Crypto panel takes on RFID, bashed hash functions

By Michael S. Mimoso, Senior Editor 14 Feb 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

SAN JOSE, Calif. -- Irreverent and outspoken Adi Shamir makes it a point to announce news at the annual Cryptographer's Panel at the RSA Conference. Tuesday was no exception.

Shamir, professor at the Weizmann Institute of Science and the "S" in RSA, told a packed auditorium during the get-together of crypto hall-of-famers about how he and a student applied side-channel attacks against RFID tags.

Similar attacks against smart cards monitor how power consumption changes as conditions change around a technology. Only thing is, RFID tags have no direct power source to monitor.

Applying the theory, Shamir and his student figured out how to measure the amount of energy the tags consume from the environment by using a directional antenna to monitor the tags' behavior. By sending incorrect bits to a tag, they were eventually able to decipher the tags' kill password and disable them.

"Everyone expects RFID tags to be huge; they're everywhere," Shamir said. "They're going to protect our identities in our passwords. They're going to protect items in stores. The fact is, the first generation is very weak."

The crypto panel featured Shamir; Ron Rivest, Viterbi professor of electrical engineering and computer science at MIT and the "R"

This was a wake-up call for the crypto community. We realized the design paradigms we've been using are not the right ones. Ronald L. Rivest MIT Professor and RSA co-founder

in RSA; Whitfield Diffie, Sun Microsystems CSO; and Martin Hellman, professor emeritus of electrical engineering at Stanford University. Diffie and Hellman are co-inventors of public-key cryptography. Rivest, Shamir and Len Adleman wrote the RSA algorithm.

Each uses the panel as a forum to reflect on cryptographic advances and launch predictions for the future of their trade.

One year ago at RSA, Shamir revealed that successful hacks had been launched against the SHA-1 algorithm. SHA-1 has since been cracked twice with researchers theoretically proving that the algorithm is susceptible to collision attacks. Such attacks could make it possible to forge digital certificates, give attackers greater privileges and reduce the security of messages sent over the Internet.

Shamir, however, said not many hash functions implemented in practice had been affected.

"The major crypto result is that this taught us about how to design future hash results to be stronger," Shamir said. "I would say the practical impact [of collision attacks] is still not strong."

Leave it to a cranky cryptographer to take all the fun out of bashing crypto algorithms and the security of RFID tags.

"This was a wake-up call for the crypto community," said Rivest. "We realized the design paradigms we've been using are not the right ones." Rivest suggested the community begin tweaking old designs, and start on a new hash function standard to begin at an upcoming NIST workshop this year.

"I think we should set a goal by 2010 to come up with a standard, maybe have a hash function bakeoff, similar to the AES bakeoff," Rivest said, referring to the contest that resulted in the Advanced Encryption Standard that replaced DES as the industry guide.

SHA-1 took its share of hits in 2005. Prior to that, it was believed it would take 2^80 hash operations to successfully create a collision attack (collisions happen when two messages have the same hash value). Chinese researchers twice reduced that number to 2^63 operations.

Late last year, Microsoft banned SHA-1 for new code--along with its predecessors MD4 and MD5--if SHA-256 is available for the particular platform. "SHA-1 is currently showing some signs of weakness and may be completely insecure in the next few years," Michael Howard, senior security program manager at Microsoft, said in November 2005. "Since customers will use Microsoft products for more than two to three years, it's important we protect them by working now to improve the security of code for the future and banning the SHA-1 algorithm is a step in that direction."

Despite the assault, the crypto panel was adamant that cryptography was still the least vulnerable of security technologies.

"One of the things we've lost sight of is that crytpo has been least hooked into. If the field would catch up to crypto, it would be in much better shape."

Hellman called for a new "gene pool" of development in public key cryptography. He pointed to the work done on Elliptic Curve Cryptography, which uses smaller key sizes and is a more efficient algorithm than RSA, for example. ECC is suited for smaller mobile devices like smart cards and cell phones.

Tags: Disk Encryption and File Encryption,  Security Industry Market Trends, Predictions and Forecasts,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Disk Encryption and File Encryption Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Should developers create libraries of common cryptographic algorithms? What is an encryption collision? Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection Voltage, RSA spar over tokenization, data protection Truth, lies and fiction about encryption What are new and commonly used public-key cryptography algorithms? What are the export limitations for AES data encryption? Security Industry Market Trends, Predictions and Forecasts Healthcare security spending remains sluggish, report shows How to use Internet security threat reports M86 buys Web security gateway vendor Finjan Information Security Decisions 2009: Presentation downloads Bruce Schneier on outsourcing, awareness training Marcus Ranum on cyberwarfare, infosec careers McAfee survey finds faults in midmarket enterprise security Email archiving vendor sues Gartner over Magic Quadrant Information Security magazine October issue PDF Editor's Desk: Security 7 Winners Chronicle Trends That Shape The Industry Security Industry Market Trends, Predictions and Forecasts Research

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Advanced Encryption Standard  (SearchSecurity.com) data key  (SearchSecurity.com) Encrypting File System  (SearchSecurity.com) encryption  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) network encryption  (SearchSecurity.com) output feedback  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) Rijndael  (SearchSecurity.com) Twofish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary