Modern Data Security in Five Acts - PowerPoint PPT Presentation

1 / 65

About This Presentation

Title:

Modern Data Security in Five Acts

Description:

Don't keep work and personal passwords in the same safe. Password Safe ... File, Volume, and Drive encryption for the home user. Two minute vocabulary: ... – PowerPoint PPT presentation

Number of Views:85

Avg rating:3.0/5.0

Slides: 66

Provided by: pur63

Category:

more less

Transcript and Presenter's Notes

Title: Modern Data Security in Five Acts

1
Modern Data Securityin Five Acts

Act IV Beyond the Secret Decoder Ring

2
WELCOME!

Scott Ksander

3
National Cyber Security Awareness Events

Act I Modern Data Handling
Act II Security on the Go
Act III Modern Teleworking Solutions
Act IV Beyond the Secret Decoder Ring
Act V Security Trick or Treat
http//www.purdue.edu/securepurdue/training/awaren
essMonth.cfm

4
The World We Live In

Significant incidents recently reported to
HackerWatch.org
24 Hours 78,541,667
7 Days 547,791,661
30 Days 2,356,379,550

5
The World We Live In
6
The World We Live In

As of 10/24/2006, TOTAL number of records
containing sensitive personal information
involved in security breaches 94,091,429
Purdue University listed 3 times

7
Encryption 101

Beyond the Secret Decoder Ring
Sam Wagstaff
Computer Sciences and CERIAS

8
What is a secret decoder ring?
Popular 1930s to 1990s Little Orphan Annie radio
show The image shown is from 1936 Also in
breakfast cereal boxes
9
Another secret decoder ring

Captain Midnight and the Space Cadets, radio and
television
Also in breakfast cereal boxes
Most were badges, none was
a ring

Plaintext or clear text you can understand it
Ciphertextlooks like gibberish, but is
equivalent to plaintext
Encipher or encrypt convert plaintext to
ciphertext using a key
Decipher or decrypt convert ciphertext to
plaintext using a key
The key for the secret decoder is the position of
the alphabet circles.
The inner circle is the alphabet for plaintext.
The outer circle is the alphabet for ciphertext.
Example plaintext D R I N K
ciphertext G U L Q N

11
A secret decoder does clock arithmetic, in
fact, arithmetic modulo 26.
Encipher by adding 3 to a plaintext letters
value T 3 W, H 3 K, E 3 H, so THE
becomes WKH. Decipher by subtracting 3 from a
ciphertext letters value. This cipher is also
called a Caesar cipher
12
To breaka cipher means to either find the key
or convert ciphertext to plaintext without
knowing the key.

A Caesar cipher is easy to break because there
are only 26 possible keys, and one can try all of
them.
A secret decoder is adequate for secrets of
Junior Space Cadets, but not for secrets of
adults.
Ciphers are used for secret communication or for
protecting secret files.
Cryptography is the study of ciphers.
Cryptanalysis studies how to break ciphers.

A slightly better cipher than a Caesar cipher is
a cryptogram.
This is a simple substitution cipher in which the
mapping from plaintext alphabet to ciphertext
alphabet is an arbitrary permutation of the
letters of the alphabet.
The number of possible keys is 26!
403291461126605635584000000,which is more keys
than one could try in the lifetime of the
universe.

Nevertheless, cryptograms appear as amusements
each day in the Exponent and Journal Courier.
Many readers solve them every day.
Break it by guessing words from their letter
patterns, or by using the relative frequency of
individual letters. E is most frequent, T is
second, etc.

Here is an example of a cryptogram
MVAG SGVSXG UTWG T
WGEGGL OUTO KVAGM VII
GTMHXF PHOU T XHOOXG
TXKVUVX. --- S. UTLLHMVE

O E PEOPLE E
MVAG SGVSXG UTWG T
E EE O E O
WGEGGL OUTO KVAGM VII
E L L L E
GTMHXF PHOU T XHOOXG
L O OL P. O
TXKVUVX. ---S. UTLLHMVE

17
Types of Attacks on Ciphers

Ciphertext only Given only the ciphertext find
the key and/or the plaintext.
Known-plaintext attack Given the ciphertext and
corresponding plaintext, find the key.
Chosen-plaintext attack Cryptanalyst may choose
some plaintext and learn the corresponding
ciphertext. Goal find key.

18
Types of Ciphers

One key Private key Symmetric key
All mean that the same key is used to encipher
and decipher. (Or else you can easily compute
either key from the other.)
Has direct authentication
Uses bit manipulation
Very fast At disk transfer rates
Examples DES, AES

19
Common Symmetric Ciphers

DES has a 56-bit key. One can try all possible
keys in Differential cryptanalysis might help break it,
too.
DES is used for short-term secrets, like
satellite TV codes or press releases.

20
Common Symmetric Ciphers

AES has a choice of 128, 192 or 256-bit keys. It
takes too long to try all possible keys, and
there is no known better attack.AES is used for
serious secrets.
Also called Rijndael.

21
Types of Ciphers

Two key Public key Asymmetric key
Enciphering key is public
Deciphering key is private (secret)
You must solve a hard problem to find the other
key, give one of the two keys.
Has no direct authentication, but one can sign
Uses number theory and large integer arithmetic
Much slower than one-key ciphers
Examples RSA, ElGamal, Rabin-Williams

Suppose Alice wants to email a long secret letter
to Bob, but they havent agreed on a secret key
for AES.
Alice uses a random AES key to encipher the
letter and sends the ciphertext to Bob.
Alice enciphers the random key using Bobs public
RSA key and sends it to him.
Bob deciphers the second message with his secret
RSA key and gets the AES key which he uses to
decipher the letter.
Zimmermanns PGP does all this and more.

