Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996.

Slides:

Advertisements

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Advertisements

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography and Network Security

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

PGP Overview 2004/11/30 Information-Center meeting peterkim.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Principles of Information Security, 2nd edition1 Cryptography.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Prepared by:Hussain Awad Supervised by: Dr. Lo’ai Tawalbeh

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Computer and Network Security Risanuri Hidayat, Ir., M.Sc.

Electronic mail security -- Pretty Good Privacy.

Chapter 8 Web Security.

Security Jonathan Calazan December 12, 2005.

Guide to Operating System Security Chapter 10 Security.

 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Lecture 9: Security via PGP CS 436/636/736 Spring 2012 Nitesh Saxena.

1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.

Week 5 IBS 520 Computer and Online Security. Cybercrime Online or Internet- based illegal acts What is a computer security risk? Computer crime Any illegal.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Masud Hasan Secue VS Hushmail Project 2.

Linux Networking and Security Chapter 8 Making Data Secure.

Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Security.  is one of the most widely used and regarded network services  currently message contents are not secure may be inspected either.

Securing Electronic Transactions University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Krerk Piromsopa. Network Security Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Web Security : Secure Socket Layer Secure Electronic Transaction.

Types of Electronic Infection

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

NETWORK SECURITY.

Security Using PGP - Prajakta Bahekar. Importance of Security is one of the most widely used network service on Computer Currently .

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Encryption Basics Module 7 Section 2. History of Encryption Secret - NSA National Security Agency –has powerful computers - break codes –monitors all.

Security fundamentals Topic 9 Securing internet messaging.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.

Digital Signatures and Digital Certificates Monil Adhikari.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Privacy and Security Topics From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction Known Information Software.

INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.

Security By Meenal Mandalia. What is ? stands for Electronic Mail. much the same as a letter, only that it is exchanged in a different.

Key management issues in PGP

e-Security Solutions Penki Kontinentai Vladas Lapinskas

Electronic Payment Security Technologies

Presentation transcript:

Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996

Introduction n Encryption ensures security of computer- based information n Security includes privacy and authentication n Trade-off between security and convenience n If tools are used incorrectly, security may be lost

Agenda n Importance of encryption n Applications for encryption n Principles and protocols – Secret key versus public key encryption – PGP – Other encryption standards n Using encryption tools

Importance of encryption n Lawyers have a duty to keep clients’ information confidential n messages are more like postcards than sealed letters n Using encryption for all your avoids drawing attention to confidential n Cost-benefit analysis

Applications for encryption n n Secure electronic transactions – World Wide Web (Secure Sockets Layer) eg. Netscape and Internet Explorer v.2 – Proprietary systems eg. home banking, MSN n Office equipment – DES telephones, faxes, digital mobile phones n Confidential documents in the office

Encryption in the office n Built-in encryption gives poor security – $US185 package cracks encryption schemes of WordPerfect, Lotus 1-2-3, Symphony, Quattro Pro, Paradox, Excel and MS Word 2.0 n Lotus Notes – Secret key encryption for Notes documents n Key can be made distributable or non-distributable – Public key encryption for Notes mail n Microsoft Exchange fax encryption

Principles and protocols n Public key encryption n Secret key (symmetric, conventional, password, single key) encryption n USA export controls – Some encryption software unavailable here – International Netscape substantially less secure – Phil Zimmerman prosecution

What is public key encryption? SenderRecipient public key Distribute public key Encrypt with recipient’s public key/s public key Sign with private key Verify signature with sender’s public key Decrypt message with private key

Authentication without encryption n Create a hash (checksum) for the plaintext n Encrypt the hash with your private key n This “signature” can be authenticated only with your public key From alt.security.pgp: “I am a practicing attorney in Colorado with clients in other states and in Canada, and I use e- mail to communicate with many of them. Having a verified PGP signature on from me tells the clients that the message really comes from me and that any advice or instructions contained in the is advice or instructions that I want them to follow. Hopefully, they trust me enough to do so. :-)”

Public Keys -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQBtAzDmHn0AAAEDAMzvMfAQYj2AGd6dV/ctqtKj2grlDrWW8R9B2vSe8w2lZDqb r+/msS/UvSci79vxHmppkOvKVFhCdcI9yRcsFL5BNrJf5zLTKUVZVcUhIWQXF4Db //2HwEe/5gZYw9iQAQAFEbQxSmVyZW15IE0uIE1hbGNvbG0gPHRlcm1pbnVzQG9k eXNzZXkuYXBhbmEub3JnLmF1Pg== =liEN -----END PGP PUBLIC KEY BLOCK----- n Obtained through: – , finger, WWW – Key servers – Automatic for WWW browsers

PGP - Pretty Good Privacy n De facto Internet standard n Offers public key and secret key encryption n Not an program n Variants – Freeware – Commercial: “Viacrypt” – Restricted export – International

Other encryption standards n PEM - Privacy Enhanced Mail – De jure standard (RFCs ) – Easier to integrate into third party products – Relies on hierarchy of Certifying Authorities – RIPEM - Riordan’s Internet Privacy Enhanced Mail n Less widely used than PGP n Illegal to export outside USA – TIS/PEM - Trusted Information System PEM

DES ( Data Encryption Standard) – Conventional encryption (secret key only) – Fast – Available for office equipment – Built in to application software – No longer considered sufficiently secure n Triple DES Other encryption standards

Using encryption tools n Secret key encryption requires a secure channel n “Add-ins” – Microsoft Exchange PGP add-in – Eudora, Pegasus Mail add-ins available n Stand-alone products – Power PGP (freeware) – Numerous others available

Dangers and limitations n Compromised passphrase and secret key – Remember the passphrase – Keep the key on a floppy disk n Exposure on multi-user systems – Don’t keep your secret key on such a system n Obvious passwords n Physical security breaches – Don’t save or print out plaintext

Dangers and limitations n Public key tampering – Certification by PGP signature n Bogus timestamps – Timestamping service or PGP signature n "Not quite deleted" files – Ensure software wipes plaintext files n Viruses and Trojan Horses – Anti-viral software

Summary n Security for electronic information – “Armoured van” for communications – “Safety deposit box” for documents n Less convenient to work with than plaintext, but effective if proper safeguards are taken n Encryption for Lawyers n Question time