1 / 13

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?. Burt Kaliski, RSA Laboratories NetworkWorld Security-Tage München, 04. Dezember 2002. Overview. Thinking about cryptography over the next several decades Is IT-Security safe for the future?. Key Size and Space Travel.

DoraAna
Télécharger la présentation

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Crypto-Visionen –ist IT-Sicherheit überhaupt zukunftsicher? Burt Kaliski, RSA Laboratories NetworkWorld Security-Tage München, 04. Dezember 2002

  2. Overview • Thinking about cryptography over the next several decades • Is IT-Security safe for the future?

  3. Key Size and Space Travel • Today, 80-bit minimum (= 1024-bit RSA, 160-bit ECC) • NIST proposes 128-bit minimum (3072-bit RSA, 256-bit ECC) for protecting data beyond the year 2035 • But research could change future comparisons dramatically • Like travel to nearby stars BSI Empfehlung: “Geeignete Krythoalgorithmen” *Anf. § 17 Absatz 1 SigG v. 22.Mai 2001 1024-bit bis zum Jahr 2006 2048-bit ab dem Jahr 2006

  4. The Quantum Effect • Theoretically, a quantum computer can break most if not all PKC, halve symmetric key sizes • Shor’s, Grover’s algorithms • Practically, decades away (?), and incrementally visible • Economic model is uncertain • Yet quantum mechanics surely has other surprises

  5. A World without PKC? • Mental exercise: What if PKC hadn’t been invented? • What if PKC as we know it were broken? • Symmetric cryptography, hash functions still available • Merkle hash-tree signatures a good backup • Quantum cryptography ready for point-to-point

  6. It’s All about Trust • Alice and Bob traditionally have keys • But so far, people don’t do crypto • In practice, computers have our keys • We trust computers to use our keys properly • With enough assurance, symmetric cryptography is sufficient

  7. Proxies Near and Far • Devices are just proxies for user crypto operations • User authenticates, instructs • Device verifies, follows • System trusts based on assurance • PC, PDA, mobile phones, smart card are local proxies, network services are remote • What’s the difference?

  8. Device Security • Physical threats make it harder to trust devices • Secure implementation a major area of crypto research • New paradigms gaining importance: forward security, distributed cryptography

  9. Beyond the Basics • Traditional cryptography has focused on keeping data safe • Emerging cryptography will focus on keeping processes safe • Examples: • Data mining without seeing the data • Auctions without a broker

  10. Safe Utility • Security must be easy to use • Passwords, biometrics, “remote controls” will be essential tools for the user • Focus on safety in general, as in other consumer products. Not just security • Sicher = safe, secure, certain

  11. The Weakest Link • Not key size, quantum, … • People! • IT is an amazing tool for expressing human creativity, and malice • Which will we encourage?

  12. Conclusions • Is IT-Security safe for the future? • As sure as anything else people will do • Cryptography has much more to offer IT • How will you use it?

  13. Contact Information • Burt KaliskiDirector, RSA Laboratoriesbkaliski@rsasecurity.comhttp://www.rsasecurity.com/

More Related