SlideShare a Scribd company logo

Encryption: Fact and Fiction

PerfectCloud Corp.
PerfectCloud Corp.

Dr. V. Kumar Murty is the CTO of Perfect Cloud Corp. He has extensive experience in information security as a professor at the University of Toronto, with over 100 papers published. The document discusses concepts related to data security including encryption algorithms, identity management, and the importance of both technology and policies for protecting data throughout its lifecycle.

Technology
1 of 23
Download to read offline
Dr. V. Kumar Murty CTO, Perfect Cloud Corp. www.perfectcloud.io
BIOGRAPHY: DR. V. KUMAR MURTY ! • CTO, PerfectCloud.io • Professor and Chair, Department of Mathematics, University of Toronto • Director, GANITA Labs, University of Toronto • Ph.D. Harvard University • Fellow of the Royal Society of Canada • Foreign Fellow of the National Academy of Sciences (India) • 100+ papers, 5 books and 2 patents in Information Security CTO, PerfectCloud.io PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOME ATTRIBUTES OF DATA • Confiden;ality • Privacy • Iden;ty • Reliability (Data Integrity) • Trust PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
FOUR OVERLAPPING THEMES INFORMATION MANAGEMENT Security Trust Privacy Identity CONFIDENTIALITY SELF-DETERMINATION ASSURANCE ATTRIBUTES GOOD IDENTITY MANAGEMENT STRENGTHENS SECURITY, PRIVACY AND TRUST! PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PROVISIONING TOOLS • Confiden;ality: Encryp;on • Privacy: Access Control • Iden;ty: IDM • Reliability: Digital fingerprints • Trust: Digital signatures PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ENCRYPTION • Secret wri;ng • Symmetric and Asymmetric • Plaintext + Secret Key is transformed to Ciphertext • Decryp;on: Ciphertext + Secret Key is transformed to Plaintext • Our confidence in the security is based on the key being secret • Transforma;on = Algorithm: many kinds PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOME ALGORITHMS • Symmetric: • AES • Blowfish • Asymmetric: • RSA • ECC • HEC PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SYMMETRIC ENCRYPTION • Used for bulk encryp;on • High speed algorithms • Requires a shared secret (key) • Challenge is in key management PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
AES • “Government grade encryp;on” is a meaningless term • Research labs around the world are chipping away at this standard • Security and speed depend on the “mode” in which it is used. PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ASYMMETRIC ENCRYPTION • Does not require a shared secret (key) • Encryp;on and Decryp;on keys are (in general) different • Methods are mathema;cally sophis;cated • Not suitable for bulk encryp;on PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
RSA • Security depends on the difficulty of factoring large numbers • Advances are constantly being made on this, requiring larger and larger key sizes PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its This document is the property of PerfectCloud Corp. Canada. Its conten tc oisn ctoennfit dise cno;nafil den;al
ECC • Ellip;c curve cryptography • Considered to be more secure and for comparable size of key: there is no index calculus known for ellip;c curves • Included now in NIST standards PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THE KEY IS THE KEY Strength (security) usually depends on several factors including: • Size of the key • Key management: “key under the doormat” • Security architecture is only as strong as the weakest link. PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
TYPICAL DEPLOYMENT • A combina;on of both symmetric and asymmetric methods • Security analysis will determine the size of keys needed in each part to make it equally strong throughout PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THREAT MODEL • What are we trying to protect against? • System architecture diagram has to be analyzed for points of weakness • Those points have to be for;fied PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
TECHNOLOGY IS NOT ENOUGH • Most compromises are not of algorithms but social engineering • Security policy is at least as important as security technology: Target • Also electro-­‐magne;c a[acks (more difficult to protect against). PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PROTECTING DATA • Data has two stages: • At rest • In transit • It has to be secured throughout its • lifecycle (ILM) • Security architecture depends on • Who is managing the data? • Where does the data reside? • Who has access to the data? • Who has access to the keys to the data? • What sort of encryption is being used? • How is the key being managed/stored? PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ENCRYPTION IN PRACTICE • Keeping data safe is more complex in practice • Data at rest • Encrypted hard drives or directories • Data in transit • Encrypted data is usually decrypted and re-encrypted at each hop • MITM attacks • Security of the end devices critical PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOCIAL NETWORKS • Leaks through informa;on voluntarily exposed on social networks • Using Twi[er to authen;cate • Depends on cloud-­‐based servers PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
COMMON ATTACKS • SQL Injec;on • Malware PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
IDENTITY STORES • Ac;ve Directory is encrypted: but key is stored in the same place • No one can read your encrypted content: some devices that read EM can penetrate it PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PERFECT CLOUD SOLUTION • True zero knowledge • Distributed key management • User is in control • Seamless and transparent provisioning and de-­‐provisioning PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THANK YOU! www.perfectcloud.io

Recommended

Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
Christopher Grayson
 
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesCorporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
 
Cloud storage security
Cloud storage securityCloud storage security
Cloud storage security
Pankaj Watekar
 
White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013
Nick Sullivan
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
Scott Behrens
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016
Gareth Davies
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
 
Identity theft- Horowitz Law
Identity theft- Horowitz LawIdentity theft- Horowitz Law
Identity theft- Horowitz Law
Sanford Horowitz
 

Recommended

Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
Christopher Grayson
 
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesCorporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
 
Cloud storage security
Cloud storage securityCloud storage security
Cloud storage security
Pankaj Watekar
 
