Advanced Persistent Threats Subverting Encryption Systems
February 27th, 2013The fact that the underlying systems represent weaker links than the encryption schemes has been there since the beginning. However, with states and other organizations allocating increasing resources to offensive information warfare, these weak links are increasingly being exploited to do end runs around otherwise strong encryption.
Via: ThreatPost:
In the current climate of continuous attacks and intrusions by APT crews, government-sponsored groups and others organizations, cryptography is becoming less and less important and defenders need to start thinking about new ways to protect data on systems that they assume are compromised, one of the fathers of public-key cryptography said Tuesday. Adi Shamir, who helped design the original RSA algorithm, said that security experts should be preparing for a “post-cryptography” world.
“I definitely believe that cryptography is becoming less important. In effect, even the most secure computer systems in the most isolated locations have been penetrated over the last couple of years by a series of APTs and other advanced attacks,” Shamir, of the Weizmann Institute of Science in Israel, said during the Cryptographers’ Panel session at the RSA Conference here today.
“We should rethink how we protect ourselves. Traditionally we have thought about two lines of defense. The first was to prevent the insertion of the APT with antivirus and other defenses. The second was to detect the activity of the APT once it’s there. But recent history has shown us that the APT can survive both of these defenses and operate for several years.”