FORESEC Academy FORESEC Academy Security Essentials (IV)

Slides:



Advertisements
Similar presentations
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Advertisements

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Cryptography The science of writing in secret code.
Principles of Information Security, 2nd edition1 Cryptography.
Andy’s Basic Crypto Course (ABC) Part 1 - Introduction.
CS 555Topic 11 Cryptography CS 555 Topic 1: Overview of the Course & Introduction to Encryption.
FIT3105 Smart card based authentication and identity management Lecture 4.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Lecture 23 Symmetric Encryption
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
 8 groups of 2  5 rounds  Basic Definitions  Substitution Cryptosystems  Math  Tricky Questions  Comparing Cryptosystems  10 questions per round.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.
Cryptography CSPrinciples II February 12, Needs for Privacy What are some specific needs for privacy when using the internet?
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
CS110: Computers and the Internet Encryption and Certificates.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Image Representation Privacy/Cryptography CS 104 October 3, 2011.
Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.
CHAPTER 6 Cryptography. An Overview It is origin from the Greek word kruptos which means hidden. The objective is to hide information so that only the.
Agenda Definitions Why cryptography is important? Available technologies Benefits & problems.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Cryptography By, Anthony Lonigro & Valentine Mbah.
Review of basic cryptographically algorithm Asymmetric encoding (Private and Public Keys), Hash Function, Digital Signatures and Certification.
Network Security Section 1: Introduction to security.
CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1
Types of Electronic Infection
An Introduction to Cryptography. What is cryptography? noun \krip- ˈ tä-grə-fē\ : the process of writing or reading secret messages or codes “Encryption”:
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Facilities for Secure Communication The Internet is insecure The Internet is a shared collection of networks. Unfortunately, that makes it insecure An.
Lecture 2: Introduction to Cryptography
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Encryption CS110: Computer Science and the Internet.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
MM Clements Cryptography. Last Week Firewalls A firewall cannot protect against poor server, client or network configuration A firewall cannot.
From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, © Addison-Wesley 2012 Slides for Chapter 11: Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
INCS 741: Cryptography Overview and Basic Concepts.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Secret Key Cryptography
Cryptography – Test Review
Overview of Cryptography
CIT 380: Securing Computer Systems
Lecture 10: Network Security.
10/7/2019 Created by Omeed Mustafa 1 st Semester M.Sc (Computer Science department) Cyber-Security.
Presentation transcript:

FORESEC Academy FORESEC Academy Security Essentials (IV)

FORESEC Academy Secure Communications Agenda  Chapter 19 : Encryption 101  Chapter 20 : Encryption 102  Chapter 21 : Applying Cryptography  Chapter 22 : Steganography  Chapter 23 : Viruses and Malicious Code  Chapter 24 : Operations Security

FORESEC Academy FORESEC Academy Security Essentials (IV) Encryption 101

FORESEC Academy Course Objectives  Case Studies  The Challenge That We Face  Cryptosystem Fundamentals  Types of Cryptosystems  Real-world Implementations

FORESEC Academy What is Cryptography?  Cryptography means “hidden writing”  Encryption is coding a message in such a way that its meaning is concealed  Decryption is the process of transforming an encrypted message into its original form  Plaintext is a message in its original form  Ciphertext is a message in its encrypted form

FORESEC Academy Milestones in Cryptography AES: Advanced Encryption Standard (sponsored by NIST, 2002) …built upon the work of giants!

FORESEC Academy Crypto History  The history of Cryptography is long and interesting  In the next couple of slides we will discuss some of the highlights

FORESEC Academy Key Events  Jefferson Disk Cipher system  Japanese Purple Machine  German Enigma Machine  Vernam Cipher

FORESEC Academy Why do I Care about Crypto?  It is part of a defense-in-depth strategy.  It is a critical component and enabler of e-commerce / e-business.  The “bad guys” are using it.  Security professionals should keep abreast of cipher standards because they change and new weaknesses are found.

FORESEC Academy Crypto and E-Commerce Customers need to be sure that:  They are communicating with the correct server.  What they send is delivered unmodified.  They can prove that they sent the message.  Only the intended receiver can read the message.  Message delivery is guaranteed. Vendors need to be sure that: They are communicating with the right client. The content of the received message is correct. The identity of the author is unmistakable. Only the purported author could have written the message. They acknowledge receipt of the message.

FORESEC Academy Security by Obscurity is no Security!  Case-in-point: DVD “encryption”  Proprietary algorithms are high-risk.  “Tamper-proof” hardware can be defeated with sufficient effort.  Technical solutions usually do not satisfactorily address legal issues.

FORESEC Academy Beware of Overconfidence  Case-In-Point: Large key lengths  Simply using popular cryptographic algorithms, with large key lengths, does not make your system secure.  What's the weakest link?  Cryptanalytic compromises usually originate from totally unexpected places.

FORESEC Academy Simplicity is a “Good Thing”  Case-in-point: E-commerce /E-business  Morphing your business into an online business can be a complex undertaking.  Taking shortcuts in **any** aspect of the development of your e-commerce systems can introduce weak links.  Security is a “process”...not a product.

FORESEC Academy Credit Cards Over the Internet  Case-in-point: How many people will use their credit card to buy merchandise on the Internet? How many people will pay for a meal with a credit card?  Which is riskier? - Perception vs. reality  Real risk is back-end database that possibly stores credit cards unencrypted.  Understanding the threat is key.

FORESEC Academy The Challenge that We Face

FORESEC Academy The User’s Perspective...

FORESEC Academy Goals of Cryptography  “Alice” and “Bob” need a cryptosystem which can provide them with :  “ Cryptography is about communications in the presence of adversaries” (Rivest, 1990 )

FORESEC Academy Digital Substitution ( Encryption )

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.