Presentation is loading. Please wait.

Presentation is loading. Please wait.

FORESEC Academy FORESEC Academy Security Essentials (IV)

Published byBenjamin Summers Modified over 8 years ago

Similar presentations

Presentation on theme: "FORESEC Academy FORESEC Academy Security Essentials (IV)"— Presentation transcript:

1 FORESEC Academy FORESEC Academy Security Essentials (IV)

2 FORESEC Academy Secure Communications Agenda  Chapter 19 : Encryption 101  Chapter 20 : Encryption 102  Chapter 21 : Applying Cryptography  Chapter 22 : Steganography  Chapter 23 : Viruses and Malicious Code  Chapter 24 : Operations Security

3 FORESEC Academy FORESEC Academy Security Essentials (IV) Encryption 101

4 FORESEC Academy Course Objectives  Case Studies  The Challenge That We Face  Cryptosystem Fundamentals  Types of Cryptosystems  Real-world Implementations

5 FORESEC Academy What is Cryptography?  Cryptography means “hidden writing”  Encryption is coding a message in such a way that its meaning is concealed  Decryption is the process of transforming an encrypted message into its original form  Plaintext is a message in its original form  Ciphertext is a message in its encrypted form

6 FORESEC Academy Milestones in Cryptography AES: Advanced Encryption Standard (sponsored by NIST, 2002) …built upon the work of giants!

7 FORESEC Academy Crypto History  The history of Cryptography is long and interesting  In the next couple of slides we will discuss some of the highlights

8 FORESEC Academy Key Events  Jefferson Disk Cipher system  Japanese Purple Machine  German Enigma Machine  Vernam Cipher

9 FORESEC Academy Why do I Care about Crypto?  It is part of a defense-in-depth strategy.  It is a critical component and enabler of e-commerce / e-business.  The “bad guys” are using it.  Security professionals should keep abreast of cipher standards because they change and new weaknesses are found.

10 FORESEC Academy Crypto and E-Commerce Customers need to be sure that:  They are communicating with the correct server.  What they send is delivered unmodified.  They can prove that they sent the message.  Only the intended receiver can read the message.  Message delivery is guaranteed. Vendors need to be sure that: They are communicating with the right client. The content of the received message is correct. The identity of the author is unmistakable. Only the purported author could have written the message. They acknowledge receipt of the message.

11 FORESEC Academy Security by Obscurity is no Security!  Case-in-point: DVD “encryption”  Proprietary algorithms are high-risk.  “Tamper-proof” hardware can be defeated with sufficient effort.  Technical solutions usually do not satisfactorily address legal issues.

12 FORESEC Academy Beware of Overconfidence  Case-In-Point: Large key lengths  Simply using popular cryptographic algorithms, with large key lengths, does not make your system secure.  What's the weakest link?  Cryptanalytic compromises usually originate from totally unexpected places.

13 FORESEC Academy Simplicity is a “Good Thing”  Case-in-point: E-commerce /E-business  Morphing your business into an online business can be a complex undertaking.  Taking shortcuts in **any** aspect of the development of your e-commerce systems can introduce weak links.  Security is a “process”...not a product.

14 FORESEC Academy Credit Cards Over the Internet  Case-in-point: How many people will use their credit card to buy merchandise on the Internet? How many people will pay for a meal with a credit card?  Which is riskier? - Perception vs. reality  Real risk is back-end database that possibly stores credit cards unencrypted.  Understanding the threat is key.

15 FORESEC Academy The Challenge that We Face

16 FORESEC Academy The User’s Perspective...

17 FORESEC Academy Goals of Cryptography  “Alice” and “Bob” need a cryptosystem which can provide them with :  “ Cryptography is about communications in the presence of adversaries” (Rivest, 1990 )

18 FORESEC Academy Digital Substitution ( Encryption )

Download ppt "FORESEC Academy FORESEC Academy Security Essentials (IV)"

Similar presentations

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.

By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Cryptography The science of writing in secret code.

Cryptography The science of writing in secret code.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Andy’s Basic Crypto Course (ABC) Part 1 - Introduction.

Andy’s Basic Crypto Course (ABC) Part 1 - Introduction.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.

CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
FIT3105 Smart card based authentication and identity management Lecture 4.

FIT3105 Smart card based authentication and identity management Lecture 4.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies

Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

Similar presentations

Ads by Google