Feeds

Give young infosec boffins more cash or BAD THINGS will happen – RSA boff

State-sponsored malware already making crypto 'irrelevant'

The Power of One eBook: Top reasons to choose HP BladeSystem

RSA Europe 2013 Declining support for young science and technology researchers from the US government could hurt technology innovation in the long term, a top computer scientist has warned.

Robert Griffin, chief security architect at information security biz RSA, said complaints about funding featured in all three pairs of Nobel Prize acceptance speeches this year.

Funding is not too much of a problem for established researchers but for "younger researchers there's pressure to publish early or quickly," said Griffin. Government funding for academic research has been cut because of tough economic conditions – but, said Griffin, this is a short-sighted approach because it will hurt researchers over the long term.

Zurich-based Griffin, who has given lectures at MIT and is heavily involved in the EU's Smart Grid project, said that industry needs to engage in the research community. Yet other sources of support are also needed because research breakthroughs can take years to filter down into front-line products.

For example, the RSA algorithm was the result of work by three young researchers - Ron Rivest, Adi Shamir, and Len Adleman - in 1976. RSA Security was formed six years later in 1984.

During the US edition of the RSA Conference, Shamir said that cryptography is “becoming less important” because of state-sponsored malware. The godfather of encryption warned the security industry to prepare for a 'post-crypto world'.

Griffin, who is also co-chair of the OASIS Key Management Interoperability Protocol (KMIP) technical committee, was more upbeat and optimistic. While he stressed the need for continuous review of code, and highlighted the danger potentially posed by prime factorisation methods and other code-breaking techniques, he added that there's still an "opportunity for breakthroughs" in cryptography protocols and schemes.

At a more strategic level, game theory offers a possible means to get ahead of attackers – or, at least, to develop better techniques that can thwart or frustrate hacking attacks, according to Griffin.

Such strategies might include changing crypto keys at a frequency rapid enough to make brute force attacks unviable, as explained in more depth in a paper on the application of game theory to security problems co-authored by Griffin and Ron Rivest.

Griffin added that using security analytics and other techniques, such as the application of the DevOps method, offers a combined approach for improving security defences. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.