Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November.

Slides:

Advertisements

Similar presentations

Security in Mobile Ad Hoc Networks

Advertisements

Trust relationships in sensor networks Ruben Torres October 2004.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Security: The Narrow Road from Theory to Practice Burt Kaliski, RSA Security ISPEC 2006, Hangzhou, China April 13, 2006.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Digital Signatures and Hash Functions. Digital Signatures.

Trustworthy Services from Untrustworthy Components: Overview Fred B. Schneider Department of Computer Science Cornell University Ithaca, New York

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Polymorphic blending attacks Prahlad Fogla et al USENIX 2006 Presented By Himanshu Pagey.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1-1 CMPE 259 Sensor Networks Katia Obraczka Winter 2005 Security.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

FIT5037 Advanced Network Security --- Modern Computing and Security --- Lecture 1.

Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Secure Overlay Services Adam Hathcock Information Assurance Lab Auburn University.

Applied Cryptography for Network Security

1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

Introduction to Computer and Network Security Iliano Cervesato 26 August 2008 – Modern Cryptography.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

Network Security Essentials Fifth Edition by William Stallings Fifth Edition by William Stallings.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Norman SecureSurf Protect your users when surfing the Internet.

Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

A Secure Protocol for Computing Dot-products in Clustered and Distributed Environments Ioannis Ioannidis, Ananth Grama and Mikhail Atallah Purdue University.

Cryptography and Network Security

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

Computer Science Open Research Questions Adversary models –Define/Formalize adversary models Need to incorporate characteristics of new technologies and.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Fall 2002CS 395: Computer Security1 Chapter 11: Message Authentication and Hash Functions.

Disclosure risk when responding to queries with deterministic guarantees Krish Muralidhar University of Kentucky Rathindra Sarathy Oklahoma State University.

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

MANETS Justin Champion Room C203, Beacon Building Tel 3292,

Content Sharing over Smartphone-Based Delay- Tolerant Networks.

Cosc 513Presentation, Fall Network Security Student: Jianping He Student ID: Instructor: ProfessorAnvari Fall 2000.

Chapter 7 – Confidentiality Using Symmetric Encryption.

1 Diversifying Sensors to Improve Network Resilience Wenliang (Kevin) Du Electrical Engineering & Computer Science Syracuse University.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Software Security Seminar - 1 Chapter 10. Using Algorithms 조미성 Applied Cryptography.

A paper by: Paul Kocher, Joshua Jaffe, and Benjamin Jun Presentation by: Michelle Dickson.

1 Recommendations Now that 40 GbE has been adopted as part of the 802.3ba Task Force, there is a need to consider inter-switch links applications at 40.

Security in Wireless Ad Hoc Networks. 2 Outline  wireless ad hoc networks  security challenges  research directions  two selected topics – rational.

1 6/3/2003 IEEE Link Security Study Group, June 2003, Ottawa, Canada Secure Frame Format PAR: 5 Criteria.

DATA & COMPUTER SECURITY (CSNB414) MODULE 3 MODERN SYMMETRIC ENCRYPTION.

Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.

Weaknesses in the Generic Group Model

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Database Laboratory Regular Seminar TaeHoon Kim Article.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Modeling security 1. Models - encryption r Alice and Bob have the same key k r Alice and Bob exchange encrypted messages r Eve wants to get the plaintext.

IEEE CyberTrust workshop

Cryptographic Hash Functions

New Cache Designs for Thwarting Cache-based Side Channel Attacks

Cryptographic Hash Functions

Ioannis Ioannidis, Ananth Grama and Ioannis Ioannidis

Chapter 11 – Message Authentication and Hash Functions

Web Information Systems Engineering (WISE)

Presentation transcript:

Cryptography and Data Security: Long-Term Challenges Burt Kaliski, RSA Security Northeastern University CCIS Mini Symposium on Information Security November 9, 2004

Approach Looking toward future generations of information technology – 30-year timeframe Cryptography, network security grow in importance as essential building blocks Challenges lie ahead – what can we do? Two kinds of solution to consider: —“Easy”: apply current knowledge to alleviate problems —“Better”: discover new knowledge that overcomes them

Challenge #1: No Algorithm Is Safe Today’s algorithms remain secure for 30+ years against known attacks on classical computers, with sufficiently large keys The risk: unknown attacks and quantum computers —Quantum computers would break today’s number-theoretic public- key cryptography; halve effective key size of secret-key algorithms —Unknown attacks could have equally dramatic effect Key problem: With a few exceptions, no algorithms are proven secure unconditionally

Algorithm Directions: “Easy” 1. Employ multiple algorithms based on different hard problems —Presumably less likely all to fall at once 2. Deploy secret-key-only architectures where feasible 3. Adopt Merkle hash signatures —(2.) and (3.) reduce the dependence on number-theoretic public- key cryptography, which is riskiest against quantum computers —However, no assurance that specific secret-key algorithms and hash functions resist specific quantum (or classical) attacks 4. Introduce quantum cryptography as an extra layer of protection —But limited to link encryption with photon transmission

Algorithm Directions: “Better” 5. Develop alternative algorithms based on different hard problems —A broader portfolio against attack —But involves a long testing process – few hard problems have survived last 30 years 6. Find new algorithms that are provably resistant to attack – or fully prove strength of existing ones —Requires major breakthroughs in computational complexity theory e.g., lower bounds for integer factoring 7. Invent quantum or other form of cryptography that isn’t limited to photon transmission, e.g., “RF quantum”? —Assumes new results in physics

Challenge #2: No Data Is Safe Data and keys can be reasonably well protected today against compromise with trusted hardware, software The risk: Attacks are becoming more sophisticated, and usability competes with security —Side-channel analysis can expose keys in many implementations —Availability requirements often encourage multiple copies of data Key problem: Security architectures today generally based around explicit data and keys —Each instance an opportunity for compromise

Data Protection Directions: “Easy” 1. Build implementations of existing algorithms to address side- channel attacks — not just for speed & space 2. Employ architectures based on implicit data and keys: —Secret splitting: Data stored in n shares, k required to reconstruct —Distributed cryptography and secure multi-party computation: Keys stored and used in shares – never explicitly reconstructed 3. Adopt techniques that “heal” the effects of compromise: —Proactive security: Shares are periodically refreshed —Forward security: Keys are updated regularly such that past keys cannot be computed from current ones

Data Protection Directions: “Better” 4. Design new algorithms that are provably less vulnerable to side-channel attacks and other compromises —“physically observable cryptography” (Micali, Reyzin) —potentially a difficult tradeoff versus conventional attacks 5. Develop new, practical data protection techniques based on other hard problems —e.g., only on hash functions 6. Invent something physics-based, e.g., “quantum secret- splitting”?

And That’s Just the Data … Future networks, with numerous mobile components in ad hoc configurations, will also be at risk to a host of new attacks, e.g.: —Routing table corruption, leading to network partition, traffic analysis —“Selfish” nodes that expend others’ resources but do not contribute their own Countermeasures here involve a new way of viewing networks, where trust is earned, not assumed (Jakobsson et al.): —“Micropayments” as network diagnostics —Reputation management —Game theory

Summary Today’s cryptography and data protection are reasonably strong, but 30 years is a long time Better long-term assurance requires new techniques and methods of analysis —An architecture of implicit data built on a foundation of provable algorithms Research challenge is the same as for networks: a roadmap from today’s “gigabit security” into terabits and beyond

Contact Information Burt Kaliski VP Research, RSA Security Chief Scientist, RSA Laboratories