What: RSA Conference 2002

When: February 18--22, 2002

Where: San Jose, California

Why: Why not?

My lasting impression of the "world's largest e-security and cryptography event" will be that it was way "over the top". Read on and you'll see why I say this.

The keynote talks were held in the San Jose Civic Auditorium which, I'd guess, seats at least 2500. For some of the big-name talks, it was standing-room only. The parallel sessions of contributed/invited talks were held in the San Jose Convention Center (across the street from the Civic Auditorium) and in a hotel about three blocks from the convention center.

Half of each day was devoted to keynote talks while the other half consisted of the 13 parallel "tracks": Analysts, Applied Security, Cryptographers, Developers, Freedom and Privacy, Government, Hackers and Threats, Implementers, Industry (with a different industry focus each day), Law and Policy, New Products, RSA Products, Standards. An entire track devoted to RSA products seemed more than a little excessive to me.

The theme of the conference was "Mary Queen of Scots". I've never before attended a conference that had a theme. Supposedly, she was executed due, in part, due to cryptanalysis of some secret messages she had sent to her co-conspirators. But there seems to be some historical debate on precisely what happened (more on this later).

The Civic Auditorium stage had a 3-d background that changed, depending on the topic. At various times the background showed castles, medieval countryside scenes, the interior of a (medieval, I assume) library, etc. There was also an enormous chandelier, fancy lighting, antique-looking chairs for the panelists, and an annoying announcer who used a corny Scottish accent to introduce everyone. Scottish music blared between talks. The large "RSA Conference 2002" sign looked totally out of place, as did the two monstrous video screens (one on either side of the stage). The entire setup seemed more appropriate for a rock concert than a security conference.

In fact, the conference included a rock concert. Cheap Trick played a couple of songs at a pre-conference "gala" on Monday night (I did not attend). The final talk of the conference was by John Cleese of Monty Python fame (more on this below).

Security was highly visible, with numerous armed security guards. Most of the security guards had dogs. I'm glad they were there, but all of the dogs made me wonder if they were expecting a bomb.

There was also a conference "expo", at which hundreds of security companies had booths displaying their wares. The companies represented included the big (RSA Security, Inc.) to the small (MediaSnap, Inc.) and everything in between.

The expo was far less interesting than I had expected. For one thing, there seemed to be a plethora of booths hawking minor incremental improvements ("this crypto accelerator is 10% faster than last year's model...")

Another problem with the expo stemmed from the fact that it's difficult to make computer security look sexy. One German crypto company had an MTV-like video that purported to tell the history of cryptography. It was downright bizarre. To make matters worse, they had a couple of live actors miming along with the onscreen "action". There were a couple of magicians, a few sexy women and some (mostly minor) give-aways. One give-away consisted of a telephone booth that had dollar bills blowing around. The "lucky" winner was locked in the booth and allowed to keep all of the money he could push through a tiny opening in 30 seconds. The lucky winner that I observed managed to get all of $5.

My current employer (as of the date of the conference, MediaSnap) was at the expo. We do secure email with "persistent protection", meaning that we attempt to give the user some control over the usage of the content even after it has been delivered. This is usually known as "digital rights management" or "content protection". I only saw one other company (Authentica) that was doing a similar type of thing. There were many secure email products, but the others were all focused on sending secure email through a firewall while ensuring that no virus (or other malware) could get through. This is a much different problem.

I discovered that watching secure email demos is a lot like watching insecure email demos. Of course, the marketing person manning the booth would spew forth all sorts of crypto/security jargon, but there was no way for the casual observer to verify what had actually been implemented. Being a sceptic, I began to suspect that most demo's consisted entirely of a fancy user interface with all of the guts (assuming that any guts actually exist) removed. This would, of course, avoid potentially embarrassing bugs, while making the whole thing run faster---thus making for a slick demo.

Perhaps it was just my imagination, but there seemed to be an air of desperation surounding the expo (particularly among the smaller companies). I suspect that many of these companies will not exist when RSA Conference 2003 rolls around.

