Welcome everybody to another stair and AV meet up coffee break I would like to congratulate Raymond fall sick and i really hope i pronounced your name correctly Raymond and Allen Lindsay who both chimed in at exactly the same moment with the correct answer of the time signature for the day Brubeck song take five it’s 54 is the answer.
It’s presented as a fraction with the top number being the amount of notes in.
A measure and the bottom number being the type of notes in the measure so in this case five quarter notes per measure who parked the car.
Phil did who parked car I think those are the lyrics anyway so again congratulations both to Raymond into Allen our term maybe meet up it comes from our local in person events where we’ve taken folks from San Francisco to Boston or Chicago or Philadelphia and some other markets out on boat trips we’ve shown some working systems in the process and it’s an awful lot of fun AV meet up on the web has two versions there’s the coffee break when under the time it takes to sip on a cup of java we.
Cover application driven topics and then the second version is the workshop and that goes deep into the.
Subject over the course of an hour so today is a workshop no no during the presentation we muted everybody just in the interest of keeping the noise floor.
Down so for questions I ask that you use the questions pane which many of you have found to put in your answer stay with us to get your super cool AV over IP t-shirt yes you’re part of the beginning of our.
Series on network solutions and your responsibility is to show the world that you know AV over IP with your.
Cool t-shirt make sure we have your size if you haven’t given it to us in the registration process I want to ask you guys a question because.
The response to Professor Phil’s workshop has been so incredible I want to ask you this would you be interested in having an in-depth.
Advanced live training session on AV over IP you’d attend a meeting location to learn these network principles with practical applications including setting routers getting streaming encoders video conferencing collaboration sharing and working on the network now it costs you about $300.
Or so per attendee per day and you have professor Phil in person as your instructor now we here at staring we to be appealing to your management to make you a company with AV over IP trained professionals so these sessions would be locations across the country this summer if you think you’d like this and your company or you would fund the training please write yes in.
People are already doing that that’s awesome so again the response has been great so right yes in the chat box and then we’ll get we’ll start scheduling and obviously letting.
You know when and where thank you again for your responses so I want to introduce our.
Presenter today Phil hitman steel he’s a professor researcher writer and consultant that’s worked in both the AV in the IT industry as a teacher he spent over 40 years in higher education and finished his full-time career penn state where he currently teaches part-time this is the part that amazes me over three decades he has taught nearly 12,000 students across 27 states.
Active researcher working on IP video transport and network performance for.
Four years he wrote a column called ask professor Phil for.
AV technology magazine and his column has just been modified to be a tutorial series called professor Phil’s bite-sized lessons he has also written dozens of feature articles.
For AV technology InformationWeek and networked world magazines clearly you’re the man who knows his stuff so without any further delay professor Phil take it away thanks Neil our topic today is security basics for AV and I have a preliminary statement to make.
Before we get really started into it before we dig into the material I want to set the stage for today’s topic IT.
Based on an underlying theory that’s very complex and full of mathematics so we’ll be staying at a relatively high level however hopefully you’ll gain a sense.
Of some of the techniques that are secure and.
Others that are very very secure and it may help you understand why a manufacturer recommends one of these procedures or one of these.
Protocols over another so with that preliminary statement in mind today we’re going to cover several goals of.
Any security system we’re going to talk about encryption keys the vast majority of people have their idea of encryption keys from TV shows or from stories about world tues efforts by the Allies to break the German encryption codes a little of that has anything to do with modern encryption then we’ll discuss authentication which is validating a source a user advice or process and finally we’ll talk about some suggestions.
For good and bad security practices so our security goals the first security goal is privacy we want.
To make sure that when we send a message only the recipient that’s intended is supposed to be able to read the message modern encryption techniques are extremely.
Secure and can generally only be defeated in one of two ways either somebody steals the password or the key or somebody guesses it by brute force but guessing by brute force which was clearly illustrated in the recent movie called imitation game where they used a whole lot of women attempting the combinations kind of working as secretaries and some machines which by the.
Way the movie weren’t named but they were called bombs those crude machines tried every conceivable combination until they finally came up with the one it would break the current German code the process that we use in encryption today would require millions billions trillions maybe even.
Trillions of trillions of attempts with the fastest computers we have on earth in order to find the correct combination there are just a couple of exceptions one which isn’t in Wi-Fi and I’ll mention that as we proceed along integrity was.
The message modified at what was in transmission or was it corrupted by some kind of noise or something like that this is a relatively easy thing to check and we actually do that every time we send an Ethernet message which I’ll mention a little.
Bit later on authenticity is the sender is actually who they represent themselves to be that is to say if bill is sending message to mary is bills message really coming from bill or.
