Cryptography in Transition: Leaving Behind Human Oversight
Cryptography has primarily existed to send secret messages, often political or military, between people. For the political case I'm reminded of the poorly encrypted messages by which Mary, Queen of Scots and her conspirators plotted the overthrow of her half-sister Elizabeth, but the practice of secret political messages extends further back than the Elizabethan era. For military usage I think of Benedict Cumberbatch's performance in The Imitation Game and Nazi commanders sending military instructions cloaked by the Enigma Code. Human minds deciphered many of their encryptions despite their use of the best technology available during their respective eras.
The largest deployments in cryptography have still included a human recipient. When we use SSL/TLS to secure our Internet browsing or we interact with online banking, there is still a human intelligence interacting with the messages: us. This means that a human is there to recover from problems, but it also poses the risk of human vulnerabilities that might succumb to phishing attacks or social engineering attacks.
Today, cryptographic messages are aimed at the heart. Although there are literal examples, such as Dick Cheney's recent decision to disable to his pacemaker's messaging system, this is a generally figurative statement. Our environment has become more like a living organism, and these messages behave more like hormones than data.
A car now has a nervous system, which facilitate messages, and the car, as an organism, senses its environment; steering, braking and engine functions can be controlled automatically. Buildings, software infrastructures, and the power grid all function more like organisms, and people are less involved in these messages than ever. As the Internet expands to connect to these aspects of our society, humans rely on machines to act independently to handle these manual tasks.
How does this change the situation? Without a human involved, nobody vets the information that these autonomous or semi-autonomous systems send to each other. Machines talk to machines; more often, individual components of one machine communicate with each other to control vehicles, devices, and infrastructures.
Even without human involvement, safety and security can be verified. Cryptographic messages sent between components act more like hormones in our bodies. Whereas organisms control reactions and changing biological activities, cars can brake automatically to avoid collisions that the human eye might not see. Similarly, heating and ventilation systems can regulate airflow and temperature in response to certain climate conditions. Often we assume that human oversight guarantees safety or functionality, yet this is not always the case.
Sometimes we consider security to be a hardened shell; we use firewalls to block nefarious hackers from accessing our information. Yet if cryptography is becoming more akin to a hormonal signal, then it is important that internal communication within a single system remains secure. It's now more important than ever that internal components have identities, credentials, and authenticated messages. Messages should also be encrypted when appropriate.
Vehicle crashes highlight the visceral consequences of ignoring cryptography and authentication. Getting access to a vehicle's data bus can often give an attacker control of crucial systems, including steering and braking. As cars become more connected to the Internet and to each other, cryptography will become essential to the immune systems that devices will require to ward off malicious attacks.
Broken into components, efficient cryptography (such as elliptic curve cryptography) and efficient certificates (like machine-to-machine certificates) are more important than ever. It is crucial that the authentication process between every component works properly. Proper trust must be established for newly connected autonomous and semi-autonomous systems.
Safety and security have never been more paramount than now, as our world transitions away from human oversight. Cryptography is the key to securing the future of day-to-day activities.