Information Assurance Management Key Management Week 13-1.

Slides:



Advertisements
Similar presentations
Using Cryptography to Secure Information. Overview Introduction to Cryptography Using Symmetric Encryption Using Hash Functions Using Public Key Encryption.
Advertisements

Conventional Encryption: Algorithms
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Cryptography and Network Security Chapter 3
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Block Ciphers and the Data Encryption Standard
Cryptography and Network Security
A Presentation by: ~Ksenia Potapov ~Amariah Condon ~Janette Fong ~Janice Lau CRYPTOGRAPHY.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
Cryptographic Technologies
Cryptanalysis of the Playfair Cipher Using an Evolutionary Algorithm By: Benjamin Rhew.
Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 20: Network Security Business Data Communications, 4e.
ASYMMETRIC CIPHERS.
Database Key Management CSCI 5857: Encoding and Encryption.
Public Key Model 8. Cryptography part 2.
Cryptanalysis. The Speaker  Chuck Easttom  
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
CIS 450 – Network Security Chapter 8 – Password Security.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Cryptography: RSA & DES Marcia Noel Ken Roe Jaime Buccheri.
Crypto Bro Rigby. History
Process by which a system verifies the identity of a user wishes to access it. Authentication is essential for effective security.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Based on Applied Cryptography by Schneier Chapter 1: Foundations Dulal C. Kar.
Day 18. Concepts Plaintext: the original message Ciphertext: the transformed message Encryption: transformation of plaintext into ciphertext Decryption:
Chapter 17 Security. Information Systems Cryptography Key Exchange Protocols Password Combinatorics Other Security Issues 12-2.
Chapter 20 Symmetric Encryption and Message Confidentiality.
Based on Bruce Schneier Chapter 7: Key Length Dulal C. Kar.
National Institute of Science & Technology Cryptology and Its Applications Akshat Mathur [1] Cryptology and Its Applications Presented By AKSHAT MATHUR.
Cryptographic Attacks on Scrambled LZ-Compression and Arithmetic Coding By: RAJBIR SINGH BIKRAM KAHLON.
Strength of Cryptographic Systems Dr. C F Chong, Dr. K P Chow Department of Computer Science and Information Systems The University of Hong Kong.
Cryptography Team Presentation 2
Cryptography Lynn Ackler Southern Oregon University.
Classical Crypto By: Luong-Sorin VA, IMIT Dith Nimol, IMIT.
Cryptography (Traditional Ciphers)
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
GPU ASSISTED LM HASH CRACKING WILLIAM GROESBECK UNIVERSITY OF NEVADA, RENO – SPRING 2013 (Psst, the 90’s called - they want their hashing algorithm back)
Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.
Encryption No. 1  Seattle Pacific University Encryption: Protecting Your Data While in Transit Kevin Bolding Electrical Engineering Seattle Pacific University.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Software Security Seminar - 1 Chapter 10. Using Algorithms 조미성 Applied Cryptography.
Lecture 23 Symmetric Encryption
A Java implemented key collision attack on the Data Encryption Standard (DES) John Loughran, Tom Dowling NUI, Maynooth, Co. Kildare, Ireland PPPJ ‘03.
Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.
Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.
K. Salah1 Cryptography Module I. K. Salah2 Cryptographic Protocols  Messages should be transmitted to destination  Only the recipient should see it.
Cryptography and Its Algorithms Scott Chappell. What is Cryptography?  Definition: the art of writing or solving codes.
Password. On a Unix system without Shadow Suite, user information including passwords is stored in the /etc/passwd file. Each line in /etc/passwd is a.
Various Attacks on Cryptosystems slides (c) 2012 by Richard Newman.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Lecture 5 Page 1 Advanced Network Security Review of Cryptography: Cryptographic Keys Advanced Network Security Peter Reiher August, 2014.
Lecture 3 Page 1 CS 236 Online Introduction to Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Outline Properties of keys Key management Key servers Certificates.
Security through Encryption
Cryptanalysis Network Security.
Presentation transcript:

Information Assurance Management Key Management Week 13-1

Key Management In the real world, key management is the hardest part of cryptography –Why spend $10M to build a crypto machine? –Spend $1K and bribe a clerk! It’s not the algorithm, it’s the implementation!

Key Management Generating keys –Reduced keyspaces DES has a 56-bit; there are 2^56 possible keys With limitations imposed by DOS on ASCII keyboards… And you end up with only 2^40 possible keys! A 4-byte key can be brute forced in 1.2 hours max

Key Management Poor key choices Dictionary attack - tries obvious common keys first – User name, initials, account name, other personal information –Words from various databases Men’s and Woman’s names (16,000) Places, cartoons, titles, locations from movies

Key Management Sports, numbers, Chinese syllables (Pinyin) King James Bible, Colloquial and vulgar phrases Abbreviations, machine names, Yiddish words Shakespeare –Variations on the words from the step above First letter uppercase, control character, entire word uppercase, letters to digits, make it plural –Various capitalization variations First letter, second letter, third letter -400K,1.5M, 3M

Key Management –Foreign Language words on foreign users 298 Chinese syllables, 150K two-syllable, 16M three-syllable –Word pairs - only using three or four letters generates over 10M possible pairs Dictionary attack used against a file of keys, not a single key Single user may be smart enough to choose good keys,

Key Management but a thousand will pick a word from the attackers dictionary Random keys –Important to use a good random-number generator –Far more important to use good encryption algorithms and key management procedures –Random seeds for those generators must be just that: random

Key Management –If you have to generate an easy-to-remember key, make it obscure Pass phrases –Shakespeare, dialogue form Star Wars, all available on-line. Transferring keys –Key-Encryption Keys –Data Keys

Key Management –Split the key into several parts for transmission Using Keys Software encryption is scary! –Writes to disk in Windows –Hardware device Compromised Keys –Fast notification essential –Use different keys for different applications

Key Management Lifetime of keys –The longer it’s used the the greater chance it will be compromised –The longer the key is used, the greater the loss –The longer the key is used, the greater temptation to expend the effort to break it –It is generally easier to do cryptanalysis with more ciphertext encrypted with the same key

Key Management Public-key Key Management –Easier…but it has it’s own problems Only one public-key –Public-key certificates Public key signed by someone trustworthy A single pair of keys is not enough Some keys more valuable then others Multiple physical keys, likewise, multiple cryptographic keys

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.