1 IT Security Trends Walter Fumy Siemens AG ICN EN TNA München Abstract This paper examines recent trends in the area of information security. It presents attacks and vulnerabilities of IT systems and networks, addresses the IT security market, and discusses the IT security hype cycle. Concerning technology trends, the paper focuses on two specific fields: cryptography, which is the basis for a large variety of security services, and user authentication, including biometric and token authentication. 1 Introduction Absolutely secure information technology (IT) products or systems do not exist. IT security basically is an appropriate risk management strategy which identifies, controls, eliminates or minimizes uncertain events that may adversely affect IT system resources and information assets. In practice, levels of information technology security are first established through an understanding of the essential security requirements of consumers and business users. These requirements range from best practice guidelines on how to conduct a security risk assessment and evaluation of IT systems and products to the employment of specific cryptographic techniques and mechanisms. Appropriate levels of security are then achieved by implementing a suitable set of information management policies together with adequate sophisticated assurance methods and cryptographic technologies. 1.1 Attacks and Vulnerabilities Attacks against IT systems and networks are catching the headlines. The exact vulnerabilities exploited for actual attacks change from one year to the next, as old weaknesses get fixed and new software releases new ones. Typical vulnerabilities include stack overflows and other software bugs, and weak authentication procedures and access controls. Attacks are typically tool-based, and attack tools become more and more sophisticated. Three important trends are the anti-forensic nature, the dynamic behavior, and the modularity of these tools. Also, the level of automation in attack tools continues to increase. The CERT Coordination Center (www.cert.org) is a major reporting center for Internet security incidents and vulnerabilities. CERT statistics show that electronic crime has risen dramatically. In 1990, only 252 cyber-crime incidents have been reported, in 2000 there were incidents, and in the first quarter of 2002 alone, there were incidents (cf. table 1). Also, the number of newly discovered vulnerabilities reported to CERT continues to more than double each year, and new classes of vulnerabilities are discovered
2 14 Walter Fumy each year. This makes it very difficult for administrators to keep up to date with security patches. Year Q1/02 Incidents Vulnerabilities Table 1: : CERT Statistics Another important source of information on attacks and vulnerabilities is the Computer Crime and Security Survey, conducted each year in the United States by the Computer Security Institute (CSI) and the FBI. The findings of the latest report [CS02] confirm that the threat from IT security breaches continues to increase and that incidents are widespread and costly. Highlights from the 2002 CSI/FBI Computer Crime and Security Survey [CS02] include 90% of the organizations surveyed detected security breaches within the last 12 months; 80% acknowledged monetary losses due to security breaches and reported losses rose by 72% compared to 2000; 74% cited their Internet connection as a frequent point of attack (compared to 59% in 2000); 33% cited their internal systems as a frequent point of attack (compared to 38% in 2000); 78% detected employee abuse of Internet access; 85% detected malicious code (e.g., computer viruses). While internal fraud still accounts for higher losses, there has been a significant rise in losses from external attacks. Reported average losses from viruses alone were $283 million in 2002, up from just $45 million in IT security technologies such as firewalls, anti-virus software, intrusion detection systems, strong authentication techniques, or virtual private networks help to significantly reduce vulnerabilities, however, they alone cannot thwart attacks. The security that can be achieved through technical means needs to be supported by appropriate management and procedures. Issues to be addressed include security policies and plans, a good understanding of the security requirements, risk assessment and risk management, training and education, auditing and monitoring, and support and commitment from management. Information security requires the full organizational commitment of resources technological, financial, and human.
3 IT Security Trends IT Security Market IT security technologies are widely used. For example, 90% of the organizations surveyed in [CS02] use anti-virus software, 89% have firewalls, 60% use intrusion detection systems, 38% have deployed digital IDs, and 10% use biometric authentication. Market analysts predict that the market for IT security technology and services will continue to grow at a substantial rate. E.g., key findings of the research conducted for Datamonitor s report Global network security markets to 2005 are [Da01]: the global market for network security products will rise at a CAGR 1 of 30% from $5.8bn in 2000 to $21.2bn in 2005; the market for security services to back up the purchase of such products will grow at a CAGR of 26% from $4.7bn in 2000 to $15.1bn in 2005; the fastest growing sub-markets in the area of network security are content security, Virtual Private Networks (VPNs), and Public-Key Infrastructure (PKI), growing at a CAGR of 66%, 59%, and 46% respectively; the traditional sales message of fear and uncertainty will be replaced by positioning IT security products and services as business enablers. 1.3 IT Security and the Technology Hype Cycle Technologies, no matter how different they are, in general exhibit a certain pattern with respect to visibility (or hype) and time a period of strong enthusiasm ( peak of inflated expectations ) typically is followed by a phase of disillusionment, and gradual improvement of the technology ( slope of enlightenment ) finally may lead to its maturity and a plateau of productivity. This general pattern is called the technology hype cycle and has proven to be a very useful tool for technology assessment. Figure 1 shows an example for an IT security hype cycle [WP01]. Quantum Cryptography and the Advanced Encryption Standard (AES) represent two new security technologies entering the cycle (both technologies will be discussed in section 2), while Single Sign-On (SSO) and Public-Key Infrastructure (PKI) are stuck in the trough of disillusionment and are labeled as unlikely to emerge from this stage quickly. Key technologies riding the wave of analyst and media enthusiasm include Biometrics (discussed in section 3), XML Security, and Managed Security Services. While the Data Encryption Standard (DES) is about to leave the plateau of productivity (cf. section 2.1), Virtual Private Networks (VPNs) are reaching the plateau. A VPN emulates a private network using public networks and can provide permanent interconnection of multiple sites or dynamic dial-in capability. VPNs offer clear cost savings over alternatives such as leased lines and complete industries, such as the automotive industry, have moved to VPNs as the basis of their extranets. 1 CAGR = compound annual growth rate.
