DOCSLIB.ORG

Gartner Information Security Summit 2009 UK 21 September-22 September 2009

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Gartner Information Security Summit 2009 UK 21 September-22 September 2009 Summer is nearly over and we!re all getting back to our offices wondering how the holidays ended so quickly. To get you up and running with security insight, we bring you a collection of articles covering an assortment of themes, from cloud security to multi-enterprise application security. For us, just like for many of you, the next several months are going to be filled with a multitude of events spread worldwide. We!re going to cover BruCON in Belgium, RSA Conference in London and San Francisco, the Storage Expo in London, InfosecWorld in Orlando, just to name a few. If you!d like to arrange a meeting, bring us some products for review or just say hello, drop me a line. Mirko Zorz Editor in Chief Visit the magazine website at www.insecuremag.com (IN)SECURE Magazine contacts Feedback and contributions: Mirko Zorz, Editor in Chief - [email protected] News: Zeljka Zorz, News Editor - [email protected] Marketing: Berislav Kucan, Director of Marketing - [email protected] Distribution (IN)SECURE Magazine can be freely distributed in the form of the original, non modified PDF document. Distribution of modified versions of (IN)SECURE Magazine content is prohibited without the explicit permission from the editor. Copyright HNS Consulting Ltd. 2009. www.insecuremag.com VPN management for Linux networks NCP engineering released a new version of the software- based NCP Secure Enterprise Management System for Linux-based systems. Developed from the ground up to make hybrid IPSec / SSL networks powerful yet easy to manage, the system can plug-and-play with any existing network infrastructure or stand on its own as a new compo- nent. A single administrator is enabled full control over tens- of-thousands of secure connections, policy setting and en- forcement, client updates, configurations and a host of other NAC management activities from one dashboard interface. (www.ncp-e.com) The most physically and cryptographically secure USB flash drive IronKey launched its S200 device for government and enterprise customers, featuring hardened physical se- curity, the latest Cryptochip technology, active anti- malware and enhanced management capabilities. IronKey S200 is the first and only USB flash drive to meet the rigorous government security requirements of FIPS 140-2, Security Level 3. It comes with hardware- based AES 256-bit encryption in CBC mode and it fea- tures the secure management of encryption keys in an amper-resistant and tamper-evident rugged metal case. (www.ironkey.com) www.insecuremag.com !! 5 SmartWorkflow: New security management software blade Check Point announced SmartWorkflow, a new security management software blade that provides customers the option of extending their se- curity infrastructure with policy change management functionality. It enables an automated process of tracking, approving and auditing policy changes within the security management console, minimizing configuration errors and optimizing the integrity of network security. SmartWorkflow includes reporting and auditing capabilities that help customers ensure compliance with corporate policies and regulations. (www.checkpoint.com) Juniper's adaptive threat management solutions for distributed enterprises Juniper Networks Adaptive Threat Management Solutions, based on a dynamic security infrastructure, deliver security at scale that is identity aware and application aware, enabling consistent application delivery and performance across the dis- tributed enterprise - including data center, campus, branch, re- mote and partner/extranet locations. (www.juniper.com) Trend Micro's protection for virtual machines Trend Micro is expanding its virtualization secu- rity portfolio with a content security solution to protect VMware ESX/ESXi environments. Core Protection for Virtual Machines is designed to secure VMware virtual machines, both active and dormant. The product leverages the VMsafe APIs from VMware to offer layered pro- tection through the use of dedicated scanning VMs coordinated with real-time agents within the VM. (www.trendmicro.com) Security code review service for threat identification Comsec Consulting launched CODEFEND, a new ap- plication security service which combines technology and expert human analysis, for Outsourced Security Code Review and Threat Identification. CODEFEND is an on-demand service allowing developers to securely send their non-compiled code to Comsec, where it is analysed for security vulnerabilities and threats. Fusing the latest generation of code analysis tools, custom- ised rules and Comsec's proprietary methodologies, the service delivers more accurate reporting and identifies vulnerabilities not routinely picked up when using a "tool only" approach. (www.comsecglobal.com) www.insecuremag.com !! 