Network Security

•Download as PPTX, PDF•

1 like•832 views

Check out Jim Theodoras' slides from a panel he participated in at OFC 2014 this week, as he digs into network security and looks at what opportunities there might be for quantum technologies in the future

Technology

Jim Theodoras
March 2014
Network Security
Where are the holes, and does QKD help?

© 2014 ADVA Optical Networking. All rights reserved.22
• Confidentiality
• Nobody can read content of message.
• Encryption only guarantees confidentiality.
• Integrity
• Modification of message will be detected.
• Encryption does not protect against this.
• Example of breach: Flipping the null bit in IPsec.
• Authenticity
• Verify that I am really connected to whom I expected.
• Encryption does not protect against this.
• Example of breach: Spoofing a receiver to obtain keys.
Cryptographic Goals

© 2014 ADVA Optical Networking. All rights reserved.33
Networks are breached with sideways attacks, not direct or
brute force attacks.
• Example: Masterlock
• 64,000 possible combinations
• A “sideways attack” reduces that to 100 combinations.
• A “backdoor” renders the lock useless (beer can shim)
• Example: Copying Encryption Keys
• If stored in DRAM, keys are vulnerable
• Freeze spray slows down decay in DRAM
• Example:
• A supercomputer that could check 1018 keys/sec would require 1051
years to exhaust 256 bit key space.
• A typical mining rig can brute force 30 billion passwords/sec, cracking
all eight-character passwords in just a few hours.
• Relational data reduces this to mere minutes.
F2o<fa!7S7052C5JavW%G.@uQc/0JymD>CA:lsLZ"P+fU3Js6l@]ie9<A{$L3Nh
Sideways Attacks

© 2014 ADVA Optical Networking. All rights reserved.44
It’s All About the Key, Not the Encryption
• Audi RS4 thefts
• At the time, the hottest car on black
market.
• The car security system was unhackable.
• So, the thieves broke into the owners
home and stole the keys
• Similarly, a major content provider recently disclosed to me:
• After revelations, taps were found everywhere in their network.
• However, after further investigation, no important data lost through taps
or taps alone.
• The important breaches of data were due to compromised keys.
• Keys were compromised in a variety of ways.

© 2014 ADVA Optical Networking. All rights reserved.55
Major Paradigm Shift
Before:
We have to keep data thieves out.
Today:
Assume we are breached and design accordingly.

© 2014 ADVA Optical Networking. All rights reserved.66
So, does QKD help with any of this?
• Cryptographic goals:
• Confidentiality: Makes existing encryption more secure.
• Integrity: You know if someone is listening.
• Authenticity: You do not know who is on the other end.
• Intrusion detection: Reading the key changes it.
• Sidewaysing: Good key entropy
• Compromised keys: Fast generation of new truly random keys.
Quantum Key Distribution?

© 2014 ADVA Optical Networking. All rights reserved.77
Main Takeaways
• Encryption alone does not protect.
• It’s all about the keys.
• You must focus on prevention of sideways attacks.
• With proper key management and entropy, even AES-256 can be
sufficient.
• Design assuming breach already exists.
• QKD is currently the only key system today that meets all needs.

jtheodoras@advaoptical.com
Thank you
IMPORTANT NOTICE
The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content,
material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited.
The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations
of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or
damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by
or in connection with using and/or relying on the information contained in this presentation.
Copyright © for the entire content of this presentation: ADVA Optical Networking.

Speaker: Michael Allen The early Accumulo developers made security a core part of Accumulo's codebase. As the open source community around Accumulo continues to thrive, this talk examines the current state of Accumulo's security features. The talk will detail some exciting developments in the upcoming 1.6 release, which include enhancements around encryption at rest and in motion. We will also take a broader look at new use cases suggesting a wider set of threats, and how current and future work addresses those threats.

From Mirai to Monero – One Year’s Worth of Honeypot Data

DefCamp

Innovative Security Group Official FlyerPaul Mashauri

Living with Determined Attackers MOSI Edition

James '-- Mckinlay

During the Next Generation Network and Data Centre – Now and into the Future ...

