Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

Transcription

1 Ky Vu DeVry University, Atlanta Georgia College of Arts & Science

2 Table of Contents - Objective - Cryptography: An Overview - Symmetric Key - Asymmetric Key - Transparent Key: A Paradigm Shift - Security Strength - Applications - Limitations Encryption A random key c(t) is generated and input into both function F and function P PT j The plaintext PT j is input into function F The ID of the encryption card y is also input in function P c(t) F P y F(PT j, c(t)) P(c(t), y) 1035 (PT j ) y Function F and function P encrypt the respective inputs and the sum of the outputs is the cipher-text denoted as (PT j ) y

3

4 The objective of this presentation is: To review the current state of data security using conventional cryptography To analyze the strength and weakness of current concepts and algorithms To analyze the need for a Paradigm Shift in data security To propose a solution

5

6 Current Solutions - Traditional concept Current encryption techniques can be divided into two categories of Key Management: - Symmetric - Asymmetric Definition Major Algorithms Advantages/ Disadvantages Attack Strategies

7 Symmetric-Key Encryption Major Algorithms Definition: Consider an encryption scheme consisting of a set of encryption and decryption transformations {Ee: e κ} and {D d : : d κ}, respectively, where κ is the key space. The encryption scheme is said to be symmetric-key if for each associated encryption/decryption key pair (e, d), it is computationally easy to determine d knowing e, and to determine e from d. IDEA International Data Encryption Algorithm RSA Data Security Blowfish Encryption Algorithm Twofish Encryption Algorithm

8 Symmetric-Key Encryption Advantages Some well-know algorithms have survived brute force attacks, so far Relatively simple and easy to implement Demand on system resources is minimal, when compared to other algorithms Communication and protection remain secure as long as the private key remains secret Disadvantages When two or more parties share same key, key confidentiality becomes difficult Key loss, stolen key or accidental key disclosure is likely to occur Key Management between communicators becomes more complex Large organizational Key Management usually requires a trusted-third party (TTP)

9 Symmetric-Key Encryption Attack strategies Security breaches against symmetric-key algorithm have been recorded , DES 56-bit encryption algorithm broken and declared not secure bit keys became the new DES standard , New York Times reported that 512-bit code could be broken. Methods of attacking block cipher or stream cipher includes differential and linear crypt-analysis.

10 Asymmetric-Key Encryption Major Algorithms Definition: in public key encryption systems each entity A has a public key e and a corresponding private key d. In secure systems, the task of computing d given e is computationally infeasible. The public key defines an encryption transformation E e, while the private key defines the associated decryption transformation D d. Any entity B wishing to send a message m to A obtains an authentic copy of A s public key e, uses the encryption transformation to obtain the ciphertext c = E e (m), and transmits c to A. To decrypt c, A applies the decryption transformation to obtain the original message m = D d (c). Diffie-Hellman s secure key exchange RSA Data Security Digital Signature Algorithm (DSA)

11 Asymmetric-Key Encryption Advantages It is no longer necessary to encrypt with a private key, which is needed only for decryption. This reduces the problem of managing the number of keys being used. It is ok to publish the public key, and in many cases is necessary. Its simplicity is remarkable: the one-way function encrypts data with the public key, and the same one-way function will decrypt the ciphertext with the private key. the number of keys required in the case of a large network may be considerably smaller than in the case of symmetric-key environment Disadvantages A person may claim that he owns a public key, but there is no guarantee that this claim is true. This is a problem of identity. When an entity sends a ciphertext to another, how would they be sure that the recipient is the intended person. The above problem led to the need for a Trusted third Party (TTP) to manage key distribution. Asymmetric keys are inherently much slower than a comparable symmetric-key counterpart. Key sizes are disproportionately larger than key sizes in symmetric-key approach.

12 Asymmetric-Key Encryption Attack Strategies - cipher text-only attack, attackers deduce the encryption key - known-plain text attack, adversaries attempts to collect a quantity of plaintext and corresponding cipher text then targets a plaintext to obtain the corresponding cipher text. - chosen- cipher text attack, adversaries target a cipher text and may try to gain access to the equipment used for the decryption task with the objective of figuring out the plaintext.

