Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practice and Experience in the Application of Cryptography Bao Feng Cryptography and Security Department.

Similar presentations


Presentation on theme: "Practice and Experience in the Application of Cryptography Bao Feng Cryptography and Security Department."— Presentation transcript:

1 Practice and Experience in the Application of Cryptography Bao Feng Cryptography and Security Department

2 Applications of Crypto in Daily Life 1.Internet – wifi, SSL, VoIP, VPN 2.Handphone – A5/1, COM128, KASUMI 3.PayTV – conditional access control (CAS) 4.RFID, NFC – remote controller, card Symmetric key cryptosystems take the majority PKC only for Internet

3 Public Key Cryptosystems Digital signature Digital cash Fair exchange PIR E-voting and e-auction Searchable encryption Private matching Privacy-preserving data mining

4 Digital Signature The topic generating most research papers A revolution in the history of authentication Currently mainly applied as certificate Many proposed application scenarios, but not really applied. Accepted in legislation, but not accepted by ordinary people Become a subset of e-signature

5 Digital Cash Simulating physical cash Untracability Double-spending detecting Unsuccessful in business Critical vulnerability: not preventing double-spending

6 Fair Exchange Fair exchange without TTP, or with offline TTP. No research interest with TTP. TTP is needed in real world. In front of people without crypto knowledge, real-world TTP overwhelms dislog and factorization. Real world security has different model from crypto’s

7 Private Information Retrieval Similar to OT, but aiming at minimizing communication. Two types of PIR Cost in performance trade privacy Difficult to find business model No high demand from ordinary users, while for special users crypto may not be the only way

8 E-voting and E-auction Public key crypto protocols Challenge: fulfill numerous requirements, anonymity, authentication, verifiability, untracability, etc Too complicated to understand for layman E-voting will prevail, but may not be PKC

9 Searchable Encryption Both PKC and SKC Database outsourcing Server can search ciphertext Performance suffers a lot at server side What application? Sensitive data outsource?

10 Private Matching Problem definition Ideal situation Current solutions asymmetric Most solutions from database community and many earlier ones not secure

11 Summary of Downside Performance – business can’t tolerate scalability shrinking, e.g., credit card Business model – distributed model hard to manage commercially. Who runs the service Layman’s perception – perceived security more important for business Low-end security vs high-end security – a dilemma. National security excludes public research in some areas

12 Our Experience and Observations SKC demanded more than PKC (for business model, 1-to-n more than n-to-n) Key management (shortage of SKC shrinking with rapid growth of hardware, even for n-to-n) Standard vs non-standard Fulfill various requirements (lock builder) Practical solutions more demanded than the solutions of high research value, e.g., brute force Embedded in other applications Jump beyond cryptographer’s mindset

13 Promising Areas Smart energy grid Sensor network and RFID Cloud computing Content security (IPTV, pay-TV) Handphone security Ciphers for niche areas

14 Thank you! Q & A


Download ppt "Practice and Experience in the Application of Cryptography Bao Feng Cryptography and Security Department."

Similar presentations


Ads by Google