SlideShare a Scribd company logo

CS_GA2009_Paper

Alexandra
Alexandra

The document summarizes a 2009 workshop on cyber security and global affairs. It discusses various approaches to evaluating cryptographic systems, including cryptographic security analysis, mathematical implications, formalized security risk analysis methodologies, and tools for cryptographic protocol analysis. It also proposes a 5-step cryptosystem security assessment process and an ABC model of security threats to develop a mathematical model for evaluating a cryptosystem's resistance to attacks.

1 of 47
Download to read offline
2009 Workshop on Cyber Security and Global Affairs Cryptographic Systems Evaluation Problem Alexandra A. Savelieva Prof. Sergey M. Avdoshin State University – Higher School of Economics, Russia Software Engineering Department
Old Chinese Curse 寧為太平犬, 不做亂世人 * *May you live in interesting times 2 Higher School of Economics - 2009
Data Protection and Financial Chaos Human factor Malicious insiders Fired employees Hardware loss Laptop theft Storage theft And this means good crypto! CIO challenge: how to select an appropriate information security strategy within budget limitations and growing risks of unauthorized access to information assets? 3 Higher School of Economics - 2009
Agenda 1. Analysis of relevant approaches 2. Problem statement 3. Solution 4. Conclusions 4 Higher School of Economics - 2009
Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies Various tools for cryptographic protocols analysis 5 Higher School of Economics - 2009
Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies Various tools for cryptographic protocols analysis 6 Higher School of Economics - 2009
Cryptographic Security Analysis «… it becomes increasingly clear that the term "security" doesn't have meaning unless also you know things like "Secure from whom?" or "Secure for how long?“» 7 Higher School of Economics - 2009
Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies Various tools for cryptographic protocols analysis 8 Higher School of Economics - 2009
Mathematical implications (Bennet S. Yee) Security Measures as Resource Estimates Work Factor Estimates The Security-Through-Obscurity Conundrum The Monty Hall Problem 9 Higher School of Economics - 2009
Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies British CRAMM (by Insight Consulting, Siemens) American RiskWatch (by RiskWatch) Russian GRIF (by Digital Security) Various tools for cryptographic protocols analysis 10 Higher School of Economics - 2009
Formalized security risk analysis: CRAMM A comprehensive risk assessment method with the ability to carry out various functions including: • Pre-defined risk assessments covering generic information systems • BS7799: 2005 Compliance • Production of Security Documentation • Investigation against Standards Drawbacks: • peculiarities of cryptographic systems are not taken into account! 11 Higher School of Economics - 2009
Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies Various tools for cryptographic protocols analysis 12 Higher School of Economics - 2009
Tools for cryptographic protocols analysis Main classes: Deductive methods Static analysis methods State exploration methods Drawbacks: the supposition that cryptographic algorithms satisfy perfect encryption assumptions, so the strength of ciphers remains out of scope 13 Higher School of Economics - 2009
Comparative analysis Economic Adversary Evaluation technique Applicability indicators resourses Cryptographic security analysis + - ± Mathematical implications ± + - (Bennet S. Yee) Formalized security risk analysis - + + Tools for cryptographic protocols analysis ± - - 14 Higher School of Economics - 2009
In our paper, we aim to… formulate the steps of cryptographic systems evaluation process; develop a mathematical model of security threats; design software tools to facilitate the process of cryptosystem efficiency assessment by a computer security specialist; select appropriate economic indicators as a basis to build an economic rationale for investments to cryptographic systems and to provide sound arguments for implementing an information security strategy 15 Higher School of Economics - 2009
Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 16 Higher School of Economics - 2009
ABC-Model of Security Threats Code-Breaker uses “A” for Attack Attack “B” for code-Breaker to break “C” for Cryptosystem Cryptosystem 17 Higher School of Economics - 2009
Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 18 Higher School of Economics - 2009
Classification of cryptosystems Ueli Maurer's idea is to distinguish cryptosystems by the number of keys used for data processing unkeyed single-keyed double-keyed Gilles Brassard's scheme [4] has to do with the secrecy of algorithm • Restricted-use • General 19 Higher School of Economics - 2009
Classification of cryptosystems By secrecy of the algorithm Restricted ▪ General By the number of keys Unkeyed ▪ Single-keyed ▪ Double-keyed ▪ Multiple-keyed By breakability Theoretically unbreakable Provably unbreakable Supposedly unbreakable By the type of key storage Smart-card ▪ e-token ▪ Windows register ▪ File system By the means of implementation Software ▪ Hardware ▪ Software and hardware By certification Certified ▪ Uncertified 20 Higher School of Economics - 2009
Classification of codebreakers Bruce Schneier suggests using motivation as a key parameter to identifying an adversary; this results in the following classification scheme: opportunists: emotional attackers friends and relatives industrial competitors the press lawful governments the police national intelligence organizations 21 Higher School of Economics - 2009
Classification of codebreakers By equipment PC Network Supercomputer By expertise PC user Mathematician Software developer Physicist/electrical engineer Psychologist aware of social engineering techniques By initial knowledge on the cryptosystem User of the cryptosystem Designer of the cryptosystem By final objective Discovering a vulnerability Total break By access Insider Outsider By manpower Individual Team 22 Higher School of Economics - 2009
Classification of Attacks The fundamental classification of attacks by access to plaintext and ciphertext introduced by Kerckhoffs is no longer complete since it does not include a new powerful cryptanalysis technique called Side-Channel attacks Are not suitable for cryptoattacks identification! Modern schemes for computer system attack classification Landwehr C.E., Bull A.R. A taxonomy of computer program security flaws, with examples // ACM Computing Surveys, 26(3): p. 211–254, September 1994. Lindqvist U., Jonsson E. How to systematically classify computer security intrusions. // IEEE Symposium on Security and Privacy, p. 154–163, Los Alamitos, CA, 1997. Paulauskas N., Garsva E. Computer System Attack Classification // Electronics and Electrical Engineering 2006. nr. 2(66) Weber D. J. A taxonomy of computer intrusions. Master’s thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, June 1998. 23 Higher School of Economics - 2009