6 Splunk 4 supercharges IT search Splunk 4 improves an organization's ability to manage, secure and audit their entire IT infrastructure. Re- architected and supercharged, Splunk 4 has infused IT search with speed and a customizable user interface. It offers users the ability to create custom dashboards for anyone in fewer than five clicks. The release also shatters the speed of previous releases with up to 10x faster search and 2x faster indexing, radically enhancing IT issue resolution times and incident investigations, giving users the power to index terabytes per day and search on massive amounts of IT data to deliver results in seconds on low-cost commodity server hardware. (bit.ly/17x8jx) RSA SecurID software token for iPhone RSA released the RSA SecurID Software Token for iPhone Devices that enables an iPhone to be used as an RSA SecurID authenticator, providing convenient and cost-effective two-factor authentication to enterprise applications and re- sources. The app is now available on the App Store at no charge. The required RSA Se- curID software token seed as well as RSA Authentication Manager - the soft- ware that powers the RSA SecurID system - are both available for purchase worldwide. (www.rsa.com) Sourcefire and Qualys deliver real-time risk analysis Sourcefire and Qualys announced that Sourcefire has become a Qualys Solution Partner and the com- panies have integrated the Sourcefire 3D System with QualysGuard. The combination of Sourcefire and Qualys enables organizations to reduce the number of actionable network threats by leveraging Sourcefire Defense Center to correlate threats detected by Sourcefire's intrusion prevention system (IPS) against host vulnerabilities identified by QualysGuard. (www.qualys.com) Open source project to secure the Domain Name System The OpenDNSSEC project announces the development of open source soft- ware that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security. Industry leaders including .SE, NLNetLabs, Nominet, Kirei, SURFnet, SIDN and John Dickinson have come together to create open source software that prom- ises to make it easier to deploy DNSSEC. The group's primary aim is to further protect the Internet by increasing the security for end-users. (www.opendnssec.org) www.insecuremag.com !! 7 GFI MAX: Remote management and monitoring solution GFI Software launched GFI MAX, a suite of remote management, monitoring and support tools for IT support organizations and MSPs worldwide. Customers can use GFI MAX's real-time systems monitoring, automated daily health checks, asset tracking, patch management, own-brand client reporting and remote support solutions to build recurring revenues, drive down their operating costs and deliver best-of-breed IT support services. (www.gfi.com) Virtual encrypted vaults for secure sharing Overtis Systems launched the VigilancePro Encrypted Vault Manager (EVM), which provides means to en- crypt, store and transmit data using virtual vaults. EVM also provides a way to share information securely on removable media, email and other means. EVM is also available as part of the full VigilancePro endpoint agent. When used as part of a full VigilancePro de- ployment all key management is handled centrally in line with ISO/IEC 11770 best practice. As a result, there is no need to enter passphrases when creating files. (www.overtis.com) Versatile hardware encryption for any computer Addonics announced a 256-bit AES hardware full disk encryption solution for personal comput- ers, servers, rack mounted systems, data stor- age equipment - basically, any computing equipment. CipherChain is a small module the size of a compact flash that can easily and quickly be installed into any system. Since it can be operated under any operating