View
26
Download
0
Category
Tags:
Preview:
DESCRIPTION
Cryptography: Securing the Information Age. Source: www.aep.ie/product/ technical.html. Agenda. Definitions Why cryptography is important? Available technologies Benefits & problems Future of cryptography Houston resources. Essential Terms. Cryptography Encryption - PowerPoint PPT Presentation
Citation preview
Source: www.viisage.com
Cryptography: Securing the Information Age
Source: www.aep.ie/product/ technical.html
Source: www.zonezero.com
Agenda• Definitions
• Why cryptography is important?
• Available technologies
• Benefits & problems
• Future of cryptography
• Houston resources
Source: www.zonezero.com
Essential Terms• Cryptography
• EncryptionPlain text Cipher text
• DecryptionCipher text Plain text
• Cryptanalysis
• Cryptology Source: http://www.unmuseum.org/enigma.jpg
Source: www.zonezero.com
Information Security for…• Defending against external/internal hackers• Defending against industrial espionage• Securing E-commerce• Securing bank accounts/electronic transfers• Securing intellectual property• Avoiding liability
Source: www.zonezero.com
Threats to Information Security• Pervasiveness of email/networks• Online storage of sensitive
information • Insecure technologies (e.g.
wireless)• Trend towards paperless society• Weak legal protection of email
privacy
Source: www.zonezero.com
Types of Secret Writing
Secret writing
Steganography Cryptography
Steganography
• Steganography – covered writing – is an art of hiding information
• Popular contemporary steganographic technologies hide information in images
New York Times, August 3rd, 2001http://www.nytimes.com/images/2001/10/30/science/sci_STEGO_011030_00.jpg
Hiding information in pictures
Image in which to hide another image
Image to hide within the other image
http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading/
Retrieving information from pictures
http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading/
Image with other hidden within
Recreated image
Digital Watermarks
Source: http://www.digimarc.com
Source: www.zonezero.com
Types of Secret WritingSecret writing
Steganography Cryptography
Substitution Transposition
Code
Cipher
Source: www.zonezero.com
Public Key Cryptography• Private (symmetric, secret) key – the same
key used for encryption/decryption• Problem of key distribution• Public (asymmetric) key cryptography – a
public key used for encryption and private key for decryption
• Key distribution problem solved
Source: www.zonezero.com
Currently Available Crypto Algorithms (private key)
• DES (Data Encryption Standard) and derivatives: double DES and triple DES
• IDEA (International Data Encryption Standard)
• Blowfish• RC5 (Rivest Cipher #5)• AES (Advance Encryption Standard)
Source: www.zonezero.com
• RSA (Rivest, Shamir, Adleman)• DH (Diffie-Hellman Key Agreement
Algorithm)• ECDH (Elliptic Curve Diffie-Hellman Key
Agreement Algorithm) • RPK (Raike Public Key)
Currently Available Crypto Algorithms (public key)
Source: www.zonezero.com
PGP (Pretty Good Privacy) – a hybrid encryption technology– Message is encrypted using a private key
algorithm (IDEA)– Key is then encrypted using a public key
algorithm (RSA)– For file encryption, only IDEA algorithm is used– PGP is free for home use
Currently Available Technologies
Source: www.zonezero.com
Authentication and Digital Signatures
• Preventing impostor attacks• Preventing content tampering• Preventing timing modification• Preventing repudiation
By:• Encryption itself• Cryptographic checksum and hash
functions
Source: www.zonezero.com
Digital Signatures
• Made by encrypting a message digest (cryptographic checksum) with the sender’s private key
• Receiver decrypts with the sender’s public key (roles of private and public keys are flipped)
Source: www.zonezero.com
PKI and CA
• Digital signature does not confirm identity • Public Key Infrastructure provides a trusted
third party’s confirmation of a sender’s identity
• Certification Authority is a trusted third party that issues identity certificates
Source: www.zonezero.com
Problems with CAs and PKI
• Who gave CA the authority to issue certificates? Who made it “trusted”?
• What good are the certificates?• What if somebody digitally signed a binding
contract in your name by hacking into your system?
• How secure are CA’s practices? Can a malicious hacker add a public key to a CA’s directory?