Classification of Attacks (1/2) By access to plaintext and ciphertext Ciphertext-only Known-plaintext Chosen-plaintext Adaptive-chosen-plaintext Side-channel By control over the enciphering/deciphering process Passive Active By the outcome Total break Global deduction Instance (local) deduction Information deduction Distinguishing algorithm By the level of automation Manual Semi-automatic Automatic 24 Higher School of Economics - 2009
Classification of Attacks(2/2) By critical amount of resources Memory Time Data By applicability to various ciphers Multi-purpose For a certain type of ciphers For a certain cipher By tools and techniques Mathematics Special-purpose devices taking physical measurements during computations Evolution programming techniques Quantum computers By consequences Breach in confidentiality Breach in integrity Breach in accessibility By parallelizing feasibility Distributed Non-distributed 25 Higher School of Economics - 2009
Classification Schemes Classification of Сryptosystems By secrecy of the algorithm By the number of keys By breakability Classification of Attacks By the type of key storage By critical amount of resources By the means of implementation By applicability to various ciphers By certification By tools and techniques By consequences By parallelizing feasibility By access to plaintext and Classification of Codebreakers ciphertext By equipment By control over the By expertise enciphering/deciphering process By initial knowledge on the By the outcome cryptosystem By the level of automation By final objective By access By manpower 26 Higher School of Economics - 2009
Parametric models of Attacks, Code-Breakers and Cryptosystems • Let Α ⊆ A1 × A2 × ... × A9 be a set of parametric models of attacks, where Aj ( j = 1, 9) represents a domain for the i - th parameter as per our taxonomy; a ∈ Α • Let Β ⊆ B1 × B2 × ... × B6 be a set of parametric models of codebreakers, where B j ( j = 1, 6) represents a domain for the j - th parameter as per our taxonomy; b ∈ Β • Let ⊆ C 1 × C 2 × ... × C 6 be a set of parametric models of cryptosystems, where C j ( j = 1, 6) represents a domain for the j - th parameter as per our taxonomy; c ∈ 27 Higher School of Economics - 2009
Mathematical Model for Cryptosystem Efficiency Assessment Risk ℜ(a, b, c) = Ι(a, c) ⋅ Ρ(a, b) Impact Probability Ι : Α× → [0; 1] Ρ : Α × Β → [0; 1] Ι(a, c) = min ∏ Ιgh (cg , ah ) h =1,8 g =1,5 Ρ(a, b) = min ∏ Ρth (bt , ah ) h =1,8 t =1,6 Ιgh : Cg ×A → [0; 1], g = 1,5, h = 1,8 h Ρth : Bt × Ah → [0; 1], t = 1, 6, h = 1, 8 Ιgh (c, a ) Ρth (b, a ) Ιgh (c, a ) = Ρth (b, a ) = ∑ Ιgh (ξ, a ) ∑ Ρth (β, a ) ξ ∈C g β ∈Bt Ιgh : C g × Ah → + Ρth : Bt × Ah → + 28 Higher School of Economics - 2009
Efficiency Criterion Satisfied when a cryptosystem that consists of subsystems c ∈ ′ ( ′ ⊆ ) being exposed to codebreakers b ∈ Β′ (Β′ ⊆ Β) can resist the attacks out of the set: Λ= ∪ ∪ ′ λ(b, c) , b ∈B ′ c ∈C where λ(b, c) = {a ∈ Α : ℜ(a,b, c) > θ }, θ ∈ [0; 1] - admissible risk level 30 Higher School of Economics - 2009
Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 31 Higher School of Economics - 2009
Available tools for cryptanalysis C/C++ Multiprecision libraries Mathematical packages Maple and Mathematica 32 Higher School of Economics - 2009
Available tools for cryptanalysis Mathematical packages Maple and Mathematica “+”: unlimited precision “+”: easy-to-program algorithms “-”: extremely low efficiency of number-theoretical computations 33 Higher School of Economics - 2009
Available tools for cryptanalysis C and C++ built-in types have limited precision long – 32 bits long long – 64 bits double: 53 bits – mantissa, 11 bits – characteristic long double: 64 bits – mantissa, 15 bits – characteristic Java has multiprecision capabilities Highly portable Not so efficient 34 Higher School of Economics - 2009
Available tools for cryptanalysis Multiprecision mathematical libraries «+»: high performance «+»: wide range of solutions freely available (LIP, LiDIA, CLN, PARI, GMP, MpNT) 35 Higher School of Economics - 2009
Available tools for cryptanalysis C/C++ Multiprecision libraries Mathematical packages Maple and Mathematica 36 Higher School of Economics - 2009
CRYPTO high-level structure 37 Higher School of Economics - 2009
NTL (a Library for doing Number Theory) Written and maintained mainly by Victor Shoup C++ library High performance Polynomial arithmetic •Lattice reduction Portable outperforms other libraries in terms of big integer operations «-»: lack of algorithms for index-calculus, sieve, factorization 38 Higher School of Economics - 2009
Implementation 39 Higher School of Economics - 2009
Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 40 Higher School of Economics - 2009
ROI, NPV, IRR Metrics Usage* * Source: CSI Computer Crime & Security Survey 2008, http://www.gocsi.com/ 41 Higher School of Economics - 2009
Key Financial Metrics Overview Financial Metric Advantages Drawbacks Lack of trusted methods Return on Investment for calculation Popular with economists (ROI) «Static» indicator Allows to evaluate a project based on costs only Quality factor does not Total Cost of Ownership The costs are assumed to receive attention (TCO) be evaluated throughout «Static» indicator the whole lifecycle of a IT-specific product Popular with economists Time relation is taken into Discounted Cash Flow account Complexity (DCF) Not only costs but all cash flows related to a project are considered 42 Higher School of Economics - 2009
Discounted Cash Flow Net present value (NPV): the sum of the present values of all cash inflows minus the sum of the present values of all cash outflows. The internal rate of return (IRR): (1) the discount rate that equates the sum of the present values of all cash inflows to the sum of the present values of all cash outflows; (2) the discount rate that sets the net present value equal to zero. The internal rate of return measures the investment yield. Profitability index (PI) 43 Higher School of Economics - 2009
Cash flow for a cryptographic system 44 Higher School of Economics - 2009
Investment Efficiency Assessment Example Cost of implementation: 120 000,00 RUR. Value of information: 205 000,00 RUR/YR. Risk reduction: 1 YR - 95%, 2 YR – 70%, 3 YR – 35% Cash flows (annual rate: 20,8%): ■ NPV = 4 574,20 р. ■ IRR = 26,5% ■ PI =1.04 (PI < 1,2%) 45 Higher School of Economics - 2009
Conclusion «As information security is about power and money …, the evaluator should not restrict herself to technical tools like cryptanalysis and information flow, but also apply economic tools» Ross Anderson, Professor in Security Engineering at the University of Cambridge Computer Laboratory 46 Higher School of Economics - 2009
Future work Development of a built-in expert knowledge base to aid in- house cryptographic systems expertise: evaluating the dependency between the parameters of a cryptosystem model and the applicable attacks evaluating the dependency between the parameters of an attacker model and the types of attacks that they are likely to use Design of new algorithms and improving of present methods for factorization and computing discrete logarithms using ‘CRYPTO’ software tools Extending the library to include modern techniques to analyze the security of hash-functions symmetric cryptosystems 47 Higher School of Economics - 2009
Cryptographic Systems Evaluation Problem asavelieva@hse.ru savdoshin@hse.ru

