Secret sharing - The alternate security methodology

Secret Sharing - taking data and using randomisation to compute different shares (numbers) that only together define the secret/data - could be evolved to become a full-blown authentication protocol says Shlomi Dolev

Shlomi Dolev, CTO, Secret Double Octopus
Shlomi Dolev, CTO, Secret Double Octopus

In the 40 years since Microsoft created and drove mainstream adoption of the Virtual Private Network (VPN), organisations of all sizes in every vertical market have been using this technology, and the keys associated with encryption, to safeguard critical information sent from endpoint to endpoint.

But the problem with the very nature of an encryption key is just that - having a single point of failure that has been hacked time and time again. We hear of many new data breaches every year, many of which are due to vulnerability in the key. Sure, key lengths can be extended to protect information better, but the increased computing power of hackers and perpetrators, as well advance in algorithms for encryption breaking, is something for which we have yet to find an answer. As the world continues to become increasingly reliant on connected devices and transmission of data at alarming rates, we are progressing much faster technologically than we are able to protect from security standpoint. Yet, many companies today focus on solving issues with endpoint security and place data-in-motion on the backburner despite its importance. Key-centric schemes are considered state of the art but are rapidly becoming outdated as we continue to have more additional endpoints every single day.

The concept behind secret sharing

Secret sharing is not a new mathematical theory, but its importance is renewed in today's digital environment. It was introduced in 1979 separately by Adi Shamir, an Israeli cryptographer, and George Blakely, a mathematics professor at Texas A&M. Secret sharing can be viewed as a specific case of the broader idea of the information theoretic security – mathematically unbreakable schemes that were already in use by the red-phone connecting USA and Russia during the Cold War. Essentially, secret sharing is taking a secret - any information to be protected - and using randomisation to compute different shares (numbers) that only together define the secret.  

Application in today's current environment

To address today's needs of network security, secret sharing can evolve to become a full-blown communication and authentication protocol.  These unbreakable shares would each travel via a different route across a network and get reassembled at an endpoint. The different routes each share can take include VPN, the public internet, wi-fi, cellular signals, cloud services, and any others. Each share does not contain a part of the secret itself, but rather random data that is useless except when used together with other shares arriving at the destination.  This method does not attempt to strong arm eavesdroppers or attacks, but instead allow them to never receive usable information in the first place. Computing power and the skills of the hacker are irrelevant with this security methodology. With this approach, the information-theoretic security will serve a tie-breaker in the tag of war game of encryption.

Secret sharing is meant as a supplement to - and in some use cases a replacement for - Public Key Infrastructure (PKI), patching the vulnerabilities left exposed by key encryption. This is perhaps most obviously crucial for the growth of the Internet of Things. We plan to connect 20 billion devices by 2020 and these devices are constantly transmitting private and potentially harmful data on a regular basis. This is unsettling for consumers living in smart homes but potentially life-threatening when applied to critical infrastructure, for example. If a perpetrator was to be able to gain access and take control of these devices the consequences could threaten countries.

Secret sharing can also improve network security for unsecure networks such as a local Starbucks or airport. Whereas PKI by itself would leave these networks vulnerable to MITM, eavesdropping and other forms of hacks, secret sharing implies security stronger than all the secure channels used to send the secret shares.

History repeating

Methodologies used during the Cold War are again proving their worth. Applying proven unbreakable schemes like secret sharing and One-Time-Pads to today's security challenges can serve a final tie breaker to the cryptography arms race, leading to more secure networks and communications. Technology can only continue to grow if security is up to the task of protecting it. We've seen so much of our lives change in just a short few years from rapid advancement of digital communication and technology aimed at more convenient means of supplying products and services, it would be irresponsible to assume our way of thinking about the security needed to protect it wouldn't have to adapt along with it.

Contributed by Shlomi Dolev, CTO, Secret Double Octopus