Modern Data Security in Five Acts - PowerPoint PPT Presentation

1 / 65
About This Presentation
Title:

Modern Data Security in Five Acts

Description:

Don't keep work and personal passwords in the same safe. Password Safe ... File, Volume, and Drive encryption for the home user. Two minute vocabulary: ... – PowerPoint PPT presentation

Number of Views:86
Avg rating:3.0/5.0
Slides: 66
Provided by: pur63
Category:

less

Transcript and Presenter's Notes

Title: Modern Data Security in Five Acts


1
Modern Data Securityin Five Acts
  • Act IV Beyond the Secret Decoder Ring

2
WELCOME!
  • Scott Ksander

3
National Cyber Security Awareness Events
  • Act I Modern Data Handling
  • Act II Security on the Go
  • Act III Modern Teleworking Solutions
  • Act IV Beyond the Secret Decoder Ring
  • Act V Security Trick or Treat
  • http//www.purdue.edu/securepurdue/training/awaren
    essMonth.cfm

4
The World We Live In
  • Significant incidents recently reported to
    HackerWatch.org
  • 24 Hours 78,541,667
  • 7 Days 547,791,661
  • 30 Days 2,356,379,550

5
The World We Live In
6
The World We Live In
  • As of 10/24/2006, TOTAL number of records
    containing sensitive personal information
    involved in security breaches  94,091,429
  • Purdue University listed 3 times

7
Encryption 101
  • Beyond the Secret Decoder Ring
  • Sam Wagstaff
  • Computer Sciences and CERIAS

8
What is a secret decoder ring?
Popular 1930s to 1990s Little Orphan Annie radio
show The image shown is from 1936 Also in
breakfast cereal boxes
9
Another secret decoder ring
  • Captain Midnight and the Space Cadets, radio and
    television
  • Also in breakfast cereal boxes
  • Most were badges, none was
  • a ring

10
  • Plaintext or clear text you can understand it
  • Ciphertextlooks like gibberish, but is
    equivalent to plaintext
  • Encipher or encrypt convert plaintext to
    ciphertext using a key
  • Decipher or decrypt convert ciphertext to
    plaintext using a key
  • The key for the secret decoder is the position of
    the alphabet circles.
  • The inner circle is the alphabet for plaintext.
  • The outer circle is the alphabet for ciphertext.
  • Example plaintext D R I N K
  • ciphertext G U L Q N

11
A secret decoder does clock arithmetic, in
fact, arithmetic modulo 26.
Encipher by adding 3 to a plaintext letters
value T 3 W, H 3 K, E 3 H, so THE
becomes WKH. Decipher by subtracting 3 from a
ciphertext letters value. This cipher is also
called a Caesar cipher
12
To breaka cipher means to either find the key
or convert ciphertext to plaintext without
knowing the key.
  • A Caesar cipher is easy to break because there
    are only 26 possible keys, and one can try all of
    them.
  • A secret decoder is adequate for secrets of
    Junior Space Cadets, but not for secrets of
    adults.
  • Ciphers are used for secret communication or for
    protecting secret files.
  • Cryptography is the study of ciphers.
  • Cryptanalysis studies how to break ciphers.

13
  • A slightly better cipher than a Caesar cipher is
    a cryptogram.
  • This is a simple substitution cipher in which the
    mapping from plaintext alphabet to ciphertext
    alphabet is an arbitrary permutation of the
    letters of the alphabet.
  • The number of possible keys is 26!
    403291461126605635584000000,which is more keys
    than one could try in the lifetime of the
    universe.

14
  • Nevertheless, cryptograms appear as amusements
    each day in the Exponent and Journal Courier.
    Many readers solve them every day.
  • Break it by guessing words from their letter
    patterns, or by using the relative frequency of
    individual letters. E is most frequent, T is
    second, etc.

15
  • Here is an example of a cryptogram
  • MVAG SGVSXG UTWG T
  • WGEGGL OUTO KVAGM VII
  • GTMHXF PHOU T XHOOXG
  • TXKVUVX. --- S. UTLLHMVE

16
  • O E PEOPLE E
  • MVAG SGVSXG UTWG T
  • E EE O E O
  • WGEGGL OUTO KVAGM VII
  • E L L L E
  • GTMHXF PHOU T XHOOXG
  • L O OL P. O
  • TXKVUVX. ---S. UTLLHMVE

17
Types of Attacks on Ciphers
  • Ciphertext only Given only the ciphertext find
    the key and/or the plaintext.
  • Known-plaintext attack Given the ciphertext and
    corresponding plaintext, find the key.
  • Chosen-plaintext attack Cryptanalyst may choose
    some plaintext and learn the corresponding
    ciphertext. Goal find key.