Now for the actual content of the conference. My main observation is that the technical content was very weak. I began to understand why this was the case after having lunch with a guy who was giving a contributed talk. His topic sounded moderately interesting. After some small talk, I discovered that this guy runs a small (1.5 person) security consulting company and he could not afford a booth at the expo (which he claimed would have cost him $8k). So he decided to give a talk, the primary purpose of which was to advertise his company. Passing along useful information was clearly a secondary consideration. I didn't bother to attend his talk, since I figured I'd seen enough marketing at the expo.

That's not to say the conference was not interesting. While it was a disappointment on the technical front, the conference did feature several excellent policy talks and panel discussions. There were also speakers who tried to predict the future. These were especially interesting in light of the 9/11 terrorist attacks.

On a personal note, I saw several people I had worked with in my previous life (or so it sometimes seems) at NSA.

A few comments on some of the talks follows.

-------------------------- Tuesday ------------------------------

[Keynote] Cyber Crime and Cyber Terrorism --- Richard Clarke, White House Cyber Security Czar

This was the opening talk and it was standing room only. Unfortunately, I was delayed in traffic (the disadvantage of being local) so I only caught part of it. As expected, there was a lot of rah-rah for current government policy. He did say that the US government was going to spend $4 billion on information assurance (I assume this is over the next decade). Of course, that lead to excessive salivation by most of the people in the audience. He also made a comment to the effect that we should have been able to prevent the 9/11 terrorist attacks. This comment was controversial among many in the crowd, which included a lot of people with fairly extremists views on matters of privacy and security. I could sense the mental wheels turning as those people tried to balance their beliefs versus $4 billion....

[Keynote] The Security Back Office --- Scott Schnell, Vice President, RSA Security, Inc.

The theme of this talk was "single sign-on for the internet", meaning that a person should be able to authenticate once, then go anywhere on the internet without needing to authenticate again. Of course, RSA would potentially stand to make lots of money from such a scheme, so this talk required a large grain of salt. The speaker claimed that according to some survey, the biggest problems with the internet are 1) security, 2) privacy and 3) convenience. He pointed out that revocation is a major problem in a large distributed system (a revoked user will still be considered valid in parts of the network for some time). This reminded me of the problems routers face when trying to update their routing tables. He talked about several models for managing authentication. The "federated model" is the one that is coming. This is comparable to the way that US states assign drivers licenses that are then accepted by other states. To illustrate one potential problem with such a system, the speaker pointed out that Tennessee only requires a utility bill in order to obtain a drivers license. Consequently, other states are considering not accepting Tennessee licenses as proof of identity.

[Keynote] Managing Online Identities --- Art Coviello, RSA; Eric Dean, United Airlines; John Paul, AOL; Jonathan Schwartz, Sun; Brian Arbogast, Microsoft

There was some beating up on Microsoft, but mostly it was very tame and dull. The Microsoft guy had one good retort when he said that when Liberty Alliance was first announced, they talked about "liberty from Microsoft". So, not surprisingly, Microsoft was uninterested in becoming part of the alliance. The consensus was that if Microsoft and Liberty Alliance could get together, things would progress much faster.

The funniest moment occurred when the United Airlines guy got hot under the collar because "that Bush guy" had suggested that we should have been able to prevent the 9/11 attacks. I don't recall how the conversation strayed to this topic.

The conclusion was that with probability 0.7 (based on responses of panelists) Microsoft Passport and Liberty Alliance will be interoperable within a year. I wouldn't hold my breath.

[Keynote] Cryptographers Panel --- Whitfield Diffie, Sun; Ron Rivest, MIT; Adi Shamir, Weizmann Institute; Dan Geer, @stake; moderated by Bruce Schneier, Counterpane.

This panel was great fun--definitely the high point of the conference for me.

Schneier, introducing the panel, described Rivest as "the 'R' in RSA", Shamir "the 'S' is RSA" and Diffie "the 'D' in RSA". He then went on to describe his five step process for deciding whether a security countermeasure is worthwhile.