system, Ci- pherChain is a security solution for organizations with legacy systems or in a heterogeneous com- puting environment. (www.addonics.com) jCryption: Javascript HTML form encryption plugin jCryption is a javascript HTML form encryption plugin, which en- crypts the POST/GET-Data that will be sent when you submit a form. It uses the Multiple-precision and Barrett modular reduction libraries for the calculations and jQuery for the rest. Normally if you submit a form and you don't use SSL, your data will be sent in plain text. However, SSL is neither supported by every webhost nor it's easy to install/apply sometimes. With this plug-in you are able to encrypt your data fast and sim- ple. jCryption uses the public-key algorithm of RSA for the encryption. (www.jcryption.org) www.insecuremag.com !! 8 Mobile Guardian Enterprise Edition 6.5 for Mac released CREDANT Technologies released Mobile Guardian
Load more

Recommended publications
  • Public Key Cryptography and RSA Cryptosystem
    EE 418 Network Security and Cryptography Lecture #10 November 1, 2016 RSA and ElGamal Public Key Cryptosystems. Introduction to Key Distribution. Diffie-Hellman Key Distribution. Lecture notes prepared by Professor Radha Poovendran. Tamara Bonaci Department of Electrical Engineering University of Washington, Seattle Outline: 1. Review: Public Key Cryptography { The Discrete logarithm problem { ElGamal cryptosystem 2. Introduction to Key Distribution Problem 3. Diffie-Hellman Key Distribution 1 Review: Public Key Cryptography and RSA Cryptosystem Last lecture, we continued our discussion about public key cryptography. In a public key cryptosystem, there are two keys: a public encryption key, i.e., a key known to everyone and a private decryption key that is kept private and known only to a person whom a ciphertext was intended for. Under a public key cryptosystem, anyone can encrypt a message to send to Alice using her public key, PKA, but only Alice can decrypt the message using her private key SKA. The figure below presents a block diagram of a secure communication using public key cryptosystem. Plaintext Ciphertext Plaintext ENC CHANNEL Ciphertext DEC Bob Alice Public Private key PKA key SKA Fig. 1. Schematic of public key-based encryption and decryption. In this lecture, we will continue our discussion about the ElGamal cryptosystem. In doing so, let's first recall the definition of the discrete logarithm problem. 1.1 The Discrete Logarithm Problem Let's consider the set of integers modulo p, denoted as Zp. The set of integers in Zp that are relatively prime ? ? to p is denoted as Zp. As an example, when p = 13, Z13 = f1; 2; 3; 4; 5; 6; 7; 8; 9; 10; 11; 12g.
    [Show full text]
  • 1 Review: Message Authentication Codes (Macs)
    EE 418 Network Security and Cryptography Lecture #15 November 22, 2016 Message Authentication Codes (MACs). Digital Signatures. Lecture notes prepared by Professor Radha Poovendran. Tamara Bonaci Department of Electrical Engineering University of Washington, Seattle Outline: 1. Review: Message Authentication Codes (MACs) { Review: MAC from Block Cipher: CBC-MAC 2. Introduction to Digital Signatures 3. RSA digital signature scheme 4. ElGamal digital signature scheme 5. Schnoor Digital signature scheme 6. The Digital signature algorithm 1 Review: Message Authentication Codes (MACs) Last time, we started our discussion about message authentication codes (MACs), and we defined a MAC as a code that is appended to a message in order to provide message integrity1. In MACs, communicating parties share a secret key that is used to generate the code, and if a MAC is well-designed, then only a user with the shared key can compute a valid MAC for a given message. Two parties Alice and Bob who share a key K can use a MAC for message integrity as follows (illustrated in Figure 1): 1. Alice computes a MAC for message m as y = MAC(K; m), and sends pair (m; y) through the channel to Bob. 2. Bob receives (m; y). Using the secret key, Bob computes MAC(K; m) and checks y =? MAC(K; m). 3. If y = MAC(K; m), then Bob accepts the message. Otherwise, Bob rejects the message, since the message and MAC are inconsistent. Alice Bob MAC Generation Computes y = MAC(K,m) from secret key K and message m [m, y] MAC Verification Extracts m, computes y’=MAC(K,m) If y + y’ =0, accept the message If y + y’≠ 0, discard the message Fig.
