Login | Signup | Support
  • 0
  • ×

    Cryptography Securing the Information Age


    Current Rating : Rate It :



    1 : Cryptography: Securing the Information Age Source: technical.html
    2 : Agenda Definitions Why cryptography is important? Available technologies Benefits & problems Future of cryptography Houston resources
    3 : Essential Terms Cryptography Encryption Plain text ? Cipher text Decryption Cipher text ? Plain text Cryptanalysis Cryptology Source: Secret writing
    4 : Information Security for… Defending against external/internal hackers Defending against industrial espionage Securing E-commerce Securing bank accounts/electronic transfers Securing intellectual property Avoiding liability
    5 : Threats to Information Security Pervasiveness of email/networks Online storage of sensitive information Insecure technologies (e.g. wireless) Trend towards paperless society Weak legal protection of email privacy
    6 : Types of Secret Writing Secret writing Steganography Cryptography
    7 : Steganography Steganography – covered writing – is an art of hiding information Popular contemporary steganographic technologies hide information in images New York Times, August 3rd, 2001
    8 : Hiding information in pictures Image in which to hide another image Image to hide within the other image
    9 : Retrieving information from pictures Image with other hidden within Recreated image
    10 : Digital Watermarks Source:
    11 : Types of Secret Writing Secret writing Steganography Cryptography Substitution Transposition Code Cipher
    12 : Public Key Cryptography Private (symmetric, secret) key – the same key used for encryption/decryption Problem of key distribution Public (asymmetric) key cryptography – a public key used for encryption and private key for decryption Key distribution problem solved
    13 : Currently Available Crypto Algorithms (private key) DES (Data Encryption Standard) and derivatives: double DES and triple DES IDEA (International Data Encryption Standard) Blowfish RC5 (Rivest Cipher #5) AES (Advance Encryption Standard)
    14 : RSA (Rivest, Shamir, Adleman) DH (Diffie-Hellman Key Agreement Algorithm) ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm) RPK (Raike Public Key) Currently Available Crypto Algorithms (public key)
    15 : PGP (Pretty Good Privacy) – a hybrid encryption technology Message is encrypted using a private key algorithm (IDEA) Key is then encrypted using a public key algorithm (RSA) For file encryption, only IDEA algorithm is used PGP is free for home use Currently Available Technologies
    16 : Authentication and Digital Signatures Preventing impostor attacks Preventing content tampering Preventing timing modification Preventing repudiation By: Encryption itself Cryptographic checksum and hash functions
    17 : Digital Signatures Made by encrypting a message digest (cryptographic checksum) with the sender’s private key Receiver decrypts with the sender’s public key (roles of private and public keys are flipped)
    18 : PKI and CA Digital signature does not confirm identity Public Key Infrastructure provides a trusted third party’s confirmation of a sender’s identity Certification Authority is a trusted third party that issues identity certificates
    19 : Problems with CAs and PKI Who gave CA the authority to issue certificates? Who made it “trusted”? What good are the certificates? What if somebody digitally signed a binding contract in your name by hacking into your system? How secure are CA’s practices? Can a malicious hacker add a public key to a CA’s directory?
    20 : Currently Available Technologies MD4 and MD5 (Message Digest) SHA-1 (Secure Hash Algorithm version 1) DSA (The Digital Signature Algorithm) ECDSA (Elliptic Curve DSA) Kerberos OPS (Open Profiling Standard) VeriSign Digital IDs
    21 : JAVA and XML Cryptography package includes classes used for authentication and digital signature javax.crypto package contains Java Cryptography Extension classes XML makes it possible to encrypt or digitally sign parts of a message, different encryption for different recipients, etc.
    22 : XML Crypto Document Listing 1. Information on John Smith showing his bank, limit of $5,000, card number, and expiration date John Smith 4019 2445 0277 5567 Bank of the Internet 04/02 (Source:
    23 : XML Crypto document Listing 2. Encrypted document where all but name is encrypted John Smith A23B45C56 (Source:
    24 : Benefits of Cryptographic Technologies Data secrecy Data integrity Authentication of message originator Electronic certification and digital signature Non-repudiation Source:
    25 : Potential Problems with Cryptographic Technologies? False sense of security if badly implemented Government regulation of cryptographic technologies/export restrictions Encryption prohibited in some countries Source:
    26 : How Secure are Today’s Technologies? $250,000 machine cracks 56 bit key DES code in 56 hours IDEA, RC5, RSA, etc. resist complex attacks when properly implemented cracked 64 bit RC5 key (1,757 days and 331,252 people) in July, 2002 A computer that breaks DES in 1 second will take 149 trillion years to break AES! Algorithms are not theoretically unbreakable: successful attacks in the future are possible
    27 : How Secure are Today’s Technologies? Encryption does not guarantee security! Many ways to beat a crypto system NOT dependent on cryptanalysis, such as: Viruses, worms, hackers, etc. TEMPEST attacks, Unauthorized physical access to secret keys Cryptography is only one element of comprehensive computer security
    28 : The Future of Secret Writing Quantum cryptanalysis A quantum computer can perform practically unlimited number of simultaneous computations Factoring large integers is a natural application for a quantum computer (necessary to break RSA) Quantum cryptanalysis would render ALL modern cryptosystems instantly obsolete Source:
    29 : When will it happen? 2004 – 10-qubit special purpose quantum computer available 2006 – factoring attacks on RSA algorithm 2010 through 2012 – intelligence agencies will have quantum computers 2015 – large enterprises will have quantum computers Source: The Gartner Group
    30 : What is to be done? The Gartner Group recommends: Develop migration plans to stronger crypto by 2008 Begin implementation in 2010
    31 : Quantum encryption No need for a quantum computer A key cannot be intercepted without altering its content It is theoretically unbreakable Central problem is transmitting a quantum message over a significant distance Source: The Future of Secret Writing (continued)
    32 : Houston Resources University of Houston Crypto courses Ernst Leiss Rice University: Computer Science Dept Crypto research and offers crypto training Dan Wallach (security of WAP, WEP, etc.) Companies EDS RSA Security Schlumberger SANS Institute
    33 : Your questions are welcome!

    Presentation Tags

    Copyright © 2019 All rights reserved.