Dr. V. Kumar Murty CTO, Perfect Cloud Corp. www.perfectcloud.io

•  CTO, PerfectCloud.io •  Professor and Chair, Department of

Mathematics, University of Toronto •  Director, GANITA Labs, University of

Toronto •  Ph.D. Harvard University •  Fellow of the Royal Society of Canada •  Foreign Fellow of the National Academy

of Sciences (India) •  100+ papers, 5 books and 2 patents in

Information Security

BIOGRAPHY: DR. V. KUMAR MURTY !

CTO,  PerfectCloud.io  

PerfectCloud.io    This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

SOME ATTRIBUTES OF DATA

•   Confiden;ality  •   Privacy  •   Iden;ty    •   Reliability  (Data  Integrity)  •   Trust  

PerfectCloud.io    This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

FOUR OVERLAPPING THEMES INFORMATION MANAGEMENT

Security

Trust

Privacy

Identity

CONFIDENTIALITY

SELF-DETERMINATION

ASSURANCE    

ATTRIBUTES

GOOD IDENTITY MANAGEMENT STRENGTHENS SECURITY, PRIVACY AND TRUST!

PerfectCloud.io                                                        This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

PROVISIONING

TOOLS •  Confiden;ality:  Encryp;on  •  Privacy:    Access  Control  •  Iden;ty:  IDM  •  Reliability:  Digital  fingerprints  •  Trust:  Digital  signatures  

PerfectCloud.io                        This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

ENCRYPTION •  Secret  wri;ng  •  Symmetric  and  Asymmetric  •  Plaintext  +  Secret  Key  is  transformed  to  Ciphertext  •  Decryp;on:  Ciphertext  +  Secret  Key  is  transformed  to  Plaintext  

•  Our  confidence  in  the  security  is  based  on  the  key  being  secret  

•  Transforma;on  =  Algorithm:  many  kinds  

PerfectCloud.io                          This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

SOME ALGORITHMS

•  Symmetric: •  AES •  Blowfish

•  Asymmetric: •  RSA •  ECC •  HEC

PerfectCloud.io                                        This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

SYMMETRIC ENCRYPTION •  Used  for  bulk  encryp;on  •  High  speed  algorithms  •  Requires  a  shared  secret  (key)  •  Challenge  is  in  key  management  

PerfectCloud.io                      This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

AES

•  “Government  grade  encryp;on”  is  a  meaningless  term  

•  Research  labs  around  the  world  are  chipping  away  at  this  standard  

•  Security  and  speed  depend  on  the  “mode”  in  which  it  is  used.  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

ASYMMETRIC ENCRYPTION •  Does  not  require  a  shared  secret  (key)  

•  Encryp;on  and  Decryp;on  keys  are  (in  general)  different  

• Methods  are  mathema;cally  sophis;cated  

•  Not  suitable  for  bulk  encryp;on  

PerfectCloud.io                                                    This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

RSA •  Security  depends  on  the  difficulty  of  factoring  large  numbers  

•  Advances  are  constantly  being  made  on  this,  requiring  larger  and  larger  key  sizes  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  PerfectCloud.io    This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

ECC

•  Ellip;c  curve  cryptography  •  Considered  to  be  more  secure  and  for  comparable  size  of  key:  there  is  no  index  calculus  known  for  ellip;c  curves  

•  Included  now  in  NIST  standards  

PerfectCloud.io                                          This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al      

THE KEY IS THE KEY Strength (security) usually depends on several factors including: •  Size of the key •  Key management: “key under the doormat” •  Security architecture is only as strong as the weakest link.

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

TYPICAL DEPLOYMENT

•  A  combina;on  of  both  symmetric  and  asymmetric  methods  

•  Security  analysis  will  determine  the  size  of  keys  needed  in  each  part  to  make  it  equally  strong  throughout  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

THREAT MODEL • What  are  we  trying  to  protect  against?  •  System  architecture  diagram  has  to  be  analyzed  for  points  of  weakness  

•  Those  points  have  to  be  for;fied  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

TECHNOLOGY IS NOT ENOUGH • Most  compromises  are  not  of  algorithms  but  social  engineering  

•  Security  policy  is  at  least  as  important  as  security  technology:  Target  

•  Also  electro-­‐magne;c  a[acks  (more  difficult  to  protect  against).  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

PROTECTING DATA

•  Data has two stages: •  At rest •  In transit •  It has to be secured throughout its •  lifecycle (ILM)

•  Security architecture depends on •  Who is managing the data? •  Where does the data reside? •  Who has access to the data? •  Who has access to the keys to the data? •  What sort of encryption is being used? •  How is the key being managed/stored?

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

ENCRYPTION IN

PRACTICE •  Keeping data safe is more complex in practice •  Data at rest •  Encrypted hard drives or directories •  Data in transit •  Encrypted data is usually decrypted

and re-encrypted at each hop •  MITM attacks •  Security of the end devices critical

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

SOCIAL NETWORKS •  Leaks  through  informa;on  voluntarily  exposed  on  social  networks  

•  Using  Twi[er  to  authen;cate  •  Depends  on  cloud-­‐based  servers  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

COMMON ATTACKS

•  SQL  Injec;on  • Malware  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

IDENTITY STORES •  Ac;ve  Directory  is  encrypted:  but  key  is  stored  in  the  same  place  

•  No  one  can  read  your  encrypted  content:  some  devices  that  read  EM  can  penetrate  it  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

PERFECT CLOUD SOLUTION

•   True  zero  knowledge  •   Distributed  key  management  •   User  is  in  control  •   Seamless  and  transparent  provisioning  and  de-­‐provisioning  

PerfectCloud.io                              This  document  is  the  property  of  PerfectCloud  Corp.  Canada.  Its  content  is  confiden;al  

THANK YOU!

www.perfectcloud.io