The leader in security is RSA Security Inc., which InsideRep has followed since the early days of the Internet. RSA is presented a conference with not only a national but an international appeal. We were lucky enough to speak to a Principal Research Scientists with RSA who provided us with an interview that answered many of the questions about what is being done.
Dr. Ari Juels has been with RSA Security Inc. for seven years, during which he has seen the enormous growth of the firm. Dr. Juels is the Principal Research Scientist who operates out of Beford, Massachusetts headquarters. "I can't talk about the business strategy," he began, "but I can speak about the research we're doing. At this conference, for instance, we are launching 'Nightingale.' This is a tool for protecting sensitive data of almost any type. The underlying concept is fairly simple: it is to plug a server into the backend of one's network. This Nightingale Server splits senstive data cryptographicaly across an application server. So if an attacker manages to break into either server, the hacker doesn't manage to get any information at all. Additionally, the Nightingale Server is configured behind the application server so it is less vulnerable to outside and presumably internal attack. The concept of splitting secrets this way is an old one. The real innovation comes in the way the secrets are manipulated once they are split. The Nightingale can do things like verify the correctness of static secrets like passwords without ever reassembling them. Secrets can be manipulated entirely in split form."
Another area of interest was the new technology to track bank notes movement. Dr. Juels thought for a moment then said, "RSA Labs is focusing on research around privacy protection of RFID (radio frequency identification) tags. They are likely to be nearly ubiquitous in the next few years. Gillette has, for instance, just ordered half a billion of them. You may be familiar with the controversy surround Benetton's plan to embed them in clothing. You can think of it most simply as a bar code that can be read remotely. You can only read it within a distance of a few meters. The plan by the European Central Bank is to embed them in bank notes. Presumably just the high value ones. Probably the five-hundred euro note, maybe the two-hundred note also. This is to be done by 2005. This brings up enormous privacy issues. Actually there seems to be very little awareness of this in Europe. My colleagues in cryptography were unaware of it until I mentioned it in a talk several months ago. And the European media has been surprisingly slow in addressing this.
"The chip itself is quite small and can be woven into paper. The RFID tag consists of two parts: a chip and an antenna. The chip itself is quite tiny. The Hitachi 'mu-chip,' for instance, is only .4 millimeters by .4 millimeters. The antenna has to be longer, but presumably can be woven into the threads of a banknote, capable of being detected and read by a reader unit. Right now I am working on RFID privacy, which is an enormous issue and the solutions are so slippery. It is an area of great personal interest. We working on the kind of an attack where someone traces an individual around a city or traces his or her monetary exchanges without the proper authorization. One wants to achieve a balance where law enforcement can make use of the powers RFID tags are meant to confer while ordinary individuals can't. If this isn't designed correctly, then anyone not just government agencies, can make use of the reader. That is the danger. We're developing procedures whereby RFID chips can be manufactured that provide privacy for the ordinary consumer.
"It ends up not just being a privacy issue but also a security issue. If companies use or ID tags to track their stock, RFID chips without privacy protection are a means by which competitors can gain business intelligence about the flow of your stock."
The three founders of RSA received the prestigious Turing Award in the month previous to the RSA Conference. Professor Ronald Rivest of MIT, Adi Shamir, and Professor Len Adelman of USC are the three who came up with the basic algorithm when all three were at MIT. The algorithm is basic to every browser at this moment. When one goes to a secure site, one where you transmit your credit card number for instance, you'll see an open lock in one corner of the browser. When the lock becomes whole, it indicates that the information one is transmitting is encrypted using an algorithm that is a form of public key encryption SSL. The public key algorithm is usually RSA, which is the algorithm invented by the three when they were at MIT. There are literally hundreds of billions of copies of it.