SlideShare a Scribd company logo

Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of Oxford

Download as PPTX, PDF
Petar Radanliev
Petar Radanliev

Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of Oxford Public Key Cryptography and potential attacks on PK

Education
1 of 43
Public Key Cryptography and potential attacks on PK Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of Oxford
Slide 1.1: Introduction to Cryptography • Cryptography from Ancient Greek: kryptós "hidden, secret"; and γράφειν "to write", or - λογία -logia, "study" • Cryptography translated from its original meaning in Greek is ‘secret writing’
Cryptography vs Cybersecurity – 3 key points First: good cryptography depends on the hardness of the mathematical problem, in other words, the encryption is only as strong as the mathematical problem of the specific cryptographic algorithm Second: the quality of implementation, because correct implementation is fundamental in how secure the algorithm is Third: the key secrecy, because secret keys need to be stored somehow somewhere, usually by a centralised trusted authority If you are a hacker and you are trying to hack a crypto system, you will start with one of these three things, a hacker would try to solve the math problem, look for vulnerabilities in the implementation, or try to get access to the secret keys
Slide 1.2: Cryptography and Romance • Cryptography- the art of writing or solving codes • During the French revolution, the Queen of France sent encrypted letter to her lover, and encryption has been linked to love ever since • Alice & Bob - The World’s Most Famous Cryptographic Couple • Alice and Bob are fictional characters originally invented to make research in cryptology easier to understand • Eve, the passive and submissive eavesdropper
Slide 1.3: Romantic Cryptography • We show how Alice and Bob can establish whether they love each other, but without the embarrassement of revealing that they do if the other party does not share their feelings • This is a “secure multiparty computation” of the AND function, where the participants cooperate in producing the result of the AND, but without learning the input bit contributed by the other party unless the result implies it
Slide 1.3: Cultural Interpretations of Alice and Bob • In 2012, the computer scientist Srini Parthasarathy wrote a document entitled “Alice and Bob can go on a holiday! • Parthasarathy proposed that Alice and Bob might be usefully replaced by Sita and Rama, characters central to Hindu mythology.
Slide 1.4: Cryptography throughout the History
Ancient Egypt • The oldest encryption attempt known to mankind dates back to the kingdom of Egypt, around two thousand years before Christ - 1900 BC • The first known evidence of cryptography can be traced to the use of 'hieroglyph' - a character of the ancient Egyptian writing system
Ancient Greece • The ancient Greeks used a scytale, in which the person sending a message wound a strip of cloth around a stick
Ancient Rome Julius Caesar used encryption in the days of the Roman Empire to cipher letters and messages Caesar Cipher: Named after Julius Caesar, who used this method for secret military communications Also known as a shift cipher, Caesar’s Code, or Caesar Shift Encipher- to convert a message or a piece of text into coded form; encrypt Decipher- To convert a text written in code, or a coded signal, into normal language
USA George Washington’s alphabet code sheet President Thomas Jefferson designed a wheel-based cipher machine
Enigma • Enigma was a cipher device used by Nazi Germany's military command to encode strategic messages before and during World War II • The most important codebreaking event of the war was the successful decryption by the Allies of the German "Enigma" Cipher • Alan Turing credited as the father of computer science • He was a British scientist and a pioneer in computer science • During World War II, he developed a machine that helped break the German Enigma code • He also laid the groundwork for modern computing and theorised about artificial intelligence • After World War II, many of the first computers were created to make or break codes
Cryptography & Cybersecurity It is not true, as some books say, that NSA was a “secret” organisation when it was established in 1952; however, there was little public awareness of its work, and some people joked that the initials stood for “No Such Agency Cryptography + Cyber Security Encryption Became Popular Long before the Inception of the Internet
Symmetric • Symmetric key cryptography is when one key is used to encrypt and decrypt information and the most well-known standard in this category is the Advanced Encryption Standard , selected by the U.S
Asymmetric • Asymmetric cryptography is also known as public-key cryptography, uses two different keys, one is public key that is used for encryption and is known to all, and second is the private key that is used for decryption and is only known by one party • The most famous algorithm for public-key cryptography is the RSA cryptosystem developed in 1977 • the Digital Signature Algorithm • Diffie–Hellman key exchange over public channels • the Elliptic-curve cryptography
Quantum Cryptography • Unlike cryptography, which relies on mathematical algorithms and computational complexity to secure information, quantum cryptography is based on the laws of physics and the behaviour of quantum particles • When we have a large-scale quantum computer built, it would break all public-key cryptography that is widely used today • The most well-known quantum cryptography protocol "quantum key distribution" , involves the transmission of a random sequence of quantum bits or "qubits" between two parties • The best known "quantum key distribution" is the BB84 protocol published by Bennett and Brassard in 1984 • Quantum cryptography is unhackable
Importance of PK cryptography in secure communications • Secure communication, secure key exchange, digital signatures, and encryption of data • Use cases include secure email, secure web browsing , secure file transfer , and secure messaging platforms
Mathematical relationship between the two keys • The relationship between the two keys is typically based on mathematical operations that are computationally easy in one direction but computationally difficult in the reverse direction • This property ensures that while the public key can be easily derived from the private key, it is practically impossible to calculate the private key from the public key
How encryption with the public key works • The sender prepares the message they want to send to the recipient • Using the recipient's public key, the sender applies an encryption algorithm to the message
How decryption with the private key works Upon receiving the encrypted message, the recipient uses their private key, which is kept secret, to perform the decryption process The result of the decryption process is the original message, restored to its original form
Use of PK cryptography for digital signatures Document Hashing Hash Encryption Digital Signature Creation Signature Verification Document Hash Calculation Comparing Hashes
Importance of digital signatures in authentication and integrity Authentication Integrity Non-Repudiation
