Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996."— Presentation transcript:

1 Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996

2 Introduction n Encryption ensures security of computer- based information n Security includes privacy and authentication n Trade-off between security and convenience n If tools are used incorrectly, security may be lost

3 Agenda n Importance of encryption n Applications for encryption n Principles and protocols – Secret key versus public key encryption – PGP – Other encryption standards n Using encryption tools

4 Importance of encryption n Lawyers have a duty to keep clients’ information confidential n Email messages are more like postcards than sealed letters n Using encryption for all your email avoids drawing attention to confidential email n Cost-benefit analysis

5 Applications for encryption n Email n Secure electronic transactions – World Wide Web (Secure Sockets Layer) eg. Netscape and Internet Explorer v.2 – Proprietary systems eg. home banking, MSN n Office equipment – DES telephones, faxes, digital mobile phones n Confidential documents in the office

6 Encryption in the office n Built-in encryption gives poor security – $US185 package cracks encryption schemes of WordPerfect, Lotus 1-2-3, Symphony, Quattro Pro, Paradox, Excel and MS Word 2.0 n Lotus Notes – Secret key encryption for Notes documents n Key can be made distributable or non-distributable – Public key encryption for Notes mail n Microsoft Exchange fax encryption

7 Principles and protocols n Public key encryption n Secret key (symmetric, conventional, password, single key) encryption n USA export controls – Some encryption software unavailable here – International Netscape substantially less secure – Phil Zimmerman prosecution

8 What is public key encryption? SenderRecipient public key Distribute public key Encrypt with recipient’s public key/s public key Sign with private key Verify signature with sender’s public key Decrypt message with private key

9 Authentication without encryption n Create a hash (checksum) for the plaintext n Encrypt the hash with your private key n This “signature” can be authenticated only with your public key From alt.security.pgp: “I am a practicing attorney in Colorado with clients in other states and in Canada, and I use e- mail to communicate with many of them. Having a verified PGP signature on e-mail from me tells the clients that the message really comes from me and that any advice or instructions contained in the e-mail is advice or instructions that I want them to follow. Hopefully, they trust me enough to do so. :-)”

10 Public Keys -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQBtAzDmHn0AAAEDAMzvMfAQYj2AGd6dV/ctqtKj2grlDrWW8R9B2vSe8w2lZDqb r+/msS/UvSci79vxHmppkOvKVFhCdcI9yRcsFL5BNrJf5zLTKUVZVcUhIWQXF4Db //2HwEe/5gZYw9iQAQAFEbQxSmVyZW15IE0uIE1hbGNvbG0gPHRlcm1pbnVzQG9k eXNzZXkuYXBhbmEub3JnLmF1Pg== =liEN -----END PGP PUBLIC KEY BLOCK----- n Obtained through: – Email, finger, WWW – Key servers – Automatic for WWW browsers

11 PGP - Pretty Good Privacy n De facto Internet standard n Offers public key and secret key encryption n Not an email program n Variants – Freeware – Commercial: “Viacrypt” – Restricted export – International

12 Other encryption standards n PEM - Privacy Enhanced Mail – De jure standard (RFCs 1421-1424) – Easier to integrate into third party products – Relies on hierarchy of Certifying Authorities – RIPEM - Riordan’s Internet Privacy Enhanced Mail n Less widely used than PGP n Illegal to export outside USA – TIS/PEM - Trusted Information System PEM

13 DES ( Data Encryption Standard) – Conventional encryption (secret key only) – Fast – Available for office equipment – Built in to application software – No longer considered sufficiently secure n Triple DES Other encryption standards

14 Using encryption tools n Secret key encryption requires a secure channel n “Add-ins” – Microsoft Exchange PGP add-in – Eudora, Pegasus Mail add-ins available n Stand-alone products – Power PGP (freeware) – Numerous others available

15 Dangers and limitations n Compromised passphrase and secret key – Remember the passphrase – Keep the key on a floppy disk n Exposure on multi-user systems – Don’t keep your secret key on such a system n Obvious passwords n Physical security breaches – Don’t save or print out plaintext

16 Dangers and limitations n Public key tampering – Certification by PGP signature n Bogus timestamps – Timestamping service or PGP signature n "Not quite deleted" files – Ensure software wipes plaintext files n Viruses and Trojan Horses – Anti-viral software

17 Summary n Security for electronic information – “Armoured van” for communications – “Safety deposit box” for documents n Less convenient to work with than plaintext, but effective if proper safeguards are taken n Email Encryption for Lawyers http://www.tpgi.com.au/lawsoc/encrypt.htm n Question time

Download ppt "Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cryptography and Network Security

Cryptography and Network Security
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
PGP Overview 2004/11/30 Information-Center meeting peterkim.

PGP Overview 2004/11/30 Information-Center meeting peterkim.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Shouting from the Rooftops: Improving Email Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.

Shouting from the Rooftops: Improving Security Dr. Maury Pinsk FRCPC University of Alberta Division of Pediatric Nephrology.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.

Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Prepared by:Hussain Awad Supervised by: Dr. Lo’ai Tawalbeh

Prepared by:Hussain Awad Supervised by: Dr. Lo’ai Tawalbeh
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Similar presentations

Ads by Google