1 / 8

Public Key Cryptography from the point of view of an Infosec Agency Ansgar Heuser (BSI)

Public Key Cryptography from the point of view of an Infosec Agency Ansgar Heuser (BSI).

rdillard
Download Presentation

Public Key Cryptography from the point of view of an Infosec Agency Ansgar Heuser (BSI)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Cryptographyfrom the point of viewof an Infosec AgencyAnsgar Heuser (BSI)

  2. Does anyone really needpublic key cryptography?- classical key management systems and authentication procedures based on symmetric algorithms are quite convenient to closed user groups (like military networks)- nevertheless: public key cryptography is attractive!

  3. Are we able to master public key cryptography?- thedecade long tradition in development and evaluation of symmetric ciphers turned out to be more or less useless- new people having enough background in e.g. algebraic number theory had to be brought in

  4. A proprietary public key system?- for some idiosyncratic reasons infosec agencies always preferred proprietary solutions- but this time all the efforts failed eventually

  5. Is there anything better than RSA?Yes: ECC (for the well known reasons)

  6. How do we handle ECC today?- wherever in our projects public key cryptography makes sense we will base it on ECC- logarithmic group size: round about 256 bits- the curves are found by counting their points

  7. How do we handle ECC today?- current preeminent projects: - ISDN equipment (ELCRODAT 6-2) - universal crypto controller (PLUTO)- our recommendations of algorithms for digital signatures include RSA as well as ECC

  8. How long will we survive with ECC??- „the principle of hope“: for the time being nobody expects a dramatic breakthrough- in real life implementations we try to introduce an extra margin of security

More Related