    [Show full text]
  • Social Events
    IFIP/SEC2002 SECURITY IN THE INFORMATION SOCIETY Visions and Perspectives 17th International Conference on Information Security Cairo Marriott Hotel 7-9 May 2002, Cairo, Egypt Cairo University Organized by ÌÇãÚÉ ÇáÞÇåÑÉ Department of Electronics & Electrical Communications Sponsored by Arab Academy for Science & Electronic Research Institute National Telecommunications Institute Technology اﻟﻣﻌﮭد اﻟﻘوﻣﻰ ﻟﻸﺗﺻﺎﻻت ﻣﻌﮭد ﺑﺣوث اﻻﻟﻛﺗروﻧﯾﺎت اﻷﻛﺎدﯾﻣﯾﺔ اﻟﻌرﺑﯾﺔ ﻟﻠﻌﻠوم و اﻟﺗﻛﻧوﻟوﺟﯾﺎ Content Word from Conference President 3 Word from Conference Honorary Chairman 4 Word from Conference Chairman 5 Word from Conference Secretary General 6 Conference Committees 7 Conference Sponsors 9 Conference Destination 10 Conference Venue 13 Technical Program Overview 14 Detailed 15 Tutorials 18 Keynote Speech 20 Kristian Beckman Award 21 Social Events El-Tanoura Troupe 23 Gala Dinner 24 Accommodation 25 Sightseeing Tours and Travel 26 Registration Fees 28 Participant Registration Form 29 Companion Registration Form 30 Hotel Accommodation Form 31 2 Word from Conference President The world is currently witnessing major developments in the field of Information Networks and its applications in all sectors. The Cyberspace is expanding to include individual and institutional activities. This Cyberspace now contains tremendous amount of knowledge, data, and information bases that help in daily transactions. All this necessitates giving due attention to protecting this enormous amount of knowledge, data, and information; and securing individual access to such networks. Meanwhile, development of governmental information systems that will ultimately lead to the “Electronic Government”, makes it essential to lay the foundation for an integrated system in order to safeguard all components of such system. This incorporates networks and access methods to the different information systems, in addition to the protection of the information content itself.
    [Show full text]
  • Intel Capital Technology Day on Silicon Valley Campus
    Fujitsu Labs of America Technology Symposium 2008 Full Circle of Trust: Technology, Economics, and Social Implications of Trust and Security June 18, 2008, Fujitsu Silicon Valley Campus, Sunnyvale, CA Speaker Bio Mr. Hitoshi Matsumoto, President & CEO, Fujitsu Laboratories of America Welcome and Opening Remarks Hitoshi Matsumoto is President & CEO at Fujitsu Laboratories of America and is responsible for advanced IT research activities for Fujitsu as well as strategic alliances and business development in the U.S. Previously, Hitoshi directed various R&D projects, including artificial intelligence, human interface, multimedia systems and Internet services at Fujitsu Laboratories Ltd and Fujitsu Limited (Japan). Mr. Wyatt Starnes, CEO, SignaCert & NIST Board Keynote: “IT in Transition: The Positive Trust Model and Whitelists” Wyatt Starnes has spent more than 30 years in high technology, with eight different startups. He is the Founder and Chief Executive Officer of SignaCert, Inc., a software company focusing on integrity verification for commercial and government enterprises. In addition, he is the Cofounder of RAINS (Regional Alliances for Infrastructure and Network Security), a nonprofit public/private alliance formed to accelerate development, deployment and adoption of innovative technology for homeland security. Prior to SignaCert, he was the Founder, President and CEO of Tripwire, Inc, the world's leading provider of change auditing software. Starnes has also held executive and director positions for Infinite Pictures, Eclipse Technologies, Trisys, Megatest, Data General Corporation, Monolithic Memories and Maruman Integrated Circuits. Mr. Starnes is a former member of the National Institute of Standards and Technology (NIST), Visiting Committee on Advanced Technologies (VCAT) and a member of the Oregon Executive Council of the American Electronics Association (AeA).
    [Show full text]
  • On Forging Elgamal Signature and Other Attacks
    On Forging ElGamal Signature and Other Attacks BY CHAN HlNG CHE A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF PHILOSOPHY DlVISION OF INFORMATION ENGINEERING THE CHINESE UNIVERSITY OF HONG KONG JUNE 2000 Tlie Chinese University of Hong Kong holds the copyright of this thesis. Any person(s) intending to use a part or whole of the materials in the thesis iii a proposed publication must seek copyright release from the Dean ofthe Graduate School. /^I^X ,,/统系馆書1)^^女、 pQjffi m ji ^V~_ERSITY~~i_j WSsUBRAR^^^^Y SYSTEM^® ^ Acknowledgement It is really a challenge for aii engineering student to choose cryptography as the M. Phil thesis. I would like to say thanks to my supervisor, Prof. Victor Wei, guiding and helping rrie to complete this challenge. His knowledge in the cryptography field helps rne a lot in the research. I would waste much time iii reading those cryptographic papers without his kindly guidance and details explanation. Discussion with Prof. Wei always gives me miich inspiration. I lia,ve leanit a lot, during these two years of studying, especially in the thinking nietliod. I would also like to say thanks to Prof. Kwok-wai Cheung and Prof. Kit-ming Yemig for spending their precious time to listen my oral examination. Many thanks to Jimmy Yeiing, Clian Yiii Tong, and Rosaniia Chaii and the colleagues in the Information Integrity Laboratory. Also thanks to iny friends in the Chinese University of Hong Kong. They all give rne rnany unforgettable memories and enjoyable moments in these two years.