Cisco Canada

Rapid changes in the world around us, driven by cloud, mobility and the Internet of Everything, are creating significant opportunities for global organizations. With these environmental changes, the sophistication with which cyber threats and attacks are carried out continues to grow rapidly, and attackers are increasingly able to circumvent traditional security systems. To learn more, please visit our website here: http://www.cisco.com/web/CA/index.html

Running Secure Server Software on Insecure Hardware without a Parachute - RSA...

Nick Sullivan

Competitors ratingsmrdtitram

OVHcloud Startup Program : Découvrir l'écosystème au service des startups

OVHcloud

L’équipe de l’OVHcloud Startup Program France Benelux a organisé, le 05 janvier dernier, son premier meetup online de l’année. Le premier d’une longue série ! Cette première session, animée par Fanny Bouton, Startup Program Leader France Benelux, était l’occasion de découvrir toute l’ampleur de l’écosystème OVHcloud au service des startups au travers de l’OVHcloud Marketplace, l’Open Trusted Cloud Program ou encore avec l’OVHcloud Partner Program. Ce rendez-vous a permis d’échanger directement avec l’ensemble des Program Leaders d’OVHcloud ainsi que nos partenaires tels que La BigAddress, Freelance Stack ou encore SmartGlobal.

The concept of backhauling traffic to a centralized datacenter worked when both users and applications resided there. But, the migration of applications from the data center to the cloud requires organizations to rethink their branch and network architectures. What is the best approach to manage costs, reduce risk, and deliver the best user experience for all your users? Watch this webcast to uncover the five key requirements to overcome these challenges and securely route your branch traffic direct to the cloud.

Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool

Sylvain Martinez

What is an IDS? What is required for a successful implementation and utilisation? IDS can also be used for penetration testing activities, not just for defence purposes. See how! This was presented as part of the FIRST Technical Colloquium 2017 Conference in Mauritius on the 30th of November 2017. Feel free to contact us for more information. If you are reusing some of the slides or their content, can you please reference our website as the source: https://www.elysiumsecurity.com

Cyber Security 4.0 conference 30 November 2016

InfinIT - Innovationsnetværket for it

LoginCat from TekMonks

Rohit Kapoor

Emerging IoT in the Energy Sector

East Midlands Cyber Security Forum

Viewers also liked

Fingerprint recognition using correlationWABCO

Wireless communication using local area networkingWABCO

Japanese presentationLinda Clark

Наш камский кабельщик № 48 2014

79222440410

Brochure Progetto Castello di Parella

Ilaria Scaglia

European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...European-Planning-Conference

Viewers also liked (6)

Fingerprint recognition using correlation

Wireless communication using local area networking

Japanese presentation

Наш камский кабельщик № 48 2014

Brochure Progetto Castello di Parella

European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...

Similar to Network Security

Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Aruba, a Hewlett Packard Enterprise company

CipherCloud Technology Overview: Encryption

CipherCloud

How to Quantum-Secure Optical Networks

ADVA

Trustleap - Mathematically-Proven Unbreakable Security

TWD Industries AG

Scalar Security Roadshow - Ottawa Presentation

Scalar Decisions

Attacking SCADA systems: Story Of SCADASTRANGELOVE

Aleksandr Timorin

Security challenges for IoTWSO2

ADVA ConnectGuard™

ADVA

Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...

APNIC

Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...

APNIC

Encryption authentication access_control_jon greenAruba, a Hewlett Packard Enterprise company

Overcoming the Challenges of Architecting for the Cloud

Zscaler

Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool

Sylvain Martinez

Cyber Security 4.0 conference 30 November 2016

InfinIT - Innovationsnetværket for it

LoginCat from TekMonks

Rohit Kapoor

Emerging IoT in the Energy Sector

East Midlands Cyber Security Forum

terry-gilsenan-pie-operating.10433Terry Gilsenan

Practical White Hat Hacker Training - Introduction to Cyber Security

PRISMA CSI

Basic Network Security_Primer

n|u - The Open Security Community

TrustLeap Multipass - Unbreakable Passwords For Cloud Services

TWD Industries AG

Similar to Network Security (20)

Security intermediate practical cryptography_certs_and 802.1_x_rich langston...

