Presentation is loading. Please wait.

Presentation is loading. Please wait.

February 3, 2016 1 February 2016 Securing networking traffic and authentication to cope with current and future cyber attacks.

Published byBasil Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "February 3, 2016 1 February 2016 Securing networking traffic and authentication to cope with current and future cyber attacks."— Presentation transcript:

1 February 3, 2016 1 February 2016 Securing networking traffic and authentication to cope with current and future cyber attacks

2 February 3, 2016 2

3 3 Bruce Schneier “The NSA has some mathematical breakthrough that affects one or more public- key algorithms." "There are a lot of mathematical tricks involved in public-key cryptanalysis, and absolutely no theory that provides any limits on how powerful those tricks can be.“ 3

4 February 3, 2016 4 Alex Stamos (CSO Facebook) “RSA and classic Diffie-Hellman encryption schemes, which are used to protect banking, ecommerce, email and even OS updates, will not be usable in four to five years. Breaking these two methods would be a total failure of trust on the Internet". 2013… 4

5 February 3, 2016 5 Network Communication is at High Risk Your Sensitive Data Site to Site / Site to Cloud Workforce Customers Who’s the recipient? Where did it pass? Who has seen it? Who has recorded it? Who has changed it? Who’s the recipient? Where did it pass? Who has seen it? Who has recorded it? Who has changed it? Internet of Things

6 February 3, 2016 6

7 7 Key/Protocol Attacks LogJam FREAK POODLE Heartbleed BEAST CRIME TIME BREACH PKI/CA Exploits Comodo StartSSL DigiNotar Gemnet Microsoft CA RSA Superfish eDellRoot Vulnerabilities Man in the middle Phishing Eavesdropping Key theft / loss Brute force Key length arms race

8 February 3, 2016 8 VPN Vulnerabilities VPN security is only as strong as the methods used to encrypt the traffic. Encryption methods based on static passwords for authentication are subject to – password ``cracking'' attacks – Eavesdropping – Social engineering attacks. Malicious applications that uses Man-in-the- middle (MitM) attacks, can bypass VPN configurations 8

9 February 3, 2016 9 Motivation The Agencies are hacking into tech company servers to steal encryption keys. The agencies used their influence to covertly introduce weaknesses into the encryption standards (key length) followed by hardware and software developers around the world. 9

10 February 3, 2016 10 One Time Pad Ultimate Security Virtual Private Network in which all the information that pass across the VPN is information theoretic secured. 10

11 February 3, 2016 11 One Time Pad Ultimate Security Virtual Private Network in which all the information that pass across the VPN is information theoretic secured. 11

12 February 3, 2016 12 Shamir's Secret Sharing A method for distributing a secret among a group of n participants Each participant is allocated a share of the secret.  Any group of k or more participants can together reconstruct the secret but no group of less than k players can.  individual shares are of no use on their own.

13 February 3, 2016 13 “Secret Sharing Scheme” – beyond Key-Based Encryption “Secret sharing schemes… are information-theoretically secure…” “With an information-theoretically secure cryptosystem… the adversary simply does not have enough information to break the encryption, so these cryptosystems are considered cryptanalytically unbreakable.” Source: https://en.wikipedia.org/wiki/Information-theoretic_security

14 February 3, 2016 14 Our Technology Relies on “Secret Sharing Scheme”* “Distribute Secret into N useless shares so that any K shares can reconstruct it” * Invented independently by Adi Shamir and George Blakley in 1979 (not to be confused with “Shared Secret”) Secret = 7539 n=4, k=2

15 February 3, 2016 15 Example: Secret Sharing in Action Secret = 3 ; N = 4 ; K = 2 Generate random linear function where f(0) = Secret [ i.e., f(x)=Ax+3 ] Generate 4 random points on the formula Exposing a single point  infinite line possibilities Any two points together expose the secret Any single point is useless to an eavesdropper © 2015 Super Double Octopus | All Rights Reserved Slide 15 - Company Confidential P1 P3 P4 P2

16 February 3, 2016 16 Privacy with Secret Sharing The dealer: the source. The secret: the data to be sent. The participants: the different paths to the destination.