Is it coming from someone that’s pretending to be a bill finally accountability is tracking what an authenticated user is able to access this is a little beyond the scope of what we’re able to do today for any of you who work in a micro often environment Microsoft has a very sophisticated accounting process to keep track of what account access what files and what applications but that’s something that’s a.
Little bit belong the scope of what we do today and quite frankly is something we’re not particularly interested in at least at this point in using security in the AV industry so let’s turn our attention to encryption till about the 1960s encryption used complicated forms of character replacement in other words a might be replaced with T&T replaced with dollar sign be replaced with Z and so forth that’s what the German Enigma machine did in World War two it did three sucked three.
Such successive replacements and by the end of the war they were doing four successive replacements the idea was that if you replace the characters often enough the characters will be so.
Scrambled that it’s almost impossible for someone to figure out how they were scrambled but that process was reversible and in fact that’s.
What the movie was about today our algorithms are based on procedures which are irreversible and there are a lot of math functions that are used to do that some of the common ones that you might have heard about include the sine function from trigonometry the mod function from high school possibly.
Studied in high school math and some other functions the idea is that if you’re using a key and an algorithm and it’s encrypting your correctly and someone sees that.
You’re transmitting a character 21 it’s absolutely impossible to find out what was it that was used to create that 21 I’ve occasionally had some bold students who tell me they’re going to break something like the digital encryption.
Standard which is a very common standard it’s used in finance then I’ll try to understand the.
Mathematics a teeny algorithm and they’ll simply give up make no mistake encryption involves very advanced mathematics in most cases and that’s why attempts.
To defeat the algorithms often resort to brute force but a key itself is nothing more than a phrase or a character string that becomes equivalent to some binary number we take the key or freeze let’s say we pick.
Of password like chalkboard we turn.
That into a binary number and that binary number is used by the computer as the input to an encryption algorithm so there are two key types symmetric keys are.
People know about most people think they understand and most people have seen in use at least in the movies symmetric keys are keys which match between the sender and receiver in other words there’s really only one key and both the sender and receiver use that same key they are computationally efficient that is to say when you.
Do encryption with symmetric keys they’re extremely efficient the computer doesn’t have to do nearly as much work as it might do with other kinds of keys but the problem is that they’re difficult to manage especially when you have large groups I’ll give you an illustration of why that’s the case but they are really nice for a single session so most often people who talk about symmetric.
Keys are referring to them as session Keys key used in a single session on the other hand the other type of key a symmetric keys which are theoretically almost inconceivably slick.
And I’ll try to point that out a symmetric keys sometimes called public keys are computationally inefficient we can’t do things like encryption a video with public keys because simply the computing necessary to do it is way beyond what the computer is able stay up with in terms of the real time of the video that’s being transmitted but.
They are easy to distribute so they’re good for sessions up so immediately you can see if this type key can be used to do the setup of the session.
And then we can switch to this tight key over.
Here to do the ongoing encryption we might have a pretty workable system so that’s a little symmetric keys I’ll always refer to a symmetric key as a secret key there is a lot of confusion in the industry about the two terms secret key and private key when I refer to private key i’ll be talking of the partner to a public key a private key public key combination I’ll use the term secret key to refer to a symmetric key one in which the sender and receiver both using the same.
Key so what happens is that someone has a clear text message to send a wants to send a clear text message to be they take the key insert it into the algorithm along with the text message and outcomes what we refer to as the ciphertext the ciphertext is transmitted to the receiver the receiver takes a cipher text and the same.
Key that was used over here inputs those.
Two things into the decryption algorithm and out comes the clear message so symmetric keys match between sender and a receiver in AV the.
Key might typically be permanently stored into sending the receiving device it might also be burned into the firmware to factory or added manually after setup or it might.
Be stored and retrieved from a thumb drive or a memory card that’s inserted into the device think for example of a set-top box in which you put a card in and the key is.
On the card and retrieve from the card so here’s the problem with symmetric keys if we have a large group they’re difficult to manage if I.
Pair of people that are communicating only a and B are communicating I only need a single key but then if the group increases to a third party and we add C C.
Now needs of key for a and a key for be so we now need one key plus two more because SI joint if we move to a third person in the group.
We now need all the keys we needed here but D needs three more keys 14 b 14 a-14 see so now we need 1 + 2 + 3 keys we need six keys five parties it’s not hard to figure out we need 10 keys because we need 1 + 2 + 3.
4 keys that adds up to 10 keys with six parties will need ten keys so I think you can start to see the pattern it happens here each time you add a person you add the number of keys that.