Wednesday, February 26, 2014

RSA 2014: A Post-Snowden Platform for Dialogue

The RSA Conference is an unusual beast: you are more likely to overhear conversations about market capitalization and promoting synergy than MPC or indistinguishability notions, and session titles like "Securing Boomers, Gen Xers and Gen Yers: OMG We Are So Different!" are the norm. The whole week is undoubtedly an invaluable learning/networking experience for so many of the delegates, as the convergence of so many security professionals and academics is unparalleled. The industry expo part of the conference is overwhelming in many respects, and it's quite baffling that so many companies assume that delegates who paid upwards of $2000 to get in really want free pens/stress balls/keyrings. Maybe I'm just bitter that I didn't win a remote-controlled helicopter.

The cryptographers' panel was hosted by Paul Kocher, featured Adi Shamir, Ron Rivest, Whit Diffie and Brian LaMacchia (MSR) and was mainly focused on the NSA/Snowden files. It was a fairly fiery affair: Adi Shamir inferred that the US government acts like an APT; and when asked about Bitcoin, Rivest called it "an interesting research project". The panel keenly concluded that encryption itself works, and that it is important to ensure that the thousands of industry professionals work with people who really know what they are doing when it comes to combining the encryption with other layers. While this is not news, the increasing influence of Real-World Crypto and other such meetings suggest that we are heading in the right direction.

Bruce Schneier stepped up the rhetoric as part of the 'Industry Experts' track, and his talk was tantalisingly titled 'NSA Surveillance: What We Know, and What to Do about it'. Schneier started off with an overview of some of his favourite project codenames (EgotisticalGiraffe the clear winner) contained in the documents leaked by Edward Snowden in 2013, and discussed the immediate and future implications of the revelations. While there were few revelations in the talk, the emphasis was very much on how to encourage the average internet user to think that invasion of privacy and mass collection of data is in fact a bad thing. It is known and often discussed that most users will happily and knowingly access an insecure site in order to get what they want, and it's important to educate on a grand scale to change this mindset. The conference also features talks from the other side of the fence, and it'll be interesting to see what kind of reaction FBI director James Comey receives for his Keynote.

The invited talk of the Cryptography track was given by Antoine Joux, and unsurprisingly it concerned the development of index calculus methods and the discrete logarithm problem. Whilst sparsely attended, the talk gave an excellent overview of the problem at hand and the currently known tools used to improve index calculus algorithms. Recent developments in this field by Joux and others have naturally gained considerable attention in the community and on this blog.

I'll be commenting on aspects of the conference throughout the week on Twitter, and many of the Keynote talks will become available in due course.

No comments:

Post a Comment