Recommended

Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Ivan Ruchkin
 
Droid echo
Droid echoDroid echo
Droid echo
Athira Asakumar
 
A predictive framework for cyber security analytics using attack graphs
A predictive framework for cyber security analytics using attack graphsA predictive framework for cyber security analytics using attack graphs
A predictive framework for cyber security analytics using attack graphs
IJCNCJournal
 
The Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksThe Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined Networks
Priyanka Aash
 
Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotes
madunix
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4
FRSecure
 
(SACON) Wayne Tufek - chapter five - attacks
(SACON) Wayne Tufek - chapter five - attacks(SACON) Wayne Tufek - chapter five - attacks
(SACON) Wayne Tufek - chapter five - attacks
Priyanka Aash
 

Recommended

Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Eliminating Inter-Domain Vulnerabilities in Cyber-Physical Systems: An Analys...
Ivan Ruchkin
 
Droid echo
Droid echoDroid echo
Droid echo
Athira Asakumar
 
A predictive framework for cyber security analytics using attack graphs
A predictive framework for cyber security analytics using attack graphsA predictive framework for cyber security analytics using attack graphs
A predictive framework for cyber security analytics using attack graphs
IJCNCJournal
 
The Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined NetworksThe Finest Penetration Testing Framework for Software-Defined Networks
The Finest Penetration Testing Framework for Software-Defined Networks
Priyanka Aash
 
Ciss previsionnotes
Ciss previsionnotesCiss previsionnotes
Ciss previsionnotes
madunix
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4Slide Deck CISSP Class Session 4
Slide Deck CISSP Class Session 4
FRSecure
 
(SACON) Wayne Tufek - chapter five - attacks
(SACON) Wayne Tufek - chapter five - attacks(SACON) Wayne Tufek - chapter five - attacks
(SACON) Wayne Tufek - chapter five - attacks
Priyanka Aash
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Digit Oktavianto
 
Predictive cyber security
Predictive cyber securityPredictive cyber security
Predictive cyber security
csandit
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar
Jisoo Park
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
FFRI, Inc.
 
