It’s time for a re-boot of the Internet’s security infrastructure. The last two years have been anything but uneventful in the realm of information security. Let’s start with the Snowden revelations. The fallout from the treasure trove of classified information is still ongoing, but taking a geo-political view we can see that the Internet is now moving towards a “trust no one” model, whereby local service providers will spring up to satisfy the jurisdictional demands of their customers. Indeed, when industry titans such as Facebook, Google, Microsoft, Cisco and others join together to take on the U.S. Federal government and treat the NSA as their most sophisticated threat actor, you know the dynamics of the industry have changed.
Next up, the Sony, Target, LinkedIn, eBay and Anthem breaches (not to mention hundreds of others). In some cases the breach was a result of blatant disregard of information security basics, but in many others, the competent if not very exceptional information security professionals were bested not by their adversaries, but by the complexities of securing confidential information in an era of increasingly complex infrastructures and porous networks. The consequences were still the same: millions of passwords exposed and / or confidential information affecting individuals splashed across the Internet.
Lastly, the digital certificate industry continues to suffer from a number of inherent flaws. Take note of the latest breakdown in the singular trusted root key model as Google permanently banned any digital certificates issued by the official Chinese domain name registrar from being recognised in Chrome browsers. MIRACL is an organization that knows of the perils of holding a root key. This is an exceptionally flawed security construct, one that is open to government coercion and attack or criminal espionage (remember the Diginotar hack? ). Yet it continues to power the heart of eCommerce on the Internet. Why? Because the infrastructure is so baked in to desktop browsers that the friction to move to new security models is immense. The main cryptographic engine that powers SSL / TLS protocols, OpenSSL, has proven to be such a dog’s breakfast of spaghetti code that, Heartbleed, an unimaginable vulnerability until reality struck, was able to run in the wild for years before being detected.
Taken together in a macro view, we at MIRACL reached the following conclusions:
- A new kind of distributed trust model for root key functions, whereby parties can share the tasks of issuing cryptographic keys and securing said keys, would be an improvement over existing methods. Particularly if this meant an end to single points of compromise internally and externally.
- For large, Internet scale populations, digital certificates and the PKI model is fundamentally flawed and needs a sunset, particularly the root key model. That’s a school of hard knocks lesson but also self-evident. Where are all the client side SSL certificates?
- Server side code for creating secure channels between clients and servers needs to be slimmed down to easily audit-able and verifiable cipher suites that don’t depend on a singular 3rdparty certificate authority infrastructure.
- In the Internet of Things era, size and computational constraints will demand relatively new, but tested and academically verified, forms of P2P and client to server cryptographic security. PKI isn’t going to be scalable to this level.
- Perimeter based security (firewalls, intrusion detection, etc.) as the only means of defence is becoming more and more antiquated and ineffective.
These conclusions prompted us to begin work on the Distributed Trust Authority (D-TA), an effort by MIRACL to deliver a next generation cryptographic infrastructure for a better Internet of Things world.
In my next blog post, we’ll expose the inner workings of the D-TA, and hopefully convince you, the reader as to its merits as an alternative to existing infrastructures.