crypto visionen ist it sicherheit berhaupt zukunftsicher l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher? PowerPoint Presentation
Download Presentation
Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?

Loading in 2 Seconds...

play fullscreen
1 / 13

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher? - PowerPoint PPT Presentation


  • 205 Views
  • Uploaded on

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?. Burt Kaliski, RSA Laboratories NetworkWorld Security-Tage München, 04. Dezember 2002. Overview. Thinking about cryptography over the next several decades Is IT-Security safe for the future?. Key Size and Space Travel.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
    Presentation Transcript
    1. Crypto-Visionen –ist IT-Sicherheit überhaupt zukunftsicher? Burt Kaliski, RSA Laboratories NetworkWorld Security-Tage München, 04. Dezember 2002

    2. Overview • Thinking about cryptography over the next several decades • Is IT-Security safe for the future?

    3. Key Size and Space Travel • Today, 80-bit minimum (= 1024-bit RSA, 160-bit ECC) • NIST proposes 128-bit minimum (3072-bit RSA, 256-bit ECC) for protecting data beyond the year 2035 • But research could change future comparisons dramatically • Like travel to nearby stars BSI Empfehlung: “Geeignete Krythoalgorithmen” *Anf. § 17 Absatz 1 SigG v. 22.Mai 2001 1024-bit bis zum Jahr 2006 2048-bit ab dem Jahr 2006

    4. The Quantum Effect • Theoretically, a quantum computer can break most if not all PKC, halve symmetric key sizes • Shor’s, Grover’s algorithms • Practically, decades away (?), and incrementally visible • Economic model is uncertain • Yet quantum mechanics surely has other surprises

    5. A World without PKC? • Mental exercise: What if PKC hadn’t been invented? • What if PKC as we know it were broken? • Symmetric cryptography, hash functions still available • Merkle hash-tree signatures a good backup • Quantum cryptography ready for point-to-point

    6. It’s All about Trust • Alice and Bob traditionally have keys • But so far, people don’t do crypto • In practice, computers have our keys • We trust computers to use our keys properly • With enough assurance, symmetric cryptography is sufficient

    7. Proxies Near and Far • Devices are just proxies for user crypto operations • User authenticates, instructs • Device verifies, follows • System trusts based on assurance • PC, PDA, mobile phones, smart card are local proxies, network services are remote • What’s the difference?

    8. Device Security • Physical threats make it harder to trust devices • Secure implementation a major area of crypto research • New paradigms gaining importance: forward security, distributed cryptography

    9. Beyond the Basics • Traditional cryptography has focused on keeping data safe • Emerging cryptography will focus on keeping processes safe • Examples: • Data mining without seeing the data • Auctions without a broker

    10. Safe Utility • Security must be easy to use • Passwords, biometrics, “remote controls” will be essential tools for the user • Focus on safety in general, as in other consumer products. Not just security • Sicher = safe, secure, certain

    11. The Weakest Link • Not key size, quantum, … • People! • IT is an amazing tool for expressing human creativity, and malice • Which will we encourage?

    12. Conclusions • Is IT-Security safe for the future? • As sure as anything else people will do • Cryptography has much more to offer IT • How will you use it?

    13. Contact Information • Burt KaliskiDirector, RSA Laboratoriesbkaliski@rsasecurity.comhttp://www.rsasecurity.com/