18
Types of Ciphers
  • One key Private key Symmetric key
  • All mean that the same key is used to encipher
    and decipher. (Or else you can easily compute
    either key from the other.)
  • Has direct authentication
  • Uses bit manipulation
  • Very fast At disk transfer rates
  • Examples DES, AES

19
Common Symmetric Ciphers
  • DES has a 56-bit key. One can try all possible
    keys in Differential cryptanalysis might help break it,
    too.
  • DES is used for short-term secrets, like
    satellite TV codes or press releases.

20
Common Symmetric Ciphers
  • AES has a choice of 128, 192 or 256-bit keys. It
    takes too long to try all possible keys, and
    there is no known better attack.AES is used for
    serious secrets.
  • Also called Rijndael.

21
Types of Ciphers
  • Two key Public key Asymmetric key
  • Enciphering key is public
  • Deciphering key is private (secret)
  • You must solve a hard problem to find the other
    key, give one of the two keys.
  • Has no direct authentication, but one can sign
  • Uses number theory and large integer arithmetic
  • Much slower than one-key ciphers
  • Examples RSA, ElGamal, Rabin-Williams

22
  • Suppose Alice wants to email a long secret letter
    to Bob, but they havent agreed on a secret key
    for AES.
  • Alice uses a random AES key to encipher the
    letter and sends the ciphertext to Bob.
  • Alice enciphers the random key using Bobs public
    RSA key and sends it to him.
  • Bob deciphers the second message with his secret
    RSA key and gets the AES key which he uses to
    decipher the letter.
  • Zimmermanns PGP does all this and more.

23
  • Public key cryptography enjoys nice properties
    useful in complicated protocols, such as contract
    signing, electronic elections, oblivious
    transfer, digital cash and simultaneous exchange
    of secrets.
  • Traditional PKC uses exponentiation modulo a very
    large integer n, of 1024 bits or about 300
    decimal digits.
  • Fast exponentiation makes these operations
    feasible, but still quite slow.

24
  • Traditional PKC operates in the multiplicative
    group of integers modulo n.
  • It assumes that one of these number theory
    problems is hard
  • 1.Factoring integers Given n, find p and q with
    n pq.
  • 2.Discrete logarithm Given n, a and b, find e so
    that a raised to the e power is congruent to b
    modulo n.
  • The best known methods can solve either problem
    for n up to 200 decimal digits.

25
Elliptic curves
  • They provide many examples
  • of mathematical groups for
  • which the discrete logarithm problem is as hard
    using 128 bit numbers, or 40 decimal digits, as
    it is modulo n when n has 1024 bits, or 300
    decimal digits.
  • This gives equal security faster, but still not
    as fast as symmetric ciphers.
  • Elliptic curves have other nice properties, too,
    that facilitate certain protocols.

26
Key Management
  • Modern encryption will secure your files and
    messages.
  • There is little danger anyone will find your key
    by brute force.
  • A greater danger is key loss.
  • Where do you store your key?
  • What if you lose your key?

27
Politics
  • Strong cryptography cannot be exported.
  • In law it is a munition, like a nuclear bomb.
  • However, you may import cryptography.
  • It is widely available on foreign web sites.
  • Cryptography is restricted in several countries.

28
Presenters
  • Addam Schroll
  • David Seidl

29
Orlbaq gur Frperg Qrpbqre Evat
30
Beyond the Secret Decoder Ring
31
Time to use your decoder rings!
32
The Home Crypto Checklist
  • SSL
  • Secure e-mail
  • Encrypted password utility
  • File encryption
  • Volume encryption
  • Encrypted IM
  • Secret decoder rings

33
SSL Keeping the web secure
  • SSL or Secure Sockets Layer
  • Used to protect data sessions with websites.
  • Reasonably secure, but can operate at different
    levels.
  • Always look for SSL when you submit data you do
    not want to be public!

34
Look for the lock
35
Internet Explorer 7
36
Internet Explorer 7
37
Check the certificate Sanity Check!
38
Do you trust me?
39
Everyday places to check for SSL
  • Online banking
  • Bill payment sites
  • Webmail (many webmail sites do not default to
    HTTPS - but they do support it!)
  • Health/medical websites
  • Any site that you want to submit data to securely.

