Post Quantum Cryptography for the Internet of Things: PKI is ageing

It’s been a very hectic end of the year – researching technologies and working on some professional projects that will hopefully see the light this new year. It is during this last month whilst going through all these prediction reports for 2016, that I have realised that at least for the last 3 years encryption is being constantly mentioned.

Whilst going through prediction reports for 2016 this past month – I realised that encryption has been constantly mentioned throughout the last 3 years.

  • In 2016 an increase in attacks that misuse keys and certificates ( Venafi )
  • Most of organizations will fall victim to an attack on trust – one that impacts keys and certificates (Venafi)
  • Encryption is no longer the realm of geek speak ( Michael Sutton, CISO, Zscaler)
  • 2/3 of North American traffic will be encrypted in 2016 but protection of data in transit only addresses a small number of threats. Companies need to protect data at rest and data in use with approaches like cloud encryption (CipherCloud)

And the list of predictions goes on and on, but what is the real deal with encryption? What is the real issue affecting cybersecurity in this particular field?

Through a hint coming from my professional network I got introduced to a very interesting technology which is currently unfolding in the industry. If you are currently living in the UK, you have used it before as the UK government has implemented it and there are big brand names behind it such as NTT Docomo, INTEL, Experian, Paralells, U.S. Airforce and SK Telecom to mention a few of them.

In order to introduce you to this new solution and after some long hours refreshing my encryption knowledge I got to the conclusion that it is very challenging to expose you to the subject without previously going through a bit of past and present in PKI (public key infrastructure). I do not want to extend on this subject but primarily provide you with some resources to understand the current situation and trust challenge on the internet these days. To be brief and get you into context quickly we need to provide an answer to the following questions:

  • What is PKI?
  • What are the encryption algorithms used in a PKI?
  • What are the PKI vulnerabilities?
  • Why is PKI ageing ?
  • What is quantum cryptography?

Let’s answer the first one:

A PKI supports the distribution and identification of encryption keys to enable users and computer across internet to exchange data and verify the other party. PKI provides not only confidentiality but also authentication which is of extremely importance in internet.

A PKI includes the following elements:

  • A trusted party called certificate authority (CA) which acts as the root of trust and authenticate the identity of individuals and computers
  • A registration authority which is the subordinate entity of a CA
  • A certificate database to store certificate request and issues and revokes certificates
  • A certificate store as a place to store issued certificates and private keys
  • A certificate policy

More on KPIhttps://en.wikipedia.org/wiki/Public_key_infrastructure

Now, let’s look at the cryptography algorithms that are used in a PKI to achieve confidentiality and authentication.

Asymmetric or public key cryptography are the algorithms used in PKI and the internet. These algorithms are based on mathematical problems that currently have no efficient solution, in particular those inherent in certain integer, factorization, discrete logarithm and elliptic curve relationships.

The algorithms are based on the Diffie – Hellman mathematical problem. The motivation for this problem is that many security systems use mathematical operations such as the ones mentioned before which are very fast to compute however extremely hard to reverse with the current computational power in the world today.

To put it simple if you know how PKI works it is very easy to obtain a public key from a private key however practically impossible today to obtain the private key from the public key.

More on Asymmetric encryption:

https://en.wikipedia.org/wiki/Public-key_cryptography
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_problem
https://www.digicert.com/ssl-cryptography.htm
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
https://www.ietf.org/rfc/rfc3766.txt

It is very important to understand the concepts described above however if you feel strong you can go into the maths of the problem… I advise you to firstly understand the RSA cryptosystem, as it is the most currently used algorithm and its discrete logarithm theory is easier to understand than elliptic curves. I also suggest that you refresh your discrete mathematics 😉

For the analyst and operations security you should keep this in mind:

  1. RSA 1024 has been broken attacking other parts of the cryptosystem http://web.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
  2. When possible use RSA 2048 https://www.digicert.com/TimeTravel/math.htm

Asymmetric encryption algorithms are impossible to break today, however in some cases attacking other components of the cryptosystem implementation makes possible to reveal the information protected.

See below a very useful tool as well as example:
http://www.thoughtcrime.org/software/sslstrip/

To mitigate the attack:

  1. Use HTTPS sitewide
  2. Use HSTS to avoid browsers being fooled

To finish with this section I leave you an estimation of what it would take to break another very common algorithm such as AES according to the key size. I wish I could live that long…

aes_security_fig4

 

What are the current PKI vulnerabilities?

In this section I could definitely spend a considerable amount of time from discussing performance, manageability, scalability, security and other issues however I am just going to focus on a small set of them which are currently the most impacting from a security perspective of the system.

In a PKI the CA is responsible for verifying all the requests, and for issuing valid credentials to associate to private/public key pairs, using its root, or master key. The big weakness is the CA as a single point of trust, and failure, and its reliability is strongly dependent on how the CA maintains and securely stores its master key.

Compromise of the root CA means an organization would have to re-issue all the certificates which would be a very difficult and disruptive process.

Other potential scenario would be a malware attack in which certificate requests or approvals for what would appear to be legitimate to core certificate issuing systems.

Insiders can attempt to steal private signing keys that would enable the certificate approval process to be circumvented and allow a bogust cert to be issued.

In the following link, you can check the history of attacks against CA’s and how they are on the rise.

http://wiki.cacert.org/Risk/History
http://iang.org/ssl/pki_considered_harmful.html

Let’s refresh some of the most recent attacks to CA’s:

https://en.wikipedia.org/wiki/DigiNotar
https://www.reddit.com/r/technology/comments/3twmfv/dell_ships_laptops_with_rogue_root_ca_exactly

Let’s move on and understand why PKI is currently ageing and not in good shape for the current internet of things and cloud.