1) What is the problem this countermeasure is trying to solve?
2) How well does it work?
3) What other security problems does this solution cause?
4) What are the costs?
5) Given the answers to 1) through 4), is it worthwhile?

Schneier then asked each panelist to talk about the most significant crypto-related event of the past year.

Diffie was first. He said that if the audience wanted to ask a question, they should write it on something and throw it at the stage---if they hit a panelist that person would be selected to answer. He then commented on the theme of "Mary Queen of Scots". He said that Kahn (in his book The Codebreakers) claims that she was very careful about her crypto and that the evidence against her might have been faked. He suggested that next time RSA should do more research before selecting their theme.

Diffie then got to the question. He said that he thought the 9/11 attack was the most significant crypto event of the past year, and that the biggest impact (security-wise) is yet to occur. His rambling comments included a statement that, in his view, the only responses to the attack that had any effect on airline safety were 1) putting locks on the cockpit doors and 2) telling the passengers to fight. He also said that "things are controlled that can be controlled", the unstated implication being "don't build in security features that could later be used by, say, the government."

Geer was next up. I had never heard of this guy before, and he said that he is a security person, not a cryptographer. He was very thoughtful, but I thought he was better in a later panel discussion (discussed below). He claimed that the biggest change over the past year was that people are now concerned about return on investment. In other words, people will do a careful cost-benefit analysis with respect to security. He thinks insurance will drive this kind of thinking and that this will be the biggest influence on security over the next decade.

Rivest chose "radio ID tags" as the most significant event of the past year. These tags are essentially tiny radio transmitters that spew out a 128-bit unique number. Supposedly, these will soon be in everything from dollar bills to sock. Obviously, this would create some genuine security issues. For example, a terrorist might be able to electronically identify the president simply from the cloud of 128-bit numbers surrounding him. The terrorist could then set a bomb to explode when the president walked by. It seemed to me that these potential problems would be fairly easily solved.

Shamir said that the big surprise was that a low-tech attack had been used to hijack high-tech aircraft. He compared this to the way a computer virus can take over a computer. He then claimed that aviation security has not advanced as rapidly as computer security. He suggested that airline security people should study the ways of computer security and, to a lesser extent, vice versa. Specifically, he suggested that airline security could improve by adopting multiple lines of defense and by doing more white-hat testing. He then said that computer security experts could learn from the idea of "zone separation" as practiced in aviation security. For example, passengers are not allowed in the cockpit. In computing, the corresponding measure is to seal off the operating system from the user. He also said he thought that computer security people should learn that it is sometimes useful to go on the offensive.

There was not much time for questions. One question asked whether cryptanalysis actually occurs in the real world. Shamir said that he knows of no real-world case where a 56-bit (or greater) key has been recovered by a cryptanalytic attack. Geer added that attackers go through the seams around strong cryptography.

Another question concerned the transition from DES to AES. Diffie said that in crypto, nothing ever goes away, so DES will be around for a long time to come. Shamir added that he thinks AES with 256-bit keys will last forever, since there is no technology on the horizon that would enable the recovery of such keys. This led into a question about the feasibility of quantum cryptography. Rivest said that the jury is out and that, in any case, there will be "no overnight surprises". Diffie said that he would not put anything past "the people who brought us black holes".

The next question was "Does the Digital Millennium Copyright Act (DMCA) help or hurt security"? Diffie said that "the less secret stuff you depend on, the better", implying that it hurts security by keeping design and implementation details secret. Rivest said he gives the following homework assignment to his class: Write a letter to the Emperor explaining why, or why not, the plans to the Death Star should be published. I though this was a very nice assignment for some of the more extreme folks in the crowd.

Diffie said that 20 years ago when NSA tried to get laws restricting crypto, they were fought bitterly by the (then much smaller) crypto community. But, he claimed, today when commercial interests try to usurp our freedoms, they meet with little or no resistance.

The final question, of particular interest to me, was "Is digital rights management (DRM) possible?" There was no time for comments, just a quick yes/no, and, I believe, all agreed that it is not possible.