40
Encrypted e-mail
  • Two popular e-mail encryption solutions
  • S/MIME
  • OpenPGP
  • Protects messages from interception or
    modification
  • Verifies identity of the message sender
  • Requires significant setup time or learning

41
S/MIME Not a security mime
42
S/MIME vs. OpenPGP
  • Supported by most e-mail clients
  • Requires a central authority
  • X.509 Certificates
  • Hierarchical Trust Model
  • Requires additional software
  • Each user is an authority
  • Public/Private Key Pairs
  • Web of Trust Model

43
(No Transcript)
44
PGP encoder?
45
(No Transcript)
46
Where to get certificates
  • Issued by a central authority
  • Organization
  • Third-party certificate vendor
  • Purdue currently does not have a system-wide
    certificate authority
  • Thawte Personal Certificates

47
Encrypted E-mail Tips
  • Follow the Purdue Data Handling Guidelines
  • Use encrypted email as a means of transport, not
    storage
  • File your sensitive information elsewhere
  • Backup your keys and certificates!

48
Encrypted E-mail Tips (2)
  • Revoke certificates or keys if compromised
  • Trusting a key should only be done after suitable
    verification with the owner

49
Keeping your passwords safe
  • Problems with passwords and passphrases
  • - Too many passwords
  • - Too many sites and different usernames
  • - Too many different security requirements

50
Password utilities
  • Password Safe
  • http//passwordsafe.sourceforge.net/
  • Keychain (Mac)
  • KeePass
  • http//keepass.sourceforge.net/

51
Rules for using a password utility
  • Use a very good password for your safe
  • Keep multiple, up to date copies of your safe
  • Make sure you have the safes timeout enabled
  • Dont keep work and personal passwords in the
    same safe.

52
Password Safe
53
Password Safe Entries
54
A few extra tricks
  • Use your password safes note capability to store
    alternate answers to security questions. Where
    you were born is not a good secret, but where you
    were born with a made up answer is.
  • Use the safes storage capability to store the
    URL if you tend to forget it that way, you
    wont hit a fake site by accident!

55
File, Volume, and Drive encryption for the home
user
  • Two minute vocabulary
  • File one or more files
  • Volume a partition on a drive
  • Drive formatting the entire drive
  • AES (aka Rijndael) an encryption standard
    approved by the US government. Replaces DES.
  • DES an encryption standard approved by the US
    governement. Look for 3DES, as DES alone is weak.

56
Volume and Drive encryption
  • Pros
  • Keeps files safe
  • Provides privacy from other users of the same
    system
  • Cons
  • Forget the password and your data is gone
  • Slower reads and writes due to encryption
  • Requires technical knowledge to use

57
(No Transcript)
58
I cant use Truecrypt, what now?
  • Alternatives exist for most platforms.
  • You can use file encryption rather than volume
    encryption - PGP is available for almost any
    system.
  • Remember to look for a program that uses
    standards based encryption.
  • The encryption you use is far more effective than
    encryption you dont use!

59
Rules of encrypted files
  • Keep a safe, up to date copy
  • Remember your passphrase!
  • Dont leave it unlocked
  • If it is open and mounted, and your machine is
    hacked, the hacker will have access
  • Encryption is only as good as its testing. Use
    peer reviewed standards.

60
Encrypted IM
  • Many third party IM applications support
    encryption in one form or another.
  • Some encrypt only the message, not the senders
    identity.
  • Presenters tend to use GAIM OTR (Off The
    Record) messaging.
  • For those at work, data handling guidelines still
    apply no matter what medium you work in, and you
    should review your departments policy.

61
Encryption at home
  • Passwords
  • Data
  • Spreadsheets
  • Home inventory
  • Archived e-mail
  • Other documents
  • Instant messaging
  • E-mail encryption works the same at home!

62
References
  • Purdue Data Handling Guidelines
  • www.itap.purdue.edu/security/procedures/dataHandli
    ng.cfm
  • OpenPGP
  • www.openpgp.org
  • S/MIME Tutorial
  • www.marknoble.com/tutorial/smime/smime.aspx
  • Thawte Personal Certificates
  • www.thawte.com/secure-email/personal-email-certifi
    cates/index.html

63
References
  • TrueCrypt
  • http//www.truecrypt.org/
  • Off The Record Messaging
  • http//www.cypherpunks.ca/otr/
  • Password Safe
  • http//passwordsafe.sourceforge.net/
  • KeePass
  • http//keepass.sourceforge.net/

64
Short Videos
  • C\October Security Events\Phishing for Kenny Act
    IV.wmv
  • C\October Security Events\Back your data Act
    IV.wmv

65
National Cyber Security Awareness Events
  • Questions for the Panel?
Write a Comment
User Comments (0)
About PowerShow.com