In-Depth

Cryptographers Warn About Security Dangers in the Cloud at RSA

Researcher says read the fine print before connecting to the cloud.

• By John K. Waters
• 03/09/2010

Government intervention in cloud computing is "the big elephant in the room that no one will talk about," said Adi Shamir, professor of mathematics and computer science at Israel's Weizmann Institute of Science, who spoke at the recent RSA Conference as part of the event's annual Cryptographers' Panel.

Shamir added that once most people move their IT operations into the cloud, "it's going to be the wet dream of government."

Concerns about cloud security dominated last week's RSA conference, and it was still on the minds of the panelists at the event's popular annual gathering of cryptography mavens. Moderated by Ari Juels, chief scientist at conference sponsor RSA Laboratories, this year's panel saw the return of Shamir, along with Whitfield Diffie, Royal Holloway College visiting professor and Stanford University visiting scholar; Martin Hellman, professor emeritus of electrical engineering at Stanford; and Ronald Rivest, Viterbi professor of electrical engineering and computer science at MIT.

The panel also included a special guest: retired government cryptographer Brian Snow, former technical director of the National Security Agency's Information Assurance Directorate (IAD), which protects U.S. information systems.

Juels kicked off a lively discussion when he asked Snow about the NSA's advantages over the private sector. Emphasizing that he was speaking for himself and not his former employer, Snow described the agency's approach as a "more nuanced posture" in areas of little interest to the private sector, such as nuclear command and control.

"Where we do overlap, we cheat," Snow said. "We read what you publish, but we do not publish what we study. We have good budget and an aggressive, talented staff. We have Ph.D.s doing nothing but cryptography -- that's a nice department. We have a better knowledge base and more stuff than what you have. The NSA is still ahead, a small handful of years, on average. I think we've got the edge still."

Diffie, who is probably best known for his pioneering work with public-key cryptography, argued that nuclear command and control was not a good example of something that doesn't interest public cryptographers. More significant, he said, is that "there are a whole range of problems that are inspired by doing real signals intelligence, and this community can't do that" because it's illegal. Signals intelligence refers to intelligence gathering by the interception of communications signals.

Hellman, who is co-inventor of the Diffie-Hellman key exchange security protocol, agreed with his colleague, recalled that their early work in public-key cryptography was not regarded by their peers as significant.

"I was told by all of my colleagues that cryptography was a waste of time. The NSA had a massive budget, we didn't know how big at the time, and they had been working on the problem for decades. We were told there's no way we'd discover anything that they hadn't already found, and if we did, they'd classify it," Hellman said.
Snow added that this kind of work is also very expensive. The government spends a lot of money in the command and control arena, he said, for "toys" the commercial sector doesn't have yet.

Shamir, who was one of the creators of the RSA public-key encryption system, took Snow's former agency to task for failing to publish any significant research on public key cryptography. His own search among hundreds of titles some recently declassified articles from NSA technical journals uncovered no such research. "Isn't that a demonstration that the NSA was way behind in public key cryptography?" he asked Snow.

"People who invent things in parallel don't always use the same terminology," Snow answered.

When the discussion turned to cloud computing, Snow joined Shamir in expressing his distrust of cloud services. "I'm not fond of the cloud, either," he said. "You're renting an interface...and you don't know what else is cuddling up to it...[s]o you have to write your contracts very carefully...otherwise you are at great risk."

But Snow blamed vendors for not plugging the security gaps, and he predicted a "trust meltdown" for the security industry if that doesn't change. "We have complex operations in place in tightly intertwined systems, and the processes are not well understood or analyzed, but they are widely used and trusted. That's a recipe for disaster."

He admonished vendors to "lean forward" to address known security vulnerabilities, instead of waiting until they cause problems. "It can be to your commercial advantage," he said. "Put some money on the table. Lean forward on the vulnerabilities. Don't just let them sit there until you smell the attack."

Along with cloud security, the state of mobile platform security was a top-of-mind concern for Rivest. "We're moving to the phone as the universal proxy, electronic representative," he said. "Making sure that these phones are secure is critically important," he said. "I think cryptography lives in this ideal 'cloud' world, where Alice has a key and can keep it secret...[a]nd that's just not where we are yet with the platforms. We need to be able instantiate the ideal framework of parties who can keep secrets and use them securely with hardware and software systems that satisfy those axioms. We're a long way from that and it's getting critical."