Why Elliptic Curve Cryptography is Necessary for Secure Remote Access

by VPNHaus | 08/26/2013

Recently, there have been many advances in cracking encryption algorithms that are the basis for the most common cryptography systems, such as Diffie-Hellman, RSA and DSA. Experts warn that within the next several years, the RSA public key cryptography system could even potentially become obsolete. If that is the case, how will enterprises be able to ensure secure remote access in the near-future?

First, let’s take a look at the problem itself. Encryption algorithms ensure security by utilizing the assumption that certain mathematical operations are exponentially difficult, such as the problems of integer factorization and the discrete logarithm, to prevent the decryption of public and private keys. As the key length increases, it becomes exponentially harder to decrypt, which is why key sizes are typically 128 bits and above.

After more than 30 years of little progress, researchers have recently started creating faster algorithms for limited versions of the discrete logarithm problem, which has rung the alarm for the entire cryptographic community. It has made us realize that we need to implement a more secure standard, Elliptic Curve Cryptography (ECC).

ECC is the best option moving forward for secure remote access via VPNs, because it is based on an operation that not only is difficult to solve but also is a very different problem from the discrete logarithm and integer factorization. Due to its unique characteristics, it is not impacted by advances in decrypting cryptography systems that utilize either of those problems. Currently, ECC is still not widely in use, but that is starting to change. It is particularly important for enterprises to implement ECC over the next several years to improve network security, because if decryption advances proceed at the current rate, TLS, a common protocol that ensures secure communications over the Internet, will be vulnerable to hackers until TLS 1.2, which includes ECC support, becomes widely available. If TLS communications can be decrypted, hackers could steal sensitive data, such as corporate financial information and documents, or even gain complete access to a corporate network to bring it down from the inside.

Implementing ECC right now will ensure that the worst case scenario will not happen. It’s time for enterprises to stay ahead of the curve, and use ECC to protect remote access to their corporate networks.