1 / 31

Cryptography: Securing the Information Age

Cryptography: Securing the Information Age. Source: www.aep.ie/product/ technical.html. Agenda. Definitions Why cryptography is important? Available technologies Benefits & problems Future of cryptography Houston resources. Essential Terms. Cryptography Encryption

wind
Télécharger la présentation

Cryptography: Securing the Information Age

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptography: Securing the Information Age Source: www.aep.ie/product/ technical.html Source: www.viisage.com

  2. Agenda • Definitions • Why cryptography is important? • Available technologies • Benefits & problems • Future of cryptography • Houston resources Source: www.zonezero.com

  3. Essential Terms • Cryptography • Encryption Plain text  Cipher text • Decryption Cipher text  Plain text • Cryptanalysis • Cryptology Secret writing Source: http://www.unmuseum.org/enigma.jpg Source: www.zonezero.com

  4. Information Security for… • Defending against external/internal hackers • Defending against industrial espionage • Securing E-commerce • Securing bank accounts/electronic transfers • Securing intellectual property • Avoiding liability Source: www.zonezero.com

  5. Threats to Information Security • Pervasiveness of email/networks • Online storage of sensitive information • Insecure technologies (e.g. wireless) • Trend towards paperless society • Weak legal protection of email privacy Source: www.zonezero.com

  6. Types of Secret Writing Secret writing Steganography Cryptography Source: www.zonezero.com

  7. Steganography • Steganography – covered writing – is an art of hiding information • Popular contemporary steganographic technologies hide information in images New York Times, August 3rd, 2001 http://www.nytimes.com/images/2001/10/30/science/sci_STEGO_011030_00.jpg

  8. Hiding information in pictures Image in which to hide another image Image to hide within the other image http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading/

  9. Retrieving information from pictures Image with other hidden within Recreated image http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading/

  10. Digital Watermarks Source: http://www.digimarc.com

  11. Types of Secret Writing Secret writing Steganography Cryptography Substitution Transposition Code Cipher Source: www.zonezero.com

  12. Public Key Cryptography • Private (symmetric, secret) key – the same key used for encryption/decryption • Problem of key distribution • Public (asymmetric) key cryptography – a public key used for encryption and private key for decryption • Key distribution problem solved Source: www.zonezero.com

  13. Currently Available Crypto Algorithms (private key) • DES (Data Encryption Standard) and derivatives: double DES and triple DES • IDEA (International Data Encryption Standard) • Blowfish • RC5 (Rivest Cipher #5) • AES (Advance Encryption Standard) Source: www.zonezero.com

  14. Currently Available Crypto Algorithms (public key) • RSA (Rivest, Shamir, Adleman) • DH (Diffie-Hellman Key Agreement Algorithm) • ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm) • RPK (Raike Public Key) Source: www.zonezero.com

  15. Currently Available Technologies PGP (Pretty Good Privacy) – a hybrid encryption technology • Message is encrypted using a private key algorithm (IDEA) • Key is then encrypted using a public key algorithm (RSA) • For file encryption, only IDEA algorithm is used • PGP is free for home use Source: www.zonezero.com

  16. Authentication and Digital Signatures • Preventing impostor attacks • Preventing content tampering • Preventing timing modification • Preventing repudiation By: • Encryption itself • Cryptographic checksum and hash functions Source: www.zonezero.com

  17. Digital Signatures • Made by encrypting a message digest (cryptographic checksum) with the sender’s private key • Receiver decrypts with the sender’s public key (roles of private and public keys are flipped) Source: www.zonezero.com

  18. PKI and CA • Digital signature does not confirm identity • Public Key Infrastructure provides a trusted third party’s confirmation of a sender’s identity • Certification Authority is a trusted third party that issues identity certificates Source: www.zonezero.com