    [Show full text]
  • Certificates, Digital Signatures, and the Diffie-Hellman Key Exchange Algorithm Lecture Notes On
    Lecture 13: Certificates, Digital Signatures, and the Diffie-Hellman Key Exchange Algorithm Lecture Notes on “Computer and Network Security” by Avi Kak ([email protected]) March 4, 2021 3:56pm ©2021 Avinash Kak, Purdue University Goals: • Authenticating users and their public keys with certificates signed by Certificate Authorities (CA) • Exchanging session keys with public-key cryptography • X.509 certificates • Perl and Python code for harvesting RSA moduli from X.509 certificates • The Diffie-Hellman algorithm for exchanging session keys • The ElGamal digital signature algorithm • Can the certificates issued by CAs be forged? CONTENTS Section Title Page 13.1 Using Public Keys to Exchange 3 Secret Session Keys 13.2 A Direct Key Exchange Protocol 6 13.3 Certificate Authorities for 9 Authenticating Your Public Key 13.3.1 Using Authenticated Public Keys to 17 Exchange a Secret Session Key 13.4 The X.509 Certificate Format Standard 19 for Public-Key Infrastructure (PKI) 13.4.1 Harvesting RSA Moduli from X.509 33 Certificates — Perl and Python code 13.5 The Diffie-Hellman Algorithm for 42 Generating a Shared Secret Session Key 13.6 The ElGamal Algorithm for Digital 51 Signatures 13.7 On Solving the Discrete Logarithm 56 Problem 13.8 How Diffie-Hellman May Fail in Practice 60 13.9 Can the Certificates Issued by a 64 CA be Forged? 13.10 Homework Problems 68 2 Computer and Network Security by Avi Kak Lecture 13 Back to TOC 13.1 USING PUBLIC KEYS TO EXCHANGE SECRET SESSION KEYS • From the presentation on RSA cryptography in Lecture 12, you saw that public key cryptography, at least when using the RSA algorithm, is not suitable for the encryption of the actual message content.
    [Show full text]
  • UNEXPOSED EXPONENTS the Ornery Case of the Discrete Log Problem in Cryptography
    UNEXPOSED EXPONENTS The Ornery Case of the Discrete Log Problem in Cryptography Simon Spicer 0939537 Math 414, Winter 2010, University of Washington March 10, 2010 Abstract The discrete log problem is the name given to the fact that, while computing exponentia- tion in finite cyclic groups is easy, the reverse operation - the discrete analogue of the classical logarithm - is in general very difficult. For this reason the discrete log is central to many public cryptographic schemes in active use today. To illustrate this, we show how the difficulty of solving discrete logs ensures the security of three example cryptographic schemes. We also describe two simple generic algorithms that solve the discrete log, and quantify mathematically just how inefficient they are. Finally, we provide implementations of these two methods in Sage. 1 1 Overview Note: For this project we will assume a basic working knowledge of finite group theory and elementary number theory. The problem we which to solve is as follows (using multiplicative notation): Given a generic finite cyclic group G with generator g i.e. G =< g >, and given some a 2 G, find the smallest x such that gx = a. This is known as the Discrete Logarithm Problem. The reason that it is labelled a 'problem' is because, while there are algorithms that perform exponentiation in cyclic groups quickly and efficiently [1, pg. 50], no efficient methods are known for the inverse operation { the discrete logarithm described above. It is thus an example of an asymmetric function: one for which it is easy to compute the output given the input, but extremely difficult (though still possible) to compute the input given the output.
