Académique Documents
Professionnel Documents
Culture Documents
Brig. P D Gupta
About Me
Brig. Prem Dayal Gupta Military Communicator and Information Warrior Alumnus of Don Bosco, NDA, B.Tech. from JNU, M.Sc. Defense Studies from Madras University and M.Tech. from IIT Delhi 36 years experience in communications Pioneer in running Indias first data network Commanding Officer of Signal Regiment during Kargil war.
Cryptography and Security
2
More About Me
Director of Cryptography and Cryptanalysis Director and DDG of Signal Intelligence Chief Signal Officer Rajhasthan and Gujarat Chief Signal Officer Delhi Just retired as Commander of NCC in Agra FIETE, MCSI and SSI Sharing experiences in cryptographic organizations, key management and cryptanalysis
Cryptography and Security
3
Introduction
Thanks You are all EXTREMELY lucky! Wisest Decision I am not a regular teacher Network Security and Cryptography is a good combination Potential for jobs in both private sector and defense. My offer to coach students interviews for joining defense. Example from the United States.
Cryptography and Security
4
Aim
To share with you all my experiences in the domain of cryptography organizations, key management and introduce you to cryptanalysis
Lesson Objectives
Name some international standard organizations in cryptography? If you are working for an organization making or marketing cryptographic systems for the Government, where will you get it certified? Who is the controller of CAs for PKI systems in India? Name the Indian CAs who can be used for certification if you are managing a PKS in your organization? As SA also responsible for network security. Which are the organizations responsible to deal with network attacks? What is the need to learn cryptanalysis? Name types of cryptanalytic attacks? Back
Layout
Assessment of knowledge Cryptographic scene in India Organizations
International National
Assessment of Knowledge
What is the difference between symmetric and asymmetric ciphers? What is the biggest problem with symmetric ciphers? What does PKI stand for and what are the important areas of its usage? What are the key sizes in DES, AES, Triple DES? Explain Authentication, Confidentiality, Integrity, Non-repudiation and digital signatures? Has anyone read the IT Act 2000? How do you see job potential in the domain of network security, cryptography and cryptanalysis?
Indian Organizations
SAG JCB CCA Department of Electronics and Information Technology, Ministry of Communications and Information Technology CAs
CERT
National Dept/Org/Coyys States
12
Key Management
Person / Cadre / Verification Key generation Distribution of Keys Key management problems / limitations PKI CA/RA Token / SOPs
Cryptanalysis
Difference between decryption and cryptanalysis Cryptanalysis is breaking secure codes Very hard job Cryptanalysis needs algorithms and keys Language How to get Algorithm How to get keys
Brute force Knowledge of text Mathematical/Statistical analysis of keys Timing
14
56 DES
1142 yrs
10.01h
128 AES
15
Differential Cryptanalysis
For DES, 255 reduced to 247 Differential attack is a chosen plain text attack Involves comparing XOR of two inputs to XOR of corresponding outputs to give a differential Differential propagation ratio for each round gives a differential trail.
16
Linear Cryptanalysis
For DES, 255 reduced to 243 A statistical known plaintext attack Estimated linear correlation between plaintext and ciphertext over a large number of samples Try all keys for few known bits Remaining bits by brute force with linear correlation
Conclusion
I expect you to now answer all the questions we set ourselves to be able to answer at the beginning I reiterate my availability to guide all students interested in joining the defense services. Thank you very much. May GOD bless you all in all your good endeavors.
As a SA also responsible for NW security which are the org responsible to deal with NW attacks? What is the need to learn cryptanalysis?
Assess strength /weakness of ciphers Resist an attacker Intelligence collection
CERT
If you are working for an organization making or marketing cryptographic systems for the Government, where will you get it certified ?
SAG for gradation and JCB for keys
Name the Indian CAs who can be used for certification if you are managing a PKS in your organization?
Safescrypt, IDRBT, NIC, TCS, MTNL, GNFC, eMudhra
20
Thank you!
21