Forget quantum and AI security hype, just write bug-free code, dammit

Crypto panel lets loose at conference

RSA

RSA USA Every year, the RSA Conference in San Francisco brings out the best and the brightest for its crypto panel, and the view from the floor was simple. Ignore the fads and hyped technology, and concentrate on the basics: good, clean, secure programming.

The panelists were unimpressed with recent moves to build artificially intelligent security systems – despite the success of programs like the DARPA Cyber challenge – saying it was too early to consider such systems reliable and warning that some may never be.

“I’m skeptical of AI on security,” said Ronald Rivest, MIT Institute professor and the ‘R’ in RSA. “Where we are seeing it becoming a wedge issue with the recent election is with AI bots in chat rooms. In 10 or 15 years you’ll be competing to find a real human in a sea of chat bots.”

His former colleague at RSA, Adi Shamir, currently the Borman professor of computer science at the Weizmann Institute, was similarly skeptical about AI systems in security. Attempting to train such a device could lead to interesting problems.

“Fifteen years from now we will give all data to AI systems, it will think, and [then] say that in order to save the internet I’ll have to kill it,” he semi-joked. “The internet is beyond salvaging; we need to start over with something better.”

Some AI systems might be useful for IT defense, Shamir said, given the ability for computers to handle large volumes of data and check for anomalies. But you need a human touch to find zero-day flaws and attack using them, he opined.

Shamir was equally as dismissive of quantum computing systems and quantum cryptography, saying it was “not on my list of worries.” He was far more concerned about using large-scale computing to hack existing encryption algorithms.

Susan Landau, professor of cybersecurity policy at Worcester Polytechnic Institute, said she was worried about quantum systems. There hasn’t been enough research into building quantum computing-proof algorithms and the industry was missing a tick, she insisted.

Meanwhile Whitfield Diffie, one of the inventors of public key encryption, said that the issues facing the industry weren’t going to be fixed by a magic AI or quantum bullet. Instead the industry needs to go back to fundamentals, he suggested.

“If the resources spent on interactive security, such as firewalls and antivirus and the like, were spent on improvements in the logical functioning of devices and a big improvement in quality of programming, we would get much better results,” Diffie said. ®


Biting the hand that feeds IT © 1998–2017