Cryptography and PKI

February 12, 2001February 12, 2001

ABN AMRO

Agenda

Cryptography Today PKI Algorithms PKC Considerations Strengths and Limitations

Cryptography Today

•-         accountability,

•-         fairness,

•-         accuracy, and

•confidentiality.

Cryptography Today

Primary Prevention

From Conception to Installation

Cryptography Today

Possibility Acceptability

Cryptography Today

THREAT MODEL•What the system is designed to protect

•For whom

•How long

System Design

number theory, complexity theory, Information theory, probability theory, abstract algebra,

and formal analysis, among others.

System Design

•security and accessibility,

•anonymity and accountability,

•privacy and availability

Implementation Problems

bad random-number generators,

don't check properly for error conditions,

and leave secret information in swap files.

Cryptography for people

Users want simplicity, convenience, and compatibility with existing (insecure) systems

State of Security

Assume the WORSTAssume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today.

Symmetric Key

Plain Text Cipher Text

Cryptography and PKI

Things To Consider

Does the organization have enough resources/personnel to deploy and maintain the framework?

If so, do they possess the proper skill sets? Will the security management model be

centralized or decentralized? What are the necessary components? What vendors provide the necessary

components? do the components work together?

Public Key Infrastructure

Algorithms:

RSA, Diffie-Hellman, El Gamal, DSS.

RSA

Key Generation

Encryption

Decryption

DSS

PKC Considerations

Strengths & Limitations

PKI

Strengths

Enables organizations to streamline security Ease of manageability and maintenance Address security issues at the enterprise level Total cost of ownership is reduced

Limitations

Interoperability between vendors and products Interpretation of standards Initial cost of implementation

Popular VENDORS

Baltimore Tech.

Entrust

Verisign

Valicert

DSS: iPlanet, Siemens, Critical Path, Oracle