The 2013 hack on retail giant Target has become the poster child for cyber-espionage and customer data breaches, when hackers obtained “encrypted” credit card information from some 40 million accounts, along with reportedly “strongly encrypted” PINs.
This attack was the second largest US retail security breach. Customer cardholder data stolen from in-store point-of-sale systems flooded the black market, putting banks on high alert and ultimately costing the company $252 million, while forcing CEO Gregg Steinhafel out the door.
Target insisted the PIN numbers remained secure, as this information was encrypted using the commonly-used Triple DES (3DES). Under the scrutiny of cryptography experts, however, the aged 3DES algorithm is actually an inferior tool. “It’s an ancient algorithm that was designed as a patch for the (now broken) DES,” said noted cryptographer Matthew Green.
In the race against cybercrime and advanced computing, existing encryption techniques are expiring. And as we move towards a cashless future, online vendors and security experts are building stronger tools. They’re harnessing complex mathematical concepts and architecture to mask private information. And, in the labs, neural technology is empowering new self-encrypting A.I. tools. These discoveries will be the new key to uncrackable cryptography.
Cybercrime and cryptanalytics force advanced encryptions
Green advised the Advanced Encryption Standard (AES) as a preferred alternative – the system is also recommended by the US National Institute of Standards and Technology (NIST). It’s a commonly-used method for encrypting PINs and hard-disk computer data, and is used by the US federal government.
Despite the high level of security AES offers, as Edward Snowden revealed to the world, since 2012 NSA cryptanalysts have been actively trying to crack it, and today some worry they already have. If government intelligence can do this, it’s a safe bet to expect hackers will soon be able to unlock these systems too.
In online retail, the most common encryption method for securing credit card numbers is the RSA Algorithm. Using prime numbers this public-key cryptographic algorithm locks information away, with the use of a private key and public key. A private key is two prime numbers that are only available to the recipient, when multiplied they create a public key.
Figuring out the private keys from the public key is almost impossible. In 2009, researchers were able to crack a 768-bit, 232-digit number in two years, using hundreds of parallel computers. Again, it’s almost uncrackable, but like AES, there’s doubt. And as these cryptosystems are overtaken by cryptanalysts and hackers, it’s forcing cryptographers in the labs to come up with alternatives.
Sci-Fi concepts unlock new discoveries
Although it sounds like something out of Star Trek, we now have advanced quantum computers that use the power of atoms and molecules to store information. These cutting-edge computers will soon be able to churn through previously uncrackable systems with ease. If harnessed by the world of cybercrime, it means that once iron-clad cryptography methods will become obsolete.
Complex systems such as Shor’s Algorithm, created by MIT math professor Peter Shor, will soon have the necessary computational power to crack RSA. Just last month, D-Wave Systems released its fourth-gen quantum computer, providing 2,000 qubits of computational power with a $15M price-tag. The NSA expects the arrival of more advanced quantum computing within five to 30 years, and is calling for new intelligence to mask sensitive data.
In December, NIST opened to nominations from the crypto-community, seeking public-key post-quantum standards. As voluntary parties work to build and crack new systems, they also have another trick up their sleeve, with new advancements courtesy of Silicon Valley.
Researchers at Google Brain are developing an advanced AI system that builds its own form of dynamic encryption, learning and adapting to form an uncrackable code as it matures.
The system sends encrypted messages via three collaborating networks named Alice, Bob and Eve. Alice encrypts a 16-digit code of zeros and ones and sends the message to Bob, who decrypts the code using a shared key. Eve plays the role of hacker, attempting to intercept the message en route to Bob. Using deep learning techniques, Alice evolves the encryption techniques, and Bob adapts accordingly. Google measured Eve’s ability to crack the code, and found that evolved iterations were impenetrable.
Developments like this from technology firms like Google, Amazon and Nvidia, met with advanced computing powers point to a future of advanced responsive cryptography. But, while neural networks and quantum physicists craft complex encryptions, legacy human habits — such as using social security numbers, signatures, email communications and passwords — still provide a backdoor to private data.
The largest barrier to a truly anonymized secure online transaction is the reprogramming of a nation to keep up with these new technologies. It’s this ecosystem of banks and online vendors that will be forced to adapt consumer behavior. And as academia introduces new concepts, the tech world commercialises it, digital sellers will push customers to stay in tow — in turn, laying the way for new leaps in cryptography, far beyond today’s human comprehension.
This post is part of our contributor series. It is written and published independently of TNW.
This post is part of our contributor series. The views expressed are the author's own and not necessarily shared by TNW.