4 16 Walter Fumy Visibility XML Security Managed Security Services Biometrics Kerberos SSL DES AES IDS VPN Quantum Cryptography Technology Trigger Peak of Inflated Expectations SSO PKI Trough of Disillusionment Slope of Enlightenment will reach plateau in < 2 years 2 to 5 years 5 to 10 years > 10 years never Plateau of Productivity Source: Gartner 2001 Maturity Figure 1: IT Security Hype Cycle 2 Cryptography Cryptographic mechanisms are one of the most important tools to provide security services for IT applications, communication protocols, and infrastructures. Cryptographic techniques enable a large number of security features including data confidentiality, data integrity, entity authentication, and non-repudiation. The effectiveness of cryptographic protection depends on a variety of issues such as cryptographic key size, mechanism and protocol design, implementation aspects, and password management. All of these issues are equally important: if the key size is too small, or if a mechanism is badly designed or incorrectly implemented, or if a password is poorly protected, then the security of a IT system is at risk. Traditionally, mechanism design and the choice of key sizes get the most attention, however, the majority of successful attacks are not due to inadequate mechanism strengths or key sizes, but to other deficiencies. In the area of cryptography, many alternative techniques have been proposed, each presenting its own advantages, such as performance, code size, key size, patent coverage, and standardization. Public-key cryptography, in particular, has shown itself to be an extremely valuable tool for the design and implementation of scaleable secure systems. Due to the substantial computational overhead associated with public-key algorithms, security architectures typically utilize symmetric cryptographic mechanisms for bulk encryption and integrity protection, and public-key techniques for key establishment, digital signatures, and non-repudiation services. Today, cryptography is a well established technology; many specific algorithms and techniques have been (or are being) standardized. Major trends include increasing block and key sizes for symmetric ciphers (e.g., from DES to AES, cf. section 2.1),
5 IT Security Trends 17 increasing sizes of hash codes (e.g., from SHA-1 [IS98] to SHA-256, SHA-384, SHA- 512 [NI01a]), improvements in integer factorization and parallel processing, such that the future may demand unpleasantly large moduli for schemes like RSA or DSA (thus from RSA to elliptic curve based schemes, cf. section 2.2), and randomized digital signatures, and signature schemes allowing for message recovery [IS00] [IS02b]. The following sections discuss selected aspects in the area symmetric ciphers, digital signature algorithms, equivalent algorithm strengths, and applications of quantum computers to cryptography. 2.1 Symmetric Ciphers The Data Encryption Standard (DES), initially issued as Federal Information Processing Standard (FIPS) in 1977 [NI77], has been a worldwide standard for more than 20 years. The standard was most recently reaffirmed by NIST in 1993, until December DES is a block cipher algorithm that converts plaintext blocks of 64 bits into ciphertext blocks and vice versa using a 56-bit key, which means there are 2 56 or approximately 7.2 x possible DES keys. Despite many years of research, no method has been published that breaks a DES encrypted message substantially faster than exhaustive key search, i.e., by systematically trying all different keys. Forasymmetric cipher, exhaustive key search is purely exponential in the size of the key; its time complexity can be expressed as T (k) =2 k 1 where k denotes the bit-size of the cipher s key. Note that increasing k by 1 doubles the cost of attack. The expected number of trials needed to recover a DES key therefore is Ever since DES was first published, it has been criticized for its short key size. Today it is widely agreed that 56-bit keys offer only marginal protection against a committed adversary. Several studies have been performed showing that it is feasible to build a specialized machine that could crack DES-keys by exhaustive search in relatively short time. In 1999, a worldwide computing team utilized a network of nearly PCs on the Internet and a specially designed supercomputer, the Electronic Frontier Foundation s (EFF) Deep Crack, to win RSA Data Security s third DES Challenge. The project analyzed a DES-encrypted message in 22 hours and 15 minutes (cf. table 2). Over the past 20 years, researchers have proposed a number of potential replacements for DES. E.g., the financial services industry has developed a standard for triple-des encryption [AN98a]. In triple-des, each message block is encrypted with three successive DES operations rather than one, a construction which involves two or three different keys. In typical applications, triple-des offers an effective key size of 112 bits (cf. table 3). Since 1997, NIST has been working with industry and the cryptographic community to develop a long-term successor for the DES. The outcome of this process is the Advanced
6 18 Walter Fumy Encryption Standard (AES), published by NIST in 2001 as FIPS 197 [NI01b]. The AES specifies the Rijndael algorithm [DR00], a symmetric block cipher that can process data blocks of 128 bits, using keys with lengths of 128, 192, or 256 bits, and referred to as AES-128, AES-192, and AES-256, respectively. Rijndael originally was designed to handle additional block sizes and key lengths, however they have not been adopted in the AES standard. In decimal terms, the AES key sizes result in possible 128-bit keys, possible 192-bit keys, and possible 256-bit keys. Thus, there are more than times more AES-128 keys than DES keys. Assuming that one could build a machine that could recover a DES key in a second (i.e., try 2 55 keys per second), then it would take that machine approximately 149 trillion years to crack a 128-bit AES key Digital Signature Algorithms Digital signature algorithms are based on public-key cryptography and are mainly used to provide entity authentication, data integrity and non-repudiation. Digital signatures typically are employed in conjunction with hash functions and may be computed on data of arbitrary length. Today, three families of public-key cryptosystems are established in the marketplace: Integer Factorization (IF) systems are based on the computational difficulty to factor large integers. Prominent examples for IF systems include the RSA digital signature scheme [RSA78], and the Rabin-Williams scheme. Discrete Logarithm (DL) systems are based on the computational difficulty to solve the discrete logarithm problem over a finite field GF(p) or GF(2m) [El85]. Examples include NIST s Digital Signature Algorithm (DSA) [NI00], and Nyberg-Rueppel signatures [NR93]. Elliptic Curve (EC) systems are based on the computational difficulty to solve the discrete logarithm problem over an elliptic curve. EC primitives are analogous to DL primitives; examples include the EC-DSA scheme and the EC-NR scheme [IS02a]. The primary advantage of elliptic curve cryptosystems is their cryptographic strength relative to the required parameter size, i.e., elliptic curves offer more security per bit (cf. table 3). The fastest known general-purpose algorithm for either factoring large integers or for solving the ordinary DL problem for large prime fields is the so-called Number Field Sieve (NFS), invented in 1988 by John Pollard. The original version of NFS could only be used to factor numbers of a special form and therefore is referred to as Special Number Field Sieve (SNFS). The generalized version called General Number Field Sieve (GNFS or just NFS) can handle numbers of arbitrary form. Its run time depends only on the size of the number being factored, or the size of the underlying field for the discrete logarithm problem. On heuristic grounds, NFS can be expected to require computing time proportional to 2 The universe is believed to be less than 20 billion years old.
7 IT Security Trends 19 L[n] = e ( o(1)) ln(n)1/3 ln(ln(n)) 2/3 to factor an RSA modulus n, where the o(1) term goes to zero as n goes to infinity. The amount of time it takes to factor a k-bit number is asymptotically the same as the time it takes to solve a discrete logarithm problem over a field of size k bits. However, in practice solving DL problems has been more difficult than factoring numbers of equivalent size. The largest published factorization using the NFS is that of the 512-bit number RSA155 which is an RSA modulus of 155 decimal digits, in August This factoring effort took less than 10 4 MIPS years and corresponds to about operations (cf. table 2). Note that the effort needed to factor a 1024-bit RSA modulus requires about 7 million times this effort. Daniel Bernstein recently observed that the total cost of breaking an RSA key (i.e. the product of the amount of hardware needed and the running time) might not be as great as previously thought, at least for very large key sizes [Be01]. In particular, Bernstein suggests methods for reducing the amount of memory required to break very large RSA keys. Basically these methods are clever implementation techniques for the NFS, however, the basic number of operations required by the NFS is not reduced [Le02]. The best known attack against an Elliptic Curve system is based upon a collision attack and the birthday paradox. One expects that after computing approximately sqrt(order of the curve) points, that one can find two points that are equivalent under an algebraic relationship. From this collision, the key then can be constructed. Thus, this attack is purely exponential in the key size. Its time complexity is T (k) = π 2 2 k 2 where k is the bit size of the order of the base point. Note that increasing k by 2 doubles the cost of attack. The largest published solution for an EC challenge is that of a 108-bit system, in April The amount of work required to solve this challenge was about 50 times the effort required to solve the 512-bit RSA cryptosystem. Solving a 160-bit Elliptic Curve challenge is estimated to require more than 60 million times the work spend to solve the 108-bit challenge. Table 2 summarizes the state of the art concerning successful published attacks on the DES, on the RSA scheme, and on Elliptic Curve cryptosystems. 2.3 Equivalent Algorithm Strengths Cryptographic algorithms provide different levels of security, depending on the algorithm and the key size used. In this paper, two algorithms are considered to be of equivalent strength for the given key sizes if the amount of time needed to break the algorithms is the same. 3 3 Note that other metrics for algorithm equivalence exist.
