The National Academies Press

Currently Skimming:

5 Research, Industry, and Policy Implications
Pages 53-61

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 53... ... AGILITY IS ESSENTIAL (BUT EXTREMELY CHALLENGING) Steven Bellovin, Columbia University Steven Bellovin, currently a professor of computer science at Columbia University, previ ously worked as a fellow at AT&T Labs and served as chief technologist for the U.S. Read the entire page →
From page 54... ... protocols made mistakes with hash functions negotiation in part because only those two algorithms existed when the protocols were designed.2 Put simply, the negotiation process required knowledge of the newer algorithms, but older systems would not know them. In this case even the IETF, representing the field's elite experts, "tried hard and got it wrong," he said, underscoring the risks for companies attempting to design their own cryptographic agility approaches. Read the entire page →
From page 55... ... Such a system could be appealing to vendors, who would sell consumers replacement products after 5 years, and potentially palatable for consumers, who typically are limited to short warranty periods and may benefit from a longer period of guaranteed support, even if it comes at the cost of a firm end date. Bellovin considered potential approaches to making such devices updatable. Read the entire page →
From page 56... ... Considering Unintended Consequences Agility can allow for weaker cryptography to persist, which Bellovin emphasized was problematic for many reasons: "Backwards compatibility can be ‘bug-wards compat ibility,' and that is a threat we have to meet as well." While downgrade attacks need to be prevented, he acknowledged that sometimes it is necessary to roll back to an older version of a security mechanism because the newer one is not working. Agility requires thinking seriously about consequences and making unpopular decisions. Read the entire page →
From page 57... ... Key management systems and implementations eventu ally fail, and operational errors eventually arise. "You have to be able to change things quickly," Manferdelli said, noting that at the same time, "You really cannot anticipate what you have to change." Aiming for Agility While Acknowledging Its Limitations Manferdelli noted that agility is important and applies to more than just cryptographic agility -- it is not always clear in advance what will need to be changed, and changed quickly. Read the entire page →
From page 58... ... For that reason alone, it would be wise to plan for agility and to take advantage of cryptographic advances where they emerge. Whatever the likelihood that quantum computing will be invented, and however uncer tain we are about when it might become a reality, Manferdelli emphasized that it is im portant to plan for a quantum threat because of its potential catastrophic consequences. Read the entire page →
From page 59... ... He suggested creating and testing quantum-resistant algorithms now, perhaps inside a cipher suite. Either an upgrade strategy or short service life could help when a new protocol inevitably goes wrong. Read the entire page →
From page 60... ... Under certain circumstances, he allowed that there should be a way for law enforcement to ac cess evidence in data, but giving law enforcement universal access is not, in his view, the optimal way to achieve it. 60 Forum on Cyber Resilience Read the entire page →
From page 61... ... Steven Bellovin categorized software update problems as "fiendishly difficult" research problems that are much harder than the cryptographic agility problem on its own. He pointed out that every major software vendor has experienced update prob lems, where a patch either had to be recalled or replaced, or it ended up breaking de vices completely. Read the entire page →

From page 53...

... AGILITY IS ESSENTIAL (BUT EXTREMELY CHALLENGING) Steven Bellovin, Columbia University Steven Bellovin, currently a professor of computer science at Columbia University, previ ously worked as a fellow at AT&T Labs and served as chief technologist for the U.S.

Read the entire page →

From page 54...

... protocols made mistakes with hash functions negotiation in part because only those two algorithms existed when the protocols were designed.2 Put simply, the negotiation process required knowledge of the newer algorithms, but older systems would not know them. In this case even the IETF, representing the field's elite experts, "tried hard and got it wrong," he said, underscoring the risks for companies attempting to design their own cryptographic agility approaches.

Read the entire page →

From page 55...

... Such a system could be appealing to vendors, who would sell consumers replacement products after 5 years, and potentially palatable for consumers, who typically are limited to short warranty periods and may benefit from a longer period of guaranteed support, even if it comes at the cost of a firm end date. Bellovin considered potential approaches to making such devices updatable.

Read the entire page →

From page 56...

... Considering Unintended Consequences Agility can allow for weaker cryptography to persist, which Bellovin emphasized was problematic for many reasons: "Backwards compatibility can be ‘bug-wards compat ibility,' and that is a threat we have to meet as well." While downgrade attacks need to be prevented, he acknowledged that sometimes it is necessary to roll back to an older version of a security mechanism because the newer one is not working. Agility requires thinking seriously about consequences and making unpopular decisions.

Read the entire page →

From page 57...

... Key management systems and implementations eventu ally fail, and operational errors eventually arise. "You have to be able to change things quickly," Manferdelli said, noting that at the same time, "You really cannot anticipate what you have to change." Aiming for Agility While Acknowledging Its Limitations Manferdelli noted that agility is important and applies to more than just cryptographic agility -- it is not always clear in advance what will need to be changed, and changed quickly.

Read the entire page →

From page 58...

... For that reason alone, it would be wise to plan for agility and to take advantage of cryptographic advances where they emerge. Whatever the likelihood that quantum computing will be invented, and however uncer tain we are about when it might become a reality, Manferdelli emphasized that it is im portant to plan for a quantum threat because of its potential catastrophic consequences.

Read the entire page →

From page 59...

... He suggested creating and testing quantum-resistant algorithms now, perhaps inside a cipher suite. Either an upgrade strategy or short service life could help when a new protocol inevitably goes wrong.

Read the entire page →

From page 60...

... Under certain circumstances, he allowed that there should be a way for law enforcement to ac cess evidence in data, but giving law enforcement universal access is not, in his view, the optimal way to achieve it. 60 Forum on Cyber Resilience

Read the entire page →

From page 61...

... Steven Bellovin categorized software update problems as "fiendishly difficult" research problems that are much harder than the cryptographic agility problem on its own. He pointed out that every major software vendor has experienced update prob lems, where a patch either had to be recalled or replaced, or it ended up breaking de vices completely.

Read the entire page →

← Previous Chapter Skim

Next Chapter Skim →

This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.

5 Research, Industry, and Policy Implications Pages 53-61

5 Research, Industry, and Policy Implications
Pages 53-61