[Freedom and Privacy] The Cybersecurity agenda in Washington, DC --- Bruce Heiman, Lawyer

This guy started off with a slide show including pictures of Bush, Ashcroft and others, with the song "I'll be watching you" in the background. His theme (as if it isn't clear already) was that post 9/11, "security trumps privacy" and that there is now a danger of overreacting. This guy was fairly extreme, in my opinion. More worrisome, he was clearly preaching to the choir.

One interesting tidbit that I didn't know: The government can get a list of all incoming and outgoing telephone calls without a search warrant---the search warrant is only needed to actually listen to the calls. The corresponding power with respect to email is that law enforcement agencies can get the "to" and "from" lines without a warrant, but not the "subject" or body of the message.

[Freedom and privacy] Shutting those prying eyes: The ever changing web of privacy regulation --- Behnam Dayanim, Lawyer

This was dull. The only interesting part was an "attack question" that went something like "Your company does a lot of work for Scientology, and they have no interest in freedom or privacy, so why should we believe anything you say?" To his credit, the speaker shrugged this off.

[Freedom and privacy] Who will kill online privacy first---The lawyers or the techies? --- Stewart Baker, Lawyer (and former NSA General Counsel) ; Daniel Geer, @stake; Joseph Alhdeff, Oracle

This was a great session. Here are some of the more interesting comments.

The person who introduced Stewart Baker mentioned that he has been described by The Washington Post as "one of the most techno-literate lawyers around."

Stewart: "Being the most Tech-literate lawyer is sort of like being the best in your remedial reading class."

Stewart: "Did you hear Jay Leno's joke? He said I'm going to start dating that French figure skating judge because with a little pressure, she'll screw anybody."

He then claimed that anonymity online is doomed. His example was the Olympics. He asked "Who would watch more Olympics coverage if you could see the sports you are interested in and you didn't have to watch Bob Costa?" So it makes a lot of sense to webcast events like the Olympics, but it can't be done now due to anonymity on the web. The broadcaster needs to know who is receiving the webcast in order to charge them for it. So he voted that the "techies" will kill online privacy.

Joe: His answer was that a combination of both techies and lawyers would be responsible. In his view, the end of online privacy is "merely a byproduct of what is getting done".

Dan: Techies will kill it. In his view, the only possible way that online privacy could survive is if digital rights management (DRM) works, since that would allow for remote control of personal information. And even if that happens, it would be "accidental".

Stewart: Legally if you've given private information to anyone, it's no longer private.

Dan: Storage will be so cheap that selective deletion will be more expensive than keeping the information around.

Stewart (in response to Dan's "accidental" comment): Europe is concerned that people will buy software from the US and not pay VAT, so they want to force the companies selling the software to pay the tax. Then the company must know where the buyer is located. The loss of privacy is not so accidental in this case.

Joe: OECD is trying to insert a country field into PKI.

Stewart: Governments want to restrict what can be done in their country. For example, Nazi memorabilia cannot be sold in France, so they pressure Yahoo not to allow it at their auction site. The result is that "everybody's laws will apply everywhere". The internet has started to feel more like home so you expect your laws to apply. It's the "end of the Hippy era on the internet". Conclusion: Companies will only make content available in countries whose laws are "acceptable". Hence, they need to know where the user is located.

Dan: Laws have been passed that allow a person to correct their private data stored in databases. This has two unintended consequences
1) It increases the veracity of the data since I had the opportunity to correct it, and
2) There is a need for strong authentication

Dan: "The choice is not between big brother and no big brother, it's between big brother and lots of little brothers."

Stewart: "I didn't want to be the first to bring Microsoft into this..."

Stewart: He wrote an article titled, "Was Justice Brandies a Wuss?" It seems that the justice wrote an impassioned piece about the need for privacy because his wife gave a party and the guest list appeared in the local newspaper.

Joe: Pornographers know how to protect privacy, so businesses can operate that way.

Stewart: It's easier to provide identity, so that's the way it will be done.

Question: Will the public kill privacy themselves?

Stewart: Orwell was right when he predicted that someday there would be cameras monitoring us in our homes. But he was wrong in thinking that the government would put them there---instead we go out and buy them ourselves!

