deciphering cryptography and its business impact .deciphering cryptography and its business impact

Download Deciphering Cryptography And Its Business Impact .Deciphering Cryptography And Its Business Impact

Post on 01-Sep-2018

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • Cryptography

    Deciphering Cryptography And Its

    Business Impact to You

    August 10th 2016

  • Biography Javed Samuel - Technical Director at NCC Group

    Lead Resource for Training Services and

    Cryptography Services

    Technical Account Manager for various clients

    Deliver security assessments (eg. Architecture

    Reviews, Cloud, Cryptography)

    Former Developer

    2

  • Abstract

    Review cryptographic knowledge without too

    much Math.

    Provide an understanding of important

    cryptography paradigms

    Discuss exploitable cryptographic

    vulnerabilities and problematic design choices.

    3

  • Abstract

    Focus on the right cryptography questions to

    ask during vendor selection or design review.

    Understand the impact and cost of wrong

    cryptography choices.

    4

  • Introduction to Cryptography

  • 6

    Cryptography Introduction

    Cryptography is an underpinning of every

    organization's data security.

    It is as simple as correct deployment of

    TLS

    Or possibly as complicated as bespoke

    protocols for software updates or

    advanced key management.

  • 7

    Cryptography Introduction

    OWASP 2010 Top Ten report of the most

    critical web application security risks,

    Insecure Cryptographic Storage made

    the list at #7 .

    Follow-up report in 2013 ranked the risk

    at #6 under the expanded umbrella of

    Sensitive Data Exposure.

  • 8

    Cryptography Introduction

    The need for cryptographic review is

    growing as it becomes a higher priority in

    application security risk assessments.

    Cryptographic weaknesses may go

    unnoticed for a long time and have

    significant consequences.

  • 9

    Cryptography In the News

    iPhone Encryption

    (http://blog.cryptographyengineering.com/2014/10/why-cant-

    apple-decrypt-your-iphone.html )

    Airplane Security

    (https://securityledger.com/2015/04/hacker-on-a-plane-fbi-

    seizes-researchers-gear/ )

    Certificate Authority Compromise

    (http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaini

    ng-digital-certificate-security.html?m=1 )

    http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttp://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.htmlhttps://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/https://securityledger.com/2015/04/hacker-on-a-plane-fbi-seizes-researchers-gear/http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1http://googleonlinesecurity.blogspot.co.nz/2015/03/maintaining-digital-certificate-security.html?m=1

  • 10

    Cryptography In the News

    Heartbleed (http://heartbleed.com/ and

    https://cryptoservices.github.io/openssl/2015/03/09/openssl-

    audit.html )

    Encryption is it good or bad

    (http://www.washingtonpost.com/world/national-security/as-

    encryption-spreads-us-worries-about-access-to-data-for-

    investigations/2015/04/10/7c1c7518-d401-11e4-a62f-

    ee745911a4ff_story.html

    Bug Bounty Programs (https://info.ssl.com/bug-bounty-

    programs-are-beneficial/)

    http://heartbleed.com/http://heartbleed.com/https://cryptoservices.github.io/openssl/2015/03/09/openssl-audit.htmlhttps://cryptoservices.github.io/openssl/2015/03/09/openssl-audit.htmlhttps://cryptoservices.github.io/openssl/2015/03/09/openssl-audit.htmlhttps://cryptoservices.github.io/openssl/2015/03/09/openssl-audit.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.htmlhttp://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investi

Recommended

View more >