SlideShare a Scribd company logo

Encryption: Fact and Fiction

PerfectCloud Corp.
PerfectCloud Corp.

Dr. V. Kumar Murty is the CTO of Perfect Cloud Corp. He has extensive experience in information security as a professor at the University of Toronto, with over 100 papers published. The document discusses concepts related to data security including encryption algorithms, identity management, and the importance of both technology and policies for protecting data throughout its lifecycle.

Technology
1 of 23
Download to read offline
Dr. V. Kumar Murty CTO, Perfect Cloud Corp. www.perfectcloud.io
BIOGRAPHY: DR. V. KUMAR MURTY ! • CTO, PerfectCloud.io • Professor and Chair, Department of Mathematics, University of Toronto • Director, GANITA Labs, University of Toronto • Ph.D. Harvard University • Fellow of the Royal Society of Canada • Foreign Fellow of the National Academy of Sciences (India) • 100+ papers, 5 books and 2 patents in Information Security CTO, PerfectCloud.io PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOME ATTRIBUTES OF DATA • Confiden;ality • Privacy • Iden;ty • Reliability (Data Integrity) • Trust PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
FOUR OVERLAPPING THEMES INFORMATION MANAGEMENT Security Trust Privacy Identity CONFIDENTIALITY SELF-DETERMINATION ASSURANCE ATTRIBUTES GOOD IDENTITY MANAGEMENT STRENGTHENS SECURITY, PRIVACY AND TRUST! PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PROVISIONING TOOLS • Confiden;ality: Encryp;on • Privacy: Access Control • Iden;ty: IDM • Reliability: Digital fingerprints • Trust: Digital signatures PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ENCRYPTION • Secret wri;ng • Symmetric and Asymmetric • Plaintext + Secret Key is transformed to Ciphertext • Decryp;on: Ciphertext + Secret Key is transformed to Plaintext • Our confidence in the security is based on the key being secret • Transforma;on = Algorithm: many kinds PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOME ALGORITHMS • Symmetric: • AES • Blowfish • Asymmetric: • RSA • ECC • HEC PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SYMMETRIC ENCRYPTION • Used for bulk encryp;on • High speed algorithms • Requires a shared secret (key) • Challenge is in key management PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
AES • “Government grade encryp;on” is a meaningless term • Research labs around the world are chipping away at this standard • Security and speed depend on the “mode” in which it is used. PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ASYMMETRIC ENCRYPTION • Does not require a shared secret (key) • Encryp;on and Decryp;on keys are (in general) different • Methods are mathema;cally sophis;cated • Not suitable for bulk encryp;on PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
RSA • Security depends on the difficulty of factoring large numbers • Advances are constantly being made on this, requiring larger and larger key sizes PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its This document is the property of PerfectCloud Corp. Canada. Its conten tc oisn ctoennfit dise cno;nafil den;al
ECC • Ellip;c curve cryptography • Considered to be more secure and for comparable size of key: there is no index calculus known for ellip;c curves • Included now in NIST standards PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THE KEY IS THE KEY Strength (security) usually depends on several factors including: • Size of the key • Key management: “key under the doormat” • Security architecture is only as strong as the weakest link. PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
TYPICAL DEPLOYMENT • A combina;on of both symmetric and asymmetric methods • Security analysis will determine the size of keys needed in each part to make it equally strong throughout PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THREAT MODEL • What are we trying to protect against? • System architecture diagram has to be analyzed for points of weakness • Those points have to be for;fied PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
TECHNOLOGY IS NOT ENOUGH • Most compromises are not of algorithms but social engineering • Security policy is at least as important as security technology: Target • Also electro-­‐magne;c a[acks (more difficult to protect against). PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PROTECTING DATA • Data has two stages: • At rest • In transit • It has to be secured throughout its • lifecycle (ILM) • Security architecture depends on • Who is managing the data? • Where does the data reside? • Who has access to the data? • Who has access to the keys to the data? • What sort of encryption is being used? • How is the key being managed/stored? PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
ENCRYPTION IN PRACTICE • Keeping data safe is more complex in practice • Data at rest • Encrypted hard drives or directories • Data in transit • Encrypted data is usually decrypted and re-encrypted at each hop • MITM attacks • Security of the end devices critical PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
SOCIAL NETWORKS • Leaks through informa;on voluntarily exposed on social networks • Using Twi[er to authen;cate • Depends on cloud-­‐based servers PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
COMMON ATTACKS • SQL Injec;on • Malware PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
IDENTITY STORES • Ac;ve Directory is encrypted: but key is stored in the same place • No one can read your encrypted content: some devices that read EM can penetrate it PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
PERFECT CLOUD SOLUTION • True zero knowledge • Distributed key management • User is in control • Seamless and transparent provisioning and de-­‐provisioning PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
THANK YOU! www.perfectcloud.io

