Mobile Phones and “Mobile” Adversaries: Announcing RSA Distributed Credential Protection

Categories: Trusted Identity

A few years ago, my wife and I reframed some antique prints. We discovered that one was backed with sheets of newspaper from 1902 containing a brief notice on a public exhibition in Kentucky (see image). On New Year’s Day, a melon farmer and inventor named Nathan Stubblefield demonstrated a battery-powered, wireless telephone on which people could talk “with perfect ease” over a distance of six blocks. Intriguing, but why would anyone want this nine-foot-long beast with batteries “of special construction” when you can talk long distance on an ordinary, wired telephone with perfect ease, thank you?

So this grandfather of the mobile phone, one of today’s most fetishized, life-altering technologies, waited decades to realize its full potential. It took about 75 years for the first handheld mobile phones to be widely deployed. Such is innovation: The art of liberating vintage technology from the confines of its era.

Today, RSA is pleased to announce the release of Distributed Credential Protection (DCP). DCP offers the industry a transformative approach to one of its most pressing security problems: Massive breaches of sensitive information, such as password databases. DCP distributes secrets across two servers or even two organizations and periodically rotates them through re-randomization. An attacker that breaches one server, or even both of them at different times, learns nothing.

In this case, it took only a bit more than 20 years for a powerful idea to see the light of day.

In 1991, Rafi Ostrovsky and Moti Yung published a landmark paper on what would come to be known as “proactive cryptography.” Their idea was that servers might be breached, not just once and in isolation, but by “mobile” adversaries that attack a broad array of targets repeatedly. They proposed a defensive technique in which secrets are distributed across servers and regularly re-randomized.

In 1991, the Internet was in its infancy. Breaches were nearly unheard of. Mobile adversaries? Why should I worry about servers being regularly breached when remote attacks rarely happen to begin with, thank you? Recent password breaches at LinkedIn, etc., etc., were just twinkles in Rafi and Moti’s eyes. (Today it’s: Why worry about breaches when I can just hash my passwords, thank you?)

DCP realizes proactive cryptography in the limited setting of two servers—and may be extended in future versions to more (m out of n). Of course, just as mobile phones today include a lot more technology than Stubblefield’s demonstration device, and much more user-friendly packaging, DCP is an advance on its 1991 ancestor in print. It realizes ideas due to many researchers before and after Ostrovsky and Yung; at its heart are inventions from RSA Labs (e.g., this paper and follow-up), and excellent work by RSA Engineering to address the many practical problems of commercial systems.

Admittedly, it doesn’t yet have a touchscreen or run games. But I’m sure those features are on the way.

Dr. Ari Juels
Author:

Dr. Ari Juels is Chief Scientist and Director of RSA Laboratories, where he works to bring sparks of invention and insight from RSA's scientists and affiliates to the company as a whole. He joined RSA in 1996. Ari's dozens of research publications span a range of topics, including biometric security, RFID security and privacy, electronic voting, browser security, combinatorial optimization, and denial-of-service protection. Ari has served as the program chair or co-chair for a number of conferences and workshops, including Financial Cryptography in 2004, the DIMACS Workshop on Electronic Voting in 2004, the Industry Track of the ACM Conference on Computer and Communications Security in 2005, the ACM Workshop on Wireless Security (WiSe) in 2006, the IEEE International Workshop on Pervasive Computing Security (PerSec) in 2006, and the Security, Privacy, and Ethics track of WWW2006. He has been a frequent invited speaker at industry events, such as USENIX Security 2004 and CHES 2006. In 2004, MIT's Technology Review Magazine named Dr. Juels one of the world's top 100 technology innovators under the age of 35. Ari received his B.A. in Latin Literature and Mathematics from Amherst College in 1991 and his Ph.D. in Computer Science from U.C. Berkeley in 1996. Subscribe to Ari's RSS feed