Random Infosec reflections

Posted on

I have been going to Infosecurity Europe for more years than I care to remember but it’s good to meet other Infosec veterans who pitch up every year.

This year’s event was filled to the rafters with even more companies offering cyber security ‘solutions’. I feel sorry for CISOs trying to sort the wheat from the chaff. But this year’s event was put in the spotlight after public and private sector organisations got a rude wake-up call with WannaCry – malware on a scale previously unseen.

While WannaCry demonstrated the need for robust technical defences, it also highlighted the fact the most attacks can be avoided by simple measures such as patching and creating a culture of security awareness to avoid users making basic mistakes.

This year PRPR had five clients at Infosec – CREST, the IISP, Context Information Security, WatchGuard and Whitewood Security. And despite a wet first day, all reported brisk ‘trade’ on their stands.

Talking to journalists, there was not a lot they had not heard before and not really sure what Jeremy Paxman and Sebastian Coe added to the cyber security debate.

But one thing did get me thinking this year. We were asked by US company Whitewood to start a discussion around randomness – or entropy – which underpins all encryption. Turns out that a good random number is hard to find these days and as computers get faster, guessing encryption keys gets easier. And when quantum computers appear, it’s potentially game over.

Entropy is derived from the physical world – so, mouse movements, key strokes and disc access, for example. But put applications in the cloud and these sources of entropy don’t exist. Furthermore it’s difficult to source entropy on an IoT sensor or edge device.

But Whitewood has a solution. Its new Entropy-as-a-Service delivers entropy on demand to seed random number generators in Linux or Windows, using the only true source of randomness – quantum mechanics. Thank Einstein for that.

It’s not that all random numbers are no good – it’s just that you can’t tell the good ones from the bad ones. With quantum technology – all random numbers will be good.

Maybe it’s the engineer in me – but I find this fascinating. To find out more visit www.whitewood.com and see you at Infosec next year.

A final thought – just how many stress balls does one person need?