17 February 3, 2016 17 Secret Sharing for Private Channel The shares should be routed such that no router sees k or more shares. Only the destination that gets all the shares, can decrypt the data When n > k, we allow n-k shares to get lost, due to congestion or even by malicious routers.

18 February 3, 2016 18 Controlling the Routes Option 1: servers on clouds Amazon Microsoft DO Server 1 D S DO Server 2 Hot Bezeq

19 February 3, 2016 19 Controlling the Routes Option 2: Double Octopus Servers Amazon Microsoft DO Server 1 D S DO Server 2 Hot Bezeq

20 February 3, 2016 20 Amazon Controlling the Routes Option 3: Different Infrastructures Microsoft DO Server 1 D S DO Server 2 Hot Bezeq

21 February 3, 2016 21 Amazon Controlling the Routes Hybrid Microsoft DO Server 1 D S DO Server 2 Hot Bezeq

22 February 3, 2016 22 VPN Alternative: Illustration (n=6, k=4) Cloud 1 Cloud 2 Secret Sharing Data n shares S D SC1 SC2 C1D C2D

23 February 3, 2016 23 Controlling the Path: Illustration (n=6, k=4) Cloud Secret Sharing Data n shares S in Israel D in China Iran The shortest Path We don’t want to send any readable data through Iran.

24 February 3, 2016 24 Gaining Higher Priority : Illustration (n=6, k=4) Cloud 1 Cloud 2 Secret Sharing Data n shares S D SC1 SC2 C1D C2D We want better service IsrEur USA

25 February 3, 2016 25 Loss Recovery : Illustration (n=6, k=4) Cloud 1 Cloud 2 Secret Sharing Data n shares S D Use erasure codes to construct data

26 February 3, 2016 26 Corruption Recovery : Illustration (n=6, k=4) Cloud 1 Cloud 2 Secret Sharing Data n shares S D If t is the number of corrupted shares, We need 2t redundancy.

27 February 3, 2016 27 Identification with Secret Sharing Assumption: there is a public knowledge of the hosts/users data(s.a.: IP, phone#, etc.) We will have 3-way handshake: 1.Client sends id with some info to the server via secret sharing with multiple channels, e.g. phone network and IP network. 2.Server gets the data, gets the public information of the specific user (by id) and sends him an ack packet with its own id and data, again with multiple channel to the destination info that is publicly published. 3.Client use again public information to verify the server and send the last ack via multiple channels.

28 February 3, 2016 28 Identification and Verification Step 1: Secret Sharing Host Data n shares S D

29 February 3, 2016 29 Identification and Verification Step 2: S D 1.Reconstruct Client Info 2.Get Client info from Public Data 3.Verify and sends ack with own data Client info

30 February 3, 2016 30 Identification and Verification Step 3: S D 1.Client reconstruct Info 2.Get Server info from Public Data 3.Verify Server Data Server info

31 February 3, 2016 31 Site Cloud Workforc e Customer s IoT Current network security struggling to scale

32 February 3, 2016 32 A New Category of Highly Secure Networking Info-Theoretical Secure Key-less Key overhead Computational Secure Firewall VPN Key Management Quantum Key Distribution Key Splitting

33 February 3, 2016 33 Summary Next generation network security for Enterprise, Mobile & IoT No Keys, CA, Provisioning or dependency on 3 rd party Resistance to MITM, eavesdropping, phishing and brute force Compatible with any existing network infrastructure

34 February 3, 2016 34 Thank You!

35 February 3, 2016 35 February 3, 2016

36 36

Download ppt "February 3, 2016 1 February 2016 Securing networking traffic and authentication to cope with current and future cyber attacks."

Similar presentations

Secure Mobile IP Communication

Secure Mobile IP Communication
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.

Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.

A PASS Scheme in Clouding Computing - Protecting Data Privacy by Authentication and Secret Sharing Jyh-haw Yeh Dept. of Computer Science Boise State University.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Chapter 18: Network Security Business Data Communications, 5e.

Chapter 18: Network Security Business Data Communications, 5e.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Cryptographic Technologies

Cryptographic Technologies
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Similar presentations

Ads by Google