Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Cryptography: Securing The Information Age: Source: WWW - Aep.ie/product/ Technical - HTML

    Enviado por

    harshsrivastavaalld
    41 visualizações33 páginas

    Título original

    FTB Cryptography

    Direitos autorais

    © Attribution Non-Commercial (BY-NC)

    Formatos disponíveis

    PPT, PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    41 visualizações33 páginas

    Cryptography: Securing The Information Age: Source: WWW - Aep.ie/product/ Technical - HTML

    Enviado por

    harshsrivastavaalld

    Direitos autorais:

    Attribution Non-Commercial (BY-NC)
    Baixe no formato PPT, PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 33

    Cryptography: Securing the

    Information Age

    Source: www.aep.ie/product/ technical.html

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Agenda
    • Definitions
    • Why cryptography is important?
    • Available technologies
    • Benefits & problems
    • Future of cryptography
    • Houston resources
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Essential Terms
    • Cryptography
    • Encryption
    Plain text  Cipher text
    • Decryption
    Cipher text  Plain text
    • Cryptanalysis
    • Cryptology Source: http://www.unmuseum.org/enigma.jpg

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Information Security for…
    • Defending against external/internal hackers
    • Defending against industrial espionage
    • Securing E-commerce
    • Securing bank accounts/electronic transfers
    • Securing intellectual property
    • Avoiding liability

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Threats to Information Security
    • Pervasiveness of email/networks
    • Online storage of sensitive
    information
    • Insecure technologies (e.g.
    wireless)
    • Trend towards paperless society
    • Weak legal protection of email
    privacy

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Types of Secret Writing
    Secret writing

    Steganography Cryptography

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Steganography

    • Steganography –
    covered writing –
    is an art of hiding
    information
    • Popular
    contemporary
    steganographic
    technologies hide New York Times, August 3rd, 2001

    information in http://www.nytimes.com/images/2001/10/30/science/sci_STEGO_011030_00.jpg

    images Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Hiding information in pictures

    Image in which to hide Image to hide within the


    another image other image
    Information Systems Research Center

    http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading /
    October 17, 2002 Future Technology Briefing
    Retrieving information from
    pictures

    Image with other Recreated image


    hidden within
    Information Systems Research Center

    http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading /
    October 17, 2002 Future Technology Briefing
    Digital Watermarks

    Information Systems Research Center

    Source: http://www.digimarc.com

    October 17, 2002 Future Technology Briefing


    Types of Secret Writing
    Secret writing

    Steganography Cryptography

    Substitution Transposition

    Code

    Cipher
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Public Key Cryptography
    • Private (symmetric, secret) key – the same
    key used for encryption/decryption
    • Problem of key distribution
    • Public (asymmetric) key cryptography – a
    public key used for encryption and private
    key for decryption
    • Key distribution problem solved

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Currently Available Crypto
    Algorithms (private key)
    • DES (Data Encryption Standard) and
    derivatives: double DES and triple DES
    • IDEA (International Data Encryption
    Standard)
    • Blowfish
    • RC5 (Rivest Cipher #5)
    • AES (Advance Encryption Standard)
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Currently Available Crypto
    Algorithms (public key)
    • RSA (Rivest, Shamir, Adleman)
    • DH (Diffie-Hellman Key Agreement
    Algorithm)
    • ECDH (Elliptic Curve Diffie-Hellman Key
    Agreement Algorithm)
    • RPK (Raike Public Key)

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Currently Available Technologies

    PGP (Pretty Good Privacy) – a hybrid


    encryption technology
    – Message is encrypted using a private key
    algorithm (IDEA)
    – Key is then encrypted using a public key
    algorithm (RSA)
    – For file encryption, only IDEA algorithm is used
    – PGP is free for home use
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Authentication and Digital
    Signatures
    • Preventing impostor attacks
    • Preventing content tampering
    • Preventing timing modification
    • Preventing repudiation
    By:
    • Encryption itself
    • Cryptographic checksum and hash
    functions
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Digital Signatures

    • Made by encrypting a message digest


    (cryptographic checksum) with the sender’s
    private key
    • Receiver decrypts with the sender’s public
    key (roles of private and public keys are
    flipped)

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    PKI and CA

    • Digital signature does not confirm identity


    • Public Key Infrastructure provides a trusted
    third party’s confirmation of a sender’s
    identity
    • Certification Authority is a trusted third party
    that issues identity certificates

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Problems with CAs and PKI
    • Who gave CA the authority to issue
    certificates? Who made it “trusted”?
    • What good are the certificates?
    • What if somebody digitally signed a binding
    contract in your name by hacking into your
    system?
    • How secure are CA’s practices? Can a
    malicious hacker add a public key to a CA’s
    directory? Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Currently Available Technologies

