Scribd Logo
Upload

Welcome to Scribd!

  • Cryptography: Securing The Information Age: Source: WWW - Aep.ie/product/ Technical - HTML

    Uploaded by

    tazeen777
    2 views33 pages

    Original Title

    FTB Cryptography

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views33 pages

    Cryptography: Securing The Information Age: Source: WWW - Aep.ie/product/ Technical - HTML

    Uploaded by

    tazeen777

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 33

    Cryptography: Securing the Information Age

    Source: www.aep.ie/product/ technical.html


    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Agenda
    Definitions Why cryptography is important? Available technologies Benefits & problems Future of cryptography Houston resources
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Essential Terms
    Cryptography Encryption
    Plain text Cipher text

    Decryption
    Cipher text Plain text

    Cryptanalysis Cryptology
    October 17, 2002

    Source: http://www.unmuseum.org/enigma.jpg
    Information Systems Research Center

    Future Technology Briefing

    Information Security for


    Defending against external/internal hackers Defending against industrial espionage Securing E-commerce Securing bank accounts/electronic transfers Securing intellectual property Avoiding liability

    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Threats to Information Security


    Pervasiveness of email/networks Online storage of sensitive information Insecure technologies (e.g. wireless) Trend towards paperless society Weak legal protection of email privacy

    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Types of Secret Writing


    Secret writing

    Steganography

    Cryptography

    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Steganography
    Steganography covered writing is an art of hiding information Popular contemporary steganographic technologies hide information in images
    October 17, 2002

    New York Times, August 3rd, 2001 http://www.nytimes.com/images/2001/10/30/science/sci_STEGO_011030_00.jpg


    Information Systems Research Center

    Future Technology Briefing

    Hiding information in pictures

    Image in which to hide another image

    Image to hide within the other image


    /
    Information Systems Research Center

    http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading
    October 17, 2002

    Future Technology Briefing

    Retrieving information from pictures

    Image with other hidden within


    http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading
    October 17, 2002

    Recreated image
    /
    Information Systems Research Center

    Future Technology Briefing

    Digital Watermarks

    Information Systems Research Center

    Source: http://www.digimarc.com
    October 17, 2002 Future Technology Briefing

    Types of Secret Writing


    Secret writing

    Steganography Substitution

    Cryptography Transposition Code

    Cipher
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Public Key Cryptography


    Private (symmetric, secret) key the same key used for encryption/decryption Problem of key distribution Public (asymmetric) key cryptography a public key used for encryption and private key for decryption Key distribution problem solved

    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Currently Available Crypto Algorithms (private key)


    DES (Data Encryption Standard) and derivatives: double DES and triple DES IDEA (International Data Encryption Standard) Blowfish RC5 (Rivest Cipher #5) AES (Advance Encryption Standard)
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Currently Available Crypto Algorithms (public key)


    RSA (Rivest, Shamir, Adleman) DH (Diffie-Hellman Key Agreement Algorithm) ECDH (Elliptic Curve Diffie-Hellman Key Agreement Algorithm) RPK (Raike Public Key)
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Currently Available Technologies


    PGP (Pretty Good Privacy) a hybrid encryption technology
    Message is encrypted using a private key algorithm (IDEA) Key is then encrypted using a public key algorithm (RSA) For file encryption, only IDEA algorithm is used PGP is free for home use
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Authentication and Digital Signatures


    Preventing impostor attacks Preventing content tampering Preventing timing modification Preventing repudiation By: Encryption itself Cryptographic checksum and hash functions
    October 17, 2002 Future Technology Briefing

    Information Systems Research Center

    Digital Signatures
    Made by encrypting a message digest (cryptographic checksum) with the senders private key Receiver decrypts with the senders public key (roles of private and public keys are flipped)
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    PKI and CA
    Digital signature does not confirm identity Public Key Infrastructure provides a trusted third partys confirmation of a senders identity Certification Authority is a trusted third party that issues identity certificates
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Problems with CAs and PKI


    Who gave CA the authority to issue certificates? Who made it trusted? What good are the certificates? What if somebody digitally signed a binding contract in your name by hacking into your system? How secure are CAs practices? Can a malicious hacker add a public key to a CAs directory?
    October 17, 2002 Future Technology Briefing