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
FRSecure
 
Machine Learning in Information Security by Mohammed Zuber
Machine Learning in Information Security by Mohammed ZuberMachine Learning in Information Security by Mohammed Zuber
Machine Learning in Information Security by Mohammed Zuber
OWASP Delhi
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
madunix
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic Modules
OnBoard Security, Inc. - a Qualcomm Company
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
Secure Multi-Party Computation
Secure Multi-Party ComputationSecure Multi-Party Computation
Secure Multi-Party Computation
Ashutosh Satapathy
 
Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6
FRSecure
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement
Ram Shankar Siva Kumar
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Dr. Anish Cheriyan (PhD)
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty
 
Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015
Malachi Jones
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurity
idsecconf
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
JacklynTsai
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
theijes
 
Connected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongConnected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go Wrong
OnBoard Security, Inc. - a Qualcomm Company
 
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
IJERD Editor
 
Collabor Tech Talk - Data Encryption 101
Collabor Tech Talk - Data Encryption 101Collabor Tech Talk - Data Encryption 101
Collabor Tech Talk - Data Encryption 101
Collabor Inc.
 
Lcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiLcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigai
Kohei KaiGai
 

More Related Content

What's hot

Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Digit Oktavianto
 
Predictive cyber security
Predictive cyber securityPredictive cyber security
Predictive cyber security
csandit
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar
Jisoo Park
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
FFRI, Inc.
 
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
FRSecure
 
Machine Learning in Information Security by Mohammed Zuber
Machine Learning in Information Security by Mohammed ZuberMachine Learning in Information Security by Mohammed Zuber
Machine Learning in Information Security by Mohammed Zuber
OWASP Delhi
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
madunix
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic Modules
OnBoard Security, Inc. - a Qualcomm Company
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
Secure Multi-Party Computation
Secure Multi-Party ComputationSecure Multi-Party Computation
Secure Multi-Party Computation
Ashutosh Satapathy
 
Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6
FRSecure
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement
Ram Shankar Siva Kumar
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Dr. Anish Cheriyan (PhD)
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
Raffael Marty
 
Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015
Malachi Jones
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurity
idsecconf
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
JacklynTsai
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
theijes
 
Connected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongConnected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go Wrong
OnBoard Security, Inc. - a Qualcomm Company
 
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
IJERD Editor
 

What's hot (20)

Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
 
Predictive cyber security
Predictive cyber securityPredictive cyber security
Predictive cyber security
 
20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar20160831_app_storesecurity_Seminar
20160831_app_storesecurity_Seminar
 
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
STRIDE Variants and Security Requirements-based Threat Analysis (FFRI Monthly...
 
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 11 – FRSecure CISSP Mentor Program 2017
 
Machine Learning in Information Security by Mohammed Zuber
Machine Learning in Information Security by Mohammed ZuberMachine Learning in Information Security by Mohammed Zuber
Machine Learning in Information Security by Mohammed Zuber
 
Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5Cissp cbk final_exam-answers_v5.5
Cissp cbk final_exam-answers_v5.5
 
Quantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic ModulesQuantum Safety in Certified Cryptographic Modules
Quantum Safety in Certified Cryptographic Modules
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
Secure Multi-Party Computation
Secure Multi-Party ComputationSecure Multi-Party Computation
Secure Multi-Party Computation
 
Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6Slide Deck CISSP Class Session 6
Slide Deck CISSP Class Session 6
 
Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement Strata 2015 Presentation -- Detecting Lateral Movement
Strata 2015 Presentation -- Detecting Lateral Movement
 
Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective Ethical Hacking Conference 2015- Building Secure Products -a perspective
Ethical Hacking Conference 2015- Building Secure Products -a perspective
 
AI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are DangerousAI & ML in Cyber Security - Why Algorithms are Dangerous
AI & ML in Cyber Security - Why Algorithms are Dangerous
 
Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015Cyber_Attack_Forecasting_Jones_2015
Cyber_Attack_Forecasting_Jones_2015
 
Jim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for CybersecurityJim Geovedi - Machine Learning for Cybersecurity
Jim Geovedi - Machine Learning for Cybersecurity
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
 
The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)The International Journal of Engineering and Science (The IJES)
The International Journal of Engineering and Science (The IJES)
 
Connected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go WrongConnected Cars: What Could Possibly Go Wrong
Connected Cars: What Could Possibly Go Wrong
 
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
IJERD(www.ijerd.com)International Journal of Engineering Research and Develop...
 

