1 / 24

Security By Design

Security By Design. Scott A. Vanstone V.P. Cryptographic Research Research in Motion Distinguished Professor Emeritus University of Waterloo. Security by Design. When designing a new telecommunications system it is prudent to make security a fundamental part of the design process.

samara
Download Presentation

Security By Design

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security By Design Scott A. Vanstone V.P. Cryptographic Research Research in Motion Distinguished Professor Emeritus University of Waterloo

  2. Security by Design When designing a new telecommunications system it is prudent to make security a fundamental part of the design process. Addressing security challenges on a global scale

  3. What is Cryptography? • Cryptography is the study of mathematical techniques related to aspects of information security such as: • confidentiality • data integrity • entity authentication • data origin authentication Addressing security challenges on a global scale

  4. What is Cryptography (2) • Cryptography plays a fundamental role in securing information based systems. • Often cryptography (and security in general) is an afterthought and as such it is bolted on after the overall system has been completed. Addressing security challenges on a global scale

  5. Think of the Postal Analogue • You put a letter in an envelope to maintain the integrity of the information in the letter and keep the letter from prying eyes (integrity and encryption). • You put your address in the upper left corner of the envelope to authenticate the sender which is you (authentication). • You sign the letter so that at a later date you cannot say you did not send it. Addressing security challenges on a global scale

  6. The Digital World • We want to mimic all of these services but electronically. • This has been done and done more securely and efficiently than postal mail. • It is all due to the advent of something called “public-key cryptography”. • Canada is and continues to be a leader in this field. Addressing security challenges on a global scale

  7. Symmetric-Key Cryptography secure channel unsecured channel Bob Alice Eve • Communicating parties a priori share secret information. Addressing security challenges on a global scale

  8. Public-Key Cryptography authentic channel unsecured channel Bob Alice Eve • Communicating parties a priori share authentic information. Addressing security challenges on a global scale

  9. Symmetric-Key vs Public-Key • Symmetric-Key has been used for thousands of years. • Public-Key is relatively new dating from 1976. • Public-key cryptography is based on hard mathematical problems. Addressing security challenges on a global scale

  10. Why Symmetric-Key? • Typically very fast for bulk encryption (confidentiality). • The Advanced Encryption Standard (AES) is well accepted as a superior algorithm for symmetric-key. Addressing security challenges on a global scale

  11. Disadvantages of Symmetric Key • Key management can be a serious problem. • Non-repudiation (digital signature) is very difficult to realize. Addressing security challenges on a global scale

  12. Why Public-Key? • One disadvantage of symmetric-key cryptography is key management. • Public-Key provides an efficient method to distribute keys. • Public-key offers a very efficient way to provide non-repudiation. This is one of the great strengths of public-key. Addressing security challenges on a global scale

  13. Disadvantages of Public-Key • Public-key operations require intense mathematical calculations. • They can be thousands of times slower to encrypt data than a well designed symmetric-key scheme. Addressing security challenges on a global scale

  14. Hybrid Schemes • Use symmetric-key schemes to do bulk encryption. • Use public-key techniques to pass keys so that key management is not a problem. Addressing security challenges on a global scale

  15. Digital Signatures • One of the truly great technologies that public-key cryptography can provide. • Handwritten signatures are fixed to the message but not an integral part of the message. • Digital signatures combine the message and private information of the signer. Addressing security challenges on a global scale

  16. Why Elliptic Curve Cryptography (ECC)? • Most security per bit of any known public-key scheme • Ideally suited to constrained environments • Computationally efficient • Bandwidth efficient • Battery efficient • Well studied • Standardized in relevant influential international standards Addressing security challenges on a global scale

  17. Elliptic Curve: y2=x3+ax+b Addressing security challenges on a global scale

  18. Suite B

  19. Suite E for Embedded Systems Addressing security challenges on a global scale

  20. Examples of Security by Design • XM Radio • Blackberry Addressing security challenges on a global scale

  21. XM Radio • XM Radio delivers digital radio to most of North America. • XM approached Certicom in the late 90s to design security into the system from the ground up. Addressing security challenges on a global scale

  22. BlackBerry • RIM built security in from the beginning. • Suite B was running on the device even before the NSA endorsement in 2003. Addressing security challenges on a global scale

  23. Conclusion • There is good security available. • The simple but often forgotten message is: • Design security into the system from the beginning. • Think the design through careful so that you meet your objectives. Addressing security challenges on a global scale

More Related