  19. Problems with CAs and PKI • Who gave CA the authority to issue certificates? Who made it “trusted”? • What good are the certificates? • What if somebody digitally signed a binding contract in your name by hacking into your system? • How secure are CA’s practices? Can a malicious hacker add a public key to a CA’s directory? Source: www.zonezero.com

  20. Currently Available Technologies • MD4 and MD5 (Message Digest) • SHA-1 (Secure Hash Algorithm version 1) • DSA (The Digital Signature Algorithm) • ECDSA (Elliptic Curve DSA) • Kerberos • OPS (Open Profiling Standard) • VeriSign Digital IDs Source: www.zonezero.com

  21. JAVA and XML Cryptography • java.security package includes classes used for authentication and digital signature • javax.crypto package contains Java Cryptography Extension classes • XML makes it possible to encrypt or digitally sign parts of a message, different encryption for different recipients, etc. Source: www.zonezero.com

  22. XML Crypto Document Listing 1. Information on John Smith showing his bank, limit of $5,000, card number, and expiration date <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith<Name/> <CreditCard Limit='5,000' Currency='USD'> <Number>4019 2445 0277 5567</Number> <Issuer>Bank of the Internet</Issuer> <Expiration>04/02</Expiration> </CreditCard> </PaymentInfo> (Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html) Source: www.zonezero.com

  23. XML Crypto document Listing 2. Encrypted document where all but name is encrypted <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith<Name/> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData><CipherValue>A23B45C56</CipherValue></CipherData> </EncryptedData> </PaymentInfo> (Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html) Source: www.zonezero.com

  24. Benefits of Cryptographic Technologies • Data secrecy • Data integrity • Authentication of message originator • Electronic certification and digital signature • Non-repudiation Source: http://www.princeton.edu/~hos/h398/matrix.jpg Source: www.zonezero.com

  25. Potential Problems with Cryptographic Technologies? • False sense of security if badly implemented • Government regulation of cryptographic technologies/export restrictions • Encryption prohibited in some countries Source: http://www.tudor-portraits.com/Mary%20Scots%20B.jpg Source: www.zonezero.com

  26. How Secure are Today’s Technologies? • $250,000 machine cracks 56 bit key DES code in 56 hours • IDEA, RC5, RSA, etc. resist complex attacks when properly implemented • distributed.net cracked 64 bit RC5 key (1,757 days and 331,252 people) in July, 2002 • A computer that breaks DES in 1 second will take 149 trillion years to break AES! • Algorithms are not theoretically unbreakable: successful attacks in the future are possible Source: www.zonezero.com

  27. How Secure are Today’s Technologies? • Encryption does not guarantee security! • Many ways to beat a crypto system NOT dependent on cryptanalysis, such as: • Viruses, worms, hackers, etc. • TEMPEST attacks, • Unauthorized physical access to secret keys • Cryptography is only one element of comprehensive computer security Source: www.zonezero.com

  28. The Future of Secret Writing Quantum cryptanalysis • A quantum computer can perform practically unlimited number of simultaneous computations • Factoring large integers is a natural application for a quantum computer (necessary to break RSA) • Quantum cryptanalysis would render ALL modern cryptosystems instantly obsolete Source: http://www.media.mit.edu/quanta/5-qubit-molecule.jpg Source: www.zonezero.com

  29. When will it happen? • 2004 – 10-qubit special purpose quantum computer available • 2006 – factoring attacks on RSA algorithm • 2010 through 2012 – intelligence agencies will have quantum computers • 2015 – large enterprises will have quantum computers Source: The Gartner Group Source: www.zonezero.com

  30. What is to be done? The Gartner Group recommends: • Develop migration plans to stronger crypto by 2008 • Begin implementation in 2010 Source: www.zonezero.com

  31. The Future of Secret Writing (continued) Quantum encryption • No need for a quantum computer • A key cannot be intercepted without altering its content • It is theoretically unbreakable • Central problem is transmitting a quantum message over a significant distance Source: http://qubit.nist.gov/Images/OptLat.jpg Source: www.zonezero.com

More Related