Lunch with Cryptography Research

Written by

On Friday, I had lunch with Ken Warren, marketing director, Cryptography Research (CRI).

There was no topic agenda (just the way I like it) and we had an informal and enjoyable lunch, with conversation dancing around social networking, consumerisation, and some pretty serious concerns around counterfeit technologies – most notably airplane parts.

Discussing trolling on Twitter, Warren referred to the recent arrest of the man responsible for sending abusive texts to Tom Daley after he placed fourth in the synchro diving at the 2012 Olympics. “Twitter isn’t as anonymous as you think. In fact, it’s a permanent record of what you write. In the Bay area, there’s actually a category on hiring documents that reads ‘not employable because of Facebook’”.

Security is an afterthought on most social networking sites, explained Warren. There’s a security versus convenience trade-off, and convenience always wins. “When I worked at MasterCard, security was actually considered the ‘sales prevention department’”. Security could – and should – be quite simple though, he said, “with 2FA and a hardware route, [most breaches] could be stopped.”

An unusual business model

During lunch, Warren explained to me the CRI business model which applies to many of its offerings. “Our customers do not pay upfront for our security. They pay only while the technology is working and is unbroken. We put our money where our mouth is.”

Other vendors have motivation to get broken, he explained. “If their smartcards are broken or compromised, Visa would have to pay for new chips, for example. The vendor would therefore be making money from their failure.”

It’s a cynical accusation, but nevertheless is valid and logical . I really like the CRI ‘only pay while you’re secure’ model. Another of CRI’s defining beliefs is that 100% security isn’t possible. “Trying to make the DVD format unbreakable is impossible. CRI plays for stalemate, not checkmate. We know not to play for 100% security.”

Counterfeit Parts & Technology

Warren and I drift onto the topic of counterfeit technology – covering paid-TV boxes, printer cartridges, and plane parts. Yes, you just read that right – airplane parts. Warren tells me: "Thousands of instances of counterfeit parts have been found in US Military aircraft, representing over a million individual components, with over 70% of these coming from China.  The Federal Aviation Administration(FAA) estimates that around 2% of parts fitted to commercial aircraft are also counterfeit."

With two (overseas) holidays around the corner, and a constant stream of business trips abroad, my horror at this statistic is apparent. “Oh, I’m sure most airlines take this quite seriously”, Warren told me, and we both laughed at the lack of reassurance this statement held.

The temptation to buy counterfeit goods is often fuelled by pressure to make cost savings, he says, in reference to plane parts and printer cartilages. This isn’t illegal however. “What’s illegal is when fraudsters advertise their counterfeit product as the real deal.”

A Game Changer

Finally, we discussed mobile payment technology. Warren explained that it hasn’t yet reached maturity as “everyone needs to work out how to make revenue from it. The costs can’t be put onto the consumer.” The problems we face now with smartphones are similar those we faced 15 years ago with smartcards, he told me.

iPhone 5 protocols reportedly have NFC chips in, which Warren declared would be a “game changer. Banks are terrified of losing business”, he said. “In order to take off, it will need to be intuitive to the customer, which is where Apple excels. Companies like Apple or PayPal could change the game with their huge customer base.”

At the moment, there are vulnerabilities in NFC payment technology, but nothing that can’t be fixed, Warren concluded.

What’s hot on Infosecurity Magazine?