RSA In RSA, the mathematical relationship is based on the difficulty of factoring large numbers into their prime factors The public key consists of a modulus and an exponent The decryption process, on the other hand, involves raising the ciphertext to the power of the private exponent and taking the modulus
ECC Elliptic Curve Cryptography uses the mathematical properties of elliptic curves to establish the relationship between the public and private keys The public key is derived from a point on the elliptic curve, while the private key is a randomly chosen scalar value The operations involved in ECC ensure that it is extremely difficult to calculate the private key from the public key
Brute-force attack on PK cryptography • In a brute-force attack, an attacker systematically tries all possible private keys to decrypt an encrypted message • The strength of the PK cryptography lies in the large key space, which makes this attack computationally infeasible for sufficiently long key sizes
Man-in-the- middle attack on PK cryptography In a man-in-the-middle attack, an attacker intercepts the communication between two parties and poses as each party to the other The attacker can intercept the public keys exchanged during the key exchange process and replace them with their own MITM attacks can be mitigated by using trusted public key infrastructure and digital certificates
Side-channel attacks and their impact on PK cryptography • Side-channel attacks exploit information leaked during the execution of a cryptographic algorithm, such as timing information, power consumption, or electromagnetic radiation • By analysing these side-channel information, an attacker can potentially extract the private key • Countermeasures like constant-time implementations and hardware protections can be employed to mitigate side-channel attacks
Certificate authority attack: This attack targets the certificate authority (CA) that is used to issue digital certificates. If the CA is compromised, then the attacker can issue fraudulent certificates that can be used to impersonate legitimate websites or users. Key compromise attack: This attack occurs when an attacker is able to steal or compromise the private key of a user or organisation. This allows the attacker to decrypt any messages that were encrypted with the private key, and they can also impersonate the user or organisation.
Importance of protecting private keys PK cryptography relies on the secrecy of the private key If the private key is compromised, either through theft or unauthorized access, an attacker can decrypt any messages encrypted with the corresponding public key It is crucial to protect private keys with strong encryption and proper access controls
Quantum computing on PK cryptography Quantum computers have the potential to break many of the currently used public key algorithms, such as RSA and ECC Shor's algorithm, for example, can efficiently factor large numbers, which breaks RSA To mitigate quantum computing attacks, post-quantum cryptography algorithms are being developed and standardised, which are resistant to attacks by quantum computers
Shor's algorithm and its impact on RSA and ECC • Shor's algorithm is a quantum algorithm developed by mathematician Peter Shor in 1994 • ECC is also vulnerable to attacks using Shor's algorithm
Slide 15: Blockchain Technologies
Smart contracts and their applications • Smart contracts are self-executing contracts with the terms of the agreement directly written into code • They run on blockchain platforms, such as Ethereum, and automatically execute actions based on predefined conditions without the need for intermediaries
Blockchain in supply chain management Smart contracts can enhance supply chain management by automating and streamlining processes They enable transparent and efficient tracking of goods, automatic verification of transactions, and secure transfer of ownership or payments based on predefined conditions Smart contracts can increase transparency, reduce fraud, and improve overall supply chain efficiency
Blockchain's potential for transparent governance and voting systems The examples listed are just a few examples of how smart contracts are being applied across various industries The versatility and automation capabilities of smart contracts make them a powerful tool for creating trust, efficiency, and transparency in a wide range of applications
Quantum-safe cryptography and its importance in cybersecurity • Quantum Computers' Threat to Classical Cryptography • Long-Term Security • Transition Period • Protecting Sensitive Data • Infrastructure and Systems Security • Future-Proofing
Quantum- resistant algorithms and post- quantum cryptography The development and standardisation of quantum-resistant algorithms are ongoing Organisations such as the National Institute of Standards and Technology in the United States have initiated efforts to evaluate and standardise post-quantum cryptographic algorithms This process involves rigorous analysis, testing, and evaluation of various candidate algorithms to determine their security, efficiency, and suitability for different applications
Slide 17: Conclusion
Awareness of potential attacks and the need for secure practices • Evolving Threat Landscape • Protection of Sensitive Information • Mitigation of Financial Losses • Safeguarding Privacy • Prevention of Identity Theft • Compliance with Regulations and Standards • Promoting a Culture of Security • Proactive Risk Management
Slide 18: Additional Resources [1] NIST, “Advanced Encryption Standard (AES) ,” Nov. 2001. Accessed: Mar. 19, 2023. [Online]. Available: https://web.archive.org/web/20170312045558/http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf ​[2] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun ACM, vol. 21, no. 2, pp. 120–126, Feb. 1978, doi: 10.1145/359340.359342. ​[3] C. Cocks, “A Note on Non-Secret Encryption ,” 1973. Accessed: Mar. 19, 2023. [Online]. Available: https://web.archive.org/web/20180928121748/https://www.gchq.gov.uk/sites/default/files/document_files/Cliff%20Cocks%20pap er%2019731120.pdf ​[4] P. W. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,” SIAM Journal on Computing, vol. 26, no. 5, pp. 1484–1509, Oct. 1997, doi: 10.1137/S0097539795293172. ​[5] C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” in Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, 1984, pp. 1–8. Accessed: Mar. 17, 2023. [Online]. Available: https://web.archive.org/web/20200130165639/http://researcher.watson.ibm.com/researcher/files/us-bennetc/BB84highest.pdf Slide 20: Questions and Discussion
Recommendations for further reading and research on PK cryptography National Institute of Standards and Technology
Sources of information used in the presentation • National Institute of Standards and Technology : Post-Quantum Cryptography: Matt Scholl: https://www.nist.gov/blogs/taking- measure/post-quantum-cryptography-qa- nists-matt-scholl NIST Announces First Four Quantum-Resistant Cryptographic Algorithms: https://www.nist.gov/news- events/news/2022/07/nist-announces-first- four-quantum-resistant-cryptographic- algorithms Post-Quantum Cryptography: https://csrc.nist.gov/Projects/post-quantum- cryptography/selected-algorithms-2022
Questions, clarifications, and discussion