8 20 Walter Fumy Challenge Year Effort (time) Effort (machines) ECC k MIPS years (4 months) ECC k MIPS years 740 RSA k MIPS years 300 (5 months) DES k MIPS years (22 hours) Table 2: Demonstrated Attacks State of the Art Table 3 summarizes equivalence guidelines for symmetric ciphers, hash functions, and digital signature algorithms. The reader should be aware that the equivalent algorithm strengths stated in table 3 are based on assessments made as of today and may need revision due to future developments. To estimate how the computing power available to attackers may change over time, typically Moore s law is used. Moore s law states that the density of components per integrated circuit doubles every 18 months, which is interpreted that the computing power per chip doubles every 18 months. 4 Symmetric Cipher Hash Function RSA Scheme Elliptic Curve (DES) (SKIPJACK) (RIPEMD-160) (Triple-DES) (AES-128) (SHA-256) (AES-192) (SHA-384) (AES-256) (SHA-512) Table 3: Commensurate Security Levels Based on Moore s law and the steady growth of the Internet, it is safe to assume that the computing power available for attacks doubles every 12 months, which can be interpreted as a steady loss of cryptographic strength. Under this assumption, the following conclusions hold: Symmetric ciphers lose 1 bit of security per year; 4 There is some skepticism as to whether this law will hold much longer because new technologies will eventually have to be developed to keep up with it.
9 IT Security Trends 21 Hash functions and Elliptic Curve based schemes lose 2 bits of security per year; and RSA schemes lose about 20 to 30 bits of security per year. In addition, unanticipated advances in breaking algorithms may occur. 2.4 Quantum Cryptanalysis and Quantum Cryptography Quantum computing is a relatively new field that has developed with the increased understanding of quantum mechanics. It promises computing devices that are exponentially faster than conventional computers, at least for certain problems. The story of quantum computing started in the 1980 s with the publication of a theoretical paper that first described a universal quantum computer [De85]. In a classical computer, a bit has a discrete range and can represent either a zero or a one consequently a register composed of L physical bits can be in one out of 2 L possible states. In a quantum computer, a quantum register composed of L quantum bits (or qubits) can store in a given moment of time all 2 L numbers in a quantum superposition, i.e. at once. Because of superposition, a quantum computer can in one computational step perform the same operation on 2 L different numbers encoded in L qubits. In order to accomplish the same task, a classical computer has to repeat the same computation 2 L times or has to employ 2 L processors working in parallel. Therefore, quantum computers promise to offer an enormous gain in the use of the computational resources time and memory. Several of the unique features of quantum computers have applications to cryptography. In 1994, Peter Shor published a quantum algorithm that, in principle, can very efficiently factor large integers or compute discrete logarithms [Sh94]. Shor s algorithm runs in polynomial-time. Another quantum algorithm published by Lov Grover achieves searching an unsorted list of N items in only about sqrt(n) steps [Gr96]. An important application of this algorithm is the cryptanalysis of symmetric ciphers, such as the DES or the AES. Grover s algorithm can be used for speeding up exhaustive key search however, its running time is still exponential. How a quantum computer could be built is known in principle. However, as the number of quantum logic gates in a network increases, one quickly runs into serious practical problems. One main reason is a phenomenon called quantum decoherence, which is due to the influence of the outside environment on a quantum computer. Therefore, the development of practical quantum computers still remains an open question. In the event that a sufficiently large quantum computer can be built, public-key cryptography may have to be abandoned, and for symmetric cryptosystems key sizes may have to be doubled. On the other hand, quantum mechanics can be utilized for the establishment of shared secrets over an insecure channel. This technology is referred to as quantum cryptography [Be92] [Br93]. Photons have a polarization, which can be measured in any basis consisting of two orthogonal directions. If a photon s polarization is read twice in the same basis, the polarization will be read correctly and will remain unchanged. If it is read in two different bases, in the second basis a random result will be obtained and the polarization will be
10 22 Walter Fumy changed randomly. Based on this observation, several quantum key establishment protocols have been designed. These protocols enjoy the property that their security is based on the fundamental laws of quantum mechanics, rather than on computational assumptions. 3 User Authentication Authentication assures one party of the identity of a second party and that the second party was involved at the time the evidence was created. Several alternative authentication techniques have been proposed, which require different capabilities of the entity being authenticated. For authentication mechanisms based on cryptographic techniques, these include the ability to store a cryptographic key and the ability to perform cryptographic operations with acceptable speed and accuracy. Unfortunately, human beings have neither of these two capabilities. For user authentication there are three basic techniques: Something you know (e.g., password, PIN); Something you have (e.g., physical key, smart card, USB token); and Something you are (e.g., fingerprint, voice characteristics). For reasons of cost, most systems authenticate their users based on user IDs and passwords. However, user IDs and passwords are cumbersome most people find passwords hard to remember 5, and managing passwords has turned out to be a serious challenge. Also, as people get accounts on more and more systems and for more and more applications, they reuse passwords in ways that may expose vulnerabilities. 3.1 Biometric Authentication The term biometrics applies to a wide range of techniques that employ the physical or behavioral characteristics of human beings as a means of authentication ( something you are ). A large variety of biometric techniques have been proposed for use with IT systems. These include fingerprint readers, iris scanners, retina scanners, face imaging devices, hand geometry readers, keystroke analysis, and voice recognition. Advantages of biometric authentication include that biometric characteristics are almost impossible to lose or forget, and that biometric authentication eliminates the management of forgotten and expiring passwords. Usage of biometric authentication techniques is often recommended in conjunction with other user authentication methods, rather than as a single, exclusive method. Since no two biometric templates are exactly alike, verifying a template is not a simple yes/no outcome. Thus, biometric systems can decide incorrectly. The trial template might be matched incorrectly against another person s reference template, or the trial template might not be matched even though the user is enrolled. The accuracy of biometric authentication is measured by the false acceptance rate (FAR) and the false rejection rate (FRR). 5 According to several studies, forgotten passwords account for 25-50% of all calls to IT help desks.
