SlideShare a Scribd company logo

Network Security

Download as PPTX, PDF
ADVA
ADVA

Check out Jim Theodoras' slides from a panel he participated in at OFC 2014 this week, as he digs into network security and looks at what opportunities there might be for quantum technologies in the future

Technology
1 of 8
Jim Theodoras March 2014 Network Security Where are the holes, and does QKD help?
© 2014 ADVA Optical Networking. All rights reserved.22 • Confidentiality • Nobody can read content of message. • Encryption only guarantees confidentiality. • Integrity • Modification of message will be detected. • Encryption does not protect against this. • Example of breach: Flipping the null bit in IPsec. • Authenticity • Verify that I am really connected to whom I expected. • Encryption does not protect against this. • Example of breach: Spoofing a receiver to obtain keys. Cryptographic Goals
© 2014 ADVA Optical Networking. All rights reserved.33 Networks are breached with sideways attacks, not direct or brute force attacks. • Example: Masterlock • 64,000 possible combinations • A “sideways attack” reduces that to 100 combinations. • A “backdoor” renders the lock useless (beer can shim) • Example: Copying Encryption Keys • If stored in DRAM, keys are vulnerable • Freeze spray slows down decay in DRAM • Example: • A supercomputer that could check 1018 keys/sec would require 1051 years to exhaust 256 bit key space. • A typical mining rig can brute force 30 billion passwords/sec, cracking all eight-character passwords in just a few hours. • Relational data reduces this to mere minutes. F2o<fa!7S7052C5JavW%G.@uQc/0JymD>CA:lsLZ"P+fU3Js6l@]ie9<A{$L3Nh Sideways Attacks
© 2014 ADVA Optical Networking. All rights reserved.44 It’s All About the Key, Not the Encryption • Audi RS4 thefts • At the time, the hottest car on black market. • The car security system was unhackable. • So, the thieves broke into the owners home and stole the keys • Similarly, a major content provider recently disclosed to me: • After revelations, taps were found everywhere in their network. • However, after further investigation, no important data lost through taps or taps alone. • The important breaches of data were due to compromised keys. • Keys were compromised in a variety of ways.
© 2014 ADVA Optical Networking. All rights reserved.55 Major Paradigm Shift Before: We have to keep data thieves out. Today: Assume we are breached and design accordingly.
© 2014 ADVA Optical Networking. All rights reserved.66 So, does QKD help with any of this? • Cryptographic goals: • Confidentiality: Makes existing encryption more secure. • Integrity: You know if someone is listening. • Authenticity: You do not know who is on the other end. • Intrusion detection: Reading the key changes it. • Sidewaysing: Good key entropy • Compromised keys: Fast generation of new truly random keys. Quantum Key Distribution?
© 2014 ADVA Optical Networking. All rights reserved.77 Main Takeaways • Encryption alone does not protect. • It’s all about the keys. • You must focus on prevention of sideways attacks. • With proper key management and entropy, even AES-256 can be sufficient. • Design assuming breach already exists. • QKD is currently the only key system today that meets all needs.
jtheodoras@advaoptical.com Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA Optical Networking.

Recommended

Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot Data
DefCamp
 
Innovative Security Group Official Flyer
Innovative Security Group Official FlyerInnovative Security Group Official Flyer
Innovative Security Group Official Flyer
Paul Mashauri
 
Living with Determined Attackers MOSI Edition
Living with Determined Attackers MOSI EditionLiving with Determined Attackers MOSI Edition
Living with Determined Attackers MOSI Edition
James '​-- Mckinlay
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
Cisco Canada
 
Running Secure Server Software on Insecure Hardware without a Parachute - RSA...
Running Secure Server Software on Insecure Hardware without a Parachute - RSA...Running Secure Server Software on Insecure Hardware without a Parachute - RSA...
Running Secure Server Software on Insecure Hardware without a Parachute - RSA...
Nick Sullivan
 
Competitors ratings
Competitors ratingsCompetitors ratings
Competitors ratings
mrdtitram
 
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud
 

Recommended

Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit 2014: Past and Future Threats: Encryption and Security in Acc...
Accumulo Summit
 
From Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot DataFrom Mirai to Monero – One Year’s Worth of Honeypot Data
From Mirai to Monero – One Year’s Worth of Honeypot Data
DefCamp
 
Innovative Security Group Official Flyer
Innovative Security Group Official FlyerInnovative Security Group Official Flyer
Innovative Security Group Official Flyer
Paul Mashauri
 
Living with Determined Attackers MOSI Edition
Living with Determined Attackers MOSI EditionLiving with Determined Attackers MOSI Edition
Living with Determined Attackers MOSI Edition
James '​-- Mckinlay
 
During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...During the Next Generation Network and Data Centre – Now and into the Future ...
During the Next Generation Network and Data Centre – Now and into the Future ...
Cisco Canada
 
Running Secure Server Software on Insecure Hardware without a Parachute - RSA...
Running Secure Server Software on Insecure Hardware without a Parachute - RSA...Running Secure Server Software on Insecure Hardware without a Parachute - RSA...
Running Secure Server Software on Insecure Hardware without a Parachute - RSA...
Nick Sullivan
 
Competitors ratings
Competitors ratingsCompetitors ratings
Competitors ratings
mrdtitram
 
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud Startup Program : Découvrir l'écosystème au service des startups
OVHcloud
 
Fingerprint recognition using correlation
Fingerprint recognition using correlationFingerprint recognition using correlation
Fingerprint recognition using correlation
WABCO
 
Wireless communication using local area networking
Wireless communication using local area networkingWireless communication using local area networking
Wireless communication using local area networking
WABCO
 
Japanese presentation
Japanese presentationJapanese presentation
Japanese presentation
Linda Clark
 
Наш камский кабельщик № 48 2014
Наш камский кабельщик № 48 2014Наш камский кабельщик № 48 2014
Наш камский кабельщик № 48 2014
79222440410
 
Brochure Progetto Castello di Parella
Brochure Progetto Castello di ParellaBrochure Progetto Castello di Parella
Brochure Progetto Castello di Parella
Ilaria Scaglia
 
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
European-Planning-Conference
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Aruba, a Hewlett Packard Enterprise company
 
CipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: Encryption
CipherCloud
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
ADVA
 
Trustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable SecurityTrustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable Security
TWD Industries AG
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
Scalar Decisions
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Aleksandr Timorin
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
WSO2
 
ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™
ADVA
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
APNIC
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
APNIC
 
Encryption authentication access_control_jon green
Encryption authentication access_control_jon greenEncryption authentication access_control_jon green
Encryption authentication access_control_jon green
Aruba, a Hewlett Packard Enterprise company
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
Zscaler
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Sylvain Martinez
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
Rohit Kapoor
 
Emerging IoT in the Energy Sector
Emerging IoT in the Energy SectorEmerging IoT in the Energy Sector
Emerging IoT in the Energy Sector
East Midlands Cyber Security Forum
 

More Related Content

Viewers also liked

Fingerprint recognition using correlation
Fingerprint recognition using correlationFingerprint recognition using correlation
Fingerprint recognition using correlation
WABCO
 
Wireless communication using local area networking
Wireless communication using local area networkingWireless communication using local area networking
Wireless communication using local area networking
WABCO
 
Japanese presentation
Japanese presentationJapanese presentation
Japanese presentation
Linda Clark
 
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
European-Planning-Conference
 

Viewers also liked (6)

Fingerprint recognition using correlation
Fingerprint recognition using correlationFingerprint recognition using correlation
Fingerprint recognition using correlation
 
Wireless communication using local area networking
Wireless communication using local area networkingWireless communication using local area networking
Wireless communication using local area networking
 
Japanese presentation
Japanese presentationJapanese presentation
Japanese presentation
 
Наш камский кабельщик № 48 2014
Наш камский кабельщик № 48 2014Наш камский кабельщик № 48 2014
Наш камский кабельщик № 48 2014
 
Brochure Progetto Castello di Parella
Brochure Progetto Castello di ParellaBrochure Progetto Castello di Parella
Brochure Progetto Castello di Parella
 
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
European Planning Conference Prague 2015, Intelligent Co-operation - Michail ...
 

