As we move to a world of hybrid data centers that span both private and public clouds, encryption will become increasingly ubiquitous and important. While the physical control of infrastructure becomes less and less relevant, the logical control of encryption becomes the foundation of trust. As such, the integrity of an encryption solution moves more centrally into the spotlight.
The current state of the art as defined by the NSA is AES-256 bit encryption. This very strong level of encryption is not practical to break with known computing hardware. In order to trust the encryption, however, we need to trust the libraries and the hardware that are at the root of an encryption scheme. And if we've learned anything over the past few years, there is reason for concern.
Eric Snowden revealed that a very powerful entity, presumably in the U.S. government, installed a backdoor into the most popular form of RSA encryption. The RSA encryption solution was the system that marched us into the modern world of encryption. It relies on two random prime numbers that generate a number N. Then a random number generator is used to create another number E. The key is the pairing of N and E.
It turns out that in the seed values of N, the two random prime numbers being generated were not always random -- there was a known relationship between them. To the outside observer the key would look entirely random and therefore strong. But if one knew the relationship between the prime numbers that made up N, one could decipher the key and crack the encryption.
It was an ingenious idea because the only entity that knew the relationship was the entity that manipulated it in the first place. So only one entity could access this key. Presumably this entity was the U.S. government, which could then selectively decrypt data, but no other governments or entities could do the same. This core issue of whether the U.S. government should be allowed to access encrypted data has been grabbing headlines recently, with Apple resisting efforts by law enforcement to access user-encrypted data.
Snowden’s revelations about a backdoor have undermined trust in large amounts of U.S.-made infrastructure, and have had lasting impact. The good news is that new thinking and research about encryption is emerging, with new techniques that can nail shut any attempted backdoors.
Alex Russell is a professor at the University of Connecticut, and he has been focusing on the problem of how to ensure that a randomly generated number used to generate encryption keys is in fact random. Russell and his team have shown that by taking the output of the random number generator and running it through a hash function such as SHA-256 hash, a new and truly random number is created that can reliably be used to generate encryption keys. It is very difficult to predict the output of a hash function, so in effect this simple step can ensure the true randomness of the number used to generate a key.
While this research is new and still evolving, it makes an important point. Any form of security is subject to manipulation, particularly by powerful parties such as governments. No matter what these parties do to create backdoors and surveillance points, however, technology moves quickly enough that it will always find ways to nail those backdoors shut.
Encryption is becoming ubiquitous and increasingly important. As physical barriers and controls for data security melt away, encryption is the last line between what is private and what is public.
The integrity of popular encryption is critical to maintaining trust in this last line of defense. Techniques such as the one Russell has introduced will continue to ensure that private data stays private.
This article is published as part of the IDG Contributor Network. Want to Join?