Encryption Primer por Cathy Nolan

1,118 views

Published on

Published in: Technology, Education
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,118
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
55
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • .
  • .
  • Encryption Primer por Cathy Nolan

    1. 1. Encryption Primer PACMG Cathy Nolan 03/26/2008
    2. 2. Encryption Primer <ul><li>Encryption Overview </li></ul><ul><li>Why Encrypt </li></ul><ul><li>Encrypting ‘Data at Rest’ </li></ul><ul><li>Performance Considerations </li></ul><ul><li>Summary </li></ul>
    3. 3. What is Encryption? <ul><li>Cryptology is the science of encryption </li></ul><ul><ul><li>Cryptography </li></ul></ul><ul><ul><ul><li>Literally means hidden writing </li></ul></ul></ul><ul><ul><ul><li>Is the process of making and using codes to secure communication </li></ul></ul></ul><ul><ul><li>Cryptanalysis </li></ul></ul><ul><ul><ul><li>Is the process of obtaining the original message from an encrypted message without knowing the algorithms or keys used for encryption </li></ul></ul></ul>
    4. 4. What is Encryption? <ul><li>More on Cryptology </li></ul><ul><ul><li>Encryption </li></ul></ul><ul><ul><ul><li>The process of changing plaintext into ciphertext </li></ul></ul></ul><ul><ul><li>Decryption </li></ul></ul><ul><ul><ul><li>Is the process of changing ciphertext into plaintext </li></ul></ul></ul>
    5. 5. What is Encryption? <ul><li>History </li></ul><ul><ul><li>1900 B.C. – one of the earliest documented forms of written cryptography </li></ul></ul><ul><ul><li>Caesar Cipher </li></ul></ul><ul><ul><li>Used during prohibition era </li></ul></ul><ul><ul><li>Navajo Codetalkers </li></ul></ul><ul><li>Used in every day life today </li></ul><ul><ul><li>Ordering coffee at Starbucks </li></ul></ul><ul><ul><li>Daily cryptograms </li></ul></ul><ul><ul><li>Internet transactions </li></ul></ul><ul><ul><li>Email exchanges </li></ul></ul>
    6. 6. What is Encryption? <ul><li>All kinds of uses </li></ul>SECRET = VHFUHW Caesar Cipher or Super Hero Code Ring Secure Web Site Cryptogram
    7. 7. What’s So Hard About That? <ul><li>Encryption is a subset of security </li></ul><ul><ul><li>Our basic concept of security is to lock something with a key. </li></ul></ul><ul><ul><li>Security plans are are designed around </li></ul></ul><ul><ul><ul><li>Authentication (Person or Equipment looking for data) </li></ul></ul></ul><ul><ul><ul><li>Confidentiality (can’t read it if you find it) </li></ul></ul></ul><ul><ul><ul><li>Integrity (not altered in transit) </li></ul></ul></ul><ul><ul><ul><li>Non-repudiation (logging who did what and when) </li></ul></ul></ul>
    8. 8. What’s So Hard About That? <ul><li>What kind of key </li></ul><ul><li>Asymmetric (Public) keys </li></ul><ul><ul><li>Uses a combination of public and private keys </li></ul></ul><ul><ul><li>Doesn’t require a secure exchange for the public key </li></ul></ul><ul><ul><li>Can be very CPU intensive </li></ul></ul><ul><li>Symmetric (Private) keys </li></ul><ul><ul><li>Same key is used for encryption and decryption </li></ul></ul><ul><ul><li>Requires a secure exchange which is complicated and not always secure </li></ul></ul>
    9. 9. What’s So Hard About That? <ul><li>Hashing Algorithms </li></ul><ul><ul><li>Create a hash value also known as a message digest </li></ul></ul><ul><ul><li>Ensures data has not been altered in transit </li></ul></ul><ul><li>Secure Hash Standard (SHS) </li></ul><ul><ul><li>Issued by the National Institute of Standards and Technology (NIST) </li></ul></ul><ul><ul><li>Specifies Secure Hash Algorithm 1 (SHA-1) as a secure algorithm </li></ul></ul><ul><li>Keys + Hash = Confidentiality + Integrity </li></ul>