13 Methods of Attack! - Digital signature algorithm and message authentication code attacks for message forgery. - Attacks on Protocols, many angles of attack and focus on elements such as keys, identity of sender or receiver, and password. - Examples of attack types: known-key attack: the attacker uses known keys to figure out new keys, impersonation: attacker is disguised as a legitimate entity in a communication network. dictionary: Attacker manipulates all passwords listed in stored computer files hoping to find the right password. Computer Speed and Security IEEE Spectrum reported a comment by Anne- Marie Corley on September 3, 2009: Modern Cryptography relies on the extreme difficulty computers have in factoring huge numbers, but an algorithm that works only on a quantum computer find factors easily. Today in Science, researchers at the University of Bristol, in England, reported the first factoring using this method called Shor s algorithm a chip-scale quantum computer, bringing the field a tiny step closer to realizing practical quantum computation and code cracking.

14 Hackers penetrated part of the Pentagon security system, forcing it to take quick measure of shutting down the attacked area. 9 The Department of Justice has charged three hackers with theft of over 130 million credit cards through data breaches that compromised businesses including Heartland Payment Systems, 7-Eleven, and supermarket chain owner Hannaford Bros. One of the three, Albert Gonzalez, is already awaiting trial in jail after having been earlier charged with the attack on TJX, in which over 47.5 million credit card numbers were taken over several years The attacks began in October 2006 and used computer systems across the U.S., as well as systems in Latvia, the Netherlands and Ukraine. The attackers used SQL injection attacks, according to the indictment. 10 A sophisticated computer hacker had access to servers at wireless giant T- Mobile for at least a year, which he used to monitor U.S. Secret Service e- mail, obtain customers passwords and social security numbers 11

15

16 What is Transparent Key A completely secure encryption without the need for keymanagement, including the distribution, storage, loss, and compromise of encryption keys. Hardware based, it allows the sender and recipient to encrypt and decrypt the data without the need to input or authenticate keys. three critical features: 1) the encryption keys are transparent. 2) the hardware generates the keys dynamically and randomly (or pseudorandomly). 3) No established set of keys. For each byte of plaintext, the key is eight bit long. Key length no longer an issue. Using bit-wise encryption, this algorithm encrypts any binary coded text or video.

17 How it works! Encrypting Process A random key c(t) is generated and input into both function F and function P c(t) Hardware logic generates a random (or pseudo-random) encryption key. PT j The plaintext PT j is input into function F The ID of the encryption card y is also input in function P F P y F(PT j, c(t)) P(c(t), y) 1035 (PT j ) y Function F and function P encrypt the respective inputs and the sum of the outputs is the cipher-text denoted as (PT j ) y Hardware logic encrypts one byte of plaintext and ID through functions F and P respectively. Function F and P form ciphertext through the summation function, resulting in two bytes for each byte of plaintext. A new random (or pseudorandom) key is generated for next byte of plaintext.

18 How it works! Decryption (PT j ) y The same cipher-text (PT j ) yr is decomposed into its constituent parts, F j and P P = P(c(t), y) The P component of the encrypted data along with the ID of the receiving party y are input into function P -1, the inverse of the P function of the ciphertext F j = F(PT j, c(t)) P -1 y c(t) The F j component of the encrypted data is input into function F -1, the inverse of the F function of the ciphertext F -1 PT j The output of the function F-1 is the original plaintext PT j The output of the function P -1 is the key c(t) and along with F j, the key is input into function F -1 Decryption process Same cipher-text (PTj) yr is decomposed into its constituent parts, Fj and P, each part going its separate way to the inverse functions F -1 and P -1. The inverse function P -1, recovers encryption key c(t). The inverse function F -1 uses the recovered key to decrypt the cipher-text. The plaintext is recovered.

19 Benefits Transparency to Cryptanalysis encrypts all punctuation symbols creating continuous string of ASCCI codes without regular breaks same word will look completely different every time it is encrypted; mathematical analysis can not detect patterns does not use an established set of keys Transparency to Users no key management, distribution, or storage is required. Increased Encryption Speed Transparency to Network Eliminates Bottlenecks at server level

20 Benefits Transparency to Cryptanalysis encrypts all punctuation symbols creating continuous string of ASCCI codes without regular breaks same word will look completely different every time it is encrypted; mathematical analysis can not detect patterns does not use an established set of keys Transparency to Users no key management, distribution, or storage is required. Increased Encryption Speed Transparency to Network Eliminates Bottlenecks at server level

21

22 Conclusions The current state of data security and the way sensitive/confidential business being conducted is facing a threat and a dilemma. Transparent Keys Technology represents one of many possible solutions to the above dilemma. It is a proposal for a Giant Change from the current Paradigm. Whether people agree with Transparent Keys Technology or not, a Paradigm Shift is a mandate for conducting data security transaction in our new world. We could no longer afford to waste more precious time.

23 Thank you

24 Q & A