But according to cryptography experts, a massive grid of interconnected and powerful systems would be required to break today's encryption algorithms in a timely fashion. Most bad guys don't have those kinds of resources. Even if they did, what sort of ciphertext would be important enough to warrant allocating such resources?
The answer, according to Joe Eremita, an engineer for Wave Systems (Booth L1661), is private keys--one half of the private/public key pair used to encrypt the data. If the bad guys get a hold of a private key, the integrity of the data is one huge step closer to being compromised.
Today, most private keys are stored on resources that are easy to penetrate, such as personal and network storage devices. Even so, the keys themselves are usually encrypted. Currently, Eremita acknowledges, there's not much that the bad guys can do to compromise their integrity. But he says that the future Will bring the increasingly powerful systems that bad guys need to execute a successful system intrusion.
Based on what I've seen and heard from vendors like Intel, HP, IBM, and Sun, it's not difficult to imagine the bad guys soon having access to the sort of computing power they would need to crack the encryption algorithms. For, example, 64-bit symmetric multiprocessor systems based on Intel and HP's Explicitly Parallel Instruction-set Computing are due next year. Moore's Law says those systems will be astronomically more powerful (and cheaper) in a couple of years. It not hard to imagine the bad guys having all the tools they need.
This is where Wave Systems comes in. The premise of Wave's solution, called Embassy, is that the last place a private key should be is on the easily compromised sectors of a storage device. Instead, says Eremita, keys should be hard-coded into special hardware that lives on the client device. "Locating the key on special hardware on the client side," according to Eremita, "is what we call 'trust at the edge.' "
The solution protects keys in two ways. First, because the key is embedded in hardware and not on a storage device, there's no way for an intruder to get at it. Second, it's different from centrally administered key management solutions because the private key is never transmitted across a network. It's embedded in the hardware that Wave thinks should be in every client device, especially PCs.
Wave is demonstrating its "Trusted PC" here at Comdex. End users can set up a Trusted PC by adding one of Wave's expansion boards to their systems. OEMs like Dell or motherboard manufacturers like AMD can also include a chip right on the desktop, server, or notebook motherboards. Wave is also talking about other applications for its technology, such as embedding it on Smart Cards.
For enterprises looking to use Embassy as the basis of centrally administered digital rights management system (especially in industries like healthcare where it is required by law), Wave works with providers of those solutions - such as SSP Solutions (Booth L1229).
Wave's solution is an interesting approach to a problem that's not an immediate threat but may be just around the corner. Wave is getting started now. The more systems and client devices that have the technology built-in, the fewer systems will have to be retrofitted when the threat reaches a more realistic level. For those who are really paranoid, or want to take every measure possible to bulletproof data, Wave is worth a look today.