Similar to Network Security

Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
WSO2
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433
Terry Gilsenan
 

Similar to Network Security (20)

Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 
CipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: EncryptionCipherCloud Technology Overview: Encryption
CipherCloud Technology Overview: Encryption
 
How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks How to Quantum-Secure Optical Networks
How to Quantum-Secure Optical Networks
 
Trustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable SecurityTrustleap - Mathematically-Proven Unbreakable Security
Trustleap - Mathematically-Proven Unbreakable Security
 
Scalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa PresentationScalar Security Roadshow - Ottawa Presentation
Scalar Security Roadshow - Ottawa Presentation
 
Attacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVEAttacking SCADA systems: Story Of SCADASTRANGELOVE
Attacking SCADA systems: Story Of SCADASTRANGELOVE
 
Security challenges for IoT
Security challenges for IoTSecurity challenges for IoT
Security challenges for IoT
 
ADVA ConnectGuard™
ADVA ConnectGuard™ADVA ConnectGuard™
ADVA ConnectGuard™
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
 
Encryption authentication access_control_jon green
Encryption authentication access_control_jon greenEncryption authentication access_control_jon green
Encryption authentication access_control_jon green
 
Overcoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the CloudOvercoming the Challenges of Architecting for the Cloud
Overcoming the Challenges of Architecting for the Cloud
 
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive toolOpen Source IDS - How to use them as a powerful fee Defensive and Offensive tool
Open Source IDS - How to use them as a powerful fee Defensive and Offensive tool
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
LoginCat from TekMonks
LoginCat from TekMonksLoginCat from TekMonks
LoginCat from TekMonks
 
Emerging IoT in the Energy Sector
Emerging IoT in the Energy SectorEmerging IoT in the Energy Sector
Emerging IoT in the Energy Sector
 
terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433terry-gilsenan-pie-operating.10433
terry-gilsenan-pie-operating.10433
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber Security
 
Basic Network Security_Primer
Basic Network Security_PrimerBasic Network Security_Primer
Basic Network Security_Primer
 
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud ServicesTrustLeap Multipass - Unbreakable Passwords For Cloud Services
TrustLeap Multipass - Unbreakable Passwords For Cloud Services
 

More from ADVA

ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ADVA
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
ADVA
 

More from ADVA (20)

Industrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clockIndustrial optically pumped cesium beam clock
Industrial optically pumped cesium beam clock
 
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
The need for GBaaS as GPS/GNSS is no longer a reliable source for critical PN...
 
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clockIndustry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
Industry's longest holdover with the OSA 3350 SePRC™ optical cesium clock
 
Addressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructureAddressing PNT threats in critical defense infrastructure
Addressing PNT threats in critical defense infrastructure
 
Precise and assured timing for enterprise networks
Precise and assured timing for enterprise networksPrecise and assured timing for enterprise networks
Precise and assured timing for enterprise networks
 
Introducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demandIntroducing Ensemble Cloudlet for on-premises cloud demand
Introducing Ensemble Cloudlet for on-premises cloud demand
 
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
ePRTC in data centers - GNSS-backup-as-a-service (GBaaS)
 
Sync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with softwareSync on TAP - Syncing infrastructure with software
Sync on TAP - Syncing infrastructure with software
 
Meet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networkingMeet stringent latency demands with time-sensitive networking
Meet stringent latency demands with time-sensitive networking
 
Making networks secure with multi-layer encryption
Making networks secure with multi-layer encryptionMaking networks secure with multi-layer encryption
Making networks secure with multi-layer encryption
 
Quantum threat: How to protect your optical network
Quantum threat: How to protect your optical networkQuantum threat: How to protect your optical network
Quantum threat: How to protect your optical network
 
Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...Optical networks and the ecodesign tradeoff between climate change mitigation...
Optical networks and the ecodesign tradeoff between climate change mitigation...
 
Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)Trends in next-generation data center interconnects (DCI)
Trends in next-generation data center interconnects (DCI)
 
Open optical edge connecting mobile access networks
Open optical edge connecting mobile access networksOpen optical edge connecting mobile access networks
Open optical edge connecting mobile access networks
 
Introducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchorIntroducing Adva Network Security – a trusted German anchor
Introducing Adva Network Security – a trusted German anchor
 
Meet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation deviceMeet the industry's first pluggable 10G demarcation device
Meet the industry's first pluggable 10G demarcation device
 
Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™Introducing ADVA AccessWave25™
Introducing ADVA AccessWave25™
 
10G edge technology for outdoor environments
10G edge technology for outdoor environments10G edge technology for outdoor environments
10G edge technology for outdoor environments
 
The quantum age - secure transport networks
The quantum age - secure transport networksThe quantum age - secure transport networks
The quantum age - secure transport networks
 
From leased lines to optical spectrum services
From leased lines to optical spectrum servicesFrom leased lines to optical spectrum services
From leased lines to optical spectrum services
 

Recently uploaded

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 

Recently uploaded (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Network Security

  • 1. Jim Theodoras March 2014 Network Security Where are the holes, and does QKD help?
  • 2. © 2014 ADVA Optical Networking. All rights reserved.22 • Confidentiality • Nobody can read content of message. • Encryption only guarantees confidentiality. • Integrity • Modification of message will be detected. • Encryption does not protect against this. • Example of breach: Flipping the null bit in IPsec. • Authenticity • Verify that I am really connected to whom I expected. • Encryption does not protect against this. • Example of breach: Spoofing a receiver to obtain keys. Cryptographic Goals
  • 3. © 2014 ADVA Optical Networking. All rights reserved.33 Networks are breached with sideways attacks, not direct or brute force attacks. • Example: Masterlock • 64,000 possible combinations • A “sideways attack” reduces that to 100 combinations. • A “backdoor” renders the lock useless (beer can shim) • Example: Copying Encryption Keys • If stored in DRAM, keys are vulnerable • Freeze spray slows down decay in DRAM • Example: • A supercomputer that could check 1018 keys/sec would require 1051 years to exhaust 256 bit key space. • A typical mining rig can brute force 30 billion passwords/sec, cracking all eight-character passwords in just a few hours. • Relational data reduces this to mere minutes. F2o<fa!7S7052C5JavW%G.@uQc/0JymD>CA:lsLZ"P+fU3Js6l@]ie9<A{$L3Nh Sideways Attacks
  • 4. © 2014 ADVA Optical Networking. All rights reserved.44 It’s All About the Key, Not the Encryption • Audi RS4 thefts • At the time, the hottest car on black market. • The car security system was unhackable. • So, the thieves broke into the owners home and stole the keys • Similarly, a major content provider recently disclosed to me: • After revelations, taps were found everywhere in their network. • However, after further investigation, no important data lost through taps or taps alone. • The important breaches of data were due to compromised keys. • Keys were compromised in a variety of ways.
  • 5. © 2014 ADVA Optical Networking. All rights reserved.55 Major Paradigm Shift Before: We have to keep data thieves out. Today: Assume we are breached and design accordingly.
  • 6. © 2014 ADVA Optical Networking. All rights reserved.66 So, does QKD help with any of this? • Cryptographic goals: • Confidentiality: Makes existing encryption more secure. • Integrity: You know if someone is listening. • Authenticity: You do not know who is on the other end. • Intrusion detection: Reading the key changes it. • Sidewaysing: Good key entropy • Compromised keys: Fast generation of new truly random keys. Quantum Key Distribution?
  • 7. © 2014 ADVA Optical Networking. All rights reserved.77 Main Takeaways • Encryption alone does not protect. • It’s all about the keys. • You must focus on prevention of sideways attacks. • With proper key management and entropy, even AES-256 can be sufficient. • Design assuming breach already exists. • QKD is currently the only key system today that meets all needs.
  • 8. jtheodoras@advaoptical.com Thank you IMPORTANT NOTICE The content of this presentation is strictly confidential. ADVA Optical Networking is the exclusive owner or licensee of the content, material, and information in this presentation. Any reproduction, publication or reprint, in whole or in part, is strictly prohibited. The information in this presentation may not be accurate, complete or up to date, and is provided without warranties or representations of any kind, either express or implied. ADVA Optical Networking shall not be responsible for and disclaims any liability for any loss or damages, including without limitation, direct, indirect, incidental, consequential and special damages, alleged to have been caused by or in connection with using and/or relying on the information contained in this presentation. Copyright © for the entire content of this presentation: ADVA Optical Networking.