Crypto visionen ist it sicherheit berhaupt zukunftsicher
1 / 13

Crypto-Visionen - PowerPoint PPT Presentation

  • Uploaded on

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?. Burt Kaliski, RSA Laboratories NetworkWorld Security-Tage München, 04. Dezember 2002. Overview. Thinking about cryptography over the next several decades Is IT-Security safe for the future?. Key Size and Space Travel.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Crypto-Visionen ' - DoraAna

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Crypto visionen ist it sicherheit berhaupt zukunftsicher l.jpg

Crypto-Visionen –ist IT-Sicherheit überhaupt zukunftsicher?

Burt Kaliski, RSA Laboratories

NetworkWorld Security-Tage

München, 04. Dezember 2002

Overview l.jpg

  • Thinking about cryptography over the next several decades

  • Is IT-Security safe for the future?

Key size and space travel l.jpg
Key Size and Space Travel

  • Today, 80-bit minimum (= 1024-bit RSA, 160-bit ECC)

  • NIST proposes 128-bit minimum (3072-bit RSA, 256-bit ECC) for protecting data beyond the year 2035

  • But research could change future comparisons dramatically

    • Like travel to nearby stars

BSI Empfehlung: “Geeignete Krythoalgorithmen” *Anf. § 17 Absatz 1 SigG v. 22.Mai 2001

1024-bit bis zum Jahr 2006

2048-bit ab dem Jahr 2006

The quantum effect l.jpg
The Quantum Effect

  • Theoretically, a quantum computer can break most if not all PKC, halve symmetric key sizes

    • Shor’s, Grover’s algorithms

  • Practically, decades away (?), and incrementally visible

  • Economic model is uncertain

  • Yet quantum mechanics surely has other surprises

A world without pkc l.jpg
A World without PKC?

  • Mental exercise: What if PKC hadn’t been invented?

  • What if PKC as we know it were broken?

  • Symmetric cryptography, hash functions still available

    • Merkle hash-tree signatures a good backup

  • Quantum cryptography ready for point-to-point

It s all about trust l.jpg
It’s All about Trust

  • Alice and Bob traditionally have keys

  • But so far, people don’t do crypto

  • In practice, computers have our keys

  • We trust computers to use our keys properly

    • With enough assurance, symmetric cryptography is sufficient

Proxies near and far l.jpg
Proxies Near and Far

  • Devices are just proxies for user crypto operations

    • User authenticates, instructs

    • Device verifies, follows

    • System trusts based on assurance

  • PC, PDA, mobile phones, smart card are local proxies, network services are remote

    • What’s the difference?

Device security l.jpg
Device Security

  • Physical threats make it harder to trust devices

  • Secure implementation a major area of crypto research

  • New paradigms gaining importance: forward security, distributed cryptography

Beyond the basics l.jpg
Beyond the Basics

  • Traditional cryptography has focused on keeping data safe

  • Emerging cryptography will focus on keeping processes safe

  • Examples:

    • Data mining without seeing the data

    • Auctions without a broker

Safe utility l.jpg
Safe Utility

  • Security must be easy to use

  • Passwords, biometrics, “remote controls” will be essential tools for the user

  • Focus on safety in general, as in other consumer products. Not just security

    • Sicher = safe, secure, certain

The weakest link l.jpg
The Weakest Link

  • Not key size, quantum, …

  • People!

  • IT is an amazing tool for expressing human creativity, and malice

  • Which will we encourage?

Conclusions l.jpg

  • Is IT-Security safe for the future?

  • As sure as anything else people will do

  • Cryptography has much more to offer IT

  • How will you use it?

Contact information l.jpg
Contact Information