Thursday, January 8, 2015

Real World Crypto 2015: 'One of Our Algorithms is Missing'

Graham Steel from Cryptosense ( concluded Day 1 of Real World Crypto yesterday with a short talk of the state of APIs as of the end of 2014. It is well known that standardisation is a lengthy (and sometimes painful) process and the story is no different for APIs. An infamous example, which served as the main content of Graham's talk, is PKCS#11 which describes 'Cryptoki', a key management API that is widely used in practice and typically interacts with a Hardware Security Module or some kind of security token. Like the other PKCS (Public Key Cryptography Standards) documents, PKCS#11 was originally written by RSA Labs. Until very recently, the latest edition dated back to 2004! Sadly, this is not because it was a flawless standard that had stood the test of time. Instead, the key management aspects of Cryptoki have been attacked in various ingenious ways (in particular, using key wrapping to export and reimport a key with new attributes that contradict what it was supposed to be used for), including in work by Graham himself, and no one seems to be sure about how such attacks can be prevented without sacrificing a great deal of useful functionality.

The slight silver lining on this black cloud is that OASIS (Organisation for the Advancement of Structured Information Standards, has taken up the mantle of improving PKCS#11 and version 2.4 of the standard was approved in December 2014. Their writing process is highly open with the whole development of the new standard described on their website, which is great to hear. Graham himself worked on the new document and reassured the audience yesterday that lots of old, bad cryptographic algorithms have been removed and new useful algorithms like CMAC and GMAC are now supported. Unfortunately though, key management is still a problem. This is both exciting and worrying for me in particular as finding a way to do secure key management is a pretty good description of my PhD project. It's exciting that there's plenty of new work to do but worrying that lots of very smart people have tried to do it for many years and found little success.

OASIS are also working on standardising WebCrypto, a JavaScript API designed by the World Wide Web Consortium and discussed in an earlier talk yesterday by Harry Halpin. WebCrypto performs cryptography directly in your browser and was designed in another pleasingly open process which you can read about here. Where Graham's work at Cryptosense intersects with this project is that they have built an extension for WebCrypto which evaluates the code running in your browser and checks that it's doing what it's supposed to do. He admitted though that, in WebCrypto (as well as in just about everything else it would seem to me!) secure key management is still hard to get right.

So to summarise: standardisation of APIs has had a bit of a boost in the last year which is good news, but there are still big open problems in key management to inspire/terrify PhD students like me.

No comments:

Post a Comment