White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013
Nick Sullivan
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
Scott Behrens
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016
Gareth Davies
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
 
Identity theft- Horowitz Law
Identity theft- Horowitz LawIdentity theft- Horowitz Law
Identity theft- Horowitz Law
Sanford Horowitz
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
Nicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
Nicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
Nicholas Davis
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
DCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise ApplicationsDCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise Applications
Docker, Inc.
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public Clouds
Sashank Dara
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Cyber security
Cyber securityCyber security
Cyber security
JahirUddinKomol
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
gmaran23
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
ZIONSECURITY
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
lior mazor
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
Newvewm
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
Sandro Moreira
 

More Related Content

Similar to Encryption: Fact and Fiction

Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
Nicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
Nicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
Nicholas Davis
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public Clouds
Sashank Dara
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
Newvewm
 

Similar to Encryption: Fact and Fiction (20)

Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
DCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise ApplicationsDCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise Applications
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public Clouds
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Cyber security
Cyber securityCyber security
Cyber security
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Encryption: Fact and Fiction

  • 1. Dr. V. Kumar Murty CTO, Perfect Cloud Corp. www.perfectcloud.io
  • 2. BIOGRAPHY: DR. V. KUMAR MURTY ! • CTO, PerfectCloud.io • Professor and Chair, Department of Mathematics, University of Toronto • Director, GANITA Labs, University of Toronto • Ph.D. Harvard University • Fellow of the Royal Society of Canada • Foreign Fellow of the National Academy of Sciences (India) • 100+ papers, 5 books and 2 patents in Information Security CTO, PerfectCloud.io PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 3. SOME ATTRIBUTES OF DATA • Confiden;ality • Privacy • Iden;ty • Reliability (Data Integrity) • Trust PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 4. FOUR OVERLAPPING THEMES INFORMATION MANAGEMENT Security Trust Privacy Identity CONFIDENTIALITY SELF-DETERMINATION ASSURANCE ATTRIBUTES GOOD IDENTITY MANAGEMENT STRENGTHENS SECURITY, PRIVACY AND TRUST! PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 5. PROVISIONING TOOLS • Confiden;ality: Encryp;on • Privacy: Access Control • Iden;ty: IDM • Reliability: Digital fingerprints • Trust: Digital signatures PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 6. ENCRYPTION • Secret wri;ng • Symmetric and Asymmetric • Plaintext + Secret Key is transformed to Ciphertext • Decryp;on: Ciphertext + Secret Key is transformed to Plaintext • Our confidence in the security is based on the key being secret • Transforma;on = Algorithm: many kinds PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 7. SOME ALGORITHMS • Symmetric: • AES • Blowfish • Asymmetric: • RSA • ECC • HEC PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 8. SYMMETRIC ENCRYPTION • Used for bulk encryp;on • High speed algorithms • Requires a shared secret (key) • Challenge is in key management PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 9. AES • “Government grade encryp;on” is a meaningless term • Research labs around the world are chipping away at this standard • Security and speed depend on the “mode” in which it is used. PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 10. ASYMMETRIC ENCRYPTION • Does not require a shared secret (key) • Encryp;on and Decryp;on keys are (in general) different • Methods are mathema;cally sophis;cated • Not suitable for bulk encryp;on PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 11. RSA • Security depends on the difficulty of factoring large numbers • Advances are constantly being made on this, requiring larger and larger key sizes PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its This document is the property of PerfectCloud Corp. Canada. Its conten tc oisn ctoennfit dise cno;nafil den;al
  • 12. ECC • Ellip;c curve cryptography • Considered to be more secure and for comparable size of key: there is no index calculus known for ellip;c curves • Included now in NIST standards PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 13. THE KEY IS THE KEY Strength (security) usually depends on several factors including: • Size of the key • Key management: “key under the doormat” • Security architecture is only as strong as the weakest link. PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 14. TYPICAL DEPLOYMENT • A combina;on of both symmetric and asymmetric methods • Security analysis will determine the size of keys needed in each part to make it equally strong throughout PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 15. THREAT MODEL • What are we trying to protect against? • System architecture diagram has to be analyzed for points of weakness • Those points have to be for;fied PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 16. TECHNOLOGY IS NOT ENOUGH • Most compromises are not of algorithms but social engineering • Security policy is at least as important as security technology: Target • Also electro-­‐magne;c a[acks (more difficult to protect against). PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 17. PROTECTING DATA • Data has two stages: • At rest • In transit • It has to be secured throughout its • lifecycle (ILM) • Security architecture depends on • Who is managing the data? • Where does the data reside? • Who has access to the data? • Who has access to the keys to the data? • What sort of encryption is being used? • How is the key being managed/stored? PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 18. ENCRYPTION IN PRACTICE • Keeping data safe is more complex in practice • Data at rest • Encrypted hard drives or directories • Data in transit • Encrypted data is usually decrypted and re-encrypted at each hop • MITM attacks • Security of the end devices critical PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 19. SOCIAL NETWORKS • Leaks through informa;on voluntarily exposed on social networks • Using Twi[er to authen;cate • Depends on cloud-­‐based servers PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 20. COMMON ATTACKS • SQL Injec;on • Malware PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 21. IDENTITY STORES • Ac;ve Directory is encrypted: but key is stored in the same place • No one can read your encrypted content: some devices that read EM can penetrate it PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 22. PERFECT CLOUD SOLUTION • True zero knowledge • Distributed key management • User is in control • Seamless and transparent provisioning and de-­‐provisioning PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al