Scribd Logo
Upload

Welcome to Scribd!

  • FTB Cryptography

    Uploaded by

    karlasdfg123
    93 views33 pages
    crypto

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    crypto

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    93 views33 pages

    FTB Cryptography

    Uploaded by

    karlasdfg123
    crypto

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 33

    Cryptography: Securing the

    Information Age

    Source: www.aep.ie/product/ technical.html

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Agenda
    Definitions
    Why cryptography is important?
    Available technologies
    Benefits & problems
    Future of cryptography
    Houston resources
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Essential Terms
    Cryptography
    Encryption
    Plain text Cipher text
    Decryption
    Cipher text Plain text
    Cryptanalysis
    Cryptology Source: http://www.unmuseum.org/enigma.jpg

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Information Security for
    Defending against external/internal hackers
    Defending against industrial espionage
    Securing E-commerce
    Securing bank accounts/electronic transfers
    Securing intellectual property
    Avoiding liability

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Threats to Information Security
    Pervasiveness of email/networks
    Online storage of sensitive
    information
    Insecure technologies (e.g.
    wireless)
    Trend towards paperless society
    Weak legal protection of email
    privacy

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Types of Secret Writing
    Secret writing

    Steganography Cryptography

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Steganography

    Steganography
    covered writing
    is an art of hiding
    information
    Popular
    contemporary
    steganographic
    technologies hide New York Times, August 3rd, 2001

    information in
    http://www.nytimes.com/images/2001/10/30/science/sci_STEGO_011030_00.jpg

    images
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Hiding information in pictures

    Imageinwhichtohide Imagetohidewithinthe
    anotherimage otherimage
    Information Systems Research Center

    http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading /
    October 17, 2002 Future Technology Briefing
    Retrieving information from
    pictures

    Imagewithother Recreatedimage
    hiddenwithin
    Information Systems Research Center

    http://www.cl.cam.ac.uk/~fapp2/steganography/image_downgrading /
    October 17, 2002 Future Technology Briefing
    Digital Watermarks

    Information Systems Research Center

    Source: http://www.digimarc.com

    October 17, 2002 Future Technology Briefing


    Types of Secret Writing
    Secret writing

    Steganography Cryptography

    Substitution Transposition

    Code

    Cipher
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Public Key Cryptography
    Private (symmetric, secret) key the same
    key used for encryption/decryption
    Problem of key distribution
    Public (asymmetric) key cryptography a
    public key used for encryption and private
    key for decryption
    Key distribution problem solved

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Currently Available Crypto
    Algorithms (private key)
    DES (Data Encryption Standard) and
    derivatives: double DES and triple DES
    IDEA (International Data Encryption
    Standard)
    Blowfish
    RC5 (Rivest Cipher #5)
    AES (Advance Encryption Standard)
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Currently Available Crypto
    Algorithms (public key)
    RSA (Rivest, Shamir, Adleman)
    DH (Diffie-Hellman Key Agreement
    Algorithm)
    ECDH (Elliptic Curve Diffie-Hellman Key
    Agreement Algorithm)
    RPK (Raike Public Key)

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Currently Available Technologies

    PGP (Pretty Good Privacy) a hybrid


    encryption technology
    Message is encrypted using a private key
    algorithm (IDEA)
    Key is then encrypted using a public key
    algorithm (RSA)
    For file encryption, only IDEA algorithm is used
    PGP is free for home use
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Authentication and Digital
    Signatures
    Preventing impostor attacks
    Preventing content tampering
    Preventing timing modification
    Preventing repudiation
    By:
    Encryption itself
    Cryptographic checksum and hash Information Systems Research Center

    functions
    October 17, 2002 Future Technology Briefing
    Digital Signatures

    Made by encrypting a message digest


    (cryptographic checksum) with the senders
    private key
    Receiver decrypts with the senders public
    key (roles of private and public keys are
    flipped)

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    PKI and CA

    Digital signature does not confirm identity


    Public Key Infrastructure provides a trusted
    third partys confirmation of a senders
    identity
    Certification Authority is a trusted third party
    that issues identity certificates

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Problems with CAs and PKI
    Who gave CA the authority to issue
    certificates? Who made it trusted?
    What good are the certificates?
    What if somebody digitally signed a binding
    contract in your name by hacking into your
    system?
    How secure are CAs practices? Can a
    malicious hacker add a public key to a CAs
    directory? Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Currently Available Technologies

    MD4 and MD5 (Message Digest)


