crypto visionen ist it sicherheit berhaupt zukunftsicher
Download
Skip this Video
Download Presentation
Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?

Loading in 2 Seconds...

play fullscreen
1 / 13

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher? - PowerPoint PPT Presentation


  • 187 Views
  • Uploaded on

Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?. Burt Kaliski, RSA Laboratories NetworkWorld Security-Tage München, 04. Dezember 2002. Overview. Thinking about cryptography over the next several decades Is IT-Security safe for the future?. Key Size and Space Travel.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Crypto-Visionen – ist IT-Sicherheit überhaupt zukunftsicher?' - DoraAna


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
crypto visionen ist it sicherheit berhaupt zukunftsicher

Crypto-Visionen –ist IT-Sicherheit überhaupt zukunftsicher?

Burt Kaliski, RSA Laboratories

NetworkWorld Security-Tage

München, 04. Dezember 2002

overview
Overview
  • Thinking about cryptography over the next several decades
  • Is IT-Security safe for the future?
key size and space travel
Key Size and Space Travel
  • Today, 80-bit minimum (= 1024-bit RSA, 160-bit ECC)
  • NIST proposes 128-bit minimum (3072-bit RSA, 256-bit ECC) for protecting data beyond the year 2035
  • But research could change future comparisons dramatically
    • Like travel to nearby stars

BSI Empfehlung: “Geeignete Krythoalgorithmen” *Anf. § 17 Absatz 1 SigG v. 22.Mai 2001

1024-bit bis zum Jahr 2006

2048-bit ab dem Jahr 2006

the quantum effect
The Quantum Effect
  • Theoretically, a quantum computer can break most if not all PKC, halve symmetric key sizes
    • Shor’s, Grover’s algorithms
  • Practically, decades away (?), and incrementally visible
  • Economic model is uncertain
  • Yet quantum mechanics surely has other surprises
a world without pkc
A World without PKC?
  • Mental exercise: What if PKC hadn’t been invented?
  • What if PKC as we know it were broken?
  • Symmetric cryptography, hash functions still available
    • Merkle hash-tree signatures a good backup
  • Quantum cryptography ready for point-to-point
it s all about trust
It’s All about Trust
  • Alice and Bob traditionally have keys
  • But so far, people don’t do crypto
  • In practice, computers have our keys
  • We trust computers to use our keys properly
    • With enough assurance, symmetric cryptography is sufficient
proxies near and far
Proxies Near and Far
  • Devices are just proxies for user crypto operations
    • User authenticates, instructs
    • Device verifies, follows
    • System trusts based on assurance
  • PC, PDA, mobile phones, smart card are local proxies, network services are remote
    • What’s the difference?
device security
Device Security
  • Physical threats make it harder to trust devices
  • Secure implementation a major area of crypto research
  • New paradigms gaining importance: forward security, distributed cryptography
beyond the basics
Beyond the Basics
  • Traditional cryptography has focused on keeping data safe
  • Emerging cryptography will focus on keeping processes safe
  • Examples:
    • Data mining without seeing the data
    • Auctions without a broker
safe utility
Safe Utility
  • Security must be easy to use
  • Passwords, biometrics, “remote controls” will be essential tools for the user
  • Focus on safety in general, as in other consumer products. Not just security
    • Sicher = safe, secure, certain
the weakest link
The Weakest Link
  • Not key size, quantum, …
  • People!
  • IT is an amazing tool for expressing human creativity, and malice
  • Which will we encourage?
conclusions
Conclusions
  • Is IT-Security safe for the future?
  • As sure as anything else people will do
  • Cryptography has much more to offer IT
  • How will you use it?
contact information
Contact Information
ad