CipherCloud Technology Overview: Encryption

How to Quantum-Secure Optical Networks

Trustleap - Mathematically-Proven Unbreakable Security

Scalar Security Roadshow - Ottawa Presentation

Attacking SCADA systems: Story Of SCADASTRANGELOVE

Security challenges for IoT

ADVA ConnectGuard™

Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...

Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...

Encryption authentication access_control_jon green

Overcoming the Challenges of Architecting for the Cloud

Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool

Cyber Security 4.0 conference 30 November 2016

LoginCat from TekMonks

Emerging IoT in the Energy Sector

terry-gilsenan-pie-operating.10433

Practical White Hat Hacker Training - Introduction to Cyber Security

Basic Network Security_Primer

TrustLeap Multipass - Unbreakable Passwords For Cloud Services

More from ADVA

Industrial optically pumped cesium beam clock

ADVA

The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...

ADVA

Critical network infrastructure is increasingly dependent on precise synchronization and timing. As operators address this need by adding GNSS receivers across their geographically dispersed networks, their infrastructure becomes more and more vulnerable to jamming and spoofing attacks. At PTTI, Nino De Falcis explained how GNSS/GPS-backup-as-a-service (GBaaS) makes timing networks independent from GNSS. With GBaaS, a specialized service provider operates a robust and reliable network, delivering precise and secure timing to critical infrastructure as a backup to highly vulnerable GNSS.

Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock

ADVA

Addressing PNT threats in critical defense infrastructure

ADVA

Precise and assured timing for enterprise networks

ADVA

Introducing Ensemble Cloudlet for on-premises cloud demand

ADVA

ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)

ADVA

Accurate timing is essential for effective operations in today’s data centers. An ePRTC synchronization source can offer the levels of precise synchronization required and remove vulnerability to GNSS outages. With the latest optical timing channel (OTC) technology, PTP-optimized optical transport can be used to distribute accurate timing all the way from the core of the network to the edge. What’s more, this can be delivered through GNSS/GPS-backup-as-a-service (GBaaS), whereby a specialized service provider operates a robust and reliable network, supplying precise and secure timing as a backup to highly vulnerable GNSS. In his ITSF 2022 presentation, Igal Pinhasov explored the value of utilizing GBaaS to provide accurate time for data centers using optical timing channel technology over long distances.

Sync on TAP - Syncing infrastructure with software

ADVA

At ITSF 2022, Ken Hann discussed our new OSA SoftSync™ client software, which adds advanced PTP timing technology to server-hosted applications, and the OSA 5400 M.2, which brings precise timing to COTs servers or even virtual machines. The session outlined how, for a low total cost of ownership, OSA SoftSync™ creates an end-to-end synchronization architecture able to meet the needs of advanced time-critical services. This will be invaluable for 5G, financial institutions, data center networks and other time-critical applications.

Meet stringent latency demands with time-sensitive networking

ADVA

Making networks secure with multi-layer encryption

ADVA

Stephan Lehmann's NetNordic session discussed the most effective encryption methods for safeguarding external network connections against unauthorized access. He debated how the latest technology for encryption at multiple layers can provide a comprehensive state-of-the-art security infrastructure for all connectivity applications, and explored how new solutions are ensuring that data is encrypted without impacting network performance.

Quantum threat: How to protect your optical network

ADVA

Optical networks and the ecodesign tradeoff between climate change mitigation...

ADVA

Trends in next-generation data center interconnects (DCI)

ADVA

Open optical edge connecting mobile access networks

ADVA

Generic optics, developed for applications different from RANs, may not fit the requirements of the mobile transport network. Optical components natively conceived for radio access and based on technologies driven by its requirements (right optics at the right time and the right cost) would accelerate the pace at which RANs are deployed and decrease the relative cost of the optics as part of the total RAN solution. In this session, Jim Zou looked at how emerging innovation is enhancing networking energy efficiency. While today’s solutions focus on high-end performance and end user experience, tomorrow’s infrastructure must also balance energy efficiency with varying traffic loads, and designs focused on sustainability.