Recommended

Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
Christopher Grayson
 
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesCorporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
 
Cloud storage security
Cloud storage securityCloud storage security
Cloud storage security
Pankaj Watekar
 
White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013
Nick Sullivan
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
Scott Behrens
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016
Gareth Davies
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
 
Identity theft- Horowitz Law
Identity theft- Horowitz LawIdentity theft- Horowitz Law
Identity theft- Horowitz Law
Sanford Horowitz
 

Recommended

Introduction to LavaPasswordFactory
Introduction to LavaPasswordFactoryIntroduction to LavaPasswordFactory
Introduction to LavaPasswordFactory
Christopher Grayson
 
Corporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing FeloniesCorporate Espionage without the Hassle of Committing Felonies
Corporate Espionage without the Hassle of Committing Felonies
John Bambenek
 
Cloud storage security
Cloud storage securityCloud storage security
Cloud storage security
Pankaj Watekar
 
White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013White-box Cryptography -BayThreat 2013
White-box Cryptography -BayThreat 2013
Nick Sullivan
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
Scott Behrens
 
Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016Web Application Security - DevFest + GDay George Town 2016
Web Application Security - DevFest + GDay George Town 2016
Gareth Davies
 
Defcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using CryptoDefcon Crypto Village - OPSEC Concerns in Using Crypto
Defcon Crypto Village - OPSEC Concerns in Using Crypto
John Bambenek
 
Identity theft- Horowitz Law
Identity theft- Horowitz LawIdentity theft- Horowitz Law
Identity theft- Horowitz Law
Sanford Horowitz
 
Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
DCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise ApplicationsDCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise Applications
Docker, Inc.
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsSashank Dara
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Cyber security
Cyber securityCyber security
Cyber security
JahirUddinKomol
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
gmaran23
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
ZIONSECURITY
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
lior mazor
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
Newvewm
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 

More Related Content

Similar to Encryption: Fact and Fiction

Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionNicholas Davis
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss PreventionNicholas Davis
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionNicholas Davis
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
Michele Chubirka
 
DCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise ApplicationsDCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise Applications
Docker, Inc.
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsSashank Dara
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
Precisely
 
Cyber security
Cyber securityCyber security
Cyber security
JahirUddinKomol
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
gmaran23
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Michele Chubirka
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
ZIONSECURITY
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
Precisely
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
lior mazor
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
Precisely
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
ST_World
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
Newvewm
 

Similar to Encryption: Fact and Fiction (20)

Lecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss PreventionLecture Data Classification And Data Loss Prevention
Lecture Data Classification And Data Loss Prevention
 
Data Classification And Loss Prevention
Data Classification And Loss PreventionData Classification And Loss Prevention
Data Classification And Loss Prevention
 
Lecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_preventionLecture data classification_and_data_loss_prevention
Lecture data classification_and_data_loss_prevention
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Beware the Firewall My Son: The Workshop
Beware the Firewall My Son: The WorkshopBeware the Firewall My Son: The Workshop
Beware the Firewall My Son: The Workshop
 
DCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise ApplicationsDCSF19 Containerized Databases for Enterprise Applications
DCSF19 Containerized Databases for Enterprise Applications
 
Cryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public CloudsCryptography Challenges for Computational Privacy in Public Clouds
Cryptography Challenges for Computational Privacy in Public Clouds
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Cyber security
Cyber securityCyber security
Cyber security
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015Secure Yourself, Practice what we preach - BSides Austin 2015
Secure Yourself, Practice what we preach - BSides Austin 2015
 
Six steps for securing offshore development
Six steps for securing offshore developmentSix steps for securing offshore development
Six steps for securing offshore development
 
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
Beware the Firewall My Son: The Jaws That Bite, The Claws That Catch!
 
Securing the cloud
Securing the cloudSecuring the cloud
Securing the cloud
 
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
MongoDB .local London 2019: New Encryption Capabilities in MongoDB 4.2: A Dee...
 
Controlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and DataControlling Access to IBM i Systems and Data
Controlling Access to IBM i Systems and Data
 
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021Application security meetup - cloud security best practices 24062021
Application security meetup - cloud security best practices 24062021
 
What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?What Does a Full Featured Security Strategy Look Like?
What Does a Full Featured Security Strategy Look Like?
 