    SHA-1 (Secure Hash Algorithm version 1)
    DSA (The Digital Signature Algorithm)
    ECDSA (Elliptic Curve DSA)
    Kerberos
    OPS (Open Profiling Standard)
    VeriSign Digital IDs Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    JAVA and XML Cryptography

    java.security package includes classes used


    for authentication and digital signature
    javax.crypto package contains Java
    Cryptography Extension classes
    XML makes it possible to encrypt or digitally
    sign parts of a message, different encryption
    for different recipients, etc.
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    XML Crypto Document
    Listing 1. Information on John Smith showing his bank, limit of
    $5,000, card number, and expiration date
    <?xml version='1.0'?>
    <PaymentInfo xmlns='http://example.org/paymentv2'>
    <Name>John Smith<Name/>
    <CreditCard Limit='5,000' Currency='USD'>
    <Number>4019 2445 0277 5567</Number>
    <Issuer>Bank of the Internet</Issuer>
    <Expiration>04/02</Expiration>
    </CreditCard>
    Information Systems Research Center

    </PaymentInfo>
    October 17, 2002 Future Technology Briefing

    (Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html)
    XML Crypto document
    Listing 2. Encrypted document where all but name is encrypted
    <?xml version='1.0'?>
    <PaymentInfo xmlns='http://example.org/paymentv2'>
    <Name>John Smith<Name/>
    <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element'
    xmlns='http://www.w3.org/2001/04/xmlenc#'>

    <CipherData><CipherValue>A23B45C56</CipherValue></CipherData>
    </EncryptedData>
    </PaymentInfo>
    Information Systems Research Center

    (Source: http://www-106.ibm.com/developerworks/xml/library/s-xmlsec.html/index.html)

    October 17, 2002 Future Technology Briefing


    Benefits of Cryptographic Technologies

    Data secrecy
    Data integrity
    Authentication of
    message originator
    Electronic certification
    and digital signature
    Non-repudiation
    Source: http://www.princeton.edu/~hos/h398/matrix.jpg

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Potential Problems with Cryptographic
    Technologies?
    False sense of security if
    badly implemented
    Government regulation of
    cryptographic
    technologies/export
    restrictions
    Encryption prohibited in
    Source: http://www.tudor-portraits.com/Mary%20Scots%20B.jpg
    some countries
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    How Secure are Todays
    Technologies?
    $250,000 machine cracks 56 bit key DES code in 56
    hours
    IDEA, RC5, RSA, etc. resist complex attacks when
    properly implemented
    distributed.net cracked 64 bit RC5 key (1,757
    days and 331,252 people) in July, 2002
    A computer that breaks DES in 1 second will take
    149 trillion years to break AES!
    Algorithms are not theoretically unbreakable: Information Systems Research Center

    successful attacks in the future are possible


    October 17, 2002 Future Technology Briefing
    How Secure are Todays Technologies?

    Encryption does not guarantee security!


    Many ways to beat a crypto system NOT dependent
    on cryptanalysis, such as:
    Viruses, worms, hackers, etc.
    TEMPEST attacks,
    Unauthorized physical access to secret keys
    Cryptography is only one element of comprehensive
    computer security
    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    The Future of Secret Writing
    Quantum cryptanalysis
    A quantum computer can perform
    practically unlimited number of
    simultaneous computations
    Factoring large integers is a
    natural application for a quantum
    computer (necessary to break
    RSA) Source: http://www.media.mit.edu/quanta/5-qubit-molecule.jpg

    Quantum cryptanalysis would


    render ALL modern
    cryptosystems instantly obsolete Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    When will it happen?
    2004 10-qubit special purpose quantum
    computer available
    2006 factoring attacks on RSA algorithm
    2010 through 2012 intelligence agencies
    will have quantum computers
    2015 large enterprises will have quantum
    computers
    Source: The Gartner Group

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    What is to be done?
    The Gartner Group recommends:

    Develop migration plans to stronger


    crypto by 2008
    Begin implementation in 2010

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    The Future of Secret Writing
    (continued)
    Quantum encryption
    No need for a quantum computer
    A key cannot be intercepted without
    altering its content
    It is theoretically unbreakable
    Central problem is transmitting a quantum
    message over a significant distance
    Source: http://qubit.nist.gov/Images/OptLat.jpg

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Houston Resources
    University of Houston
    Crypto courses
    Ernst Leiss
    Rice University: Computer Science Dept
    Crypto research and offers crypto training
    Dan Wallach (security of WAP, WEP, etc.)
    Companies
    EDS
    RSA Security
    Schlumberger
    SANS Institute Information Systems Research Center

    October 17, 2002 Future Technology Briefing


    Your questions are welcome!

    Information Systems Research Center

    October 17, 2002 Future Technology Briefing

    You might also like