Source: www.zonezero.com
Currently Available Technologies
• MD4 and MD5 (Message Digest)• SHA-1 (Secure Hash Algorithm version 1) • DSA (The Digital Signature Algorithm) • ECDSA (Elliptic Curve DSA) • Kerberos • OPS (Open Profiling Standard) • VeriSign Digital IDs
Source: www.zonezero.com
JAVA and XML Cryptography
• java.security package includes classes used for authentication and digital signature
• javax.crypto package contains Java Cryptography Extension classes
• XML makes it possible to encrypt or digitally sign parts of a message, different encryption for different recipients, etc.
Source: www.zonezero.com
XML Crypto DocumentListing 1. Information on John Smith showing his bank, limit of $5,000, card number, and expiration date
<?xml version='1.0'?>
<PaymentInfo xmlns='http://example.org/paymentv2'>
<Name>John Smith<Name/>
<CreditCard Limit='5,000' Currency='USD'>
<Number>4019 2445 0277 5567</Number>
<Issuer>Bank of the Internet</Issuer>
<Expiration>04/02</Expiration>
</CreditCard>
</PaymentInfo>
(Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html)
Source: www.zonezero.com
XML Crypto documentListing 2. Encrypted document where all but name is encrypted
<?xml version='1.0'?>
<PaymentInfo xmlns='http://example.org/paymentv2'>
<Name>John Smith<Name/>
<EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element'
xmlns='http://www.w3.org/2001/04/xmlenc#'>
<CipherData><CipherValue>A23B45C56</CipherValue></CipherData>
</EncryptedData>
</PaymentInfo>
(Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html)
Source: www.zonezero.com
Benefits of Cryptographic Technologies• Data secrecy• Data integrity • Authentication of
message originator• Electronic certification
and digital signature• Non-repudiation
Source: http://www.princeton.edu/~hos/h398/matrix.jpg
Source: www.zonezero.com
Potential Problems with Cryptographic Technologies?
• False sense of security if badly implemented
• Government regulation of cryptographic technologies/export restrictions
• Encryption prohibited in some countries Source: http://www.tudor-portraits.com/Mary%20Scots%20B.jpg
Source: www.zonezero.com
How Secure are Today’s Technologies?
• $250,000 machine cracks 56 bit key DES code in 56 hours
• IDEA, RC5, RSA, etc. resist complex attacks when properly implemented
• distributed.net cracked 64 bit RC5 key (1,757 days and 331,252 people) in July, 2002
• A computer that breaks DES in 1 second will take 149 trillion years to break AES!
• Algorithms are not theoretically unbreakable: successful attacks in the future are possible
Source: www.zonezero.com
How Secure are Today’s Technologies?
• Encryption does not guarantee security!• Many ways to beat a crypto system NOT dependent
on cryptanalysis, such as:– Viruses, worms, hackers, etc.– TEMPEST attacks,– Unauthorized physical access to secret keys
• Cryptography is only one element of comprehensive computer security
Source: www.zonezero.com
The Future of Secret Writing
Quantum cryptanalysis– A quantum computer can perform
practically unlimited number of simultaneous computations
– Factoring large integers is a natural application for a quantum computer (necessary to break RSA)
– Quantum cryptanalysis would render ALL modern cryptosystems instantly obsolete
Source: http://www.media.mit.edu/quanta/5-qubit-molecule.jpg
Source: www.zonezero.com
When will it happen?• 2004 – 10-qubit special purpose quantum
computer available• 2006 – factoring attacks on RSA algorithm• 2010 through 2012 – intelligence agencies
will have quantum computers• 2015 – large enterprises will have quantum
computersSource: The Gartner Group
Source: www.zonezero.com
What is to be done?The Gartner Group recommends:
• Develop migration plans to stronger crypto by 2008
• Begin implementation in 2010
Source: www.zonezero.com
Quantum encryption– No need for a quantum computer
– A key cannot be intercepted without altering its content
– It is theoretically unbreakable
– Central problem is transmitting a quantum message over a significant distance
Source: http://qubit.nist.gov/Images/OptLat.jpg
The Future of Secret Writing (continued)
Recommended