    [Show full text]
  • ZIX CORPORATION (Exact Name of Registrant As Specified in Its Charter)
    UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM 8-K CURRENT REPORT Pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 Date of Report (Date of earliest event reported): July 21, 2011 ZIX CORPORATION (Exact name of registrant as specified in its charter) Texas 0-17995 75-2216818 (State or other jurisdiction of incorporation) (Commission File Number) (IRS Employer Identification No.) 2711 North Haskell Avenue Suite 2200, LB 36 Dallas, Texas 75204-2960 (Address of principal executive offices) (Zip Code) Registrant’s telephone number, including area code: (214) 370-2000 Not Applicable (Former name or former address, if changed since last report.) Check the appropriate box below if the Form 8-K filing is intended to simultaneously satisfy the filing obligation of the registrant under any of the following provisions: o Written communications pursuant to Rule 425 under the Securities Act (17 CFR 230.425) o Soliciting material pursuant to Rule 14a-12 under the Exchange Act (17 CFR 240.14a-12) o Pre-commencement communications pursuant to Rule 14d-2(b) under the Exchange Act (17 CFR 240.14d-2(b)) o Pre-commencement communications pursuant to Rule 13e-4(c) under the Exchange Act (17 CFR 240.13e-4(c)) Item 5.02 Departure of Directors or Principal Officers; Election of Directors; Appointment of Principal Officers. (d) On July 21, 2011, the Board of Directors of Zix Corporation (“Company”) elected Dr. Taher Elgamal as a Director and member of the Board of Directors, effective July 26, 2011. A copy of the Company’s press release announcing the election of Dr.
    [Show full text]
  • Provable Security of the Generalized Elgamal Signature Scheme
    Journal of Mathematics Research; Vol. 11, No. 6; December 2019 ISSN 1916-9795 E-ISSN 1916-9809 Published by Canadian Center of Science and Education Provable Security of The Generalized ElGamal Signature Scheme Demba Sow1 & Mamadou Ghouraissiou Camara2 1 Faculte´ des Sciences et Techniques, Departement´ de Mathematiques´ et Informatique, Universite´ Cheikh Anta Diop de Dakar, Sen´ egal´ 2 Institut Superieur´ de Technologie de Mamou (ISTM), Departement´ de Genie´ Informatique, Republic of Guinea Correspondence: Demba Sow, Faculte´ des Sciences et Techniques, Departement´ de Mathematiques´ et Informatique, Uni- versite´ Cheikh Anta Diop de Dakar, Sen´ egal.´ Tel: 00221776084855. E-mail: [email protected] Received: October 23, 2019 Accepted: November 15, 2019 Online Published: November 19, 2019 doi:10.5539/jmr.v11n6p77 URL: https://doi.org/10.5539/jmr.v11n6p77 Abstract A new variant of the ElGamal signature scheme called ”a Generalized ElGamal signature scheme” is proposed in 2011. The Generalized ElGamal signature scheme is a modified ElGamal signature scheme. In this paper, we propose the security proof of the Generalized ElGamal signature scheme in the random oracle model. First, we recall some security notions of signature schemes and show the security of the modified ElGamal Signature scheme. Keywords: signature scheme, ElGamal, DSA signature, provable security 1. Introduction Digital signatures perform an important role in verifying the identity of a sender of a document. A digital signature is represented as a string of binary digits. The signature is a process using a set of rules and parameters (algorithm) to ensure the identity of the sender of a document and the originality of the data.