Recommended

Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Petar Radanliev
 
Evolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesEvolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniques
Mona Rajput
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
Hossain Md Shakhawat
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 
Cryptography cse,ru
Cryptography cse,ruCryptography cse,ru
Cryptography cse,ru
Hossain Md Shakhawat
 
F16 cs61 cryptography
F16 cs61 cryptographyF16 cs61 cryptography
F16 cs61 cryptography
Muhammadalizardari
 
Crytography
CrytographyCrytography
Crytography
Anchal Kumar
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1
lakshmansoft7
 

Recommended

Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of...
Petar Radanliev
 
Evolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniquesEvolution of Cryptography and Cryptographic techniques
Evolution of Cryptography and Cryptographic techniques
Mona Rajput
 
Fundamentals of cryptography
Fundamentals of cryptographyFundamentals of cryptography
Fundamentals of cryptography
Hossain Md Shakhawat
 
Information and network security 31 public key cryptography
Information and network security 31 public key cryptographyInformation and network security 31 public key cryptography
Information and network security 31 public key cryptography
Vaibhav Khanna
 
Cryptography cse,ru
Cryptography cse,ruCryptography cse,ru
Cryptography cse,ru
Hossain Md Shakhawat
 
F16 cs61 cryptography
F16 cs61 cryptographyF16 cs61 cryptography
F16 cs61 cryptography
Muhammadalizardari
 
Crytography
CrytographyCrytography
Crytography
Anchal Kumar
 
Networksecurity1 1
Networksecurity1 1 Networksecurity1 1
Networksecurity1 1
lakshmansoft7
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
AdityaShukla141
 
Info security & crypto
Info security & cryptoInfo security & crypto
Info security & crypto
Shehrevar Davierwala
 
Rothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalRothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 Final
Ben Rothke
 
Cryptography
CryptographyCryptography
Cryptography
Suraj Shukla
 
Cryptography
CryptographyCryptography
Cryptography
Jasim Jas
 
Cryptography
CryptographyCryptography
Cryptography
Sourabh Badve
 
Cryptography
CryptographyCryptography
Cryptography
Birmingham City University
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
Alfred Ouyang
 