    Information Systems Research Center

    Currently Available Technologies


    MD4 and MD5 (Message Digest) SHA-1 (Secure Hash Algorithm version 1) DSA (The Digital Signature Algorithm) ECDSA (Elliptic Curve DSA) Kerberos OPS (Open Profiling Standard) VeriSign Digital IDs
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    JAVA and XML Cryptography


    java.security package includes classes used for authentication and digital signature javax.crypto package contains Java Cryptography Extension classes XML makes it possible to encrypt or digitally sign parts of a message, different encryption for different recipients, etc.
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    XML Crypto Document


    Listing 1. Information on John Smith showing his bank, limit of $5,000, card number, and expiration date
    <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith<Name/>

    <CreditCard Limit='5,000' Currency='USD'>


    <Number>4019 2445 0277 5567</Number> <Issuer>Bank of the Internet</Issuer> <Expiration>04/02</Expiration> </CreditCard>
    Information Systems Research Center

    </PaymentInfo>
    October 17, 2002 Future Technology Briefing

    (Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html)

    XML Crypto document


    Listing 2. Encrypted document where all but name is encrypted
    <?xml version='1.0'?> <PaymentInfo xmlns='http://example.org/paymentv2'> <Name>John Smith<Name/> <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> <CipherData><CipherValue>A23B45C56</CipherValue></CipherData> </EncryptedData> </PaymentInfo>
    Information Systems Research Center

    (Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html)

    October 17, 2002

    Future Technology Briefing

    Benefits of Cryptographic Technologies


    Data secrecy Data integrity Authentication of message originator Electronic certification and digital signature Non-repudiation
    Source: http://www.princeton.edu/~hos/h398/matrix.jpg
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Potential Problems with Cryptographic Technologies?


    False sense of security if badly implemented Government regulation of cryptographic technologies/export restrictions Encryption prohibited in some countries

    Source: http://www.tudor-portraits.com/Mary%20Scots%20B.jpg

    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    $250,000 machine cracks 56 bit key DES code in 56 hours IDEA, RC5, RSA, etc. resist complex attacks when properly implemented

    How Secure are Todays Technologies?

    distributed.net cracked 64 bit RC5 key (1,757 days and 331,252 people) in July, 2002
    A computer that breaks DES in 1 second will take 149 trillion years to break AES! Algorithms are not theoretically unbreakable: successful attacks in the future are possible
    October 17, 2002 Future Technology Briefing

    Information Systems Research Center

    How Secure are Todays Technologies?


    Encryption does not guarantee security! Many ways to beat a crypto system NOT dependent on cryptanalysis, such as:
    Viruses, worms, hackers, etc. TEMPEST attacks, Unauthorized physical access to secret keys

    Cryptography is only one element of comprehensive computer security


    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    The Future of Secret Writing


    Quantum cryptanalysis
    A quantum computer can perform practically unlimited number of simultaneous computations Factoring large integers is a natural application for a quantum computer (necessary to break RSA) Source: http://www.media.mit.edu/quanta/5-qubit-molecule.jpg Quantum cryptanalysis would render ALL modern cryptosystems instantly obsolete
    October 17, 2002 Future Technology Briefing

    Information Systems Research Center

    When will it happen?


    2004 10-qubit special purpose quantum computer available 2006 factoring attacks on RSA algorithm 2010 through 2012 intelligence agencies will have quantum computers 2015 large enterprises will have quantum computers
    Source: The Gartner Group
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    What is to be done?
    The Gartner Group recommends:

    Develop migration plans to stronger crypto by 2008 Begin implementation in 2010

    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    The Future of Secret Writing (continued)


    Quantum encryption
    No need for a quantum computer A key cannot be intercepted without altering its content It is theoretically unbreakable Central problem is transmitting a quantum message over a significant distance
    Source: http://qubit.nist.gov/Images/OptLat.jpg

    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Houston Resources
    University of Houston
    Crypto courses Ernst Leiss

    Rice University: Computer Science Dept


    Crypto research and offers crypto training Dan Wallach (security of WAP, WEP, etc.)

    Companies
    EDS RSA Security Schlumberger SANS Institute
    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    Your questions are welcome!


    Information Systems Research Center

    October 17, 2002

    Future Technology Briefing

    You might also like