Viewers also liked

Collabor Tech Talk - Data Encryption 101
Collabor Tech Talk - Data Encryption 101Collabor Tech Talk - Data Encryption 101
Collabor Tech Talk - Data Encryption 101
Collabor Inc.
 
Lcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiLcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigai
Kohei KaiGai
 
Data encryption recommendation
Data encryption recommendationData encryption recommendation
Data encryption recommendation
Chawarong Songserm
 
How to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesHow to find Zero day vulnerabilities
How to find Zero day vulnerabilities
Mohammed A. Imran
 
Security threats and countermeasure in 3 g network
Security threats and countermeasure in 3 g networkSecurity threats and countermeasure in 3 g network
Security threats and countermeasure in 3 g network
mmubashirkhan
 
Encryption technology
Encryption technologyEncryption technology
Encryption technology
Sivakumarraju Gangaraju
 
Cases
CasesCases
Cases
Alexandra
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzing
Vincenzo Iozzo
 
Cryptography
CryptographyCryptography
Cryptography
Darshini Parikh
 

Viewers also liked (9)

Collabor Tech Talk - Data Encryption 101
Collabor Tech Talk - Data Encryption 101Collabor Tech Talk - Data Encryption 101
Collabor Tech Talk - Data Encryption 101
 
Lcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigaiLcj pg sql-lt-kaigai
Lcj pg sql-lt-kaigai
 
Data encryption recommendation
Data encryption recommendationData encryption recommendation
Data encryption recommendation
 
How to find Zero day vulnerabilities
How to find Zero day vulnerabilitiesHow to find Zero day vulnerabilities
How to find Zero day vulnerabilities
 
Security threats and countermeasure in 3 g network
Security threats and countermeasure in 3 g networkSecurity threats and countermeasure in 3 g network
Security threats and countermeasure in 3 g network
 
Encryption technology
Encryption technologyEncryption technology
Encryption technology
 
Cases
CasesCases
Cases
 
0-knowledge fuzzing
0-knowledge fuzzing0-knowledge fuzzing
0-knowledge fuzzing
 
Cryptography
CryptographyCryptography
Cryptography
 

Similar to CS_GA2009_Paper

apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
Mark Curphey
 
Presentación AMIB Los Cabos
Presentación AMIB Los CabosPresentación AMIB Los Cabos
Presentación AMIB Los Cabos
Juan Carlos Carrillo
 
1_Introduction.pdf
1_Introduction.pdf1_Introduction.pdf
1_Introduction.pdf
ssuserfb92ae
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Shakeel Ali
 
Security testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingSecurity testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration Testing
Haribabu Nandyal Padmanaban
 
New threats to cyber-security
New threats to cyber-securityNew threats to cyber-security
New threats to cyber-security
Mark Sherman
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
Simone Onofri
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
Kim Hammar
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
Kim Hammar
 
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Shakas Technologies
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
IBM Security
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
Marco Morana
 
Role of AI in Cybersecurity For Empowering Cyber Defenders
Role of AI in Cybersecurity For Empowering Cyber DefendersRole of AI in Cybersecurity For Empowering Cyber Defenders
Role of AI in Cybersecurity For Empowering Cyber Defenders
Metafic
 
Harnessing AI in Cybersecurity: Defending the Digital Realm
Harnessing AI in Cybersecurity: Defending the Digital RealmHarnessing AI in Cybersecurity: Defending the Digital Realm
Harnessing AI in Cybersecurity: Defending the Digital Realm
Metafic
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
AHM Pervej Kabir
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
AHM Pervej Kabir
 
Cyber Security Models - CxT Group
Cyber Security Models - CxT GroupCyber Security Models - CxT Group
Cyber Security Models - CxT Group
CXT Group
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET Journal
 
D03302030036
D03302030036D03302030036
D03302030036
theijes
 

Similar to CS_GA2009_Paper (20)

apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
apidays LIVE London 2021 - API Security in Highly Volatile Threat Landscapes ...
 
Software Security in the Real World
Software Security in the Real WorldSoftware Security in the Real World
Software Security in the Real World
 
Presentación AMIB Los Cabos
Presentación AMIB Los CabosPresentación AMIB Los Cabos
Presentación AMIB Los Cabos
 
1_Introduction.pdf
1_Introduction.pdf1_Introduction.pdf
1_Introduction.pdf
 
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
Critical Infrastructure Assessment Techniques to Prevent Threats and Vulnerab...
 
Security testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration TestingSecurity testing fundamentals - must need basics to learn Penetration Testing
Security testing fundamentals - must need basics to learn Penetration Testing
 
New threats to cyber-security
New threats to cyber-securityNew threats to cyber-security
New threats to cyber-security
 
Cyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APTCyber Defense - How to be prepared to APT
Cyber Defense - How to be prepared to APT
 
Self-Learning Systems for Cyber Security
Self-Learning Systems for Cyber SecuritySelf-Learning Systems for Cyber Security
Self-Learning Systems for Cyber Security
 
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
CNSM 2022 - An Online Framework for Adapting Security Policies in Dynamic IT ...
 