PKI cryptographic algorithms and infrastructure is 40 years old and invented for a different era in which client-server computing was the dominant paradigm. At the heart of it, lies the reliance on outdated and monolithic cryptographic trust hierarchies such as the previously discussed commercial certificate authorities.

In the current paradigm, the cloud or IaaS industry, many organizations find it challenging to transform into a digital business because of the issues of cryptographic trust, data residency and governance. Especially those in highly regulated industries.

On the technical side we find that technical teams running IaaS datacenters are facing difficulties to scale and automate operations with the complexity of running encryption, certificate and key management with a infrastructure that was built for the client-server era.

Last but not least, let’s discuss what is Quantum cryptography, it is not the main aim of this article however it will be beneficial to have a foundation when I will discuss the new solution.

The theory on quantum computing is a challenging one to understand, then again if you feel you need to understand it just make a quick search. I only want focus on the cryptographic side of quantum computing.

These new quantum computers which will be replacing the current generation of computers based on semiconductors, are theoretically capable of breaking current asymmetric ciphers such as RSA and ElGamal. Any adversary with capabilities in the quantum computing espace could theoretically bend these encryption schemes.

More on quantum cryptography:
https://en.wikipedia.org/wiki/Quantum_cryptography

Let’s summarize very quickly to understand the current challenges of PKI in the internet of today.

  1. Monolithic PKI hierarchy
  2. Inherent vulnerabilities in the current system
  3. Scalability issues with current client-server model
  4. PKI’s 40 year old encryption algorithms are ageing
  5. Advance adversaries with quantum computing capabilities could break current cryptosystems
  6. Complexity managing trust across different devices and applications in the current internet of things paradigm
  7. Organizations especially those in regulated industries experiencing difficulties to access and build digital economies due to current cryptographic trust issues, data residency and governance

 

In the middle of all these challenges for the PKI to advance the benefits of the cloud computing across the technology landscape; there is a project that is about to move into incubation in the Apache Incubator to become part of the Apache Software Foundation (ASF).

The name of this project is Milagro Proposal and it is a distributed cryptosystem for cloud computing. Its main purpose is to provide an open source alternative to proprietary key management and certificate backed cryptosystems used for secure communication and authentication. The project promises a secure, free and open source alternative to monolithic certificate authorities and eliminate single points of failure.

This cryptosystem is based on pairing based cryptographic algorithms to solve the key management, secure communications and data governance and compliance issues discussed before.

The way to achieve the mentioned benefits is by replacing the previous certificate authorities with a new service provided called Distributed Trust Authority (D-TA).

The M-Pin protocol as it is called, is already in use by Experian, NTT, Odin, Gov.uk and is being deployed at scale for zero password multi-factor authentication and certificate-less HTTPS.

Pairing base cryptography is vouched by NIST and recommends the standardization and adoption of these cryptographic algorithms for government agencies.

“It has been a decade since the first IBE schemes were proposed. These schemes have received sufficient attention from the cryptographic community and no weakness has been identified. IBE is being used commercially, primarily by Voltage Security and Trend Micro. Intel’s EPID scheme is another example of pairings being used commercially. > As a result of our study, we believe there is a good case for allowing government agencies to use pairings. Pairings have been shown to have numerous applications, helping to solve problems that are impossible, difficult, or inefficient with traditional public-key cryptography or symmetric encryption.”

NIST “Report on Pairing-based Cryptography”

Pairing cryptography and the D-TA’s makes it possible for a model in which trust does not reside in a single entity, in contrast to PKI. The efficiency and robustness of the cryptosystem relies on the fact that ALL D-TA’s must be compromised. The compromise of a D-TA does not provide any advantage to the attacker since all of the D-TA’s master secrets are inside the D-TA’s and these ones are under control of different organizations.

If you are interested on a high level overview of the architecture of the system:
http://wiki.apache.org/incubator/MilagroProposal

The most unique trait of the M-Pin authentication protocol and secure channel is the exploitation of zero knowledge proof authentication.

I know it is a challenge and takes time to understand but let me summarize the benefits of the system:

  1. Distributed trust eliminating the single point of failure
  2. Strength of the system provided by the D-TA’s distributing thirds of private keys to distinct identities
  3. To compromise the privacy it is a technical must to compromise all D-TA’s which is highly difficult and improbable to happen
  4. Zero knowledge proof, the system provides authentication without revealing the secret
  5. The system is resistant to quantum computing attacks

I know you are still going around it. Let me explain it to you in another way. The system provides a solution to some specific problems in the security world today:

  1. Eliminates single point of failure and hierarchical trust on internet
  2. Eliminates the credential theft or pass the hash scenarios since the system does not store the credential due to the use of the Zero knowledge proof method
  3. Simplifies the cloud in regulated industries since the password – credential it is not stored it is not possible to compromise the security of the system. This prevents the loss of the reputation many organizations are subject to in case of a compromise as they need to report the breach

This is definitively a strong candidate  solution for the current privacy challenges we are experiencing in the world today. If you research the field you will see many articles written by “security advisors” where they keep defending the PKI for the internet of things.

These “advisors” do not realize that one of the biggest problems in security has always been the password. Neither do they understand the challenges faced by the regulated industries, or the fact that today our privacy is in the hands of a set of big corporations which in yesterday’s internet they were safe but not anymore in today’s internet where everybody is at risk.

PKI will be with us for many more years, however it is not the optimal solution for the present and future Internet.

 

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s