Mobile Phones and “Mobile” Adversaries: Announcing RSA Distributed Credential Protection
A few years ago, my wife and I reframed some antique prints. We discovered that one was backed with sheets of newspaper from 1902 containing a brief notice on a public exhibition in Kentucky (see image). On New Year’s Day, a melon farmer and inventor named Nathan Stubblefield demonstrated a battery-powered, wireless telephone on which people could talk “with perfect ease” over a distance of six blocks. Intriguing, but why would anyone want this nine-foot-long beast with batteries “of special construction” when you can talk long distance on an ordinary, wired telephone with perfect ease, thank you?
So this grandfather of the mobile phone, one of today’s most fetishized, life-altering technologies, waited decades to realize its full potential. It took about 75 years for the first handheld mobile phones to be widely deployed. Such is innovation: The art of liberating vintage technology from the confines of its era.
Today, RSA is pleased to announce the release of Distributed Credential Protection (DCP). DCP offers the industry a transformative approach to one of its most pressing security problems: Massive breaches of sensitive information, such as password databases. DCP distributes secrets across two servers or even two organizations and periodically rotates them through re-randomization. An attacker that breaches one server, or even both of them at different times, learns nothing.
In this case, it took only a bit more than 20 years for a powerful idea to see the light of day.
In 1991, Rafi Ostrovsky and Moti Yung published a landmark paper on what would come to be known as “proactive cryptography.” Their idea was that servers might be breached, not just once and in isolation, but by “mobile” adversaries that attack a broad array of targets repeatedly. They proposed a defensive technique in which secrets are distributed across servers and regularly re-randomized.
In 1991, the Internet was in its infancy. Breaches were nearly unheard of. Mobile adversaries? Why should I worry about servers being regularly breached when remote attacks rarely happen to begin with, thank you? Recent password breaches at LinkedIn, etc., etc., were just twinkles in Rafi and Moti’s eyes. (Today it’s: Why worry about breaches when I can just hash my passwords, thank you?)
DCP realizes proactive cryptography in the limited setting of two servers—and may be extended in future versions to more (m out of n). Of course, just as mobile phones today include a lot more technology than Stubblefield’s demonstration device, and much more user-friendly packaging, DCP is an advance on its 1991 ancestor in print. It realizes ideas due to many researchers before and after Ostrovsky and Yung; at its heart are inventions from RSA Labs (e.g., this paper and follow-up), and excellent work by RSA Engineering to address the many practical problems of commercial systems.
Admittedly, it doesn’t yet have a touchscreen or run games. But I’m sure those features are on the way.