Cryptography
CryptographyCryptography
Cryptography
Ravi Kumar Patel
 
cryptography.ppt.ppt
cryptography.ppt.pptcryptography.ppt.ppt
cryptography.ppt.ppt
SudhanshuKarna
 
cryptography.ppt - Copy.ppt
cryptography.ppt - Copy.pptcryptography.ppt - Copy.ppt
cryptography.ppt - Copy.ppt
SudhanshuKarna
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
editor1knowledgecuddle
 
Cryptography & Network Security.pptx
Cryptography & Network Security.pptxCryptography & Network Security.pptx
Cryptography & Network Security.pptx
sunil sharma
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
harpoo123143
 
Cryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingCryptography : The Art of Secured Messaging
Cryptography : The Art of Secured Messaging
Sumit Satam
 
Making Sense Of Cryptography
Making Sense Of CryptographyMaking Sense Of Cryptography
Making Sense Of Cryptography
markjhouse
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writing
tahirilyas92
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
Bitcoin Association of Australia
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
Anubhav Sokhal
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
JAIGANESH SEKAR
 
Artificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum CryptographyArtificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum Cryptography
Petar Radanliev
 
Artificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum CryptographyArtificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum Cryptography
Petar Radanliev
 

More Related Content

Similar to Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of Oxford

Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
editor1knowledgecuddle
 
Cryptography & Network Security.pptx
Cryptography & Network Security.pptxCryptography & Network Security.pptx
Cryptography & Network Security.pptx
sunil sharma
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
harpoo123143
 

Similar to Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of Oxford (20)

CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Info security & crypto
Info security & cryptoInfo security & crypto
Info security & crypto
 
Rothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 FinalRothke Info Security Canada 2007 Final
Rothke Info Security Canada 2007 Final
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography
CryptographyCryptography
Cryptography
 
5 Cryptography Part1
5 Cryptography Part15 Cryptography Part1
5 Cryptography Part1
 
Cryptography
CryptographyCryptography
Cryptography
 
cryptography.ppt.ppt
cryptography.ppt.pptcryptography.ppt.ppt
cryptography.ppt.ppt
 
cryptography.ppt - Copy.ppt
cryptography.ppt - Copy.pptcryptography.ppt - Copy.ppt
cryptography.ppt - Copy.ppt
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
 
Cryptography & Network Security.pptx
Cryptography & Network Security.pptxCryptography & Network Security.pptx
Cryptography & Network Security.pptx
 
Cryptography full report
Cryptography full reportCryptography full report
Cryptography full report
 
Cryptography : The Art of Secured Messaging
Cryptography : The Art of Secured MessagingCryptography : The Art of Secured Messaging
Cryptography : The Art of Secured Messaging
 
Making Sense Of Cryptography
Making Sense Of CryptographyMaking Sense Of Cryptography
Making Sense Of Cryptography
 
Cryptography, a science of secure writing
Cryptography, a science of secure writingCryptography, a science of secure writing
Cryptography, a science of secure writing
 
Cryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding informationCryptology - The practice and study of hiding information
Cryptology - The practice and study of hiding information
 
Cryptography ppt
Cryptography pptCryptography ppt
Cryptography ppt
 
Dissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems EngineeringDissemination of knowledge on Secure Systems Engineering
Dissemination of knowledge on Secure Systems Engineering
 

More from Petar Radanliev

Artificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum CryptographyArtificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum Cryptography
Petar Radanliev
 
Artificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum CryptographyArtificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum Cryptography
Petar Radanliev
 
Cyber Diplomacy
Cyber DiplomacyCyber Diplomacy
Cyber Diplomacy
Petar Radanliev
 
PhD Petar Radanliev
PhD Petar RadanlievPhD Petar Radanliev
PhD Petar Radanliev
Petar Radanliev
 
PhD Thesis - Dr Petar Radanliev
PhD Thesis - Dr Petar RadanlievPhD Thesis - Dr Petar Radanliev
PhD Thesis - Dr Petar Radanliev
Petar Radanliev
 
Ethics and Responsible AI Deployment.pptx
Ethics and Responsible AI Deployment.pptxEthics and Responsible AI Deployment.pptx
Ethics and Responsible AI Deployment.pptx
Petar Radanliev
 
Artificial Intelligence: Survey of Cybersecurity Capabilities, Ethical Concer...
Artificial Intelligence: Survey of Cybersecurity Capabilities, Ethical Concer...Artificial Intelligence: Survey of Cybersecurity Capabilities, Ethical Concer...
Artificial Intelligence: Survey of Cybersecurity Capabilities, Ethical Concer...
Petar Radanliev
 
