Next few lectures. Contract-Signing Protocols. Contract Signing. Example. Network is Asynchronous. Another example: stock trading. Today.
|
|
- Isaac Dalton
- 8 years ago
- Views:
Transcription
1 CS 259 Next few lectures Contract-Signing Protocols J. itchell V. Shmatikov oday Contract-signing protocols hursday ore about contract signing, probability Next ues Probabilistic model checking Next hurs Homework due; think about projects fter this week, cover tools and protocol examples together Contract Signing wo parties want to sign a contract ulti-party signing is more complicated he contract is known to both parties he protocols we will look at are not for contract negotiation (e.g., auctions) he attacker could be nother party on the network he person you think you want to sign a contract with Example Immunity deal oth parties want to sign the contract Neither wants to commit first nother example: stock trading work is synchronous stock broker Willing to sell stock at price X Ok, willing to buy at price X Why signed contract? Suppose market price changes uyer or seller may want proof of agreement customer Physical solution wo parties sit at table Write their signatures simultaneously Exchange copies Problem How to sign a contract on a network? Fair exchange: general problem of exchanging information so both succeed or both fail 1
2 Fundamental limitation Impossibility of consensus Very weak consensus is not solvable if one or more processes can be faulty synchronous setting Process has initial 0 or 1, and eventually decides 0 or 1 Weak termination: some correct process decides greement: no two processes decide on different values Very weak validity: there is a run in which the decision is 0 and a run in which the decision is 1 Reference. J. Fischer, N.. Lynch and. S. Paterson, Impossibility of Distributed Consensus with One Faulty Process. J C 32(2): (pril 1985). FLP Partial Intuition Quote from paper: he asynchronous commit protocols in current use all seem to have a window of vulnerability - an interval of time during the execution of the algorithm in which the delay or inaccessibility of a single process can cause the entire algorithm to wait indefinitely. It follows from our impossibility result that every commit protocol has such a window, confirming a widely believed tenet in the folklore. Implication for fair exchange Need a trusted third party (P) It is impossible to solve strong fair exchange without a trusted third party. he proof is by relating strong fair exchange to the problem of consensus and adapting the impossibility result of Fischer, Lynch and Paterson. Reference H. Pagnia and F. C. Gärtner, On the impossibility of fair exchange without a trusted third party. echnical Report UD-S , Darmstadt University of echnology, arch 1999 wo forms of contract signing Gradual-release protocols lice and ob sign contract Exchange signatures a few bits at a time Issues Signatures are verifiable Work required to guess remaining signature decreases lice, ob must be able to verify that what they have received so far is part of a valid signature dd trusted third party Easy P contract signing Optimistic contract signing signature contract Problem P is bottleneck Can we do better? P signature contract Use P only if needed Can complete contract signing without P P will make decisions if asked Goals Fair: no one can cheat the other imely: no one has to wait indefinitely (assuming that P is available) Other properties 2
3 General protocol outline Commitment (idea from crypto) I am going to sign the contract I am going to sign the contract Here is my signature Here is my signature rusted third party can force contract hird party can declare contract binding if presented with first two messages. Cryptographic hash function Easy to compute function f Given f(x), hard to find y with f(y)=f(x) Hard to find pairs x, y with f(y)=f(x) Commit Send f(x) for randomly chosen x Complete Reveal x Refined protocol outline Optimistic Protocol [sokan, Shoup, Waidner] sign(, contract, hash(rand_) ) sign(, contract, hash(rand_) ) rand_ rand_ Input: P,, text m 1 = sig (P, P,, text, hash(r )) m 2 = sig (m 1, hash(r )) m 3 = R Input: P,, text m 4 = R rusted third party can force contract hird party can declare contract binding by signing first two messages. m 1, R, m 2, R sokan-shoup-waidner Outcomes Contract from normal execution m 1, R, m 2, R Contract issued by third party sig (m 1, m 2 ) bort token issued by third party sig (abort, a 1 ) Role of rusted hird Party can issue a replacement contract Proof that both parties are committed can issue an abort token Proof that will not issue contract acts only when requested decides whether to abort or resolve on the first-come-first-serve basis only gets involved if requested by or 3
4 Resolve Subprotocol bort Subprotocol m 1 = sig ( hash(r )) m 2 = sig ( hash(r )) m 3 = m 4 = m 1 = sig ( hash(r )) work m 2 = a 1 = sig (abort, m 1 ) r2 sig (m 1, m 2 ) OR sig (abort, a 1 ) r 1 = m 1, m 2 r 2 aborted? Yes: r 2 = sig (abort, a 1 ) No: resolved := true r 2 = sig (m 1, m 2 ) a 2 sig (m 1, m 2 ) OR sig (abort, a 1 ) resolved? Yes: a 2 = sig (m 1, m 2 ) No: aborted := true a 2 = sig (abort, a 1 ) Fairness and imeliness sokan-shoup-waidner protocol Fairness If cannot obtain s signature, then should not be able to obtain s signature imeliness One player cannot force the other to wait -- a fair and timely termination can always be forced by contacting P and vice versa [sokan, Shoup, Waidner Eurocrypt 98] gree m1= sign(, c, hash(r_) ) sign(, m1, hash(r_) ) r_ r_ Resolve m 1 m 2 sig (m 1, m 2 ) a 1 sig (a 1,abort) bort ttack? work If not already resolved ttack Replay ttack r 2 = sig (m 1, m 2 ) m 1 = sig (... hash(r )) m 2 = sig (m 1, hash(r )) r 1 = m 1, m 2 m 3 = R secret Q, m 2 contracts are inconsistent! sig ( hash(r )) sig (... hash(r )) R R Later... sig (P, P,, text, hash(r )) sig (m 1, hash(q )) R Intruder causes to commit to old contract with sig (m 1, m 2 ) m 1, R, m 2, Q Q 4