----------------------- Wednesday ------------------------------

[Cryptographers] On the impossibility of constructing non-interactive statistically-secret protocols from any trapdoor one-way function --- Marc Fischlin, Goethe-University

This was really boring. Even Shamir looked bored.

[Government] Is your hot new product good enough to protect our nations most vital secrets? --- Carol Cain, Mark Clark, Terry Losonsky, all from NSA

NSA handles most of the security-related purchases that the government makes. These people were simply giving out information that might be useful to those trying to sell such products to the government. Mark Clark somehow seemed like he was made for this job.

[Hackers and threats] The perils of online certificate validation --- Trent Henry, Digital Signature Trust

This was pretty interesting but I think the guy was on speed---at the very least he'd had too much caffeine. He talked so fast, he was sometimes hard to follow. He had one humorous comment that I managed to capture for posterity. He said that based on the number of talks at this conference, you might think that XML can solve all of your problems. Then he said "I heard that the XML dish washing protocol is in final form..."

[Cryptographers] Proprietary certificates --- Markus Jakobsson, RSA

The crypto talks were held in the biggest room, but they attracted the smallest crowds. This talk was a little different than I expected, based on the title. Suppose I have an online subscription to the New York Times. He wanted a system whereby anyone who gets my New York Times key would also have access to my credit card number. Then I would have a lot of incentive not to share my subscription (beyond, perhaps, my immediate family). What happens if you lose the key? "We're working on that..." This paper might be a good one.

[Cryptographers] Stateless recipient certified e-mail system based on verifiable encryption --- Giuseppe Ateniese, Johns Hopkins University

The idea is to certify that the message was received before the recipient can open it. This is even stronger than traditional certified mail, since the digital version verifies that the sent message was received, not just that something was received. Apparently, there are some tethered online schemes that accomplish this. I'm not familiar with "verifiable encryption", but this talk piqued my interest.

As usual in the crypto sessions, there were no questions.

[Keynote] Microsoft and security: The road ahead --- Craig Mundie, Microsoft

During this talk I scrawled the following in my notebook: Talk boring... Losing consciousness...

The theme was something like "Microsoft will try hard to improve security, but don't expect too much".

He did have one very good point. He stated that almost all research in computer science is done in the private sector and that the private sector is not very good at doing long-range basic research. He said that academia and government should be doing more of that kind of research.

---------------------------- Thursday ----------------------------

[Cryptographers] Transitive signature schemes --- Silvio Micali, MIT

The idea here was that you might like to have transitivity between signatures. I didn't really get it, but reading this paper is on my "to do" list.

Of course, there were no questions. Maybe everybody else was as lost as I was.

[Cryptographers] Homomorphic signature schemes --- David Molnar, ShieldIP

This talk addressed the burning question: Do there exist secure signature schemes such that given sig(x) and sig(y), you can efficiently compute sig(x * y)? The conclusion was that no signature scheme that is homomorphic with respect to both "+" and "-" (whatever that means) can be secure.

[Cryptographers] The bumpy road from cryptographic theory to practice: A report on ISO/IEC 18033-2 --- Victor Shoup, IBM

With a catchy title like that, how could this talk fail to entertain? It turns out that 18033 deals with encryption algorithms and it has the following four parts:

Of course, this talk dealt with 2).

This was actually pretty boring and the speaker liked to mumble. I can't understand why this wasn't part of the "Standards" track.

He did have a few interesting conclusions:
a) Security proofs are useful
b) Security analysis should be done on the specification (as opposed to the CRYPTO paper)
c) There needs to be more interaction between crypto researchers and standards committees
d) Will ISO standard have any impact? Who knows?

After this talk I met a good friend from "back east" and we went to lunch with my wife. It was an awesome day, so we spent the afternoon wandering around Cupertino.