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
 
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to KnowDefining Security Intelligence for the Enterprise - What CISOs Need to Know
Defining Security Intelligence for the Enterprise - What CISOs Need to Know
 
Software Security Engineering
Software Security EngineeringSoftware Security Engineering
Software Security Engineering
 
Role of AI in Cybersecurity For Empowering Cyber Defenders
Role of AI in Cybersecurity For Empowering Cyber DefendersRole of AI in Cybersecurity For Empowering Cyber Defenders
Role of AI in Cybersecurity For Empowering Cyber Defenders
 
Harnessing AI in Cybersecurity: Defending the Digital Realm
Harnessing AI in Cybersecurity: Defending the Digital RealmHarnessing AI in Cybersecurity: Defending the Digital Realm
Harnessing AI in Cybersecurity: Defending the Digital Realm
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Software security engineering
Software security engineeringSoftware security engineering
Software security engineering
 
Cyber Security Models - CxT Group
Cyber Security Models - CxT GroupCyber Security Models - CxT Group
Cyber Security Models - CxT Group
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
D03302030036
D03302030036D03302030036
D03302030036
 

CS_GA2009_Paper

  • 1. 2009 Workshop on Cyber Security and Global Affairs Cryptographic Systems Evaluation Problem Alexandra A. Savelieva Prof. Sergey M. Avdoshin State University – Higher School of Economics, Russia Software Engineering Department
  • 2. Old Chinese Curse 寧為太平犬, 不做亂世人 * *May you live in interesting times 2 Higher School of Economics - 2009
  • 3. Data Protection and Financial Chaos Human factor Malicious insiders Fired employees Hardware loss Laptop theft Storage theft And this means good crypto! CIO challenge: how to select an appropriate information security strategy within budget limitations and growing risks of unauthorized access to information assets? 3 Higher School of Economics - 2009
  • 4. Agenda 1. Analysis of relevant approaches 2. Problem statement 3. Solution 4. Conclusions 4 Higher School of Economics - 2009
  • 5. Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies Various tools for cryptographic protocols analysis 5 Higher School of Economics - 2009
  • 6. Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies Various tools for cryptographic protocols analysis 6 Higher School of Economics - 2009
  • 7. Cryptographic Security Analysis «… it becomes increasingly clear that the term "security" doesn't have meaning unless also you know things like "Secure from whom?" or "Secure for how long?“» 7 Higher School of Economics - 2009
  • 8. Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies Various tools for cryptographic protocols analysis 8 Higher School of Economics - 2009
  • 9. Mathematical implications (Bennet S. Yee) Security Measures as Resource Estimates Work Factor Estimates The Security-Through-Obscurity Conundrum The Monty Hall Problem 9 Higher School of Economics - 2009
  • 10. Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies British CRAMM (by Insight Consulting, Siemens) American RiskWatch (by RiskWatch) Russian GRIF (by Digital Security) Various tools for cryptographic protocols analysis 10 Higher School of Economics - 2009
  • 11. Formalized security risk analysis: CRAMM A comprehensive risk assessment method with the ability to carry out various functions including: • Pre-defined risk assessments covering generic information systems • BS7799: 2005 Compliance • Production of Security Documentation • Investigation against Standards Drawbacks: • peculiarities of cryptographic systems are not taken into account! 11 Higher School of Economics - 2009
  • 12. Evaluation Methods Cryptographic Security Analysis Mathematical implications (Bennet S. Yee) Formalized security risk analysis and management methodologies Various tools for cryptographic protocols analysis 12 Higher School of Economics - 2009
  • 13. Tools for cryptographic protocols analysis Main classes: Deductive methods Static analysis methods State exploration methods Drawbacks: the supposition that cryptographic algorithms satisfy perfect encryption assumptions, so the strength of ciphers remains out of scope 13 Higher School of Economics - 2009
  • 14. Comparative analysis Economic Adversary Evaluation technique Applicability indicators resourses Cryptographic security analysis + - ± Mathematical implications ± + - (Bennet S. Yee) Formalized security risk analysis - + + Tools for cryptographic protocols analysis ± - - 14 Higher School of Economics - 2009
  • 15. In our paper, we aim to… formulate the steps of cryptographic systems evaluation process; develop a mathematical model of security threats; design software tools to facilitate the process of cryptosystem efficiency assessment by a computer security specialist; select appropriate economic indicators as a basis to build an economic rationale for investments to cryptographic systems and to provide sound arguments for implementing an information security strategy 15 Higher School of Economics - 2009
  • 16. Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 16 Higher School of Economics - 2009