Artificial Intelligence and Quantum Cryptography: A comprehensive analysis of...
Artificial Intelligence and Quantum Cryptography: A comprehensive analysis of...Artificial Intelligence and Quantum Cryptography: A comprehensive analysis of...
Artificial Intelligence and Quantum Cryptography: A comprehensive analysis of...
Petar Radanliev
 
Red Teaming Generative AI and Quantum Cryptography
Red Teaming Generative AI and Quantum CryptographyRed Teaming Generative AI and Quantum Cryptography
Red Teaming Generative AI and Quantum Cryptography
Petar Radanliev
 
Petar Radanliev, PhD Thesis
Petar Radanliev, PhD ThesisPetar Radanliev, PhD Thesis
Petar Radanliev, PhD Thesis
Petar Radanliev
 
Red Teaming Generative AI/NLP, the BB84 quantum cryptography protocol and the...
Red Teaming Generative AI/NLP, the BB84 quantum cryptography protocol and the...Red Teaming Generative AI/NLP, the BB84 quantum cryptography protocol and the...
Red Teaming Generative AI/NLP, the BB84 quantum cryptography protocol and the...
Petar Radanliev
 
Introduction to Cyber Diplomacy
Introduction to Cyber DiplomacyIntroduction to Cyber Diplomacy
Introduction to Cyber Diplomacy
Petar Radanliev
 
Dance Movement Therapy and Wearable Sensors
Dance Movement Therapy and Wearable SensorsDance Movement Therapy and Wearable Sensors
Dance Movement Therapy and Wearable Sensors
Petar Radanliev
 
Dance Movement Therapy in the Metaverse: A New Frontier for Mental Health
Dance Movement Therapy in the Metaverse: A New Frontier for Mental HealthDance Movement Therapy in the Metaverse: A New Frontier for Mental Health
Dance Movement Therapy in the Metaverse: A New Frontier for Mental Health
Petar Radanliev
 
Software Bill of Materials and the Vulnerability Exploitability eXchange
Software Bill of Materials and the Vulnerability Exploitability eXchange Software Bill of Materials and the Vulnerability Exploitability eXchange
Software Bill of Materials and the Vulnerability Exploitability eXchange
Petar Radanliev
 
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
Petar Radanliev
 

More from Petar Radanliev (20)

Artificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum CryptographyArtificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum Cryptography
 
Artificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum CryptographyArtificial Intelligence and Quantum Cryptography
Artificial Intelligence and Quantum Cryptography
 
Cyber Diplomacy
Cyber DiplomacyCyber Diplomacy
Cyber Diplomacy
 
PhD Petar Radanliev
PhD Petar RadanlievPhD Petar Radanliev
PhD Petar Radanliev
 
PhD Thesis - Dr Petar Radanliev
PhD Thesis - Dr Petar RadanlievPhD Thesis - Dr Petar Radanliev
PhD Thesis - Dr Petar Radanliev
 
The Rise and Fall of Cryptocurrencies
The Rise and Fall of CryptocurrenciesThe Rise and Fall of Cryptocurrencies
The Rise and Fall of Cryptocurrencies
 
Ethics and Responsible AI Deployment.pptx
Ethics and Responsible AI Deployment.pptxEthics and Responsible AI Deployment.pptx
Ethics and Responsible AI Deployment.pptx
 
Artificial Intelligence: Survey of Cybersecurity Capabilities, Ethical Concer...
Artificial Intelligence: Survey of Cybersecurity Capabilities, Ethical Concer...Artificial Intelligence: Survey of Cybersecurity Capabilities, Ethical Concer...
Artificial Intelligence: Survey of Cybersecurity Capabilities, Ethical Concer...
 
Artificial Intelligence and Quantum Cryptography: A comprehensive analysis of...
Artificial Intelligence and Quantum Cryptography: A comprehensive analysis of...Artificial Intelligence and Quantum Cryptography: A comprehensive analysis of...
Artificial Intelligence and Quantum Cryptography: A comprehensive analysis of...
 
Red Teaming Generative AI and Quantum Cryptography
Red Teaming Generative AI and Quantum CryptographyRed Teaming Generative AI and Quantum Cryptography
Red Teaming Generative AI and Quantum Cryptography
 
Petar Radanliev, PhD Thesis
Petar Radanliev, PhD ThesisPetar Radanliev, PhD Thesis
Petar Radanliev, PhD Thesis
 
Red Teaming Generative AI/NLP, the BB84 quantum cryptography protocol and the...
Red Teaming Generative AI/NLP, the BB84 quantum cryptography protocol and the...Red Teaming Generative AI/NLP, the BB84 quantum cryptography protocol and the...
Red Teaming Generative AI/NLP, the BB84 quantum cryptography protocol and the...
 
