software (or virus) ✘ Malicious software will Show off Steal things Control things… ✘ In addition, Ransomware also.. Lock the data/system and ask for ransom
Popular Malware Families, https://www.bromium.com/sites/default/files/bromium-report-ransomware.pdf L. Abrams, Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom, http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the- ransom/
SSL2Buy, Symmetric vs. Asymmetric Encryption – What are differences? https://www.ssl2buy.com/wiki/symmetric-vs-asymmetric-encryption-what-are-differences/
early version standard ✘ Prohibited by IETF, Mozilla Firefox ✘ Should NOT be used DES ✘ 1976 FIPS standard ✘ Dispute : S-Box Backdoor ✘ Key length too short ✘ Should NOT be used AES ✘ Current SSL and FIPS standard A. Popov, Prohibiting RC4 Cipher Suites, https://tools.ietf.org/html/rfc7465 A. King, Deprecating the RC4 Cipher, https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ S. Kumar et al., How to Break DES for BC 8,980, http://www.copacobana.org/paper/copacobana_SHARCS2006.pdf Transport Layer Security, https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, https://tools.ietf.org/html/draft-ietf-tls-tls13-11
the key ✘ Use the key to decrypt ✘ Insecure Send key to Server ✘ Better ✘ Need Network Encrypt the key A by some other key B? ✘ Key(AES) to encrypt data ✘ Key(PKey) to encrypt Key(AES)
Key length (N length) should >= 2048 (bits) ✘ Stop using RSA-512 right now ✘ RSA-1024 is vulnerable to super computation resource Using RSA Safely • Z. Wu et al., A Study on The Misuse of RSA in the Field, 2016 • L. Valentaet al., Factoring as a Service, in Financial Cryptography and Data Security,Barbados, 2016
✘ Generate RSA key only in high entropy enviroment Using RSA Safely • Z. Wu et al., A Study on The Misuse of RSA in the Field, 2016 • S. Yileket al., When private keys are public: results from the 2008 DebianOpenSSLvulnerability, in ACM IMC, 2009 • Debian OpenSSL Predictable PRNG, https://github.com/g0tmi1k/debian-ssh • N. Heninger et al., Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, in USENIX, 2012 • A. Everspaugh et al., Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG View Document, IEEE S&P, 2014 • L. Valentaet al., Factoring as a Service, in Financial Cryptography and Data Security, 2016 • D. Boneh, Twenty Years of Attacks on the RSA Cryptosystem, Notices of the AMS, 1999
Popular Malware Families, https://www.bromium.com/sites/default/files/bromium-report-ransomware.pdf 2. L. Abrams, Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom, http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you- pay-the-ransom/ 3. TrendLabs, The Reign of Ransomware, http://www.trendmicro.com/cloud-content/us/pdfs/security- intelligence/reports/rpt-the-reign-of-ransomware.pdf 4. SSL2Buy, Symmetric vs. Asymmetric Encryption – What are differences? , https://www.ssl2buy.com/wiki/symmetric- vs-asymmetric-encryption-what-are-differences/ 5. Ruby OpenSSL::Cipher, http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/Cipher.html 6. Ruby openssl source code, https://github.com/ruby/openssl/blob/master/lib/openssl/cipher.rb 7. A. Popov, Prohibiting RC4 Cipher Suites, https://tools.ietf.org/html/rfc7465 8. A. King, Deprecating the RC4 Cipher, https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ 9. S. Kumar et al., How to Break DES for BC 8,980, http://www.copacobana.org/paper/copacobana_SHARCS2006.pdf 10. Transport Layer Security, https://en.wikipedia.org/wiki/Transport_Layer_Security#Cipher 11. E. Rescorla, The Transport Layer Security (TLS) Protocol Version 1.3, https://tools.ietf.org/html/draft-ietf-tls-tls13-11 12. Z. Wu et al., A Study on The Misuse of RSA in the Field
Financial Cryptography and Data Security,Barbados, 2016 14. S. Yileket al., When private keys are public: results from the 2008 DebianOpenSSLvulnerability, in ACM IMC, 2009 15. Debian OpenSSL Predictable PRNG, https://github.com/g0tmi1k/debian-ssh 16. N. Heninger et al., Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices, in USENIX, 2012 17. A. Everspaugh et al., Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG View Document, IEEE S&P, 2014 18. L. Valentaet al., Factoring as a Service, in Financial Cryptography and Data Security, 2016 19. D. Boneh, Twenty Years of Attacks on the RSA Cryptosystem, Notices of the AMS, 1999 20. Dual EC DRBG 後門事件的歷史發展摘要及雜記, http://ckhung0.blogspot.tw/2014/03/dual-ec-drbg.html 21. J. B. Bos, Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis, Selecting Elliptic Curves for Cryptography