  • 17. ABC-Model of Security Threats Code-Breaker uses “A” for Attack Attack “B” for code-Breaker to break “C” for Cryptosystem Cryptosystem 17 Higher School of Economics - 2009
  • 18. Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 18 Higher School of Economics - 2009
  • 19. Classification of cryptosystems Ueli Maurer's idea is to distinguish cryptosystems by the number of keys used for data processing unkeyed single-keyed double-keyed Gilles Brassard's scheme [4] has to do with the secrecy of algorithm • Restricted-use • General 19 Higher School of Economics - 2009
  • 20. Classification of cryptosystems By secrecy of the algorithm Restricted ▪ General By the number of keys Unkeyed ▪ Single-keyed ▪ Double-keyed ▪ Multiple-keyed By breakability Theoretically unbreakable Provably unbreakable Supposedly unbreakable By the type of key storage Smart-card ▪ e-token ▪ Windows register ▪ File system By the means of implementation Software ▪ Hardware ▪ Software and hardware By certification Certified ▪ Uncertified 20 Higher School of Economics - 2009
  • 21. Classification of codebreakers Bruce Schneier suggests using motivation as a key parameter to identifying an adversary; this results in the following classification scheme: opportunists: emotional attackers friends and relatives industrial competitors the press lawful governments the police national intelligence organizations 21 Higher School of Economics - 2009
  • 22. Classification of codebreakers By equipment PC Network Supercomputer By expertise PC user Mathematician Software developer Physicist/electrical engineer Psychologist aware of social engineering techniques By initial knowledge on the cryptosystem User of the cryptosystem Designer of the cryptosystem By final objective Discovering a vulnerability Total break By access Insider Outsider By manpower Individual Team 22 Higher School of Economics - 2009
  • 23. Classification of Attacks The fundamental classification of attacks by access to plaintext and ciphertext introduced by Kerckhoffs is no longer complete since it does not include a new powerful cryptanalysis technique called Side-Channel attacks Are not suitable for cryptoattacks identification! Modern schemes for computer system attack classification Landwehr C.E., Bull A.R. A taxonomy of computer program security flaws, with examples // ACM Computing Surveys, 26(3): p. 211–254, September 1994. Lindqvist U., Jonsson E. How to systematically classify computer security intrusions. // IEEE Symposium on Security and Privacy, p. 154–163, Los Alamitos, CA, 1997. Paulauskas N., Garsva E. Computer System Attack Classification // Electronics and Electrical Engineering 2006. nr. 2(66) Weber D. J. A taxonomy of computer intrusions. Master’s thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, June 1998. 23 Higher School of Economics - 2009
  • 24. Classification of Attacks (1/2) By access to plaintext and ciphertext Ciphertext-only Known-plaintext Chosen-plaintext Adaptive-chosen-plaintext Side-channel By control over the enciphering/deciphering process Passive Active By the outcome Total break Global deduction Instance (local) deduction Information deduction Distinguishing algorithm By the level of automation Manual Semi-automatic Automatic 24 Higher School of Economics - 2009
  • 25. Classification of Attacks(2/2) By critical amount of resources Memory Time Data By applicability to various ciphers Multi-purpose For a certain type of ciphers For a certain cipher By tools and techniques Mathematics Special-purpose devices taking physical measurements during computations Evolution programming techniques Quantum computers By consequences Breach in confidentiality Breach in integrity Breach in accessibility By parallelizing feasibility Distributed Non-distributed 25 Higher School of Economics - 2009
  • 26. Classification Schemes Classification of Сryptosystems By secrecy of the algorithm By the number of keys By breakability Classification of Attacks By the type of key storage By critical amount of resources By the means of implementation By applicability to various ciphers By certification By tools and techniques By consequences By parallelizing feasibility By access to plaintext and Classification of Codebreakers ciphertext By equipment By control over the By expertise enciphering/deciphering process By initial knowledge on the By the outcome cryptosystem By the level of automation By final objective By access By manpower 26 Higher School of Economics - 2009
  • 27. Parametric models of Attacks, Code-Breakers and Cryptosystems • Let Α ⊆ A1 × A2 × ... × A9 be a set of parametric models of attacks, where Aj ( j = 1, 9) represents a domain for the i - th parameter as per our taxonomy; a ∈ Α • Let Β ⊆ B1 × B2 × ... × B6 be a set of parametric models of codebreakers, where B j ( j = 1, 6) represents a domain for the j - th parameter as per our taxonomy; b ∈ Β • Let ⊆ C 1 × C 2 × ... × C 6 be a set of parametric models of cryptosystems, where C j ( j = 1, 6) represents a domain for the j - th parameter as per our taxonomy; c ∈ 27 Higher School of Economics - 2009
  • 28. Mathematical Model for Cryptosystem Efficiency Assessment Risk ℜ(a, b, c) = Ι(a, c) ⋅ Ρ(a, b) Impact Probability Ι : Α× → [0; 1] Ρ : Α × Β → [0; 1] Ι(a, c) = min ∏ Ιgh (cg , ah ) h =1,8 g =1,5 Ρ(a, b) = min ∏ Ρth (bt , ah ) h =1,8 t =1,6 Ιgh : Cg ×A → [0; 1], g = 1,5, h = 1,8 h Ρth : Bt × Ah → [0; 1], t = 1, 6, h = 1, 8 Ιgh (c, a ) Ρth (b, a ) Ιgh (c, a ) = Ρth (b, a ) = ∑ Ιgh (ξ, a ) ∑ Ρth (β, a ) ξ ∈C g β ∈Bt Ιgh : C g × Ah → + Ρth : Bt × Ah → + 28 Higher School of Economics - 2009
