Since 1976, public key cryptography has become the foundation on which secure communications were established over the Internet. The public key algorithm and infrastructure revolutionized cryptography, and formed the basis for secure email, ecommerce, and many other information exchanges. Throughout the development of PKI, new algorithms have been developed and refined which offer higher security and better performance, resulting in improved ability to defend against the growing sophistication of the modern security threat.
Recognizing the limitations of the current RSA1024 bit certificate key size, the U.S. Department of Commerce / National Institute of Standards and Technology (NIST), issued a deadline for switching to 2048-bit certificates by January 2014. While 2048 bit certificates help address the security concerns, the increase in the RSA key size has a negative impact on server loads, and the number of simultaneous connections possible.
Elliptic Curve Cryptography (ECC) creates encryption keys based on the idea of using points on a curve to define the public/private key pair, and is part of the NIST Suite B list of approved algorithms for 256-bit ECC key lengths. With ECC it is difficult to break using the brute force methods often employed by hackers and offers a faster solution with less computing power than RSA-based encryption. ECC offers enhanced:
- Security - ECC provides stronger protection against attacks than current encryption methods. The ECC algorithm relies on a mathematical problem that is more difficult for hackers to attack than the current encryption, making your websites and infrastructure more secure than with traditional methods.
- Performance - ECC requires a shorter key length to provide a superior level of security, For instance, a 256-bit ECC key provides the same level of protection as a 3072-bit RSA key. The result? You get enhanced security and performance, decreasing client side page load times.
- Investment protection - ECC helps protect your infrastructure investment by providing increased security that can handle the explosion in mobile device connections. ECC key lengths increase at a slower rate than other encryption method keys, potentially extending the life of your existing hardware and giving you a greater return on your investment.
- Support of Mobile - ECC's smaller key length means smaller certificates that consume less bandwidth. As more solutions and users move to smaller devices for their online transactions, ECC offers an enhanced customer experience including faster page load times and longer battery life
2013 RSA Panel Discussion (38 minutes)
- Craig Spiezle, Executive Director & President Online Trust Alliance
- Stephen Ludin, Akamai’s Chief Architect for Web Experience Engineering
- David Holmes, F5’s Technical Marketing Manager
- Steve Gottwals, Adobe’s Group Product Manager for Adobe Acrobat and Reader Security
- Quentin Liu, Symantec’s Sr. Director of Product Development for Authentication Products
- Yves Massard of HID Global / ActivIdentity