Dr. V. Kumar Murty is the CTO of Perfect Cloud Corp. He has extensive experience in information security as a professor at the University of Toronto, with over 100 papers published. The document discusses concepts related to data security including encryption algorithms, identity management, and the importance of both technology and policies for protecting data throughout its lifecycle.

1. Dr. V. Kumar Murty
CTO, Perfect Cloud Corp.
www.perfectcloud.io

2. BIOGRAPHY:
DR. V. KUMAR MURTY !
• CTO, PerfectCloud.io
• Professor and Chair, Department of
Mathematics, University of Toronto
• Director, GANITA Labs, University of
Toronto
• Ph.D. Harvard University
• Fellow of the Royal Society of Canada
• Foreign Fellow of the National Academy
of Sciences (India)
• 100+ papers, 5 books and 2 patents in
Information Security
CTO,
PerfectCloud.io
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

3. SOME ATTRIBUTES
OF DATA
•
Confiden;ality
•
Privacy
•
Iden;ty
•
Reliability
(Data
Integrity)
•
Trust
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

4. FOUR OVERLAPPING THEMES
INFORMATION MANAGEMENT
Security
Trust
Privacy
Identity
CONFIDENTIALITY
SELF-DETERMINATION
ASSURANCE
ATTRIBUTES
GOOD IDENTITY MANAGEMENT STRENGTHENS
SECURITY, PRIVACY AND TRUST!
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

5. PROVISIONING
TOOLS
• Confiden;ality:
Encryp;on
• Privacy:
Access
Control
• Iden;ty:
IDM
• Reliability:
Digital
fingerprints
• Trust:
Digital
signatures
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

6. ENCRYPTION
• Secret
wri;ng
• Symmetric
and
Asymmetric
• Plaintext
+
Secret
Key
is
transformed
to
Ciphertext
• Decryp;on:
Ciphertext
+
Secret
Key
is
transformed
to
Plaintext
• Our
confidence
in
the
security
is
based
on
the
key
being
secret
• Transforma;on
=
Algorithm:
many
kinds
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

7. SOME
ALGORITHMS
• Symmetric:
• AES
• Blowfish
• Asymmetric:
• RSA
• ECC
• HEC
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

8. SYMMETRIC
ENCRYPTION
• Used
for
bulk
encryp;on
• High
speed
algorithms
• Requires
a
shared
secret
(key)
• Challenge
is
in
key
management
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

9. AES
• “Government
grade
encryp;on”
is
a
meaningless
term
• Research
labs
around
the
world
are
chipping
away
at
this
standard
• Security
and
speed
depend
on
the
“mode”
in
which
it
is
used.
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

10. ASYMMETRIC
ENCRYPTION
• Does
not
require
a
shared
secret
(key)
• Encryp;on
and
Decryp;on
keys
are
(in
general)
different
• Methods
are
mathema;cally
sophis;cated
• Not
suitable
for
bulk
encryp;on
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

11. RSA • Security
depends
on
the
difficulty
of
factoring
large
numbers
• Advances
are
constantly
being
made
on
this,
requiring
larger
and
larger
key
sizes
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
conten
tc
oisn
ctoennfit
dise
cno;nafil
den;al

12. ECC
• Ellip;c
curve
cryptography
• Considered
to
be
more
secure
and
for
comparable
size
of
key:
there
is
no
index
calculus
known
for
ellip;c
curves
• Included
now
in
NIST
standards
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

13. THE KEY
IS THE KEY
Strength (security) usually depends on several factors including:
• Size of the key
• Key management: “key under the doormat”
• Security architecture is only as strong as the weakest link.
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

14. TYPICAL
DEPLOYMENT
• A
combina;on
of
both
symmetric
and
asymmetric
methods
• Security
analysis
will
determine
the
size
of
keys
needed
in
each
part
to
make
it
equally
strong
throughout
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

15. THREAT MODEL
• What
are
we
trying
to
protect
against?
• System
architecture
diagram
has
to
be
analyzed
for
points
of
weakness
• Those
points
have
to
be
for;fied
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

16. TECHNOLOGY
IS NOT ENOUGH
• Most
compromises
are
not
of
algorithms
but
social
engineering
• Security
policy
is
at
least
as
important
as
security
technology:
Target
• Also
electro-­‐magne;c
a[acks
(more
difficult
to
protect
against).
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

17. PROTECTING
DATA
• Data has two stages:
• At rest
• In transit
• It has to be secured throughout its
• lifecycle (ILM)
• Security architecture depends on
• Who is managing the data?
• Where does the data reside?
• Who has access to the data?
• Who has access to the keys to the data?
• What sort of encryption is being used?
• How is the key being managed/stored?
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

18. ENCRYPTION IN
PRACTICE
• Keeping data safe is more complex
in practice
• Data at rest
• Encrypted hard drives or directories
• Data in transit
• Encrypted data is usually decrypted
and re-encrypted at each hop
• MITM attacks
• Security of the end devices critical
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

19. SOCIAL
NETWORKS
• Leaks
through
informa;on
voluntarily
exposed
on
social
networks
• Using
Twi[er
to
authen;cate
• Depends
on
cloud-­‐based
servers
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

20. COMMON
ATTACKS
• SQL
Injec;on
• Malware
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

21. IDENTITY
STORES
• Ac;ve
Directory
is
encrypted:
but
key
is
stored
in
the
same
place
• No
one
can
read
your
encrypted
content:
some
devices
that
read
EM
can
penetrate
it
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

22. PERFECT CLOUD
SOLUTION
•
True
zero
knowledge
•
Distributed
key
management
•
User
is
in
control
•
Seamless
and
transparent
provisioning
and
de-­‐provisioning
PerfectCloud.io
This
document
is
the
property
of
PerfectCloud
Corp.
Canada.
Its
content
is
confiden;al

23. THANK YOU!
www.perfectcloud.io