Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security By Design Scott A. Vanstone V.P. Cryptographic Research Research in Motion Distinguished Professor Emeritus University of Waterloo.

Published byJasmin Hardy Modified over 8 years ago

Similar presentations

Presentation on theme: "Security By Design Scott A. Vanstone V.P. Cryptographic Research Research in Motion Distinguished Professor Emeritus University of Waterloo."— Presentation transcript:

1

2 Security By Design Scott A. Vanstone V.P. Cryptographic Research Research in Motion Distinguished Professor Emeritus University of Waterloo

3 Security by Design When designing a new telecommunications system it is prudent to make security a fundamental part of the design process. Geneva, 6-7 December 2010 3 Addressing security challenges on a global scale

4 What is Cryptography? Cryptography is the study of mathematical techniques related to aspects of information security such as: – confidentiality – data integrity – entity authentication – data origin authentication Geneva, 6-7 December 2010 4 Addressing security challenges on a global scale

5 What is Cryptography (2) Cryptography plays a fundamental role in securing information based systems. Often cryptography (and security in general) is an afterthought and as such it is bolted on after the overall system has been completed. Geneva, 6-7 December 2010 5 Addressing security challenges on a global scale

6 Think of the Postal Analogue You put a letter in an envelope to maintain the integrity of the information in the letter and keep the letter from prying eyes (integrity and encryption). You put your address in the upper left corner of the envelope to authenticate the sender which is you (authentication). You sign the letter so that at a later date you cannot say you did not send it. 6 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

7 The Digital World We want to mimic all of these services but electronically. This has been done and done more securely and efficiently than postal mail. It is all due to the advent of something called “public-key cryptography”. Canada is and continues to be a leader in this field. 7 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

8 Symmetric-Key Cryptography Communicating parties a priori share secret information. 8 Addressing security challenges on a global scaleGeneva, 6-7 December 2010 secure channel Eve Alice Bob unsecured channel

9 Public-Key Cryptography Communicating parties a priori share authentic information. 9 Addressing security challenges on a global scaleGeneva, 6-7 December 2010 authentic channel Eve Alice Bob unsecured channel

10 Symmetric-Key vs Public-Key Symmetric-Key has been used for thousands of years. Public-Key is relatively new dating from 1976. Public-key cryptography is based on hard mathematical problems. 10 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

11 Why Symmetric-Key? Typically very fast for bulk encryption (confidentiality). The Advanced Encryption Standard (AES) is well accepted as a superior algorithm for symmetric-key. 11 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

12 Disadvantages of Symmetric Key Key management can be a serious problem. Non-repudiation (digital signature) is very difficult to realize. 12 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

13 Why Public-Key? One disadvantage of symmetric-key cryptography is key management. Public-Key provides an efficient method to distribute keys. Public-key offers a very efficient way to provide non-repudiation. This is one of the great strengths of public-key. 13 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

14 Disadvantages of Public-Key Public-key operations require intense mathematical calculations. They can be thousands of times slower to encrypt data than a well designed symmetric- key scheme. 14 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

15 Hybrid Schemes Use symmetric-key schemes to do bulk encryption. Use public-key techniques to pass keys so that key management is not a problem. 15 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

16 Digital Signatures One of the truly great technologies that public-key cryptography can provide. Handwritten signatures are fixed to the message but not an integral part of the message. Digital signatures combine the message and private information of the signer. 16 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

17 Why Elliptic Curve Cryptography (ECC)? Most security per bit of any known public-key scheme Ideally suited to constrained environments – Computationally efficient – Bandwidth efficient – Battery efficient Well studied Standardized in relevant influential international standards 17 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

18 Elliptic Curve: y2=x3+ax+b 18 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

19 Suite B PurposeAlgorithmUnclassifiedClassified EncryptionAES128 bit key256 bit key SignaturesECDSA256 bit curve384 bit curve Key ExchangeECDH or ECMQV256 bit curve384 bit curve HashingSHASHA-256SHA-384 19

20 Suite E for Embedded Systems PurposeAlgorithmUnclassified EncryptionAES128 bit key SignaturesECDSA283 bit curve Key ExchangeECDH or ECMQV283 bit curve HashingSHASHA-256 Geneva, 6-7 December 2010 20 Addressing security challenges on a global scale

21 Examples of Security by Design XM Radio Blackberry Geneva, 6-7 December 2010 21 Addressing security challenges on a global scale

22 XM Radio XM Radio delivers digital radio to most of North America. XM approached Certicom in the late 90s to design security into the system from the ground up. Geneva, 6-7 December 2010 22 Addressing security challenges on a global scale

23 BlackBerry RIM built security in from the beginning. Suite B was running on the device even before the NSA endorsement in 2003. Geneva, 6-7 December 2010 23 Addressing security challenges on a global scale

24 Conclusion There is good security available. The simple but often forgotten message is: – Design security into the system from the beginning. – Think the design through careful so that you meet your objectives. Geneva, 6-7 December 2010 24 Addressing security challenges on a global scale

Download ppt "Security By Design Scott A. Vanstone V.P. Cryptographic Research Research in Motion Distinguished Professor Emeritus University of Waterloo."

Similar presentations

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Chapter 11: Cryptography

Chapter 11: Cryptography
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.

Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google