Secure Application Development

Using cryptography well

Learning objectives

  • decide if and when cryptography should be used.
  • make informed key architecture and management decisions.
  • use appropriate algorithms and parameters.
  • select an appropriate cryptographic library.
  • choose network protocols for distributed applications.

Overview

Application architects need to make informed choices to use cryptography well:

  • Alternative key architectures have their merits and drawbacks. PKIs, in particular, should be contrasted with symmetric key architectures such as Kerberos.
  • Network protocol characteristics are pivotal in ensuring distributed applications meet security requirements. Key strength choices impact on security guarantees offered, as do cryptographic algorithm modes.
  • While strong keys and wise use of cryptographic algorithms may thwart cryptanalytic attack, applications are insecure without prudent key management. In this context, key generation and key storage require particular attention.
  • The selection of crypto-libraries requires awareness of inherent library qualities and failures. Application developers are advised not to implement their own.
  • Cryptography is used innovatively in areas such as obfuscation and watermarking.
PDF slides

To view a recording of this session Get Adobe Flash player

Partners:
Solvay Business School K.U. Leuven L-SEC
Sponsors:
ENISA Atos Worldline
Affiliates:
SANS OWASP ISSA-BE ISACA Belux
webmaster Login Creative Commons License
Contents of the secappdev.org web site
is licensed under a
Creative Commons
Attribution-Noncommercial 3.0 License.