encryption: fact and fiction
TRANSCRIPT
Dr. V. Kumar Murty CTO, Perfect Cloud Corp. www.perfectcloud.io
• CTO, PerfectCloud.io • Professor and Chair, Department of
Mathematics, University of Toronto • Director, GANITA Labs, University of
Toronto • Ph.D. Harvard University • Fellow of the Royal Society of Canada • Foreign Fellow of the National Academy
of Sciences (India) • 100+ papers, 5 books and 2 patents in
Information Security
BIOGRAPHY: DR. V. KUMAR MURTY !
CTO, PerfectCloud.io
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOME ATTRIBUTES OF DATA
• Confiden;ality • Privacy • Iden;ty • Reliability (Data Integrity) • Trust
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
FOUR OVERLAPPING THEMES INFORMATION MANAGEMENT
Security
Trust
Privacy
Identity
CONFIDENTIALITY
SELF-DETERMINATION
ASSURANCE
ATTRIBUTES
GOOD IDENTITY MANAGEMENT STRENGTHENS SECURITY, PRIVACY AND TRUST!
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PROVISIONING
TOOLS • Confiden;ality: Encryp;on • Privacy: Access Control • Iden;ty: IDM • Reliability: Digital fingerprints • Trust: Digital signatures
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ENCRYPTION • Secret wri;ng • Symmetric and Asymmetric • Plaintext + Secret Key is transformed to Ciphertext • Decryp;on: Ciphertext + Secret Key is transformed to Plaintext
• Our confidence in the security is based on the key being secret
• Transforma;on = Algorithm: many kinds
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOME ALGORITHMS
• Symmetric: • AES • Blowfish
• Asymmetric: • RSA • ECC • HEC
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SYMMETRIC ENCRYPTION • Used for bulk encryp;on • High speed algorithms • Requires a shared secret (key) • Challenge is in key management
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
AES
• “Government grade encryp;on” is a meaningless term
• Research labs around the world are chipping away at this standard
• Security and speed depend on the “mode” in which it is used.
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ASYMMETRIC ENCRYPTION • Does not require a shared secret (key)
• Encryp;on and Decryp;on keys are (in general) different
• Methods are mathema;cally sophis;cated
• Not suitable for bulk encryp;on
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
RSA • Security depends on the difficulty of factoring large numbers
• Advances are constantly being made on this, requiring larger and larger key sizes
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ECC
• Ellip;c curve cryptography • Considered to be more secure and for comparable size of key: there is no index calculus known for ellip;c curves
• Included now in NIST standards
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THE KEY IS THE KEY Strength (security) usually depends on several factors including: • Size of the key • Key management: “key under the doormat” • Security architecture is only as strong as the weakest link.
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
TYPICAL DEPLOYMENT
• A combina;on of both symmetric and asymmetric methods
• Security analysis will determine the size of keys needed in each part to make it equally strong throughout
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THREAT MODEL • What are we trying to protect against? • System architecture diagram has to be analyzed for points of weakness
• Those points have to be for;fied
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
TECHNOLOGY IS NOT ENOUGH • Most compromises are not of algorithms but social engineering
• Security policy is at least as important as security technology: Target
• Also electro-‐magne;c a[acks (more difficult to protect against).
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PROTECTING DATA
• Data has two stages: • At rest • In transit • It has to be secured throughout its • lifecycle (ILM)
• Security architecture depends on • Who is managing the data? • Where does the data reside? • Who has access to the data? • Who has access to the keys to the data? • What sort of encryption is being used? • How is the key being managed/stored?
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ENCRYPTION IN
PRACTICE • Keeping data safe is more complex in practice • Data at rest • Encrypted hard drives or directories • Data in transit • Encrypted data is usually decrypted
and re-encrypted at each hop • MITM attacks • Security of the end devices critical
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOCIAL NETWORKS • Leaks through informa;on voluntarily exposed on social networks
• Using Twi[er to authen;cate • Depends on cloud-‐based servers
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
COMMON ATTACKS
• SQL Injec;on • Malware
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
IDENTITY STORES • Ac;ve Directory is encrypted: but key is stored in the same place
• No one can read your encrypted content: some devices that read EM can penetrate it
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PERFECT CLOUD SOLUTION
• True zero knowledge • Distributed key management • User is in control • Seamless and transparent provisioning and de-‐provisioning
PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THANK YOU!
www.perfectcloud.io