Public key cryptography enjoys nice properties
useful in complicated protocols, such as contract
signing, electronic elections, oblivious
transfer, digital cash and simultaneous exchange
of secrets.
Traditional PKC uses exponentiation modulo a very
large integer n, of 1024 bits or about 300
decimal digits.
Fast exponentiation makes these operations
feasible, but still quite slow.

Traditional PKC operates in the multiplicative
group of integers modulo n.
It assumes that one of these number theory
problems is hard
1.Factoring integers Given n, find p and q with
n pq.
2.Discrete logarithm Given n, a and b, find e so
that a raised to the e power is congruent to b
modulo n.
The best known methods can solve either problem
for n up to 200 decimal digits.

25
Elliptic curves

They provide many examples
of mathematical groups for
which the discrete logarithm problem is as hard
using 128 bit numbers, or 40 decimal digits, as
it is modulo n when n has 1024 bits, or 300
decimal digits.
This gives equal security faster, but still not
as fast as symmetric ciphers.
Elliptic curves have other nice properties, too,
that facilitate certain protocols.

26
Key Management

Modern encryption will secure your files and
messages.
There is little danger anyone will find your key
by brute force.
A greater danger is key loss.
Where do you store your key?
What if you lose your key?

27
Politics

Strong cryptography cannot be exported.
In law it is a munition, like a nuclear bomb.
However, you may import cryptography.
It is widely available on foreign web sites.
Cryptography is restricted in several countries.

28
Presenters

Addam Schroll
David Seidl

29
Orlbaq gur Frperg Qrpbqre Evat
30
Beyond the Secret Decoder Ring
31
Time to use your decoder rings!
32
The Home Crypto Checklist

SSL
Secure e-mail
Encrypted password utility
File encryption
Volume encryption
Encrypted IM
Secret decoder rings

33
SSL Keeping the web secure

SSL or Secure Sockets Layer
Used to protect data sessions with websites.
Reasonably secure, but can operate at different
levels.
Always look for SSL when you submit data you do
not want to be public!

34
Look for the lock
35
Internet Explorer 7
36
Internet Explorer 7
37
Check the certificate Sanity Check!
38
Do you trust me?
39
Everyday places to check for SSL

Online banking
Bill payment sites
Webmail (many webmail sites do not default to
HTTPS - but they do support it!)
Health/medical websites
Any site that you want to submit data to securely.

40
Encrypted e-mail

Two popular e-mail encryption solutions
S/MIME
OpenPGP
Protects messages from interception or
modification
Verifies identity of the message sender
Requires significant setup time or learning

41
S/MIME Not a security mime
42
S/MIME vs. OpenPGP

Supported by most e-mail clients
Requires a central authority
X.509 Certificates
Hierarchical Trust Model

Requires additional software
Each user is an authority
Public/Private Key Pairs
Web of Trust Model

43
(No Transcript)
44
PGP encoder?
45
(No Transcript)
46
Where to get certificates

Issued by a central authority
Organization
Third-party certificate vendor
Purdue currently does not have a system-wide
certificate authority
Thawte Personal Certificates

47
Encrypted E-mail Tips

Follow the Purdue Data Handling Guidelines
Use encrypted email as a means of transport, not
storage
File your sensitive information elsewhere
Backup your keys and certificates!

48
Encrypted E-mail Tips (2)

Revoke certificates or keys if compromised
Trusting a key should only be done after suitable
verification with the owner

49
Keeping your passwords safe

Problems with passwords and passphrases
- Too many passwords
- Too many sites and different usernames
- Too many different security requirements

50
Password utilities

Password Safe
http//passwordsafe.sourceforge.net/
Keychain (Mac)
KeePass
http//keepass.sourceforge.net/

51
Rules for using a password utility

Use a very good password for your safe
Keep multiple, up to date copies of your safe
Make sure you have the safes timeout enabled
Dont keep work and personal passwords in the
same safe.

52
Password Safe
53
Password Safe Entries
54
A few extra tricks

Use your password safes note capability to store
alternate answers to security questions. Where
you were born is not a good secret, but where you
were born with a made up answer is.
Use the safes storage capability to store the
URL if you tend to forget it that way, you
wont hit a fake site by accident!

55
File, Volume, and Drive encryption for the home
user

Two minute vocabulary
File one or more files
Volume a partition on a drive
Drive formatting the entire drive
AES (aka Rijndael) an encryption standard
approved by the US government. Replaces DES.
DES an encryption standard approved by the US
governement. Look for 3DES, as DES alone is weak.

56
Volume and Drive encryption

Pros
Keeps files safe
Provides privacy from other users of the same
system
Cons
Forget the password and your data is gone
Slower reads and writes due to encryption
Requires technical knowledge to use

57
(No Transcript)
58
I cant use Truecrypt, what now?

Alternatives exist for most platforms.
You can use file encryption rather than volume
encryption - PGP is available for almost any
system.
Remember to look for a program that uses
standards based encryption.
The encryption you use is far more effective than
encryption you dont use!

59
Rules of encrypted files

Keep a safe, up to date copy
Remember your passphrase!
Dont leave it unlocked
If it is open and mounted, and your machine is
hacked, the hacker will have access
Encryption is only as good as its testing. Use
peer reviewed standards.

60
Encrypted IM

Many third party IM applications support
encryption in one form or another.
Some encrypt only the message, not the senders
identity.
Presenters tend to use GAIM OTR (Off The
Record) messaging.
For those at work, data handling guidelines still
apply no matter what medium you work in, and you
should review your departments policy.

61
Encryption at home