Cryptography, authentication, hot topics among experts
Leading security experts have gathered this week at the RSA 2013 security conference to discuss the latest on cryptography and authentication. One of the leading panel discussions of the event thus far focused on cryptography's effectiveness. While some experts went so far as to declare cryptography a less important form of protecting data, citing the rise in frequency and sophistication of attacks as proof, others disagreed.
Dan Boneh, professor of Computer Science and Electrical Engineering at Stanford University and encryption expert, stated that cryptography's problem is that there exists a lot of client code that implements SSL that is not web browser-based code. In other words, it is not cryptography that is to blame but rather the way that it is being used.
"Web browsers have the integrated capability to check the validity of a given SSL certificate," Boneh said according to eSecurity Planet.
"In the case of mobile applications that don't leverage browser-based code, they still need to verify with a certificate authority (CA)."
To support his claim, Boneh conducted a study of his own to determine if improper SSL verification was indeed the leading cause of cryptographic failure. His findings indicated that improper certificate use confirmed his hypothesis.
"Almost every [application examined in the study] had a misunderstanding and misconfiguration," Boneh said. "So a man in the middle attack could be fairly easily executed."
Another much-discussed topic at this year's RSA conference has been strong authentication (SA), a form of advanced cryptography based on the challenge-response protocol. According to panelist Philippe Courtot, with the number of mobile devices increasing exponentially, SA will need to become one of the primary ways users protect their personal information from the onslaught of malware.
"[The challenges resulting from the adoption to mobile] is already there with the barrage of security breaches that we read about in the press," said Courtot in SC Magazine. "We are constantly under attack as cyber criminals automate their attack tools." Courtot then went on to explain that though the security model in its current state is not designed for these kinds of automated attacks, the computer security industry's progress in developing resources like SA and enhanced SSL certification can be used across billions of devices with relative ease.
It remains true that no technology is beyond hacking, although networks and applications running up to date security tools remain one of the best ways to stay protected from malware. Visit Thawte today to get equipped with an SSL certificate.