• Information, channel security, noninterference
• What Is Cryptography?
• Basic Components of Modern Cryptography
• Basic Components of a Public Key Infrastructure
• Risk Factors for Cryptography Systems
• Cryptography Export Restrictions
• Encryption and decryption
• Cryptanalysis and notions of secrecy
• Cyphers and modes of operation
• Key establishment
Information Security – protecting information in potentially hostile environments – is a crucial factor in the growth of information-based processes in industry, business, and administration.
Cryptography is a key technology for achieving information security in communications, computer systems, electronic commerce, and in the emerging information society.
This course covers all relevant topics, ranging from theory to advanced applications. The intended participant includes head of IT deparment, researchers and practitioners.
Secure Multi-Party Computation (MPC) is one of the most powerful tools developed by modern cryptography: it facilitates collaboration among mutually distrusting parties by implementing a virtual trusted party.
Despite the remarkable potential of such a tool, and decades of active research in the theoretical cryptography community, it remains a relatively inaccessible and lesser-known concept outside of this field. Only a handful of resources are available to students and researchers wishing to learn more about MPC.
The editors of this course have assembled a comprehensive body of basic and advanced material on MPC, authored by experts in the field. It will serve as a starting point for those interested in pursuing research related to MPC, whether they are students learning about it for the first time or researchers already working in the area.
The course begins with tutorials introducing the concept of MPC and zero-knowledge proofs, an important theoretical platform where many of the concepts central to MPC were shaped. In addition, teh course deals with classical as well as recent MPC protocols, and a variety of related topics.
Modern electronic cryptosystems use complex mathematical algorithms and other techniques and mechanisms to provide network and information security. Cryptography-based security technologies commonly use one or more of the following basic components to provide security functions:
• Encryption algorithms
• Message digest functions
• Hashed Message Authentication Code (HMAC) functions
• Secret key exchange algorithms
• Digital signatures
Windows 2000 distributed security technologies use these components of cryptology for a variety of security functions. For more information about how these components are used with security technologies in Windows 2000, see the appropriate sections of the following publications:
• Microsoft ® Windows ® 2000 Professional Resource Kit
• Microsoft ® Windows ® 2000 Server Resource Kit
• Windows 2000 Server Help
• Microsoft ® Platform Software Development Kit
There is no simple formula for determining how safe a specific cryptosystem is from attacks and potential security compromises. However, the following factors affect the risk of successful attacks on cryptosystems:
• Symmetric key length
• Public key length
• Key lifetimes
• Amount of plaintext known to attackers
• Strength of the security technology implementation
• Randomness of generated keys
• Strength of the security protocols
• Secure storage of private keys
A public key infrastructure (PKI) provides the framework of services, technology, protocols, and standards that enable you to deploy and manage a strong and scalable information security system based on public key technology. The basic components of a public key infrastructure include digital certificates, certificate revocation lists, and certification authorities. Before public key cryptography can be widely used and easily managed on public networks, a public key infrastructure must be in place. Without a public key infrastructure, public key technology is not generally suitable for large-scale enterprise deployment.
This section describes the basic concepts and components of public key infrastructures that are based on the open standards recommended by the Public-Key Infrastructure (X.509) (PKIX) working group of the Internet Engineering Task Force (IETF). PKIX-compliant public key infrastructures can provide a high level of interoperability between public key security products from different vendors. For more information about the components and technology used in the Windows 2000 public key infrastructure.
Cryptography is subject to export restrictions. Some governments, including the United States government, currently place export restrictions on encryption technology. Other governments also place import restrictions on encryption technology. The availability of the encryption technologies that are described in this guide and the actual strength of the encryption that you are allowed to use for security varies according to the export or import restrictions for a specific geographical area.
Windows 2000 and other security products you use might be export-controlled in geographic areas where your organization has offices. If so, security systems are going to be limited in cryptographic strength for those areas. Give cryptography export restrictions careful consideration when you are planning security systems.
In general, products and technology with exportable cryptography provide much less security than the nonexportable versions of the same products and technologies. Exportable security technology usually limits cryptography to much shorter symmetric encryption keys than the key lengths that are allowed for the nonexportable version of the same technology. For example, the nonexportable version of a secure mail product might use bulk encryption keys with a length of 128 bits. However, the bulk encryption keys for the exportable version of the secure mail product might be limited to a key length of 40 bits or 56 bits. Likewise, the nonexportable version of a secure Web browser might support 128-bit encryption for secure Web communications, whereas the exportable version might support only 40-bit or 56-bit secure communications. Shorter encryption keys are much more vulnerable to brute force attacks than are longer keys (keys that are at least 64 bits in length generally provide strong protection against brute force attacks). Therefore, consider using exportable technology only to protect information of relatively low value.
If you provide cryptography-based security between groups that use exportable technology and groups that use nonexportable technology, the cryptographic strength is limited to the lowest common denominator that is supported by both the exportable technology and the nonexportable technology. Security is generally limited by the exportable technology. For example, encrypted secure mail between groups that use exportable cryptography and groups that use nonexportable cryptography is limited to the longest key length supported by the exportable cryptography (for example, 40 bits or 56 bits). You cannot use the exportable technology to read secure mail that was encrypted with an 128-bit key.
Take the current limitations of exportable cryptography into account when developing your security plans. However, note that the cryptographic strength of the available technologies for exportable security products is subject to change when government policies on cryptography export change. The actual strength of the available cryptography technology might change before your security plans are implemented. For the latest information about the cryptography technology available for the products you intend to deploy, contact each applicable vendor.
Cumhuriyet Cad. No:5
Floor 5 - Taksim
Do not hesitate to send your inquiry