Introducing Adva Network Security – a trusted German anchor

ADVA

With its own secure facilities in Germany, Adva Network Security is a specialist security company committed to protecting mission-critical communication networks from cyberattacks. It will complement ADVA’s market-leading networking technology portfolio with proven and approved security controls that meet the highest industry requirements. Working in close collaboration with national security organizations, Adva Network Security will ensure end-to-end network protection for even the most mission-critical connectivity applications, including safeguarding data against quantum computer strikes.

Meet the industry's first pluggable 10G demarcation device

ADVA

Our NIDPlug+™ is the ideal solution for creating demarcation points in space-restricted locations. It's the industry's first pluggable 10Gbit/s demarcation SFP+ device specifically designed to enable high-speed services in the field where it’s not possible to use a traditional device. Consuming less than 2.5 watts and requiring no additional floor space, NIDPlug+™ provides enterprises and communication service providers with the comprehensive management capabilities needed to deliver strict SLA-based Carrier Ethernet.

Introducing ADVA AccessWave25™

ADVA

Our pluggable AccessWave25™ answers the urgent need for higher bandwidth services in mobile X-Haul, cable access and wholesale networks. It gives operators an easy migration path from 10Gbit/s access infrastructure to 25Gbit/s connectivity without a significant increase in footprint or major changes to the existing optical layer. Slotting the AccessWave25™ into any standard-based SFP28 port delivers an instant capacity upgrade without replacing existing demarcation or aggregation devices. Using patent-pending distance optimization technology, the device also extends 25Gbit/s DWDM reach to 40km and its G.metro auto-tuning technology reduces provisioning efforts and simplifies operations.

10G edge technology for outdoor environments

ADVA

Our highly versatile FSP 150-XO106 is a compact and temperature-hardened edge demarcation device that enables communication service providers to deliver 10Gbit/s Carrier Ethernet services in challenging environments. Easily mounted on walls, poles and cell towers and requiring no cabinet or cooling, it's ideal for deployment in space-restricted locations and harsh outdoor conditions. The feature-rich solution includes advanced OAM capabilities, supports precise synchronization and fully integrates with our Ensemble Controller and Packet Director for simple network management.

The quantum age - secure transport networks

ADVA

From leased lines to optical spectrum services

ADVA

With traffic demand growing exponentially and operator margins under extreme pressure, optical spectrum services provide a way to leverage the full value of optical network infrastructure assets. But how do current-generation optical line systems support transparent cross-border interconnection, and what opportunities arise from sharing optical spectrum resources internationally? At NGON & DCI World, Henning Hinderthür and Cornelius Fürst provided answers to these questions and more while demonstrating how extra value can be extracted from deployed networks by using a spectrum-as-a-service approach.

More from ADVA (20)

Industrial optically pumped cesium beam clock

The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...

Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock

Addressing PNT threats in critical defense infrastructure

Precise and assured timing for enterprise networks

Introducing Ensemble Cloudlet for on-premises cloud demand

ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)

Sync on TAP - Syncing infrastructure with software

Meet stringent latency demands with time-sensitive networking

Making networks secure with multi-layer encryption

Quantum threat: How to protect your optical network

Optical networks and the ecodesign tradeoff between climate change mitigation...

Trends in next-generation data center interconnects (DCI)

Open optical edge connecting mobile access networks

Introducing Adva Network Security – a trusted German anchor

Meet the industry's first pluggable 10G demarcation device

Introducing ADVA AccessWave25™

10G edge technology for outdoor environments

The quantum age - secure transport networks

From leased lines to optical spectrum services

Recently uploaded

Assure Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

By Design, not by Accident - Agile Venture Bolzano 2024

Pierluigi Pugliese

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Peter Spielvogel

Building better applications for business users with SAP Fiori. • What is SAP Fiori and why it matters to you • How a better user experience drives measurable business benefits • How to get started with SAP Fiori today • How SAP Fiori elements accelerates application development • How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities • How SAP Fiori paves the way for using AI in SAP apps

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Product School

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Key Trends Shaping the Future of Infrastructure.pdf

Cheryl Hung

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Quantum Computing: Current Landscape and the Future Role of APIs

Vlad Stirbu

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Nexer Digital

Bits & Pixels using AI for Good.........

