1 / 18

Secure Communications

FORE SEC Academy Security Essentials (IV). Secure Communications. Secure Communications Agenda. Chapter 19 : Encryption 101 Chapter 20 : Encryption 102 Chapter 21 : Applying Cryptography Chapter 22 : Steganography Chapter 23 : Viruses and Malicious Code

virgo
Télécharger la présentation

Secure Communications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. FORESEC AcademySecurity Essentials (IV) Secure Communications

  2. Secure Communications Agenda • Chapter 19: Encryption 101 • Chapter 20: Encryption 102 • Chapter 21: Applying Cryptography • Chapter 22: Steganography • Chapter 23: Viruses and Malicious Code • Chapter 24: Operations Security

  3. FORESEC AcademySecurity Essentials (IV)Encryption 101

  4. Course Objectives • Case Studies • The Challenge That We Face • Cryptosystem Fundamentals • Types of Cryptosystems • Real-world Implementations

  5. What is Cryptography? • Cryptography means “hidden writing” • Encryption is coding a message in such a way that its meaning is concealed • Decryption is the process of transforming an encrypted message into its original form • Plaintext is a message in its original form • Ciphertext is a message in its encrypted form

  6. Milestones in Cryptography AES: Advanced Encryption Standard (sponsored by NIST, 2002) …built upon the work of giants!

  7. Crypto History • The history of Cryptography is long and interesting • In the next couple of slides we will discuss some of the highlights

  8. Key Events • Jefferson Disk Cipher system • Japanese Purple Machine • German Enigma Machine • Vernam Cipher

  9. Why do I Care about Crypto? • It is part of a defense-in-depth strategy. • It is a critical component and enabler of e-commerce / e-business. • The “bad guys” are using it. • Security professionals should keep abreast of cipher standards because they change and new weaknesses are found.

  10. Crypto and E-Commerce Customers need to be sure that: • They are communicating with the correct server. • What they send is delivered unmodified. • They can prove that they sent the message. • Only the intended receiver can read the message. • Message delivery is guaranteed. • Vendors need to be sure that: • They are communicating with • the right client. • The content of the received • message is correct. • The identity of the author is • unmistakable. • Only the purported author • could have written the • message. • They acknowledge receipt of • the message.

  11. Security by Obscurity is no Security! • Case-in-point: DVD “encryption” • Proprietary algorithms are high-risk. • “Tamper-proof” hardware can be defeated with sufficient effort. • Technical solutions usually do not satisfactorily address legal issues.

  12. Beware of Overconfidence • Case-In-Point: Large key lengths • Simply using popular cryptographic algorithms, with large key lengths, does not make your system secure. • What's the weakest link? • Cryptanalytic compromises usually originate from totally unexpected places.

  13. Simplicity is a “Good Thing” • Case-in-point: E-commerce /E-business • Morphing your business into an online business can be a complex undertaking. • Taking shortcuts in **any** aspect of the development of your e-commerce systems can introduce weak links. • Security is a “process” ...not a product.

  14. Credit Cards Over the Internet • Case-in-point: How many people will use their credit card to buy merchandise on the Internet? How many people will pay for a meal with a credit card? • Which is riskier? - Perception vs. reality • Real risk is back-end database that possibly stores credit cards unencrypted. • Understanding the threat is key.

  15. The Challenge that We Face

  16. The User’s Perspective...

  17. Goals of Cryptography • “Alice” and “Bob” need a cryptosystem which can provide them with: • “Cryptography is about communications in the presence of adversaries” (Rivest,1990)

  18. Digital Substitution( Encryption )

More Related