-------------------------- Friday ------------------------------

[Keynote] Copyright or copy wrong? The Digital Millennium Copyright Act examined --- Steven Levy (moderator), Newsweek; John Keker, Lawyer; John Perry Barlow, Electronic Frontier Foundation; Joseph Burton, Lawyer; Duane Morris, Lawyer

I only saw 15 minutes or so of this. The one quote (by Mr. Morris, as I recall) that got a standing ovation was something like "We don't put the locksmith in jail because he makes a master key. Instead the person who maliciously uses the master key is held responsible." The other side had no chance to respond, but I assume it would have gone something like "If the locksmith gave a free copy of the master key to everyone on the planet, shouldn't he then bear some responsibility when a bad guy uses the master key?"

[Keynote] The importance of mistakes --- John Cleese

Having seen every Monty Python episode many times, I wasn't about to miss this. I was surprised to learn (from the introduction) that at one time John Cleese taught junior high school. I was also surprised when he said he's 62 years old.

Here a few of the highlights.

He came onto the stage followed by a security guard with a dog. The dog sniffed his badge then exited the stage. He made several comments about the omnipresent security at the conference.

He began with "asparagus can prevent road accidents", followed by a several random, unrelated "facts". "It just goes to show how your mind wanders when you're nervous."

He claimed that "I knows less about computers than anybody in the audience. In fact, I know less than anybody anybody in the audience knows."

"I bet you're all wondering why they would invite a British comedian to talk to internet experts. I don't know either."

He then stated that his purpose must be to play the role of court jester, and that the purpose of a court jester is to be "acceptably offensive." In particular, he would try, at some point, to call everyone in the audience an "asshole, since I've heard that Americans like that." He began with the cryptographers. He'd heard that cryptographers were always looking for different meanings in words. He said, to the cryptographers, that when he called them "assholes", he was "using a simple substitution cipher where every letter was replaced by exactly the same letter of the alphabet." Being a cryptographer, this was my favorite line of the talk.

"I want to insult the FBI and CIA people who are here, but I'm not brave enough."

"You programmers are all smug and happy because you have job security due to all of the security flaws in that crap you wrote yesterday."

He then told about his favorite fairy tale, "Gordon the Guided Missile". The point was that Gordon was never aimed directly at his target, so he was constantly correcting his direction and, in the end, he was close enough to his target, in spite of all of the mistakes he'd made. From this point on the theme of the talk was "you need a positive attitude about making mistakes." He added, "Mistakes that are a reasonable try are OK. There is no word for this in English."

"If you ask me the time and I say it's between 5am and midnight, that is absolutely correct, but useless. If I tell you it's 1:18pm when it's really 1:20pm, that's incorrect, but useful."

An Indian politician once said "While there is no cause for undue alarm, there is no room for complacency." Cleese then reworded this as something like "While there is no cause for something there is never a cause for, there is no room for something there is never any room for."

He then talked about the need for people to hear contrary opinions. This lead to a discussion of the American Revolution. He said that, of course, every American has heard of Yorktown, but then he listed 8 battles that the Americans lost. He said "In my opinion, the reason we lost that war was because we were ahead 8 to 1 at halftime and we lost interest."

He talked about the recent Hollywood movie where the German Enigma cipher machine was captured by (according to the movie) the American Navy in 1942. In reality, the Enigma was captured by the British Navy in the summer of 1941, before America was even at war. "I'm going to make a new movie about how the British defeated Santa Anna at the Alamo."

"Smaller errors are much easier to correct, so it's better to admit mistakes sooner" (like Gordon the Guided Missile).

Quoting someone: "Stress makes you stupid."

He then went on a long Monty Python-like discussion of hotels. Some things hotels do, like folding the first piece of toilet paper into a triangle, "has no meaning---they're trying to drive us crazy." He mentioned being awakened late at night in a hotel, where he couldn't even recall what city he was in. He turned on the bedside lamp, and when he noticed it was too dim to read by, he realized he was in Los Angeles.

He talked about toast and about a "do not disturb" sign, but you had to be there...

He concluded that "science only progresses by making mistakes" and "we are all outstandingly good at making mistakes." He then encouraged people to work in groups, as that gives the best chance to weed out mistakes. And that was it.