Presenter: Bruce Preston
Date: Tuesday, November 4, 7 p.m.
Location: Danbury Hospital Auditorium
Have you ever wondered how private and personal information can be exchanged between your computer and a remote site such as a bank or an on-line retailer?
The answer is that it is done by way of codes and ciphers. At the November DACS General Meeting, our member Bruce Preston will explain the mechanisms of data communications, including codes, ciphers (not the same thing), and the encryption and decryption process.
Bruce promises to start with simple substitution ciphers, such as those used by Julius Caesar and the decoder rings so popular in radio and early children’s TV programs. He will expand upon this until he gets to more modern hardware encryption such as the World War II era Enigma machine used by Germany, which was thought to be unbreakable. He will then describe the inner workings of the machine, and the ground-breaking use of a very early electro-mechanical computer by the British to break it.
Encryption and decryption require that the parties know the ‘key’ to the cipher. In some cases this is done via a pre-shared key where both parties use the same key. This is fine within an organization, but how does an organization such as a bank get the key to a customer correspondent in such a way that an eavesdropper can’t use it? The eavesdropper could be a customer as well and thus possess the key, so a pre-shared key would not provide enough privacy. The solution is by making use of a mathematically complex mechanism called public key encryption. Public key encryption has some very interesting characteristics that make it work. Don’t worry, Bruce says he won’t get into the gory details of the math but he will tell you where to look, if you really want to know.
Another topic that will be covered is authentication – how do you guarantee that the correspondent is really who he claims to be? The answer here is the digital certificates mechanism.
With the ground work established Bruce says that he will describe the configurations as used by a secure Wi-Fi network, a Virtual Private Network, an SSL (Secure Socket Layer) connection to a remote host, and the use of a proxy server for anonymity.
He will finish by talking about the security breaches that have been in the news lately, such as the Heartbleed bug in OpenSSL and the credit card information breach that hit Home Depot; and about the recently announced discontinuation of support for SSL v3 and its implications.
Lastly, Bruce promises that it will all be in “layman’s terms” and easy to follow. So come to the meeting and learn enough to determine if you really want to do your banking while drinking that cup of coffee at Starbucks.
Authored by Lisa Leifels