11 IT Security Trends 23 The lower the FAR, the better is the security. The lower the FRR, the easier the system is to use (see figure 2). In the following, three attractive biometric authentication technologies are discussed in more detail: finger-scan, iris-scan, and voice-scan. Finger-scan technology is the most prominent biometric authentication technology today. Applications include physical access, computer and network access, and public services. Finger-scan is considered a relatively accurate biometric authentication technology, however, more accurate technologies exist (cf. figure 3). Its acceptance rate among users is very high, although the technology still bears a slight stigma from the use of fingerprinting for criminal investigations. The human fingerprint is comprised of various types of ridge patterns. The discontinuities that interrupt the flow of ridges are called minutiae and form the basis for most finger-scan authentication solutions. Many types of minutiae exist, including ridge endings, bifurcations (points at which a ridge divides), dots (very small ridges), islands (ridges between two temporarily divergent ridges), and ponds (empty spaces between two temporarily divergent ridges). Error Rate % FRR biometric feature rejected biometric feature accepted FAR EER false acceptance false rejections Matching Threshold Equal Error Rate Figure 2: Accuracy of Biometric Authentication Finger-scan biometrics does not store full finger images but only particular data about the fingerprint in a template typically requiring about 500 bytes. Therefore, the fingerprint itself cannot be reconstructed from the finger-scan template. The technologies in use today to capture the fingerprint image are optical, silicon, and ultrasound. Optical technology is the most widely used. The finger is placed on a platen and typically a charged coupled device (CCD) converts the image of the fingerprint into a digital signal. Silicon technology was introduced in the late 1990 s and is mostly based on DC capacitance. The silicon sensor acts as one plate of a capacitor, the finger as the other
12 24 Walter Fumy one. The capacitance distribution between the platen and the finger is then converted into a digital image. Silicon sensors are small enough to be integrated into a variety of devices, including smart cards and USB tokens. Ultrasound technology is the most accurate finger-scan technology. It transmits acoustic waves and measures the distance based on the impedance of the finger, the platen, and air. Ultrasound is capable of penetrating dirt and residue, countering a main problem of the other sensor technologies. Iris-scan technology leverages the unique features of the human iris to provide user authentication. The visible patterns of a human iris contain a large amount of randomness. The iris is formed between the third and eighth month of gestation; the mechanisms forming it appear to be chaotic. The iris patterns are phenotypic the two eyes of a person are different, as are the irises of identical twins. Cost Retina- Scan Hand- Scan Facial- Scan Finger-Scan Iris- Scan Intrusiveness low medium high Voice-Scan Accuracy Figure 3: Strengths and Weaknesses of Some Biometrics A primary visible characteristic of the iris is the colored ring of tissue that surrounds the pupil and appears to divide the iris in a radial fashion. Other characteristics include rings, furrows, freckles, and the corona. A specific signal processing technique extracts these characteristics and converts them into a template of typically 512 bytes. The iris is relatively small; getting a high quality iris picture without being too intrusive is the main practical problem with iris-scan technology. Typically, the iris is located by a dedicated camera within a distance of at most 3 feet from the eye. The algorithms used in iris recognition appear to be extremely accurate (cf. figure 3). Voice-scan technology, also known as voice or speaker verification, is a biometric authentication technology often deployed in environments where the voice is already captured, such as telephony and call centers. Speaker verification utilizes the distinctive qualities of a person s voice. Some of these characteristics are behaviorally determined, some are physiologically determined. Voice-scan appears to be less accurate than other biometric authentication technologies; on the other hand, deployment costs are relatively low and the acceptance rate among users is very high (cf. figure 3).
