSA and Diffie-Hellman were executing simple operations faster than more complex ones, allowing keys to be found by measuring the variations and applying innovative statistics.
Kocher also co-developed simple power analysis and differential power analysis, contributed to the design of Deep Crack (a DES brute-force key search machine) and co-authored the Secure Sockets Layer (SSL) 3.0 protocol, a cryptographic standard for secure communications over the Internet.
Interested in learning more? You can read the full text of “Hacked vs. Hackers: Game On” by Nicole Perlroth on the New York Times website here and check out Paul Kocher’s October op-ed “Moving to ‘smart’ credit cards will help with security” here.