Alison B. Lowndes

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Recently uploaded (20)

Assure Contact Center Experiences for Your Customers With ThousandEyes

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

Epistemic Interaction - tuning interfaces to provide information for AI support

By Design, not by Accident - Agile Venture Bolzano 2024

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...

Introduction to CHERI technology - Cybersecurity

The Art of the Pitch: WordPress Relationships and Sales

Key Trends Shaping the Future of Infrastructure.pdf

DevOps and Testing slides at DASA Connect

Quantum Computing: Current Landscape and the Future Role of APIs

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

Essentials of Automations: Optimizing FME Workflows with Parameters

Elizabeth Buie - Older adults: Are we really designing for our future selves?

Bits & Pixels using AI for Good.........

How world-class product teams are winning in the AI era by CEO and Founder, P...

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Network Security

1. Jim Theodoras March 2014 Network Security Where are the holes, and does QKD help?

2. © 2014 ADVA Optical Networking. All rights reserved.22 • Confidentiality • Nobody can read content of message. • Encryption only guarantees confidentiality. • Integrity • Modification of message will be detected. • Encryption does not protect against this. • Example of breach: Flipping the null bit in IPsec. • Authenticity • Verify that I am really connected to whom I expected. • Encryption does not protect against this. • Example of breach: Spoofing a receiver to obtain keys. Cryptographic Goals

3. © 2014 ADVA Optical Networking. All rights reserved.33 Networks are breached with sideways attacks, not direct or brute force attacks. • Example: Masterlock • 64,000 possible combinations • A “sideways attack” reduces that to 100 combinations. • A “backdoor” renders the lock useless (beer can shim) • Example: Copying Encryption Keys • If stored in DRAM, keys are vulnerable • Freeze spray slows down decay in DRAM • Example: • A supercomputer that could check 1018 keys/sec would require 1051 years to exhaust 256 bit key space. • A typical mining rig can brute force 30 billion passwords/sec, cracking all eight-character passwords in just a few hours. • Relational data reduces this to mere minutes. F2o<fa!7S7052C5JavW%G.@uQc/0JymD>CA:lsLZ"P+fU3Js6l@]ie9<A{$L3Nh Sideways Attacks

4. © 2014 ADVA Optical Networking. All rights reserved.44 It’s All About the Key, Not the Encryption • Audi RS4 thefts • At the time, the hottest car on black market. • The car security system was unhackable. • So, the thieves broke into the owners home and stole the keys • Similarly, a major content provider recently disclosed to me: • After revelations, taps were found everywhere in their network. • However, after further investigation, no important data lost through taps or taps alone. • The important breaches of data were due to compromised keys. • Keys were compromised in a variety of ways.

6. © 2014 ADVA Optical Networking. All rights reserved.66 So, does QKD help with any of this? • Cryptographic goals: • Confidentiality: Makes existing encryption more secure. • Integrity: You know if someone is listening. • Authenticity: You do not know who is on the other end. • Intrusion detection: Reading the key changes it. • Sidewaysing: Good key entropy • Compromised keys: Fast generation of new truly random keys. Quantum Key Distribution?

7. © 2014 ADVA Optical Networking. All rights reserved.77 Main Takeaways • Encryption alone does not protect. • It’s all about the keys. • You must focus on prevention of sideways attacks. • With proper key management and entropy, even AES-256 can be sufficient. • Design assuming breach already exists. • QKD is currently the only key system today that meets all needs.

8. jtheodoras@advaoptical.com Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA Optical Networking.

Network Security

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (6)

Similar to Network Security

Similar to Network Security (20)

More from ADVA

More from ADVA (20)

Recently uploaded

Recently uploaded (20)

Network Security