    10. 10. Public Key Encryption (AKA Asymmetric) Step 1: Cathy uses John’s public key to encrypt message Step 2: John uses his private key to decrypt message Plaintext Ciphertext Plaintext John’s Public Key John’s Private Key
    11. 11. Private Key Encryption (AKA Symmetric) Step 1: Cathy uses a private key to encrypt message Step 2: John uses the same private key to decrypt message Plaintext Ciphertext Plaintext Key 00110011 Key 00110011
    12. 12. Ciphers <ul><li>Plaintext can be encrypted through one of two methods </li></ul><ul><ul><li>Block Ciphers </li></ul></ul><ul><ul><ul><li>Message is divided into fixed blocks </li></ul></ul></ul><ul><ul><ul><li>Each block of plaintext bits is transformed into an encrypted block of cipherext bits </li></ul></ul></ul><ul><ul><ul><li>Use algorithm functions including exclusive OR (XOR), substitution or transposition </li></ul></ul></ul><ul><ul><li>Stream Ciphers </li></ul></ul><ul><ul><ul><li>Processes message bit by bit </li></ul></ul></ul><ul><ul><ul><li>Often use XOR algorithm </li></ul></ul></ul>
    13. 13. Ciphers Simple Stream Cipher Simple Block Cipher Plaintext Ciphertext Key Substitution XOR Key Plaintext Ciphertext Bit Bit Block Block
    14. 14. Encryption Algorithms <ul><li>RSA </li></ul><ul><ul><li>an asymmetric key algorithm that offers both encryption and digital signatures (authentication) created by mathematicians Ron Rivest, Adi Shamir and Len Adleman </li></ul></ul><ul><li>DES/3DES </li></ul><ul><ul><li>Data Encryption Standard </li></ul></ul><ul><ul><li>Developed by IBM </li></ul></ul><ul><ul><li>Is considered to be the best known and widely used symmetric algorithm in the world. </li></ul></ul>
    15. 15. Encryption Algorithms <ul><li>AES </li></ul><ul><ul><li>Has now emerged as the successor of DES/3DES </li></ul></ul><ul><ul><li>Is intended to be the block cipher standard for the next 15-25 years </li></ul></ul><ul><li>Blowfish </li></ul><ul><ul><li>Similar to DES, but uses a variable-length key </li></ul></ul><ul><ul><li>This strong encryption algorithm is unpatented and license-free </li></ul></ul><ul><ul><li>Available to the public at no cost. </li></ul></ul>
    16. 16. Encryption Algorithms <ul><li>IDEA </li></ul><ul><ul><li>Also known as International Data Encryption Algorithm (IDEA) </li></ul></ul><ul><ul><li>While IDEA is patented in several countries, it is available for non-commercial use </li></ul></ul><ul><ul><li>Was incorporated into Pretty Good Privacy (PGP) V2.0 </li></ul></ul><ul><li>Skipjack </li></ul><ul><ul><li>is an algorithm developed by the National Security Agency and declassified in June 1998 </li></ul></ul>
    17. 17. Business Drivers <ul><li>Consumer Identity Theft </li></ul><ul><ul><li>Credit Card Fraud </li></ul></ul><ul><ul><li>Phone or Utilities Fraud </li></ul></ul><ul><ul><li>Bank Fraud </li></ul></ul><ul><ul><li>Employment-related Fraud </li></ul></ul><ul><ul><li>Government Documents / Benefits Fraud </li></ul></ul><ul><ul><li>Loan Fraud </li></ul></ul><ul><ul><li>Loss of Data </li></ul></ul><ul><li>Consumer Identity Theft Consequences </li></ul><ul><ul><li>Additional impacts to consumer and business </li></ul></ul><ul><ul><li>Legislation </li></ul></ul>
    18. 18. The Hardest Questions <ul><li>What Data Needs to Be Encrypted </li></ul><ul><ul><li>Data in Motion </li></ul></ul><ul><ul><li>Data at Rest </li></ul></ul><ul><ul><li>How do I determine what needs to be encrypted </li></ul></ul><ul><ul><li>How do I manage the keys </li></ul></ul>