Introduction to Cyber Diplomacy
Introduction to Cyber DiplomacyIntroduction to Cyber Diplomacy
Introduction to Cyber Diplomacy
 
Dance Movement Therapy and Wearable Sensors
Dance Movement Therapy and Wearable SensorsDance Movement Therapy and Wearable Sensors
Dance Movement Therapy and Wearable Sensors
 
Dance Movement Therapy in the Metaverse: A New Frontier for Mental Health
Dance Movement Therapy in the Metaverse: A New Frontier for Mental HealthDance Movement Therapy in the Metaverse: A New Frontier for Mental Health
Dance Movement Therapy in the Metaverse: A New Frontier for Mental Health
 
Software Bill of Materials and the Vulnerability Exploitability eXchange
Software Bill of Materials and the Vulnerability Exploitability eXchange Software Bill of Materials and the Vulnerability Exploitability eXchange
Software Bill of Materials and the Vulnerability Exploitability eXchange
 
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
 
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
The Rise and Fall of Cryptocurrencies: Defining the Economic and Social Value...
 
Inclusiveness in the Metaverse
Inclusiveness in the MetaverseInclusiveness in the Metaverse
Inclusiveness in the Metaverse
 
Software Bill of Materials
Software Bill of MaterialsSoftware Bill of Materials
Software Bill of Materials
 

Recently uploaded

Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
EADTU
 

Recently uploaded (20)

REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Play hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of PlayPlay hard learn harder: The Serious Business of Play
Play hard learn harder: The Serious Business of Play
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Economic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food AdditivesEconomic Importance Of Fungi In Food Additives
Economic Importance Of Fungi In Food Additives
 
PANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptxPANDITA RAMABAI- Indian political thought GENDER.pptx
PANDITA RAMABAI- Indian political thought GENDER.pptx
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 

Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of Oxford

  • 1. Public Key Cryptography and potential attacks on PK Dr Petar Radanliev, PhD Thesis Department of Computer Sciences, University of Oxford
  • 2. Slide 1.1: Introduction to Cryptography • Cryptography from Ancient Greek: kryptós "hidden, secret"; and γράφειν "to write", or - λογία -logia, "study" • Cryptography translated from its original meaning in Greek is ‘secret writing’
  • 3. Cryptography vs Cybersecurity – 3 key points First: good cryptography depends on the hardness of the mathematical problem, in other words, the encryption is only as strong as the mathematical problem of the specific cryptographic algorithm Second: the quality of implementation, because correct implementation is fundamental in how secure the algorithm is Third: the key secrecy, because secret keys need to be stored somehow somewhere, usually by a centralised trusted authority If you are a hacker and you are trying to hack a crypto system, you will start with one of these three things, a hacker would try to solve the math problem, look for vulnerabilities in the implementation, or try to get access to the secret keys
  • 4. Slide 1.2: Cryptography and Romance • Cryptography- the art of writing or solving codes • During the French revolution, the Queen of France sent encrypted letter to her lover, and encryption has been linked to love ever since • Alice & Bob - The World’s Most Famous Cryptographic Couple • Alice and Bob are fictional characters originally invented to make research in cryptology easier to understand • Eve, the passive and submissive eavesdropper
  • 5. Slide 1.3: Romantic Cryptography • We show how Alice and Bob can establish whether they love each other, but without the embarrassement of revealing that they do if the other party does not share their feelings • This is a “secure multiparty computation” of the AND function, where the participants cooperate in producing the result of the AND, but without learning the input bit contributed by the other party unless the result implies it
  • 6. Slide 1.3: Cultural Interpretations of Alice and Bob • In 2012, the computer scientist Srini Parthasarathy wrote a document entitled “Alice and Bob can go on a holiday! • Parthasarathy proposed that Alice and Bob might be usefully replaced by Sita and Rama, characters central to Hindu mythology.
  • 8. Ancient Egypt • The oldest encryption attempt known to mankind dates back to the kingdom of Egypt, around two thousand years before Christ - 1900 BC • The first known evidence of cryptography can be traced to the use of 'hieroglyph' - a character of the ancient Egyptian writing system
  • 9. Ancient Greece • The ancient Greeks used a scytale, in which the person sending a message wound a strip of cloth around a stick
  • 10. Ancient Rome Julius Caesar used encryption in the days of the Roman Empire to cipher letters and messages Caesar Cipher: Named after Julius Caesar, who used this method for secret military communications Also known as a shift cipher, Caesar’s Code, or Caesar Shift Encipher- to convert a message or a piece of text into coded form; encrypt Decipher- To convert a text written in code, or a coded signal, into normal language
  • 11. USA George Washington’s alphabet code sheet President Thomas Jefferson designed a wheel-based cipher machine
  • 12. Enigma • Enigma was a cipher device used by Nazi Germany's military command to encode strategic messages before and during World War II • The most important codebreaking event of the war was the successful decryption by the Allies of the German "Enigma" Cipher • Alan Turing credited as the father of computer science • He was a British scientist and a pioneer in computer science • During World War II, he developed a machine that helped break the German Enigma code • He also laid the groundwork for modern computing and theorised about artificial intelligence • After World War II, many of the first computers were created to make or break codes
  • 13. Cryptography & Cybersecurity It is not true, as some books say, that NSA was a “secret” organisation when it was established in 1952; however, there was little public awareness of its work, and some people joked that the initials stood for “No Such Agency Cryptography + Cyber Security Encryption Became Popular Long before the Inception of the Internet
  • 14. Symmetric • Symmetric key cryptography is when one key is used to encrypt and decrypt information and the most well-known standard in this category is the Advanced Encryption Standard , selected by the U.S
  • 15. Asymmetric • Asymmetric cryptography is also known as public-key cryptography, uses two different keys, one is public key that is used for encryption and is known to all, and second is the private key that is used for decryption and is only known by one party • The most famous algorithm for public-key cryptography is the RSA cryptosystem developed in 1977 • the Digital Signature Algorithm • Diffie–Hellman key exchange over public channels • the Elliptic-curve cryptography
  • 16. Quantum Cryptography • Unlike cryptography, which relies on mathematical algorithms and computational complexity to secure information, quantum cryptography is based on the laws of physics and the behaviour of quantum particles • When we have a large-scale quantum computer built, it would break all public-key cryptography that is widely used today • The most well-known quantum cryptography protocol "quantum key distribution" , involves the transmission of a random sequence of quantum bits or "qubits" between two parties • The best known "quantum key distribution" is the BB84 protocol published by Bennett and Brassard in 1984 • Quantum cryptography is unhackable
  • 17. Importance of PK cryptography in secure communications • Secure communication, secure key exchange, digital signatures, and encryption of data • Use cases include secure email, secure web browsing , secure file transfer , and secure messaging platforms
  • 18. Mathematical relationship between the two keys • The relationship between the two keys is typically based on mathematical operations that are computationally easy in one direction but computationally difficult in the reverse direction • This property ensures that while the public key can be easily derived from the private key, it is practically impossible to calculate the private key from the public key
  • 19. How encryption with the public key works • The sender prepares the message they want to send to the recipient • Using the recipient's public key, the sender applies an encryption algorithm to the message
  • 20. How decryption with the private key works Upon receiving the encrypted message, the recipient uses their private key, which is kept secret, to perform the decryption process The result of the decryption process is the original message, restored to its original form
  • 21. Use of PK cryptography for digital signatures Document Hashing Hash Encryption Digital Signature Creation Signature Verification Document Hash Calculation Comparing Hashes
  • 22. Importance of digital signatures in authentication and integrity Authentication Integrity Non-Repudiation