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practicesTrack 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
 
Secure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by PorticorSecure Your AWS Cloud Data by Porticor
Secure Your AWS Cloud Data by Porticor
 

Recently uploaded

Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
SOFTTECHHUB
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 

Recently uploaded (20)

Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 

Encryption: Fact and Fiction

  • 1. Dr. V. Kumar Murty CTO, Perfect Cloud Corp. www.perfectcloud.io
  • 2. BIOGRAPHY: DR. V. KUMAR MURTY ! • CTO, PerfectCloud.io • Professor and Chair, Department of Mathematics, University of Toronto • Director, GANITA Labs, University of Toronto • Ph.D. Harvard University • Fellow of the Royal Society of Canada • Foreign Fellow of the National Academy of Sciences (India) • 100+ papers, 5 books and 2 patents in Information Security CTO, PerfectCloud.io PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 3. SOME ATTRIBUTES OF DATA • Confiden;ality • Privacy • Iden;ty • Reliability (Data Integrity) • Trust PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 4. FOUR OVERLAPPING THEMES INFORMATION MANAGEMENT Security Trust Privacy Identity CONFIDENTIALITY SELF-DETERMINATION ASSURANCE ATTRIBUTES GOOD IDENTITY MANAGEMENT STRENGTHENS SECURITY, PRIVACY AND TRUST! PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 5. PROVISIONING TOOLS • Confiden;ality: Encryp;on • Privacy: Access Control • Iden;ty: IDM • Reliability: Digital fingerprints • Trust: Digital signatures PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 6. ENCRYPTION • Secret wri;ng • Symmetric and Asymmetric • Plaintext + Secret Key is transformed to Ciphertext • Decryp;on: Ciphertext + Secret Key is transformed to Plaintext • Our confidence in the security is based on the key being secret • Transforma;on = Algorithm: many kinds PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 7. SOME ALGORITHMS • Symmetric: • AES • Blowfish • Asymmetric: • RSA • ECC • HEC PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 8. SYMMETRIC ENCRYPTION • Used for bulk encryp;on • High speed algorithms • Requires a shared secret (key) • Challenge is in key management PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 9. AES • “Government grade encryp;on” is a meaningless term • Research labs around the world are chipping away at this standard • Security and speed depend on the “mode” in which it is used. PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 10. ASYMMETRIC ENCRYPTION • Does not require a shared secret (key) • Encryp;on and Decryp;on keys are (in general) different • Methods are mathema;cally sophis;cated • Not suitable for bulk encryp;on PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 11. RSA • Security depends on the difficulty of factoring large numbers • Advances are constantly being made on this, requiring larger and larger key sizes PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its This document is the property of PerfectCloud Corp. Canada. Its conten tc oisn ctoennfit dise cno;nafil den;al
  • 12. ECC • Ellip;c curve cryptography • Considered to be more secure and for comparable size of key: there is no index calculus known for ellip;c curves • Included now in NIST standards PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 13. THE KEY IS THE KEY Strength (security) usually depends on several factors including: • Size of the key • Key management: “key under the doormat” • Security architecture is only as strong as the weakest link. PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 14. TYPICAL DEPLOYMENT • A combina;on of both symmetric and asymmetric methods • Security analysis will determine the size of keys needed in each part to make it equally strong throughout PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 15. THREAT MODEL • What are we trying to protect against? • System architecture diagram has to be analyzed for points of weakness • Those points have to be for;fied PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 16. TECHNOLOGY IS NOT ENOUGH • Most compromises are not of algorithms but social engineering • Security policy is at least as important as security technology: Target • Also electro-­‐magne;c a[acks (more difficult to protect against). PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 17. PROTECTING DATA • Data has two stages: • At rest • In transit • It has to be secured throughout its • lifecycle (ILM) • Security architecture depends on • Who is managing the data? • Where does the data reside? • Who has access to the data? • Who has access to the keys to the data? • What sort of encryption is being used? • How is the key being managed/stored? PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 18. ENCRYPTION IN PRACTICE • Keeping data safe is more complex in practice • Data at rest • Encrypted hard drives or directories • Data in transit • Encrypted data is usually decrypted and re-encrypted at each hop • MITM attacks • Security of the end devices critical PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 19. SOCIAL NETWORKS • Leaks through informa;on voluntarily exposed on social networks • Using Twi[er to authen;cate • Depends on cloud-­‐based servers PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 20. COMMON ATTACKS • SQL Injec;on • Malware PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 21. IDENTITY STORES • Ac;ve Directory is encrypted: but key is stored in the same place • No one can read your encrypted content: some devices that read EM can penetrate it PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al
  • 22. PERFECT CLOUD SOLUTION • True zero knowledge • Distributed key management • User is in control • Seamless and transparent provisioning and de-­‐provisioning PerfectCloud.io This document is the property of PerfectCloud Corp. Canada. Its content is confiden;al