cryptography and pki february 12, 2001 february 12, 2001 abn amro
DESCRIPTION
Cryptography Today - accountability, - fairness, - accuracy, and confidentiality. - accountability, - fairness, - accuracy, and confidentiality.TRANSCRIPT
Cryptography and PKI
February 12, 2001February 12, 2001
ABN AMRO
Agenda
Cryptography Today PKI Algorithms PKC Considerations Strengths and Limitations
Cryptography Today
•- accountability,
•- fairness,
•- accuracy, and
•confidentiality.
Cryptography Today
Primary Prevention
From Conception to Installation
Cryptography Today
Possibility Acceptability
Cryptography Today
THREAT MODEL•What the system is designed to protect
•For whom
•How long
System Design
number theory, complexity theory, Information theory, probability theory, abstract algebra,
and formal analysis, among others.
System Design
•security and accessibility,
•anonymity and accountability,
•privacy and availability
Implementation Problems
bad random-number generators,
don't check properly for error conditions,
and leave secret information in swap files.
Cryptography for people
Users want simplicity, convenience, and compatibility with existing (insecure) systems
State of Security
Assume the WORSTAssume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today.
Symmetric Key
Plain Text Cipher Text
Cryptography and PKI
Things To Consider
Does the organization have enough resources/personnel to deploy and maintain the framework?
If so, do they possess the proper skill sets? Will the security management model be
centralized or decentralized? What are the necessary components? What vendors provide the necessary
components? do the components work together?
Public Key Infrastructure
Algorithms:
RSA, Diffie-Hellman, El Gamal, DSS.
RSA
Key Generation
Encryption
Decryption
DSS
PKC Considerations
Strengths & Limitations
PKI
Strengths
Enables organizations to streamline security Ease of manageability and maintenance Address security issues at the enterprise level Total cost of ownership is reduced
Limitations
Interoperability between vendors and products Interpretation of standards Initial cost of implementation
Popular VENDORS
Baltimore Tech.
Entrust
Verisign
Valicert
DSS: iPlanet, Siemens, Critical Path, Oracle