Encryption Nathan Helton University of Tulsa Tulsa, Oklahoma.
-
Upload
opal-griffin -
Category
Documents
-
view
224 -
download
0
description
Transcript of Encryption Nathan Helton University of Tulsa Tulsa, Oklahoma.
EncryptionEncryption
Nathan HeltonNathan HeltonUniversity of TulsaUniversity of TulsaTulsa, OklahomaTulsa, Oklahoma
• Process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge or a key.
What Is EncryptionWhat Is Encryption
Why Encryption?Why Encryption?
• Helps protects user’s information from malicious people/processes.
• Can protect confidentiality
• Can protect integrity
How is Encryption UsedHow is Encryption Used
• In the News:
– Barracuda Networks
•MD5 salted
How is Encryption UsedHow is Encryption Used
• In the News:
– iPhone
•HW Encryption
How is Encryption UsedHow is Encryption Used
• In the News:
– Somebody messed with Texas
•Public Server
Simplistic ConceptsSimplistic Concepts
• Steganography – “hiding in plain sight”– History– Images
• Substitution / Replacement– Value Specific– Ex. Newspaper Game
• Given a few characters and able toresolve the msg
• Transposition– Location Specific
Common Encryption Common Encryption AlgorithmsAlgorithms
• SSL / TLS – Symmetric Key
• RSA – Factorization and Asymmetric Key
• AES – Transposition and Symmetric Key
AESAES
• Key Expansion• Initial Round• Rounds• Final Round
– SubBytes– ShiftRows– AddRoundKey
Insecure Encryption Insecure Encryption AlgorithmsAlgorithms
DES•Expansion
•Key Mixing
•Substitution
•Permutation
Encryption ProblemsEncryption Problems
Encryption ProblemsEncryption Problems
• Constantly updating and evolving– Testing, Vulnerability Analysis Cycle
• Not 100% effective
• SSL Certificate Theft Example
• The Human Factor
Encryption and SSACEncryption and SSAC
• Policies
– CIA
– Ex. WiFi
General Encryption General Encryption Policy QuestionsPolicy Questions
• Is it allowable for a employee to encrypt their data?– Can they be forced to reveal the encryption key? Upon
termination?• What type of encryption is to be used?
– The latest encryption? – The most secure? – The most tested?
• Should network traffic be encrypted at all times?
• Should Wi-Fi be encrypted?
Encryption Encryption MisunderstoodMisunderstood
• Outdated
• According to the CSI Survey in 2008
– 71% encrypted traffic during transit
– 53% encrypted stored data.
Not Just ComputersNot Just Computers
Keyless Entry on Cars•Most popular version is the KeeLoq•Non-Linear Feedback Shift Register (NLFSR) algorithm used•Uses a 64 bit key and a 32 bit block.•Most systems are networked inside the car.
– IE. Sound system links to the engine control unit•Serious flaws exist to bypass the encryption.
– Side-channel attack• Works on all keyless entry devices that use keyloq
The Future of EncryptionThe Future of Encryption
• Bluetooth– Is stronger encryption needed?
• Ex. Wireless mouse, hands-free for cell phones
• RFID– Currently being pursued
• Emerging Technologies– Also in conjunction with other methods
(Biometrics)
ReferencesReferences
• Researches say they’ve hacked car door locks– http://redtape.msnbc.com/2007/08/researchers-say.html
• How to steal cars (Keeloq)– http://www.cosic.esat.kuleuven.be/keeloq/keeloq-rump.pdf
• Physical Cryptanalysis of KeeLoq Code Hopping Applications– http://eprint.iacr.org/2008/058.pdf
• Policy Based Email Encryption Best Practices– http://www.securityweek.com/best-practices-policy-based-
email-encryption