Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practices in Security Bruhadeshwar Bezawada. Algorithms, Key Sizes and Strengths.

Published byKerrie Miles Modified over 9 years ago

Similar presentations

Presentation on theme: "Practices in Security Bruhadeshwar Bezawada. Algorithms, Key Sizes and Strengths."— Presentation transcript:

1 Practices in Security Bruhadeshwar Bezawada

2 Algorithms, Key Sizes and Strengths

3 Design Choices Strength of the key established is equal to the weakest algorithm Strength of the key established is equal to the weakest algorithm 160-bit ECC is used to establish 128-bit AES, security is only 80 bits 160-bit ECC is used to establish 128-bit AES, security is only 80 bits 1024-bit RSA is used to establish 128-bit AES, security is only 80 bits 1024-bit RSA is used to establish 128-bit AES, security is only 80 bits For 128-bit security For 128-bit security Use AES for confidentiality Use AES for confidentiality Use SHA-256 or higher for integrity and authentication Use SHA-256 or higher for integrity and authentication

4 Key Compromise Can mean anything Can mean anything An unauthorized entity has gained access to the key and is able use it for personal gains An unauthorized entity has gained access to the key and is able use it for personal gains Key is incorrect or modified or substituted Key is incorrect or modified or substituted Incorrectly used for a different purpose Incorrectly used for a different purpose Authentication of sender fails Authentication of sender fails

5 Protective Measure Against Key Compromise Limit the amount of time key is in plain-text format Limit the amount of time key is in plain-text format Prevent human access of plain-text keys Prevent human access of plain-text keys Restrict keys to physical storage and restricted devices Restrict keys to physical storage and restricted devices Protect integrity of keys with other keys Protect integrity of keys with other keys Keep a log of key usage with central time stamp to keep track of usage Keep a log of key usage with central time stamp to keep track of usage Destroy keys as soon as they are no longer needed Destroy keys as soon as they are no longer needed

6 Compromise Recovery Plan Identity of personnel to notify Identity of personnel to notify Identity of personnel who initiates recovery actions Identity of personnel who initiates recovery actions Re-key method (automatic, manual, centralized, distributed, collaborative) Re-key method (automatic, manual, centralized, distributed, collaborative)

7 Factors to be Considered For Design of New System Sensitivity of information and system lifetime Sensitivity of information and system lifetime Keep in mind future computational developments, don’t underestimate level of protection Keep in mind future computational developments, don’t underestimate level of protection Appropriate algorithm selection keeping in mind feasibility and future needs Appropriate algorithm selection keeping in mind feasibility and future needs System design with performance and security as goals System design with performance and security as goals Pre-implementation evaluation Pre-implementation evaluation Do not use latest developments without appropriate evaluation and standardization Do not use latest developments without appropriate evaluation and standardization Testing Testing Training Training System implementation and transition System implementation and transition Post-implementation evaluation Post-implementation evaluation

8 Protection Requirements

9

10 Key Life Cycle

11 Key Management Phases

12 Key Management States and Phases

13 Key Management Phases Pre-operational Phase Pre-operational Phase User registration function User registration function System initialization System initialization User initialization User initialization

Download ppt "Practices in Security Bruhadeshwar Bezawada. Algorithms, Key Sizes and Strengths."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
KMIP 1.3 SP800-130 Issues Joseph Brand / Chuck White / Tim Hudson December 12th, 2013 1.

KMIP 1.3 SP Issues Joseph Brand / Chuck White / Tim Hudson December 12th,
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.

1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.

Database Integrity, Security and Recovery Database integrity Database integrity Database security Database security Database recovery Database recovery.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,

Cryptography and Network Security Chapter 1. Chapter 1 – Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming,
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter 9 9-1.

Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Key Management in Cryptography

Key Management in Cryptography
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Similar presentations

Ads by Google