What we desperately need to win the Cyber War is a “Newtonian” theory of cyber security — actionable principles that will guarantee victory if we apply them diligently. Unfortunately, we practice patch-work, fixing yesterday’s security flops. Let me then put forth such an actionable principle that I believe will dramatically improve our security status, should we apply it generously and often: “More Randomness — More Security! No Upper Limit”.
Randomness is the black hole of knowledge — it is an impenetrable wall; it is the great equalizer — computing power, mathematical insight, shrewdness — are no advantage. The more randomness you use to protect your data integrity the more secure you are. Take some meaningful data — knowledge — and mix it with enough randomness, and you get an outcome that looks more and more random, the greater the share of randomness that was used in the mix. And the closer that outcome is to true randomness, the more difficult is it for an adversary to distinguish that outcome from true randomness. It is that simple.
And the good news is that as of recent we developed the technology that enables us to use virtually unlimited quantities of randomness. The price of gigabytes and terabytes of memory hits bottom. The cheapest Internet-of-Things device can be mounted with oodles of random bits to insure its integrity.
Of course we will need to adjust our security algorithms to accommodate this new principle. For the last many decades we built security by using very limited quantities of randomness, and relying instead on how well we mixed that randomness with the protected data. That mixing was our undoing. As smart as we were getting the data and the randomness mixed — the hackers were smarter in getting them unmixed. It was a battle of wits, and the other guy took the trophy. In the new paradigm, we just crudely throw in tons of randomness to be crudely mixed with the protected data, and simply (and inelegantly, if you will) by using sufficient quantities of randomness, we win the war.