Add to collection(s) Add to saved
  1. Business
  2. Finance

in clear (readable)

advertisement 
Information Security
&
Cryptographic Principles
Infosec and Cryptography
Subjects / Topics :
1.
2.
3.
4.
5.
Introduction to computer cryptography
Single key cryptographic algorithms
Public key cryptographic algorithms
Crypto Applications
Business Continuity
Basic Problem
Intranet
Bob
Extranet
Internet
Alice
There are Confidence and Trust Issues …
Multiple Security Issues
Privacy
Authentication
Interception
Spoofing
Integrity
Non-repudiation
Claims
Not sent
Modification
not received
Proof of parties involved
Information Security
Confidentiality
Integrity
Availability
Security Services
Integrity
Information has not been altered
Confidentiality
Content hidden during transport
Authentication
Identity of originator confirmed
Non-Repudiation
Originator cannot repudiate transaction
Data Confidentiality
Some confidential
text (message)
in clear (readable)
form
Cryptography
Some confidential
text (message)
in clear (readable)
form
Someconfid
entialtext
essage)
in clear
Encryption
Cryptography
Some confidential
text (message)
in clear (readable)
form
Someconfid
entialtext
essage)
in clear
Decryption
Crypto Transformations
Some confidential
text (message)
in clear (readable)
form
Someconfi
Entialte
essage)
in clear
Crypto Transformations
Some confidential
text (message)
in clear (readable)
form
Someconfi
Entialte
essage)
in clear
Parameterization
Some confidential
text (message)
in clear (readable)
form
Crypto key
Someconfid
Someconfid
Someconfid
entialtext
Someconfid
entialtext
entialtext
Someconfi
essage)
entialtext
Entialte
essage)
essage)
essage)
in clear
essage)
in clear
in clear
in clear
in clear
Infosec and Cryptography
Subjects / Topics :
1.
2.
3.
4.
5.
Introduction to computer cryptography
Single key cryptographic algorithms
Public key cryptographic algorithms
Crypto Applications
Business Continuity
Single Key Crypto
Encryption
Someconfid
Entialtext
essage)
in clear
Some confidential
text (message)
in clear (readable)
form
Crypto key
Decryption
Design . . . ?
How to design good cryptographic systems ?
What does it mean good crypto system ?
Principles
1.
2.
3.
4.
5.
6.
Simple for users
Complicated for intruders
Public algorithm
Secret key
Large number of combinations
Special properties
Other Symmetric Algorithms
1. AES
2. IDEA
3. Triple - DES
4. RC-2
5. RC-4
6. Blowfish
Infosec and Cryptography
Subjects / Topics :
1.
2.
3.
4.
5.
Introduction to computer cryptography
Single key cryptographic algorithms
Public key cryptographic algorithms
Crypto Applications
Business Continuity
Secret Key Systems
Encryption
Someconfi
entialtext
essage)
in clear
Some confidential
text (message)
in clear (readable)
form
Crypto key
Decryption
Key Exchange
?
Public Key Cryptography
Encryption
Key 2
Some confidential
text (message)
in clear (readable)
form
Someconfi
entialtext
essage)
in clear
Key 1
Decryption
Public Key Cryptography
Bob
Alice
MSG
Encryption
tia
Decryption
MSG
Bob Private
Alice Private
Bob Public
Alice Public
Digital Signature … Authentication … Non-Repudiation
Public Key Cryptography
Bob
Alice
MSG
Encryption
tia
Bob Private
Decryption
MSG
Alice Private
Bob Public
Alice Public
Confidentiality
Symmetric and Asymmetric
Encryption
m Symmetric:
Faster than asymmetric, hard to break
with large key, hard to distribute keys, too many keys
required, cannot authenticate or provide nonrepudiation.
m
Includes: DES, Triple DES, Blowfish, IDEA, RC4, RC5,
RC6, AES
Symmetric and Asymmetric
Encryption
m
Asymmetric cryptography: Better at key distribution,
better scalability for large systems, can provide
authentication and non-repudiation, slow, math
intensive
m
Includes: RSA, ECC, Diffie Hellman, El Gamal, DSA,
Knapsack, PGP
Infosec and Cryptography
Subjects / Topics :
1.
2.
3.
4.
5.
Introduction to computer cryptography
Single key cryptographic algorithms
Public key cryptographic algorithms
Crypto Applications
Business Continuity
Crypto Applications
1. Digital signature
2. Digital enveloping
3. Digital certificates
4. Secret key exchange
Digital Signature
A Digital Signature is a data item
that vouches for the origin and
the integrity of a Message
Intranet
Extrane
t
Bob
Internet
Alice
Digital Signature
Message
Digest
Algorithm
Message
Digest
Algorithm
Hash Function
Digest
Private Key
Hash Function
Public Key
Encryption
Decryption
Signature
Expected
Actual
Digest
Digest
Signer
Channel
Receiver
Digital Signature
“Real Identity” of the Signer.
Why should I trust what the Sender claims to
be ?
Moving towards PKI
…
Digital Certificate
A Digital Certificate is a binding
between an entity’s Public Key
and one or more Attributes related to its Identity.
The entity can be a Person, an Hardware Component, a Service,
etc.
A Digital Certificate is issued (and signed) by someone :
Usually the issuer is a Trusted Third Party
Digital Certificate
CERTIFICATE
Subject
Issuer
Subject Public
Key
Issuer Digital Signature
Digital Certificate
How are Digital Certificates Issued?
Who is issuing them?
Why should I Trust the Certificate Issuer?
How can I check if a Certificate is valid?
How can I revoke a Certificate?
Who is revoking Certificates?
Moving towards PKI
…
Infosec and Cryptography
Subjects / Topics :
1.
2.
3.
4.
5.
Introduction to computer cryptography
Single key cryptographic algorithms
Public key cryptographic algorithms
Crypto Applications
Business Continuity
Business Continuity and Disaster Recovery
m
Businesses are more susceptible to failure after a disaster
m Goal
• To minimize disaster aftermath and ensure resources, personnel,
and business processes resume
m
By
• Planning measures
• Backing up data and hardware
• Getting the right people in place
m Requirements
• Management support
• Driving the project, top-down approach
• Must understand value of investing in BCP
– Returns can be priceless
Business Continuity Steps
m
Steps
•
•
•
•
•
•
•
m
Develop the continuity planning policy statement
Conduct the business impact analysis (BIA)
Identify preventive controls
Develop recovery strategies
Develop the contingency plan
Test the plan and conduct training and exercises
Maintain the plan
Understanding the Organization
Business Continuity Plan
Business Impact Analysis
BIA
• Considered a functional analysis
• Team collects data in variety of ways
• Maps out following characteristics:
– Maximum tolerable downtime
– Operational disruption and productivity
– Financial considerations
– Regulatory responsibilities
– Reputation
• Understand the variety of possible threats
• Must go through all possible scenarios
Questions
Related documents
plaintext version
plaintext version
INFA 723 Applied Cryptography
INFA 723 Applied Cryptography
COURSES OFFERED IN FOREIGN LANGUAGES
COURSES OFFERED IN FOREIGN LANGUAGES
- projectgenie
- projectgenie
Tutorial 3 - Prince Sultan University
Tutorial 3 - Prince Sultan University
ECE 480X: Introduction to Cryptography and Communication Security
ECE 480X: Introduction to Cryptography and Communication Security
CSCE 212 - Computer Science & Engineering
CSCE 212 - Computer Science & Engineering
here - kaist
here - kaist
Download
advertisement