    • MD4 and MD5 (Message Digest)


    • SHA-1 (Secure Hash Algorithm version 1)
    • DSA (The Digital Signature Algorithm)
    • ECDSA (Elliptic Curve DSA)
    • Kerberos
    • OPS (Open Profiling Standard)
    • VeriSign Digital IDs
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    JAVA and XML Cryptography

    • java.security package includes classes used


    for authentication and digital signature
    • javax.crypto package contains Java
    Cryptography Extension classes
    • XML makes it possible to encrypt or digitally
    sign parts of a message, different encryption
    for different recipients, etc.
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    XML Crypto Document
    Listing 1. Information on John Smith showing his bank, limit of
    $5,000, card number, and expiration date
    <?xml version='1.0'?>
    <PaymentInfo xmlns='http://example.org/paymentv2'>
    <Name>John Smith<Name/>
    <CreditCard Limit='5,000' Currency='USD'>
    <Number>4019 2445 0277 5567</Number>
    <Issuer>Bank of the Internet</Issuer>
    <Expiration>04/02</Expiration>
    </CreditCard>
    Information Systems Research Center

    </PaymentInfo>
    October 17, 2002 Future Technology Briefing

    (Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html)
    XML Crypto document
    Listing 2. Encrypted document where all but name is encrypted
    <?xml version='1.0'?>
    <PaymentInfo xmlns='http://example.org/paymentv2'>
    <Name>John Smith<Name/>
    <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element'
    xmlns='http://www.w3.org/2001/04/xmlenc#'>

    <CipherData><CipherValue>A23B45C56</CipherValue></CipherData>
    </EncryptedData>
    </PaymentInfo>
    Information Systems Research Center

    (Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html)

    October 17, 2002 Future Technology Briefing


    Benefits of Cryptographic Technologies

    • Data secrecy
    • Data integrity
    • Authentication of
    message originator
    • Electronic certification
    and digital signature
    • Non-repudiation
    Source: http://www.princeton.edu/~hos/h398/matrix.jpg

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Potential Problems with Cryptographic
    Technologies?
    • False sense of security if
    badly implemented
    • Government regulation of
    cryptographic
    technologies/export
    restrictions
    • Encryption prohibited in
    some countries Source: http://www.tudor-portraits.com/Mary%20Scots%20B.jpg

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    How Secure are Today’s
    Technologies?
    • $250,000 machine cracks 56 bit key DES code in 56
    hours
    • IDEA, RC5, RSA, etc. resist complex attacks when
    properly implemented
    • distributed.net cracked 64 bit RC5 key (1,757
    days and 331,252 people) in July, 2002
    • A computer that breaks DES in 1 second will take
    149 trillion years to break AES!
    • Algorithms are not theoretically unbreakable: Information Systems Research Center

    successful attacks in the future are possible


    October 17, 2002 Future Technology Briefing
    How Secure are Today’s
    Technologies?
    • Encryption does not guarantee security!
    • Many ways to beat a crypto system NOT dependent
    on cryptanalysis, such as:
    – Viruses, worms, hackers, etc.
    – TEMPEST attacks,
    – Unauthorized physical access to secret keys
    • Cryptography is only one element of comprehensive
    computer security
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    The Future of Secret Writing
    Quantum cryptanalysis
    – A quantum computer can perform
    practically unlimited number of
    simultaneous computations
    – Factoring large integers is a
    natural application for a quantum
    computer (necessary to break
    RSA) Source: http://www.media.mit.edu/quanta/5-qubit-molecule.jpg

    – Quantum cryptanalysis would


    render ALL modern
    cryptosystems instantly obsolete Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    When will it happen?
    • 2004 – 10-qubit special purpose quantum
    computer available
    • 2006 – factoring attacks on RSA algorithm
    • 2010 through 2012 – intelligence agencies
    will have quantum computers
    • 2015 – large enterprises will have quantum
    computers
    Source: The Gartner Group

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    What is to be done?
    The Gartner Group recommends:

    • Develop migration plans to stronger


    crypto by 2008
    • Begin implementation in 2010

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    The Future of Secret Writing
    (continued)
    Quantum encryption
    – No need for a quantum computer
    – A key cannot be intercepted without
    altering its content
    – It is theoretically unbreakable
    – Central problem is transmitting a quantum
    message over a significant distance
    Source: http://qubit.nist.gov/Images/OptLat.jpg

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Houston Resources
    University of Houston
    − Crypto courses
    − Ernst Leiss
    Rice University: Computer Science Dept
    − Crypto research and offers crypto training
    − Dan Wallach (security of WAP, WEP, etc.)
    Companies
    − EDS
    − RSA Security
    − Schlumberger
    − SANS Institute Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Your questions are welcome!

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing

    Você também pode gostar