Presentation is loading. Please wait.

Presentation is loading. Please wait.

CRYPTOGRAPHY How does it impact cyber security and why you need to know more?

Published byEverett Sherman Modified over 8 years ago

Similar presentations

Presentation on theme: "CRYPTOGRAPHY How does it impact cyber security and why you need to know more?"— Presentation transcript:

1 CRYPTOGRAPHY How does it impact cyber security and why you need to know more?

2 WHAT YOU DON'T KNOW ABOUT CRYPTOGRAPHY Alice computes g ab = (g b ) a mod p, and Bob computes g ba = (g a ) b mod p C= M e % n y 2 = x 3 + Ax + B And why it can hurt you Kerhoff Euler Fermat

3 WHO IS THE SPEAKER?  19 Books  29 industry certifications  2 Masters degrees  6 Computer science related patents  Over 20 years experience, over 15 years teaching/training  Helped create CompTIA Security+, Linux+, Server+. Helped revise CEH v8  Frequent consultant/expert witness  Teaches crypto around the world www.chuckeasttom.com chuck@chuckeasttom.com

4 WHAT DOES CRYPTO DO FOR YOU?  Provide data Confidentiality  Data integrity  Identification and Authentication  Non- repudiation

5 WHAT ARE THE LIMITS OF MOST SECURITY PROFESSIONALS CRYPTO KNOWLEDGE  General description of symmetric crypto (AES, DES, Blowfish)  General description of assymetric (Diffie Hellman, RSA, DSA, and maybe ECC)  General description of digital signatures  General description of digital certificates  General description of protocols such as TLS

6 WHY?  Why learn crypto?  Kerkhoff’s principle  Bad crypto solutions  Dual_EC_DRBG backdoor  Is RSA Secure enough?

7 KERKHOFF’S PRINCIPLE  “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge”  -August Kerkhoff  The EnigmaDS story http://money.cnn.com/2011/09/02/technology/un hackable_code/

8 BAD CRYPTO SOLUTIONS  Windows SALT  What is SALT And why hashing needs it?  How does it go wrong?  Keep it secret  Has to be simple enough to be fast  Has to be complex enough to not be ‘guessable’  Poor random number generators  How to select hard drive/file encryption

9 DUAL_EC_DRBG BACKDOOR  In 2013 Edward Snowden revealed that it had a backdoor however:  In 2004 suspicions of this where around the crypto community  In 2006 multiple papers are published suggesting this.  In 2006 Bruce Schneier blogged about it.  The Cyber Security community may have been in the dark on this issue, but the crypto community was not.

10 WHAT ABOUT CRYPTOGRAPHIC BACKDOORS?  What can you do?  Can you prevent them even if you don’t know they are there?

11 PROBLEMS WITH RSA  The most widely used asymmetric cryptographic algorithm, may not be secure enough.

12 IS RSA STILL SECURE?  Heninger and Shacham  Zhao and Qi  Yeh, Huang, Lin, and Chang  Hinek

13 HENINGER AND SHACHAM  Heninger and Shacham (2009) found that RSA implementations that utilized a smaller modulus were susceptible to cryptanalysis attacks. A smaller modulus can increase the efficiency of an RSA implementation, but as Heninger and Shacham (2009) showed, it may also decrease the efficacy.

14 HENINGER AND SHACHAM  Heninger and Shacham (2009) utilized the fact of the smaller modulus to reduce the set of possible factors, thus decreasing the time needed to factor the public key of an RSA implementation. It is in fact a common practice to use a specific modulus e = 2 16 + 1= 65537 (Heninger & Shacham, 2009). If an RSA Implementation is using this common value for e, then factoring the public key is a much simpler process

15 ZHAO AND QI  Zhao and Qi (2007) also utilized implementations that have a smaller modulus operator. The authors of this study also applied modular arithmetic, a subset of number theory, to analyzing weaknesses in RSA. Many implementations of RSA use a shorter modulus operator in order to make the algorithm execute more quickly.

16 RSA RESOURCES  Hinek, M. (2009). Cryptanalysis of RSA and its variants. England: Chapman and Hall.  Heninger, N., Shacham, H. (2009). Reconstructing RSA private keys from random key bit. Advances in Cryptology Lecture Notes in Computer Science, 1 (1). doi:10.1007/978-3-642-03356-8_1.  Yeh, Y., Huang, T., Lin, H., Chang, Y. (2009). A study on parallel RSA factorization. Journal of Computers, 4 (2), 112-118. doi:10.4304/jcp.4.2.112-118  Zhao, Y., Qi, W. (2007). Small private-exponent attack on RSA with primes sharing bits. Lecture Notes in Computer Science, 2007, 4779 (2007) 221-229. doi: 10.1007/978-3- 540-75496-1_15

17 HOW TO LEARN MORE?  http://www.cryptocorner.com/  Professor Dan Boneh’s course online https://class.coursera.org/crypto-preview/lecture  Modern Cryptography: Applied Mathematics for Encryption and Information Security by Chuck Easttom from McGraw Hill (out by August 2015)  Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier  Secret History: The Story of Cryptography by Bauer  Modern Cryptanalysis: Techniques for Advanced Code Breaking by Swenson

Download ppt "CRYPTOGRAPHY How does it impact cyber security and why you need to know more?"

Similar presentations

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
15-251 Great Theoretical Ideas in Computer Science.

Great Theoretical Ideas in Computer Science.
Abdullah Sheneamer CS591-F2010 Project of semester Presentation University of Colorado, Colorado Springs Dr. Edward RSA Problem and Inside PK Cryptography.

Abdullah Sheneamer CS591-F2010 Project of semester Presentation University of Colorado, Colorado Springs Dr. Edward RSA Problem and Inside PK Cryptography.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.

Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.

Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from Foundations of Security: What Every Programmer Needs To Know by Neil Daswani, Christoph Kern,

C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
ASYMMETRIC CIPHERS.

ASYMMETRIC CIPHERS.
Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.

Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.
Lecture 6: Public Key Cryptography

Lecture 6: Public Key Cryptography

Similar presentations

Ads by Google