Cryptography is currently a very active, thriving area of interdisciplinary academic research. Various new proposals for cryptographic algorithms and protocols are published every year. New proposals are usually followed by extensive public scrutiny, which may often uncover design flaws. Lessons learned are incorporated, often leading to more secure and efficient designs in the future. Algorithms are continuously being analysed by the academic community; the old principle of “security through obscurity” seems to have finally been abandoned.

An interesting question arising from such form of development lifecycle is: what are the practical implications from an academic break of a cryptographic algorithm? What if academic research shows some structural weakness in an algorithm, implying that the security claims made by the designers are no longer valid? Although it should certainly represent a danger to the algorithm long term deployment, how can we assess whether this compromises the algorithm’s current practical use? For example, imagine that a researcher can show that, due to some unexpected structural properties, the complexity of a key-recovery attack against a 128-bit encryption algorithm (e.g. the AES) is of the order of 2¹⁰⁰ operations, rather than 2¹²⁸ operations as expected. These are both extraordinarily large numbers, so should this put in doubt the protection provided by the algorithm? Likewise, if some weakness or irregular behaviour affecting a specific application of a cryptographic algorithm is uncovered, does this compromise different uses of the same algorithm?

These are not easy questions to answer! Most researchers would argue that common sense should prevail in these situations. While medium-term replacement of the affected algorithm must be considered and disclosure of such properties will probably lead to better designs in the future, in most cases academic breaks represent little practical danger for current use of an algorithm. Such weakness in an encryption algorithm should not mean that one would find (in practice) easier to recover an encrypted message. Likewise, the lack of collision resistance in a hash function algorithm should in principle represent little danger to passwords protected by the same algorithm. However we currently witness a growing trend of regulation-driven deployment of information security measures, and as consequence, of cryptography. As a result, this advice may need to be reassessed, as the case below illustrates.

In late 2004, a driver was caught by a digital speeding camera driving above the limit in a town in New South Wales, Australia. During the court case that followed, the driver chose not to give evidence and never questioned the speed recorded in the digital image provided by the NSW Road and Traffic Authority. Instead, his lawyer relied on questioning the cryptographic algorithm used to provide integrity protection of the digital photos. The NSW Road Transport (Safety and Traffic Management) Act 1999 explicitly specified the MD5 hash function algorithm as digital security indicator to ensure that speeding camera evidence had not been tampered with.

The lawyer had apparently learned of a recent work by a group of Chinese researchers led by Xiaoyun Wang, which proposed new techniques to efficiently compute collisions in two of the most popular hash function algorithms, namely MD5 and SHA-1. This represented a surprising breakthrough in hash function cryptanalysis, and has led to a surge in research in the area. Many academic articles have followed, showing how to improve and extend the attacks against other hash functions. However it is common agreement among researchers working in the field that, while their findings showed an essential structural weakness in these algorithms and has definitely accelerated their replacement (in fact, NIST has announced a competition to select a new hash function standard), they affect specific uses of hash functions (such as digital signatures, commitment) and in specific situations. Although it would very unwise to develop and deploy new products using the affected algorithms, there is currently no evidence that all other uses of MD5 and SHA-1 have been compromised (for some interesting examples of applications of the attacks, see here and here).

Yet, the lawyer in the case argued that the recent research meant that MD5 was in essence broken (which is true, in academic terms) and as such could not be relied on to provide integrity protection. Although the RTA was given eight weeks to provide an expert witness to argue otherwise, it nevertheless failed to do so, and as a result the magistrate had little option but to throw the case against the defendant. In March 2006, the NSW Supreme Court upheld the lower court case ruling dismissing the speeding camera ticket as unreliable, and ordered the government to pay the defendant’s legal costs.

Although it is very unlikely that a malicious player could exploit the lack of collision resistance in MD5 to temper with the speeding camera digital photo and the evidence provided, this particular case illustrates the possible implications of the wide-spread deployment of cryptography, driven by legislation and regulation, without clear understanding of its strengths and limitations. Was this simply an anomalous, isolated case or can it be a sign of more to come? While apparently there have been no similar follow-up cases in Australia, the implications of such outcome could be potentially staggering: an early case in which the accuracy of speeding cameras were put in doubt resulted in the refund or waive of fines for thousands of motorists caught by speed cameras in Victoria, at a cost of A$26 million! Thus, in addition to software vulnerabilities, malware and hackers, CSOs may also need to start paying special attention to cryptanalytic research.

Dr Carlos Cid

Although information security (IS) has always been important, the concept of specialist qualifications in this area is fairly recent. The IS “profession” began to emerge in the 1980s, albeit in an ad hoc and piecemeal fashion and with little formality or structure. Industry leaders were self-trained and many individuals had the label of IS specialist, whereas in reality they had a particular focus on only one area of IS. At the end of the 1980s both CISSP and the Royal Holloway MSc were under development.

These were, I believe, the first dedicated qualifications available in the pubic domain. Since then the number of people specialising in IS has increased at an amazing rate, prompted by many positive events, including our increasing reliance on IT and the advent of the internet and electronic trading, coupled with an unacceptably large number of viruses, trojans and other high profile security breaches.

As the number of security specialists increased, directors and managers in government and industry needed to trust that those who were responsible for IS in their organisation were competent, in the sense that they had the necessary knowledge and skills, and would behave in a professional and ethical manner.   

“How do you recognise a competent IS professional?” was a question acquiring ever increasing importance by the late 1990s. It was this that prompted a small group of people to propose the formation of a professional body for IS. Their ideas were published in a document called “The Institute for Information Security professionals: A Blueprint”, dated 7th December 2004, in which a professional institute was proposed to ”promote information security as a recognised discipline through the provision of a framework for developing, improving and measuring the competence of information security practitioners, recognised by employers, regulators and other professional bodies.”   

The Institute of Information Security Professionals (IISP) was launched in February 2006 and has attracted much interest. Well over 1,000 individuals have joined as associates and it has the support of more than 40 corporates and government departments (for details see www.instisp.com). Although in its infancy, the IISP has the ambitious principal objective to “advance the professionalism of information security practitioners and thereby the professionalism of the industry as a whole.  

By the year 2010 the institute aims to provide a universally accepted focal point for the information security profession.” In addition, IISP aims “to act as an accreditation authority for the industry, and Membership and Fellowship of the Institute will be the internationally accepted gold standard for information security professionals.” 

In my view it is its role as an accreditation body that justifies IISP. There are now numerous knowledge based qualifications, including some high quality university degrees. However, these merely provide an indication of someone’s level of knowledge, skills and/or competencies at a given time. Many of these qualifications, for example university degrees, are awarded ‘for life’ with no obligation on the recipient to practise the discipline or to keep informed about advances in the area. 

However, membership of a professional body like IISP should imply that the individual has followed a CPD programme which, as one of its aims and objectives, ensures that they have maintained an active interest in the discipline.    Joining IISP should enable graduates from programmes such as the Royal Holloway MSc Information Security to build on this sound knowledge based qualification, to acquire further skills and competencies and to become leaders of the profession. 

Professor Fred Piper