CRYPTOGRAPHY How does it impact cyber security and why you need to know more?

Slides:



Advertisements
Similar presentations
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
Advertisements

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (4) Information Security.
Great Theoretical Ideas in Computer Science.
Abdullah Sheneamer CS591-F2010 Project of semester Presentation University of Colorado, Colorado Springs Dr. Edward RSA Problem and Inside PK Cryptography.
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Overview of Cryptography Oct. 29, 2002 Su San Im CS Dept. EWU.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
ASYMMETRIC CIPHERS.
Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.
Lecture 6: Public Key Cryptography
Computer Science Public Key Management Lecture 5.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Andreas Steffen, , 4-PublicKey.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
1 Cryptography Cryptography is a collection of mathematical techniques to ensure confidentiality of information Cryptography is a collection of mathematical.
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Cryptography ECT 582 – Winter 2004 Robin Burke. Discussion.
Cryptography Lecture 1: Introduction Piotr Faliszewski.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
RSA Ramki Thurimella.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Cryptography Dec 29. This Lecture In this last lecture for number theory, we will see probably the most important application of number theory in computer.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Midterm Review Cryptography & Network Security
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
CRYPTOGRAPHIC BACK DOORS WITH CHUCK EASTTOM
Chapter 21 Public-Key Cryptography and Message Authentication.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Modern Cryptographic Topics
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Problems with RSA The most widely used asymmetric cryptographic algorithm, may not be secure enough.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
1 Security and Cryptography: basic aspects Ortal Arazi College of Engineering Dept. of Electrical & Computer Engineering The University of Tennessee.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
COMP 424 Lecture 04 Advanced Encryption Techniques (DES, AES, RSA)
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Elliptic Curve Cryptography Celia Li Computer Science and Engineering November 10, 2005.
Cryptography issues – elliptic curves Presented by Tom Nykiel.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
Public-Key encryption structure First publicly proposed by Diffie and Hellman in 1976First publicly proposed by Diffie and Hellman in 1976 Based on mathematical.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Introduction to Elliptic Curve Cryptography CSCI 5857: Encoding and Encryption.
RSA Pubic Key Encryption CSCI 5857: Encoding and Encryption.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
Cryptography Deffie hellman. organization Foundations Symmetric key Symmetric key weaknesses Assymmetric key Deffie hellman – key exchange RSA – public.
Network security Cryptographic Principles
Hash Functions Which of these problems is easier to solve:
Public Key Encryption Systems
Public Key Encryption and Digital Signatures
Public-Key Cryptography and RSA
Security in Network Communications
Public Key Encryption Systems
Presentation transcript:

CRYPTOGRAPHY How does it impact cyber security and why you need to know more?

WHAT YOU DON'T KNOW ABOUT CRYPTOGRAPHY Alice computes g ab = (g b ) a mod p, and Bob computes g ba = (g a ) b mod p C= M e % n y 2 = x 3 + Ax + B And why it can hurt you Kerhoff Euler Fermat

WHO IS THE SPEAKER?  19 Books  29 industry certifications  2 Masters degrees  6 Computer science related patents  Over 20 years experience, over 15 years teaching/training  Helped create CompTIA Security+, Linux+, Server+. Helped revise CEH v8  Frequent consultant/expert witness  Teaches crypto around the world

WHAT DOES CRYPTO DO FOR YOU?  Provide data Confidentiality  Data integrity  Identification and Authentication  Non- repudiation

WHAT ARE THE LIMITS OF MOST SECURITY PROFESSIONALS CRYPTO KNOWLEDGE  General description of symmetric crypto (AES, DES, Blowfish)  General description of assymetric (Diffie Hellman, RSA, DSA, and maybe ECC)  General description of digital signatures  General description of digital certificates  General description of protocols such as TLS

WHY?  Why learn crypto?  Kerkhoff’s principle  Bad crypto solutions  Dual_EC_DRBG backdoor  Is RSA Secure enough?

KERKHOFF’S PRINCIPLE  “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge”  -August Kerkhoff  The EnigmaDS story hackable_code/

BAD CRYPTO SOLUTIONS  Windows SALT  What is SALT And why hashing needs it?  How does it go wrong?  Keep it secret  Has to be simple enough to be fast  Has to be complex enough to not be ‘guessable’  Poor random number generators  How to select hard drive/file encryption

DUAL_EC_DRBG BACKDOOR  In 2013 Edward Snowden revealed that it had a backdoor however:  In 2004 suspicions of this where around the crypto community  In 2006 multiple papers are published suggesting this.  In 2006 Bruce Schneier blogged about it.  The Cyber Security community may have been in the dark on this issue, but the crypto community was not.

WHAT ABOUT CRYPTOGRAPHIC BACKDOORS?  What can you do?  Can you prevent them even if you don’t know they are there?

PROBLEMS WITH RSA  The most widely used asymmetric cryptographic algorithm, may not be secure enough.

IS RSA STILL SECURE?  Heninger and Shacham  Zhao and Qi  Yeh, Huang, Lin, and Chang  Hinek

HENINGER AND SHACHAM  Heninger and Shacham (2009) found that RSA implementations that utilized a smaller modulus were susceptible to cryptanalysis attacks. A smaller modulus can increase the efficiency of an RSA implementation, but as Heninger and Shacham (2009) showed, it may also decrease the efficacy.

HENINGER AND SHACHAM  Heninger and Shacham (2009) utilized the fact of the smaller modulus to reduce the set of possible factors, thus decreasing the time needed to factor the public key of an RSA implementation. It is in fact a common practice to use a specific modulus e = = (Heninger & Shacham, 2009). If an RSA Implementation is using this common value for e, then factoring the public key is a much simpler process

ZHAO AND QI  Zhao and Qi (2007) also utilized implementations that have a smaller modulus operator. The authors of this study also applied modular arithmetic, a subset of number theory, to analyzing weaknesses in RSA. Many implementations of RSA use a shorter modulus operator in order to make the algorithm execute more quickly.

RSA RESOURCES  Hinek, M. (2009). Cryptanalysis of RSA and its variants. England: Chapman and Hall.  Heninger, N., Shacham, H. (2009). Reconstructing RSA private keys from random key bit. Advances in Cryptology Lecture Notes in Computer Science, 1 (1). doi: / _1.  Yeh, Y., Huang, T., Lin, H., Chang, Y. (2009). A study on parallel RSA factorization. Journal of Computers, 4 (2), doi: /jcp  Zhao, Y., Qi, W. (2007). Small private-exponent attack on RSA with primes sharing bits. Lecture Notes in Computer Science, 2007, 4779 (2007) doi: / _15

HOW TO LEARN MORE?   Professor Dan Boneh’s course online  Modern Cryptography: Applied Mathematics for Encryption and Information Security by Chuck Easttom from McGraw Hill (out by August 2015)  Applied Cryptography: Protocols, Algorithms, and Source Code in C by Bruce Schneier  Secret History: The Story of Cryptography by Bauer  Modern Cryptanalysis: Techniques for Advanced Code Breaking by Swenson

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.