Your SlideShare is downloading. ×
0
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Encryption Overview
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Encryption Overview

634

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
634
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
49
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Encryption Overview Brad Judy Kerry Havens IT Security Office
  • 2. Outline  Brief history  Concepts and terms  Types of encryption  Products  Scenarios
  • 3. Very brief history Abu Yusuf al-Kindi Diffie-Hellman Frequency analysis Public key crypto 850 CE - Baghdad 1976 CE - USA Julius Ceasar Mary Queen of Scots Substitution cipher Lost her head 45 BCE - Rome 1587 CE – London Enigma Commercial crypto 1923 CE - Germany
  • 4. Secret Decoder Ring Encryption  Word = Haagen Dazs  Key =  Inside B at outside G  Encode inside to outside  Encrypted word = mffljs ifex
  • 5. Secret Decoder Ring Decryption  Encrypted word = mffljs ifex  Key =  Inside B at outside G  Decode outside to inside  Word = Haagen Dazs
  • 6. Basic terms  Primary components of data encryption:  Data (Haagen Dazs)  Encryption algorithm (Caesar cipher - ring)  3DES, AES, RSA, etc  Encryption key (offset – alignment of rings)  Passwords, tokens, special files  Encrypted data (mffljs ifex)
  • 7. Encryption by algebra  Combination 14-32-27  Shortened 143227  Secret number (combination + secret number) = scrambled number  Secret number = 6
  • 8. Encryption by algebra  Combination = 143227  Secret number = 6  Secret number (combination + secret number) = scrambled number  6 (143227 + 6) = scrambled number  6 (143227 + 6) = 859398  859398 is the encrypted combination
  • 9. Decryption by algebra  Scrambled = 859398  Secret number = 6  Secret number (combination + secret number) = scrambled number  6 (combination + 6) = 859398  (combination + 6) = 143233  143227 is the combination
  • 10. Basic terms  Primary components of data encryption:  Data (combination)  Encryption algorithm (equation)  3DES, AES, RSA, etc  Encryption key (secret number)  Passwords, tokens, special files  Encrypted data (scrambled number)
  • 11. One key, two key…  Same key encrypts and decrypts (synchronous)  Classic password key encryption  One key for encrypting, different key for decrypting (asynchronous)  Public-key encryption  Digital signatures (one key signs, one verifies)
  • 12. When to use encryption  If sensitive data and prying eyes may meet  Sensitive data  SSN, PII, financial, medical, passwords, etc  Potential for exposure to prying eyes  Transmission over network  Theft/loss  System hacked  Must give access to an untrusted party
  • 13. More terms  At rest – data is written on a storage device (disk, tape, CD, thumb drive, etc)  In transit – data is being transmitted over a network  “stickiness” – the quality of encryption to stay with a file as it is transferred between disks or computers
  • 14. Where can we encrypt?  Network  Disk  File/folder  E-mail  Database
  • 15. Network encryption  SSL – web (HTTPS) and more  SSH – terminal, files and more  IPSec  Anytraffic, but requires client and server configuration  WPA and WEP  Wireless only, WEP not considered secure
  • 16. Network encryption products  Generally built into OS or application  Hardware acceleration options for SSL and IPSec  Wireless encryption requires hardware support
  • 17. Disk encryption  Encrypt entire contents of disk or volume  Typically requires key at boot  Encryption does not “stick” to files  Boot drive vs non-boot drive  Good for theft/loss, but not hacking
  • 18. Disk encryption products  Some OS integrated options  EFS, Bitlocker  Third-party software  PGP, Utimaco, PointSec, etc  Hardware level disk encryption beginning to show up
  • 19. File/folder encryption  Encrypt individual files or groups of files  Encryption may “stick” to files  Can be difficult to manage with multiple users  Can be good for theft/loss, hacking and untrusted party
  • 20. File/folder encryption products  Some OS integrated options  EFS, FileVault  Third-party software  PGP, Utimaco, etc  Freeware apps (GnuPG, TrueCrypt, etc)
  • 21. E-mail encryption  Encrypt e-mail attachment  Encrypt entire message (cannot encrypt headers)  Recipient must be able to decrypt  Good for transmission over a network
  • 22. E-mail encryption products  Most clients support S/MIME, but it requires issuing certificates  PGP/GNuPG is very popular  See file level encryption products for encrypting attachments
  • 23. Database encryption  Application layer – smart app, but no special DB requirements  Database layer – DB requirements and maybe app requirements  Disk encryption – not useful for most database server attacks
  • 24. Database encryption products  Application layer depends on your app vendor  Database layer  Built-in options  Oracle Advanced Security Option added to CU license  MS SQL 2005 added native encryption feature  Add-on encryption for DB’s
  • 25. Scenarios  Notebook with sensitive information  File server with sensitive information  Sending sensitive e-mails  Web applications collecting information  USB thumbdrives
  • 26. Protecting sensitive information  1 – Get rid of the sensitive information  Remove entire files  Remove sensitive info from files  2 – Move sensitive info offline  3 – Protect sensitive info  Minimum security standards for private info
  • 27. Notebook with sensitive info  Primary threat: theft or loss  Whole disk encryption  Best guarantee of protecting data  File/folder encryption  Can protect data if users encrypt the right files
  • 28. File server with sensitive info  Primary threats: Hack, transmission over network, theft/loss of backups  File/folder encryption – may protect on all counts, but can be complicated with multiple users  Disk encryption – doesn’t protect on any counts
  • 29. Sensitive E-mail  Threats: E-mail intercepted or accidentally CC’ed to wrong people  E-mail encryption: can protect from accidental disclosure  E-mail signing: only ensures validity  File/folder encryption: can protect attachment only
  • 30. Web applications  Threats: sensitive information is intercepted when sent to web server, web server is spoofed/phished  SSL encryption can protect data in transit and (if users are trained) can help them verify it is the real server  Data must then be protected at rest
  • 31. USB thumbdrives  Threats: Theft/loss  Whole disk encryption: Most products support USB drives  File/folder encryption: protects if the right files are encrypted
  • 32. Encryption caveats  Key management  You lose the keys, you lose the data  Key generation, distribution, backup, protection, etc  Impact on system management  Particularly on whole disk encryption  “Stickiness” of encryption or lack thereof  Can confuse users  Can lead to unencrypted sensitive information

×