13 IT Security Trends 25 Figure 3 illustrates comparative strengths and weaknesses of some biometric technologies. It compares the characteristics deployment cost, accuracy, and intrusiveness (i.e., how intrusive the users perceive an authentication technology to be). Despite the obvious benefits of biometric authentication, the technology has so far been limited to a relatively small number of applications. User acceptance a combination of ease of use and invasiveness is seen as one of the key stumbling blocks to mass acceptance. 3.2 Token authentication An authentication token is a physical device that a user carries around and uses for authentication ( something you have ). Examples for tokens in use today include physical keys, badge IDs, chip cards, and USB tokens. Since tokens can be lost or stolen, they typically are supplemented with at least a second authentication factor in general a PIN or a password. Tokens with an embedded CPU and memory are suitable for authentication mechanisms based on cryptographic techniques. These typically have the capability to securely store cryptographic keys and to perform cryptographic operations with acceptable speed. Additional benefits may include that cryptographic keying material can be generated on board and thus secret keys never have to leave the secure environment of the token. Thus cryptographic tokens can enhance PKI technology smart cards or USB tokens can provide secure computing platforms and secure storage for public key certificates and private keys. Combined with biometrics, the device protecting the private key can authenticate the user using biometric data to activate the private key for signature generation. Potential issues with authentication tokens include denial of service attacks based on failed authentication attempt lock-out mechanisms. These mechanisms may be used by malicious code to lock a token. 4 Conclusion Technology development never stands still. Attacks and attack tools will continue to advance, as will security technologies and security controls. In the area of IT security, technology development tends to be not linear, but to go in leaps. Also, disruptive technological innovation may occur, e.g., due to unanticipated advances in hardware design and algorithms, or in quantum computing. IT security markets will continue to show above average growth rates. New laws and regulations will impose information security requirements, and often all enterprises in a particular industry (e.g., healthcare) must comply with these regulations. In addition, insurance companies are expected to establish baseline security standards (e.g., ISO 17799, BSI-Grundschutz-Zertifikat) for any policies that include IT liability. As experts agree, the major challenge for enterprises and the public sector today is not the security technology itself, but how to establish appropriate procedures, management,
14 26 Walter Fumy and controls for achieving IT security. Human beings this is a fact, not a trend will continue to be less reliable and less easy to predict than security technologies. Training and education, as well as support and commitment from top management will continue to be key issues. References [AN01] American National Standards Institute: ANSI X9.84 Biometric Information Management and Security, [AN98a] American National Standards Institute: ANSI X9.52 Triple Data Encryption Algorithm Modes of Operation, [AN98b] American National Standards Institute: ANSI X9.62 Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA), [Be01] Bernstein, D.J.. Circuits for Integer Factorization: A Proposal. Manuscript, November 2001 (available at [Be92] C. Bennett, F. Bessette, G. Brassard, L. Savail, and J. Smolin, Experimental quantum cryptography, Journal of Cryptology (1) 5 (1992), [Br93] G. Brassard, Cryptography column - Quantum cryptography: A bibliography, Sigact News (3) 24 (1993), [CS02] Computer Security Institute: CSI/FBI 2002 Computer Crime and Security Survey, [Da01] Datamonitor: Global network security markets to 2005, Reference Code DMTC0730, [De85] Deutsch, D.: Quantum Theory, the Church-Turing Principle, and the Universal Quantum Computer, Proceedings of the Royal Society of London, Series A, Vol. 400 (1985), [DH76] Diffie, W.; Hellman, M.E.: New Directions in Cryptography, IEEE Transactions on Information Theory, 22 (1976), [DR00] Daemen, J.; Rijmen, V.: The Block Cipher Rijndael. In: J.-J. Quisquater and B. Schneier, eds: Smart Card Research and Applications, LNCS 1820, Berlin: Springer (2000), [El85] ElGamal, T.: A Public-Key Cryptosystem and a Signature Scheme based on Discrete Logarithms, IEEE Trans. on Information Theory 31, No. 4 (1985), [Gr96] Grover, L.K.: A Fast Quantum Mechanical Algorithm for Database Search, Proceedings of the 28 th Annual ACM Symposium on the Theory of Computing (1996), [IS00] International Organization for Standardization: ISO/IEC Digital signature schemes giving message recovery Part 3: Discrete logarithm based mechanisms, [IS02a] International Organization for Standardization: ISO/IEC Cryptographic techniques based on elliptic curves Part 2: Digital signatures, [IS02b] International Organization for Standardization: ISO/IEC Digital signature schemes giving message recovery Part 2: Integer factorization based mechanisms, [IS98] International Organization for Standardization: ISO/IEC Hash-functions Part 3: Dedicated hash-functions, [Le02] Lenstra, A.; Shamir, A.; Tomlinson, J.; and Tromer, E.: Analysis of Bernstein s Factorization Circuit (available at
15 IT Security Trends 27 [LV02] Lenstra, A.; Verheul, E.: Selecting Cryptographic Key Sizes, Journal of Cryptology 14 (2001), [NI00] National Institute of Standards and Technology: FIPS Digital Signature Standard (DSS), [NI01a] National Institute of Standards and Technology: Draft FIPS Secure Hash Standard (SHS), [NI01b] National Institute of Standards and Technology: FIPS 197 Advanced Encryption Standard (AES), [NI77] National Institute of Standards and Technology: FIPS 46 Data Encryption Standard (DES), [NR93] Nyberg, K.; Rueppel, R.A.: A new Signature Scheme based on the DSA Giving Message Recovery, 1st ACM Conference on Computer and Communications Security, Fairfax, VA,November [RSA78] Rivest, R.L.; Shamir, A.; Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM 21 (1978), [Sh94] Shor, P.W.: Algorithms for quantum computation: Discrete logarithms and factoring, Proceedings of the 35th Annual IEEE Symposium on the Foundations of Computer Science (1994), [WP01] Wheatman, V.; Pescatore, J.: The Information Security Hype Cycle, Gartner Note DF , November 2001.