    19. 19. Data In Motion WAN Encrypted text Encrypted text Plain text Plain text Data-in-motion is encrypted as it leaves the source location and is decrypted as it arrives at its destination location
    20. 20. Data At Rest SAN Disk Tape Plain text Plain text Encrypted text Data-at-Rest is concerned with protecting data as it sits at-rest in a database or on a device that is not transversing the network
    21. 21. What Data Should Be Encrypted? <ul><li>Some Considerations </li></ul><ul><ul><li>Has the organization’s data been classified </li></ul></ul><ul><ul><li>How much data is classified as public vs. non-public </li></ul></ul><ul><ul><li>Where is that data stored </li></ul></ul><ul><ul><li>Why type of data needs to be protected (e.g. database information, etc.) </li></ul></ul><ul><ul><li>Is the data duplicated or replicated to a remote site for DR or audit purposes </li></ul></ul><ul><ul><li>How is the data transported or replicated to the remote site </li></ul></ul>
    22. 22. Key Management <ul><li>Where are my keys </li></ul><ul><ul><li>How are the keys created </li></ul></ul><ul><ul><li>Who maintains the keys </li></ul></ul><ul><ul><li>Who has access to the keys </li></ul></ul><ul><ul><li>Vital for at-rest security </li></ul></ul><ul><ul><li>Losing the keys loses the data </li></ul></ul><ul><ul><li>Needs to allow for recovery of data for years </li></ul></ul>
    23. 23. Key Management
    24. 24. Encryption Market Space <ul><li>Encryption Market Space </li></ul><ul><ul><li>Gaining in maturity, still evolving, not all standards have been set </li></ul></ul><ul><ul><li>Key management is a critical component </li></ul></ul><ul><ul><li>Mismanagement of keys could lead to the potential that data could not be restored </li></ul></ul><ul><ul><li>Major players have finally entered market </li></ul></ul><ul><ul><li>Minor players are for the most part small, venture capital firms </li></ul></ul>
    25. 25. Encryption Market Space <ul><li>Encryption Market Space </li></ul>MF WINDOWS <ul><ul><li>Decru/Netapp CipherMax PGP Unylogix Falcon Store Ingrian Vormetric RSA/EMC Veritas/Symantec NBU </li></ul></ul><ul><li>O/S Encryption Options </li></ul><ul><li>Linux/UNIX </li></ul>MegaCryption CA EFS Sun/STK IBM
    26. 26. Encryption Options <ul><li>Software solution </li></ul><ul><ul><li>Application Based Encryption </li></ul></ul><ul><li>Hybrid solution </li></ul><ul><ul><li>Application Aware Encryption </li></ul></ul><ul><li>Hardware solution </li></ul><ul><ul><ul><li>Inline Encryption Appliance </li></ul></ul></ul><ul><li>Tape Drive solution </li></ul><ul><li>O/S Level </li></ul>
    27. 27. Encryption Options <ul><li>Considerations </li></ul><ul><ul><li>What data are you trying to protect </li></ul></ul><ul><ul><li>How much data are you trying to protect </li></ul></ul><ul><ul><li>Where is the data </li></ul></ul><ul><ul><li>Does the data have to move anywhere </li></ul></ul><ul><ul><li>What solution(s) can meet your needs without introducing complexity </li></ul></ul>
    28. 28. Performance Impacts <ul><li>Application </li></ul><ul><ul><li>Database impacts </li></ul></ul><ul><li>CPU </li></ul><ul><ul><li>Software encryption uses CPU cycles </li></ul></ul><ul><li>Network </li></ul><ul><ul><li>Do you need to move data over the network </li></ul></ul><ul><li>Tape Drive </li></ul><ul><ul><li>Compression </li></ul></ul>
    29. 29. Summary <ul><li>Data needs to be protected </li></ul><ul><li>Encryption is one option </li></ul><ul><li>But encrypting data has its challenges </li></ul><ul><li>Consider short term and long term expectations for data protection </li></ul><ul><li>Research is an absolute necessity </li></ul>
    30. 30. ? Questions

    ×