RSA cryptographer panel weighs in on impact of AI on security

455

At the RSA Conference in San Francisco, on February 14, 2017, a panel of noted cryptographic scientists addressed current opportunities, challenges and policy implications of cryptography as a critical cyber security tool.

The panel:

    • Paul Kocher President and Chief Scientist, Cryptography Research division of Rambus, Moderator
    • Whitfield Diffie, Cryptographer and Security Expert, Cryptomathic
    • Susan Landau, Professor of Cybersecurity Policy and Professor of Computer Science, Worcester Polytechnic Institute
    • Ronald Rivest, IT Institute Professor, MIT
    • Adi Shamir Borman, Professor of Computer Science, The Weizmann Institute, Israel

Kocher opened with the insight that with the exponential growth in vulnerable devices and attackers, cryptographic algorithms offer one bright spot in the war against cyber threat.

Kocher: What are your predictions for how artificial intelligence will change computer security?

Rivest: I’m skeptical there will be much impact. We’ve seen already with the recent election, there are AI bots adding information and disinformation.

Landau: The real problem is that machine learning is effective at dealing with lots of data, but the attacks we’re dealing with are anomalous solutions. AI probably won’t be useful there.

Borman: When you talk about finding deviations from normal behavior, AI will be very useful in comparing all kinds of strange behaviors, finding deviations, and warning about them.

Kocher: If someone hacks us, should we hack back?

Diffie: I think we’re going about everything the wrong way. Defensive techniques that ‘look like’ cryptography, in particular logical, proven, correct code, are vastly underrated. If anything like the resources currently being spent on security were spent on improving the logical functioning of devices, which is largely making a very big improvement in the quality of programming, we’d get much better results.

Borman: I’m completely against hacking back in revenge. My government should work to understand the plans and tools of the attackers [before attacks].

Landau: I’m heartened by the efforts for usable security like Duo, which uses 2nd factor authentication. Their customer target is small businesses that aren’t technically sophisticated. Products like this will allow naïve users to understand what’s happening and how to protect themselves. Usability is extremely important.

Rivest: It takes a large team to fight back and develop the tools we need. We must invest in education and security, and focus on people.

Read the source article at Infosecurity Magazine.