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
Cryptographic Algorithms and Key Size Issues Çetin Kaya Koç Oregon State University, Professor http://islab.oregonstate.edu/koc firstname.lastname@example.org Overview Cryptanalysis Challenge Encryption: DES AES Message
Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
www.arpapress.com/volumes/vol8issue1/ijrras_8_1_10.pdf SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES Malek Jakob Kakish Amman Arab University, Department of Computer Information Systems, P.O.Box 2234,
General Secretariat for National Defence Central Directorate for Information Systems Security PRIME MINISTER Paris, 2007 september 14 No. 1904/SGDN/DCSSI/SDS/LCR Cryptographic mechanisms Rules and recommendations
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi Purpose This paper is intended to describe the benefits of smart card implementation and it combination with Public
CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device Introduction USB devices are widely used and convenient because of their small size, huge
MIS5206 Week 12 Your Name Date 1. Which significant risk is introduced by running the file transfer protocol (FTP) service on a server in a demilitarized zone (DMZ)? a) User from within could send a file
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
CRYPTOGRAPHY AND NETWORK SECURITY Principles and Practice THIRD EDITION William Stallings Prentice Hall Pearson Education International CONTENTS CHAPTER 1 OVERVIEW 1 1.1 1.2 1.3 1.4 1.5 1.6 PART ONE CHAPTER
Network Security Elements of Applied Cryptography Public key encryption Public key cryptosystem RSA and the factorization problem RSA in practice Other asymmetric ciphers Asymmetric Encryption Scheme Let
E-Commerce Security Learning Objectives 1. Document the trends in computer and network security attacks. 2. Describe the common security practices of businesses of all sizes. 3. Understand the basic elements
A Study on Asymmetric Key Cryptography Algorithms ASAITHAMBI.N School of Computer Science and Engineering, Bharathidasan University, Trichy, email@example.com Abstract Asymmetric key algorithms use
The New Approach of Quantum Cryptography in Network Security Avanindra Kumar Lal 1, Anju Rani 2, Dr. Shalini Sharma 3 (Avanindra kumar) Abstract There are multiple encryption techniques at present time
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
NIST Special Publication 800-131A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths Elaine Barker and Allen Roginsky Computer Security Division Information
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
By JOHANNES BUCHMANN, ALEXANDER MAY, and ULRICH VOLLMER PERSPECTIVES FOR CRYPTOGRAPHIC LONG-TERM SECURITY Cryptographic long-term security is needed, but difficult to achieve. Use flexible cryptographic
RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards January 2007 Developed by: Smart Card Alliance Identity Council RF-Enabled Applications and Technology:
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore firstname.lastname@example.org Abstract. In this report, we point out a serious security flaw in Microsoft
FACTORING CRYPTOSYSTEM MODULI WHEN THE CO-FACTORS DIFFERENCE IS BOUNDED Omar Akchiche 1 and Omar Khadir 2 1,2 Laboratory of Mathematics, Cryptography and Mechanics, Fstm, University of Hassan II Mohammedia-Casablanca,
Evaluation of Digital Signature Process Emil SIMION, Ph. D. email: email@example.com Agenda Evaluation of digital signatures schemes: evaluation criteria; security evaluation; security of hash functions;
Volume 1, No. 4, June 2012 ISSN 2278-1080 The International Journal of Computer Science & Applications (TIJCSA) RESEARCH PAPER Available Online at http://www.journalofcomputerscience.com/ A Novel Approach
Implementation of Elliptic Curve Digital Signature Algorithm Aqeel Khalique Kuldip Singh Sandeep Sood Department of Electronics & Computer Engineering, Indian Institute of Technology Roorkee Roorkee, India
access control biometrics user guide May 2010 For other information please contact: British Security Industry Association t: 0845 389 3889 f: 0845 389 0761 e: firstname.lastname@example.org www.bsia.co.uk Form No. 181.
