Issues including ease of use, governmental regulations, and wireless systems will be at the forefront of the cryptography realm in upcoming years, a panel of specialists said here today at the RSA Conference 2000 show.
The panelists, with affiliations ranging from the Massachusetts Institute of Technology to Sun Microsystems Inc., urged that a variety of actions be taken by the industry.
Ron Rivest, a computer science professor at MIT and an inventor of the RSA Public-Key Cryptosystem, emphasized that security systems need to be easy to use.
"People don't use security systems if they're not easy to use," Rivest said.
Privacy also is paramount, especially because data has become more accessible, he said. "We need to build walls explicitly to protect privacy," Rivest said.
Paul Kocher, president and chief scientist at San Francisco-based Cryptography Research, asked whether legislation is the proper way to regulate privacy. He also predicted that a multibillion-dollar compromise of security will occur from systems being broken.
"The question is do we legislate privacy or find some other way to do it," Kocher said.
Tal Rabin, of the cryptography and network security group at IBM Corp.'s TJ Watson Research Center, in Hawthorne, New York, said that larger-key security systems will be needed to boost security.
"We need to go to larger size keys, and all the systems using 512 bits are probably in danger," Rabin said.
An audience member following the session stressed that governmental regulation of cryptography would continue to be an issue, despite the federal government's relaxation last week of the rules governing the export of encryption technologies.
"If one country, especially the United States, is more restrictive than others, that could affect how you do business," said Jim White, a consultant at Independent Business Systems, based in Chicago.
"Eventually, we'll want longer keys than what has been approved (by the government) because the computers will get more powerful," White said.
Wireless systems and the security challenges they present are important, panelists agreed.
"Wireless expands the market dramatically," said Whitfield Diffie, a distinguished engineer at Sun Microsystems, in Palo Alto, California. A problem with wireless units is they can contain the very technology needed to intercept their transmissions, Diffie said.
Elliptic curve technology, which is similar to public key infrastructure technology but uses shorter key lengths, was called one in a succession of better technologies by Burton Kaliski, RSA Laboratories chief scientist.
Elliptic curve offers functions such as "forward secrecy," he said.
Adi Shamir, of the Weizmann Institute and a co-inventor of RSA's security system, stressed that no system will ever be completely secure.
"Conclusion number one is (that) secure systems do not exist and they will never exist," Shamir said.
"Don't try to shoot for perfect security because you'll fail," Shamir added.