  • 23. RSA In RSA, the mathematical relationship is based on the difficulty of factoring large numbers into their prime factors The public key consists of a modulus and an exponent The decryption process, on the other hand, involves raising the ciphertext to the power of the private exponent and taking the modulus
  • 24. ECC Elliptic Curve Cryptography uses the mathematical properties of elliptic curves to establish the relationship between the public and private keys The public key is derived from a point on the elliptic curve, while the private key is a randomly chosen scalar value The operations involved in ECC ensure that it is extremely difficult to calculate the private key from the public key
  • 25. Brute-force attack on PK cryptography • In a brute-force attack, an attacker systematically tries all possible private keys to decrypt an encrypted message • The strength of the PK cryptography lies in the large key space, which makes this attack computationally infeasible for sufficiently long key sizes
  • 26. Man-in-the- middle attack on PK cryptography In a man-in-the-middle attack, an attacker intercepts the communication between two parties and poses as each party to the other The attacker can intercept the public keys exchanged during the key exchange process and replace them with their own MITM attacks can be mitigated by using trusted public key infrastructure and digital certificates
  • 27. Side-channel attacks and their impact on PK cryptography • Side-channel attacks exploit information leaked during the execution of a cryptographic algorithm, such as timing information, power consumption, or electromagnetic radiation • By analysing these side-channel information, an attacker can potentially extract the private key • Countermeasures like constant-time implementations and hardware protections can be employed to mitigate side-channel attacks
  • 28. Certificate authority attack: This attack targets the certificate authority (CA) that is used to issue digital certificates. If the CA is compromised, then the attacker can issue fraudulent certificates that can be used to impersonate legitimate websites or users. Key compromise attack: This attack occurs when an attacker is able to steal or compromise the private key of a user or organisation. This allows the attacker to decrypt any messages that were encrypted with the private key, and they can also impersonate the user or organisation.
  • 29. Importance of protecting private keys PK cryptography relies on the secrecy of the private key If the private key is compromised, either through theft or unauthorized access, an attacker can decrypt any messages encrypted with the corresponding public key It is crucial to protect private keys with strong encryption and proper access controls
  • 30. Quantum computing on PK cryptography Quantum computers have the potential to break many of the currently used public key algorithms, such as RSA and ECC Shor's algorithm, for example, can efficiently factor large numbers, which breaks RSA To mitigate quantum computing attacks, post-quantum cryptography algorithms are being developed and standardised, which are resistant to attacks by quantum computers
  • 31. Shor's algorithm and its impact on RSA and ECC • Shor's algorithm is a quantum algorithm developed by mathematician Peter Shor in 1994 • ECC is also vulnerable to attacks using Shor's algorithm
  • 33. Smart contracts and their applications • Smart contracts are self-executing contracts with the terms of the agreement directly written into code • They run on blockchain platforms, such as Ethereum, and automatically execute actions based on predefined conditions without the need for intermediaries
  • 34. Blockchain in supply chain management Smart contracts can enhance supply chain management by automating and streamlining processes They enable transparent and efficient tracking of goods, automatic verification of transactions, and secure transfer of ownership or payments based on predefined conditions Smart contracts can increase transparency, reduce fraud, and improve overall supply chain efficiency
  • 35. Blockchain's potential for transparent governance and voting systems The examples listed are just a few examples of how smart contracts are being applied across various industries The versatility and automation capabilities of smart contracts make them a powerful tool for creating trust, efficiency, and transparency in a wide range of applications
  • 36. Quantum-safe cryptography and its importance in cybersecurity • Quantum Computers' Threat to Classical Cryptography • Long-Term Security • Transition Period • Protecting Sensitive Data • Infrastructure and Systems Security • Future-Proofing
  • 37. Quantum- resistant algorithms and post- quantum cryptography The development and standardisation of quantum-resistant algorithms are ongoing Organisations such as the National Institute of Standards and Technology in the United States have initiated efforts to evaluate and standardise post-quantum cryptographic algorithms This process involves rigorous analysis, testing, and evaluation of various candidate algorithms to determine their security, efficiency, and suitability for different applications
  • 39. Awareness of potential attacks and the need for secure practices • Evolving Threat Landscape • Protection of Sensitive Information • Mitigation of Financial Losses • Safeguarding Privacy • Prevention of Identity Theft • Compliance with Regulations and Standards • Promoting a Culture of Security • Proactive Risk Management
  • 40. Slide 18: Additional Resources [1] NIST, “Advanced Encryption Standard (AES) ,” Nov. 2001. Accessed: Mar. 19, 2023. [Online]. Available: https://web.archive.org/web/20170312045558/http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf ​[2] R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Commun ACM, vol. 21, no. 2, pp. 120–126, Feb. 1978, doi: 10.1145/359340.359342. ​[3] C. Cocks, “A Note on Non-Secret Encryption ,” 1973. Accessed: Mar. 19, 2023. [Online]. Available: https://web.archive.org/web/20180928121748/https://www.gchq.gov.uk/sites/default/files/document_files/Cliff%20Cocks%20pap er%2019731120.pdf ​[4] P. W. Shor, “Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer,” SIAM Journal on Computing, vol. 26, no. 5, pp. 1484–1509, Oct. 1997, doi: 10.1137/S0097539795293172. ​[5] C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” in Proceedings of IEEE International Conference on Computers, Systems and Signal Processing, 1984, pp. 1–8. Accessed: Mar. 17, 2023. [Online]. Available: https://web.archive.org/web/20200130165639/http://researcher.watson.ibm.com/researcher/files/us-bennetc/BB84highest.pdf Slide 20: Questions and Discussion
  • 41. Recommendations for further reading and research on PK cryptography National Institute of Standards and Technology
  • 42. Sources of information used in the presentation • National Institute of Standards and Technology : Post-Quantum Cryptography: Matt Scholl: https://www.nist.gov/blogs/taking- measure/post-quantum-cryptography-qa- nists-matt-scholl NIST Announces First Four Quantum-Resistant Cryptographic Algorithms: https://www.nist.gov/news- events/news/2022/07/nist-announces-first- four-quantum-resistant-cryptographic- algorithms Post-Quantum Cryptography: https://csrc.nist.gov/Projects/post-quantum- cryptography/selected-algorithms-2022