Biometrics, Tokens, & Public Key Certificates The Merging of Technologies TOKENEER Workstations WS CA WS WS Certificate Authority (CA) L. Reinert S. Luther Information Systems Security Organization Biometrics,
CSET 4850 Computer Network Security (4 semester credit hours) CSET Elective IT Elective Current Catalog Description: Theory and practice of network security. Topics include firewalls, Windows, UNIX and
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
OFFICE OF THE CONTROLLER OF CERTIFICATION AUTHORITIES TECHNICAL REQUIREMENTS FOR AUDIT OF CERTIFICATION AUTHORITIES Table of contents 1.0 SOFTWARE 1 2.0 HARDWARE 2 3.0 TECHNICAL COMPONENTS 2 3.1 KEY MANAGEMENT
White Paper Advanced Authentication Introduction In this paper: Introduction 1 User Authentication 2 Device Authentication 3 Message Authentication 4 Advanced Authentication 5 Advanced Authentication is
BIG DATA ANALYTICS AND DATA SECURITY IN THE CLOUD VIA FULLY HOMOMORPHIC ENCRYPTION Associate Prof. Dr. Victor Onomza Waziri Department of Cyber Security Science, School of ICT, Federal University of Technology,
Crypto Basics Ed Crowley Spring 2010 Kerckhoff s Principle Symmetric Crypto Overview Key management problem Attributes Modes Symmetric Key Algorithms DES Attributes Modes 3DES AES Other Symmetric Ciphers
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
Application-Specific Biometric s Michael Braithwaite, Ulf Cahn von Seelen, James Cambier, John Daugman, Randy Glass, Russ Moore, Ian Scott, Iridian Technologies Inc. Introduction Biometric technologies
INTRODUCTION to CRYPTOGRAPHY & CRYPTOGRAPHIC SERVICES on Z/OS BOSTON UNIVERSITY SECURITY CAMP MARCH 14, 2003 History of Cryptography The concept of securing messages through cryptography has a long history.
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
According to the SysAdmin, Audit, Network, Security Institute (SANS), authentication problems are among the top twenty critical Internet security vulnerabilities. These problems arise from the use of basic
Guide to Data Field Encryption Contents Introduction 2 Common Concepts and Glossary 3 Encryption 3 Data Field Encryption 3 Cryptography 3 Keys and Key Management 5 Secure Cryptographic Device 7 Considerations
NEW DIGITAL SIGNATURE PROTOCOL BASED ON ELLIPTIC CURVES Ounasser Abid 1, Jaouad Ettanfouhi 2 and Omar Khadir 3 1,2,3 Laboratory of Mathematics, Cryptography and Mechanics, Department of Mathematics, Fstm,
Brochure More information from http://www.researchandmarkets.com/reports/2330593/ Wireless Mobile Internet Security. 2nd Edition Description: The mobile industry for wireless cellular services has grown
SCB Access Single Sign-On PC Secure Logon Manage all your passwords One smart card to access all your applications past & future Multi-factor authentication Dramatically increase your security Save $150
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
Digital Signatures Meka N.L.Sneha Indiana State University email@example.com October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital
Biometrics: Advantages for Employee Attendance Verification InfoTronics, Inc. Farmington Hills, MI Biometric technology offers advanced verification for employees in every industry. Because biometric systems
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
ENHANCING WEBSITE SECURITY WITH ALGORITHM AGILITY White Paper Enhancing Website Security with Algorithm Agility Enhancing Website Security with Algorithm Agility Contents Introduction 3 Encryption Today
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
Review of methods for secret sharing in cloud computing Dnyaneshwar Supe Amit Srivastav Dr. Rajesh S. Prasad Abstract:- Cloud computing provides various IT services. Many companies especially those who
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND PRACTICE SIXTH EDITION William Stallings International Edition contributions by Mohit P Tahiliani NITK Surathkal PEARSON Boston Columbus Indianapolis New
Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes Y. Desmedt Aangesteld Navorser NFWO Katholieke Universiteit Leuven Laboratorium ESAT B-3030 Heverlee, Belgium A. M. Odlyzko
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond
THE USE OF INFORMATION TECHNOLOGY STANDARDS TO SECURE TELECOMMUNICATION NETWORKS John Snare * Manager Telematic and Security Systems Section Telecom Australia Research Laboratories Victoria TELECOMMUNICATIONS
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: firstname.lastname@example.org my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
Section 2.3 Authentication Technologies 1 Authentication The determination of identity, usually based on a combination of something the person has (like a smart card or a radio key fob storing secret keys),
Public Key Cryptography in Practice c Eli Biham - May 3, 2005 372 Public Key Cryptography in Practice (13) How Cryptography is Used in Applications The main drawback of public key cryptography is the inherent
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 6 Introduction to Public-Key Cryptography Israel Koren ECE597/697 Koren Part.6.1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
PART-A Questions 1. Name the aspects to be considered of information security. 2. What is meant by deciphering? 3. What are the two different uses of public key cryptography related to key distribution?
More effective protection for your access control system with end-to-end security By Jeroen Harmsen The first article on end-to-end security appeared as long ago as 1981. The principle originated in ICT
SecureAge SecureDs Data Breach Prevention Solution In recent years, major cases of data loss and data leaks are reported almost every week. These include high profile cases like US government losing personal
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard
JTC 1/SC 27Security Techniques - Översikt arbetsgrupper och standarder WG 1 Information security management systems WG 2 Cryptography and security mechanisms WG 3 Security evaulation criteria WG 4 Security
PUBLIC KEY ENCRYPTION http://www.tutorialspoint.com/cryptography/public_key_encryption.htm Copyright tutorialspoint.com Public Key Cryptography Unlike symmetric key cryptography, we do not find historical
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
A blind digital signature scheme using elliptic curve digital signature algorithm İsmail BÜTÜN * and Mehmet DEMİRER *Department of Electrical Engineering, University of South Florida, Tampa, FL, USA Department
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: email@example.com) Course of Network Security,