TWTV119: Next Generation Encryption

There is so something intriguing about ‘secrets’ and the ability to communicate openly yet know that only your intended recipient can ‘decode’ your message. The concept is of course not a new one.  Its the practice of this in our now digital age that has had to advance and withstand increasingly complex challenges to survive.  

This show signals the new shift now happening as we move to the latest set of secure protocols needed for the next decade and beyond.  We brought in Cisco’s NGE (Next Generation Encryption) expert, Dr. David McGrew.  David is a Cisco Fellow who not only specializes in secure communications within our Router and Switch Security Group, but somewhere along the line got his Ph.D. In Theoretical Nuclear Physics. Geeez.  

David was our sole guest on this show so that we could cover several aspects of NGE. He has some very good blog entries to review on this for further coverage.  (Panos Kampanakis also covered NGE). Another good one to read for background here is David’s blog entry on the importance of the key…no matter how strong the cipher.

Understand Cryptography?

 Secure communication includes encryption, message authentication, key establishment, digital signatures and hashing.  Over the past 30 years, public key cryptography has become a mainstay for secure communications over the Internet and throughout many other forms of communications. They form the basis for key management and authentication for IP encryption (IKE/IPSEC), web traffic (SSL/TLS) and secure electronic mail.For digital signatures, public key cryptography is used to authenticate the origin of data and protect the integrity of that data. 

 

Fascinating spy vs spy stuff for just about any audience - but also required knowledge for the networking geek.  Why is that?  

Two big reasons: 

1. Moore’s Law - Moore’s law ensures that our crypto security gets just a little weaker every day. This means that we need to deploy cryptographic protocols that will remain secure for the NEXT 10 to 15 years. There is no way to know when an attacker has broken your cipher and is reading your traffic. 

2. Mobility and Performance - New techniques have been developed which offer both better performance and higher security than these first generation public key techniques. The best assured group of new public key techniques is built on the arithmetic of elliptic curves and is ideal for our increasingly smaller devices. 

Cisco Fellow, David McGrew has been instrumental in the development of GCM, or the Galois/Counter Mode algorithm which is also key to his work advancing Next Generation Encryption. With David’s help, we explore and explain what you need to know about cryptography from the basics to the advanced so you can properly prepare yourself and your network for the next 10 years and beyond. 

 1. Why We Need Cryptographic Awareness

Learn how and why encryption can be a challenging subject to master but valuable even at the beginning levels. 

 2. Introduction to Next Generation Encryption 

Securing your communications data requires a 10 year plan and the time to start is now. Join TechWiseTV and Cisco Fellow David McGrew as we introduce the need for Next Generation Encryption by fully understanding the suite of cryptographic protocols in use today.  Know what to watch for and where certain protocols make more sense than others. 

 3. Roadblocks to Next Generation Encryption

NGE or Next Generation Encryption has technically been around since the 1980’s. Couple this with our claim today that it is a superior encryption method and it begs the question - why is not in place already?  Cisco Fellow and Cryptanalyst David McGrew returns to answer this question and more as we continue our cryptographic awareness series.  What you really need for commercial grade communications and more. 

 4. Elliptic Curve Cryptography - Master Class

Public-key cryptography is based on the intractability of certain mathematical problems. Early public-key systems are secure assuming that it is difficult to factor a large integer composed of two or more large prime factors. For elliptic-curve-based protocols, it is assumed that finding the discrete logarithm of a random elliptic curve element with respect to a publicly known base point is infeasible. The size of the elliptic curve determines the difficulty of the problem. The primary benefit promised by ECC is a smaller key size, reducing storage and transmission requirements.  Watch this TechWiseTV segment to watch an Engineer from Tennessee simply these concepts with nothing but a whiteboard.  

5. Cisco, NGE and You

Robb and Jimmy Ray wrap up the Next Generation Internet story with an important review of deployment techniques and best practices. 

LINKS OF INTEREST:

Breaking Germany's Enigma Code
FLAME
RSA Factoring Challenge

 

Contributors: Emma Kilcoyne, David McGrew

Guest: Dr. David McGrew, Cisco Fellow

 

As always...thank you for watching!

 

________
Robb Boyd
Managing Editor/Producer/Host

@robbboyd

Watch our fan film: Raiders of the Lost Ark

Keep up: techwisetv.com, fundamentals.techwisetv.com, blog.techwisetv.com
facebook.com/techwise, twitter