    [Show full text]
  • Elgamal:Public-Key Cryptosystem Jaspreet Kaur Grewal
    ElGamal:Public-Key Cryptosystem Jaspreet Kaur Grewal A paper presented for the degree of Master of Science Math and Computer Science Department Indiana State University Terre Haute,IN,USA 9/30/2015 Cryptography ElGamal Contents 1 Introduction 3 2 History 4 3 ElGamal Public key Cryptosystem 5 3.1 Denition:Cryptosystem . 5 3.2 What is ElGamal Cryptosystem . 5 3.3 What was the need of ElGamal ? . 5 4 Mathematical Steps: 6 4.1 Key Generator . 6 4.2 Encryption . 6 4.3 Decryption . 8 4.4 Examples . 8 5 Security 9 6 Advantages and Disadvantages 9 7 Applications 10 8 Conclusion 11 Page 1 Cryptography ElGamal Abstract Key exchange is any technique in cryptography by which crypto- graphic keys are exchanged between two parties, permitting utilization of keys in a cryptographic algorithm. The key exchange issue is the manner by which to exchange whatever keys or other data are needed so that nobody else can obtain a copy. The public key cryptography, which uses a pair of cryptographic keys, a public key and a private key. The private key is kept secret, while public key can be distributed openly, in this way refuting the need to transmit a secret key ahead of time. This paper presents ElGamal System which is a public key cryp- tosystem based on the Discrete-log problem. This scheme is known as ElGamal cryptosystem, it modies the Die-Hellman protocol with the goal so that it can be used as an encryption and decryption proto- col. Its security is also based on the diculty of the DLP.
    [Show full text]
  • A Note on Time and Space Complexity of RSA and Elgamal Cryptographic Algorithms
    (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 12, No. 7, 2021 A Note on Time and Space Complexity of RSA and ElGamal Cryptographic Algorithms Adeniyi Abidemi Emmanuel1, Okeyinka Aderemi E2, Adebiyi Marion O3, Asani Emmanuel O4 Department of Computer Science, College of Pure and Applied Sciences Landmark University, Omu-Aran Kwara State, Nigeria Abstract—The computational complexity study of algorithms is to ensure the message has not been modified. Non- is highly germane to the design and development of high-speed repudiation means that the sender and recipient cannot dispute computing devices. The whole essence of computation is they've had the message sent. Finally, cryptography ensures principally influenced by efficiency of algorithms; this is more so Reliability in service; this is to ensure that the users are the case with the algorithms whose solution space explodes provided with quality service since systems are prone to attack. exponentially. Cryptographic algorithms are good examples of such algorithms. The goal of this study is to compare the Cryptographic algorithms are generally classified either as computational speeds of RSA and ElGamal cryptographic private key cryptography or public key cryptography (see algorithms by carrying out a survey of works done so far by Fig. 1 for the cryptography classification tree). researchers. This study has therefore examined some of the results of the studies already done and highlighted which of the Private key cryptography, also referred to as Secret key RSA and ElGamal algorithms performed better under given cryptography (SKC) algorithms or Symmetric cryptography parameters. It is expected that this study would spur further are set of one key techniques in which the encryption and investigation of the behaviour of cryptographic structures in decryption process require one and the same key [4].
    [Show full text]
  • Optimizing the Confidentiality of Lecturer Database Using Elgamal Algorithm
    ISSN 2278-3091 Edy Victor Haryanto S, International Journal of AdvancedVolume Trends 9, No.4, in Computer July – AugustScience and 2020 Engineering, 9(4), July – August 2020, 4671 – 4677 International Journal of Advanced Trends in Computer Science and Engineering Available Online at http://www.warse.org/IJATCSE/static/pdf/file/ijatcse6 9942020.pdf https://doi.org/10.30534/ijatcse/2020/69942020 Optimizing the Confidentiality of Lecturer Database using Elgamal Algorithm Edy Victor Haryanto S Faculty Engineering and Computer Science, Universitas Potensi Utama not all employees who are given permission to access the ABSTRACT database understand the existing database flow to avoid data Each Higher Education Institution must have many theft, data destruction and others et cetera, until the databases, one of which is a database of lecturers who store implementation of cryptographic algorithms by the the confidentiality of data and information from lecturers as administrator of the records in the database with the aim of instructors. Securing lecturer databases is needed to protect making the stored records more confidential and difficult to lecturer data and information from database theft. Creating read by others [5]. an optimal system in securing lecturer databases to avoid Sometimes the database is also stored in the Cloud Server, the individuals who have no right to access and process data and information owner saves the information on a trusted server. information. The lecturer database processed in this study Most people believe that the cloud is a dangerous place and uses the ElGamal algorithm with key formation using primes once you save your information to the cloud, you lose and solving the problem requires discrete logarithmic complete control over it.
    [Show full text]