Public key cryptography celebrates anniversary

IDG News Service - Dignitaries from the computer security field took the stage at the Computer History Museum on Oct. 26 to commemorate the 30th anniversary of public key cryptography, wax historical about academic, governmental and commercial developments in security, and ponder the future. Panelists included persons such as Whitfield Diffie, a cryptography pioneer and chief security officer at Sun Microsystems; Notes creator Ray Ozzie, now Microsoft's chief software architect, and Brian Snow, retired director for the National Security Agency's Information Assurance Directorate. They touched on topics ranging from NSA obstacles and export regulations to decades-old research papers and the Clipper chip.

The concept of public key cryptography has evolved over the years, and its principles are being extended into areas such as e-commerce, panelists noted. Public key cryptography uses public and private keys between sender and recipient of a message for security purposes. The sender encrypts a message with a public key and the recipient uses a private key to decrypt it. Its birth is traced to the November 1976 publishing of a paper titled, "New Directions in Cryptography," written by Diffie and Martin Hellman, who also served on Thursday's panel and is a Stanford University professor.

Snow cited the advent of e-commerce and the need to move money over the Internet as a seminal event in secure computing. "The industry was a dead start until e-commerce," he said.

The power of the Internet was not envisioned when cryptography began to emerge, Hellman said. Developers thought widespread commercial adoption of encryption would happen in 10 years, but it took about 25, he said.

"The time is not far off when electronic funds transfer will be used to buy a loaf of bread," said Hellman.

Panelist Dan Boneh, also a Stanford University professor as well as a co-inventor of identity-based encryption, said the U.S. government has gone from stalling deployment of cryptography to mandating it with regulations such as Sarbanes-Oxley and HIPAA. "There's been a complete flip, recognizing that encryption is there to help us, not just to help our enemies," Boneh said.

Ozzie recalled that governments attempted to hamstring computer security via export roadblocks or import controls. But all that went away around 1996, so governments are no longer an excuse for a lack of secure software, according to Ozzie.

"At this point in time, my personal view is it's laziness on the part of the industry in terms of not embracing architecture and the importance of human interface in the design of secure systems," said Ozzie. Notes developers had weaved in security, he said.

Commenting on the issue of governments and personal security, Snow recalled that a woman familiar with his NSA role came up to him after the Sept. 11, 2001, terrorist attacks and said she would sacrifice her liberties just to be safe. But it is not that easy, according to Snow.

"Get it out of your mind that there's a straight line between liberty and safety. It is not a linear function," Snow said.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.