  • 29. Efficiency Criterion Satisfied when a cryptosystem that consists of subsystems c ∈ ′ ( ′ ⊆ ) being exposed to codebreakers b ∈ Β′ (Β′ ⊆ Β) can resist the attacks out of the set: Λ= ∪ ∪ ′ λ(b, c) , b ∈B ′ c ∈C where λ(b, c) = {a ∈ Α : ℜ(a,b, c) > θ }, θ ∈ [0; 1] - admissible risk level 30 Higher School of Economics - 2009
  • 30. Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 31 Higher School of Economics - 2009
  • 31. Available tools for cryptanalysis C/C++ Multiprecision libraries Mathematical packages Maple and Mathematica 32 Higher School of Economics - 2009
  • 32. Available tools for cryptanalysis Mathematical packages Maple and Mathematica “+”: unlimited precision “+”: easy-to-program algorithms “-”: extremely low efficiency of number-theoretical computations 33 Higher School of Economics - 2009
  • 33. Available tools for cryptanalysis C and C++ built-in types have limited precision long – 32 bits long long – 64 bits double: 53 bits – mantissa, 11 bits – characteristic long double: 64 bits – mantissa, 15 bits – characteristic Java has multiprecision capabilities Highly portable Not so efficient 34 Higher School of Economics - 2009
  • 34. Available tools for cryptanalysis Multiprecision mathematical libraries «+»: high performance «+»: wide range of solutions freely available (LIP, LiDIA, CLN, PARI, GMP, MpNT) 35 Higher School of Economics - 2009
  • 35. Available tools for cryptanalysis C/C++ Multiprecision libraries Mathematical packages Maple and Mathematica 36 Higher School of Economics - 2009
  • 36. CRYPTO high-level structure 37 Higher School of Economics - 2009
  • 37. NTL (a Library for doing Number Theory) Written and maintained mainly by Victor Shoup C++ library High performance Polynomial arithmetic •Lattice reduction Portable outperforms other libraries in terms of big integer operations «-»: lack of algorithms for index-calculus, sieve, factorization 38 Higher School of Economics - 2009
  • 38. Implementation 39 Higher School of Economics - 2009
  • 39. Cryptosystem security assessment process Make conclusions regarding conformity of the system to the organization needs Step 5 Evaluate the cryptosystem’s resistance to the attacks Step 4 Determine the attacks that the cryptosystem is exposed to Step 3 Define the potential attackers Step 2 Define the cryptosystem Step 1 40 Higher School of Economics - 2009
  • 40. ROI, NPV, IRR Metrics Usage* * Source: CSI Computer Crime & Security Survey 2008, http://www.gocsi.com/ 41 Higher School of Economics - 2009
  • 41. Key Financial Metrics Overview Financial Metric Advantages Drawbacks Lack of trusted methods Return on Investment for calculation Popular with economists (ROI) «Static» indicator Allows to evaluate a project based on costs only Quality factor does not Total Cost of Ownership The costs are assumed to receive attention (TCO) be evaluated throughout «Static» indicator the whole lifecycle of a IT-specific product Popular with economists Time relation is taken into Discounted Cash Flow account Complexity (DCF) Not only costs but all cash flows related to a project are considered 42 Higher School of Economics - 2009
  • 42. Discounted Cash Flow Net present value (NPV): the sum of the present values of all cash inflows minus the sum of the present values of all cash outflows. The internal rate of return (IRR): (1) the discount rate that equates the sum of the present values of all cash inflows to the sum of the present values of all cash outflows; (2) the discount rate that sets the net present value equal to zero. The internal rate of return measures the investment yield. Profitability index (PI) 43 Higher School of Economics - 2009
  • 43. Cash flow for a cryptographic system 44 Higher School of Economics - 2009
  • 44. Investment Efficiency Assessment Example Cost of implementation: 120 000,00 RUR. Value of information: 205 000,00 RUR/YR. Risk reduction: 1 YR - 95%, 2 YR – 70%, 3 YR – 35% Cash flows (annual rate: 20,8%): ■ NPV = 4 574,20 р. ■ IRR = 26,5% ■ PI =1.04 (PI < 1,2%) 45 Higher School of Economics - 2009
  • 45. Conclusion «As information security is about power and money …, the evaluator should not restrict herself to technical tools like cryptanalysis and information flow, but also apply economic tools» Ross Anderson, Professor in Security Engineering at the University of Cambridge Computer Laboratory 46 Higher School of Economics - 2009
  • 46. Future work Development of a built-in expert knowledge base to aid in- house cryptographic systems expertise: evaluating the dependency between the parameters of a cryptosystem model and the applicable attacks evaluating the dependency between the parameters of an attacker model and the types of attacks that they are likely to use Design of new algorithms and improving of present methods for factorization and computing discrete logarithms using ‘CRYPTO’ software tools Extending the library to include modern techniques to analyze the security of hash-functions symmetric cryptosystems 47 Higher School of Economics - 2009