SDL Episode40

From Paul's Security Weekly
Jump to: navigation, search

Secure Digital Life #40

Recorded on November 7, 2017 at G-Unit Studios in Rhode Island!

Episode Audio

Coming soon!

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Russell Beauchemin
    Cybersecurity & Network Security Program Advisor and Director of Instructional Support & Learning Innovation at Roger Williams University.
  • What makes you, you, in terms of a virtual world? Crypto Identity

    • The three parts of strong identifiers:
    1. Something you know.
    2. Something you have.
    3. Something you are.
    • Digital Fingerprints
    • Talking about hashing?
    1. Explain Chksums
    2. One way algorithms
    3. SHA - 1 and MD5 hashes
    • Hashes are digital DNA (something you have)
    1. Hash collisions are the possibility that two things have the exact same hash.
    2. MD5 takes a file and generates a 128 bit output that is reported in hex. This is done using a hashing algorithm.
    3. MD5 has been broken! but so has most everything.
    4. Talk about launch codes.
    5. Many different strengths and types of hashes.
    6. Token identifiers like key fobs etc. use hashes to create numbers based on time offsets etc.
    • Keys may be generated using all sorts of data and then used to exchange data
    • Other Forms of Digital DNA
    1. Biometrics (something you are)
    2. Retinal Scans
    3. Voice prints
    4. Fingerprints
    5. Iris scans
    6. Palm scans
    7. DNA -- a la Gattaca
    8. Weird patterns
    • Passwords (something you know)
    1. What is a strong password? (a password combined with two other things)
    2. 8 characters mixed with symbols, case, and numbers.
    3. Passphrases and one time pads.
    4. No dictionary words or leet words.
    5. The longer and weirder the better.
    • So what is a block chain then?
    1. A block chain is a list of records which are linked by a pointer (that is hashed) to the proceeding record (this is called a linked list in programming).
    2. The block chain can contain pretty much anything but often contains dates and transactions or owners of a thing (manifest) but unlike a paper manifest, the crypto pointers prevent back tracing the information but also validates it.
    3. Let's use money as a means of understanding a block chain.
    4. So you have a 100 dollar bill with serial number 1.
    5. The block chain notes in serial number 1 that Glen is the owner.
    6. So, Glen has 100 dollars.
    7. Now, in the virtual block chain the entire network tracks the owner and serial number.
    8. Glen can then transfer the block to another owner and that creates a new block in the chain and the entire network is updated.
    9. This makes it really hard to cheat because the time between the update and a false update is really small.
    10. When Glen transfers, all the old blocks become invalidated and the chain is updated across the network.

    This is the basis for cryptocurrency (next show!).