5 Fixing the Protocol Input: P,, text m 1 = sig (P, P,, text, hash(r )) m 2 = sig (m 1, hash(r )) m 3 = sig ( R, hash(r )) m 4 = R Input: P,, text Desirable properties Fair If one can get contract, so can other ccountability If someone cheats, message trace shows who cheated buse free No party can show that they can determine outcome of the protocol m 1, R, m 2, R buse-free Contract Signing Preventing abuse [Garay, Jakobsson, acenzie] PCS (text,,) PCS (text,,) sig (text) sig (text) [Garay, Jakobsson, acenzie] Private Contract Signature Special cryptographic primitive cannot take msg from and show to C converts signatures, does not use own Role of rusted hird Party can convert PCS to regular signature Resolve the protocol if necessary can issue an abort token Promise not to resolve protocol in future acts only when requested decides whether to abort or resolve on a first-come-first-served basis only gets involved if requested by or Resolve Subprotocol r 1 = PCS (text,,), sig (text) sig (a 1 ) OR sig (text) PCS (text,,) PCS (text,,) r 2 aborted? Yes: r 2 = sig (a 1 ) No: resolved := true r 2 = sig (text) store sig (text) 5
6 bort Subprotocol Garay, Jakobsson, acenzie m 1 = PCS (text,,) gree bort work a 1 =sig (m 1,abort) PCS (text,,) PCS (text,,) sig (text) sig (text) m 1 = PCS (text,,) work a 2 sig (text) OR sig (a 1 ) resolved? Yes: a 2 = sig (text) No: aborted := true a 2 = sig (a 1 ) Resolve PCS (text,,) PCS (text,,) PCS (text,,) sig (text) abort ND sig (text) ttack sig (abort) Leaked by abort ttack Repairing the Protocol PCS (text,,) PCS (text,,) sig PCS (text,,), (abort) sig (text) Leaked by sig sig (abort) (abort) If converts PCS into a conventional signature, can be held accountable PCS (text,,) PCS (text,,) PCS (text,,), PCS (text,,) abort ND sig (text) only abort alance dvantage No party should be able to unilaterally determine the outcome of the protocol Willing to sell stock at price X Ok, willing to buy at price X alance may be violated even if basic fairness is satisfied! stock broker ust be able to ask P to cancel this instance of protocol, or will be stuck indefinitely if customer does not respond customer Stock sale example: there is a point in the protocol where the broker can unilaterally choose whether the sale happens or not Can a timely, optimistic protocol be fair ND balanced? Can go ahead and complete the sale, OR Optimistically waits for broker to respond can still ask P to cancel (P doesn t know customer has responded) Chooses whether deal will happen: does not have to commit stock for sale, can cancel if sale looks unprofitable Cannot back out of the deal: must commit money for stock 6
7 buse free : as good as it gets Specifically: One signer always has an advantage over the other, no matter what the protocol is heorem In any fair, optimistic, timely contract-signing protocol, if one player is optimistic*, the other player has an advantage. est case: signer with advantage cannot prove it has the advantage to an outside observer * optimistic player: waits a little before going to the third party buse-freeness alance impossible No party should be able to unilaterally determine the outcome of the protocol buse-freeness No party should be able to prove that it can unilaterally determine the outcome of the protocol How to prove something like this? Define protocol Program for lice, ob, P Each move depends on Local State (what s happened so far) essage from network imeout Consider possible optimistic runs Show someone gets advantage [Garay, Jakobsson, acenzie Crypto 99] ey idea (omitting many subtleties) dvantage (intuition for main argument) Define power of a signer ( or ) in a state s Power (s) = if can get contract by reading a message already in network, doing internal computation if can get contract by communicating with, assuming does nothing otherwise Look at optimistic transition s s where Power (s) =1 > Power (s) = 0. If Power (s) = 0 Power (s ) =1 then his is result of some move by Power (s) = 0 means cannot get contract without s help he move by is not a message to P he proof is for an optimistic protocol, so we are thinking about a run without msg to could abort in state s We assume protocol is timely and fair: must be able to do something, cannot get contract can still abort in s, so has advantage! 7
8 Conclusions Online contract signing is subtle Fair buse-free ccountability Several interdependent subprotocols any cases and interleavings Finite-state tools great for case analysis! Find bugs in protocols proved correct Proving properties of all protocols is harder Understand what is possible and what is not 8
Contract Signing. Contract-Signing Protocols. Another example: stock trading. Example. Network is Asynchronous. Fundamental limitation
ECS Week 2005 Contract-Signing Protocols John itchell Stanford Contract Signing wo parties want to sign a contract ulti-party signing is more complicated he contract is known to both parties he protocols
More informationA FORMAL ANALYSIS OF EXCHANGE OF DIGITAL SIGNATURES. Rohit Chadha. A Dissertation in Mathematics
A FORMAL ANALYSIS OF EXCHANGE OF DIGITAL SIGNATURES Rohit Chadha A Dissertation in Mathematics Presented to the Faculties of the University of Pennsylvania in Partial Fulfillment of the Requirements for
More informationComputers and Electrical Engineering
Computers and Electrical Engineering 37 (2011) 169 173 Contents lists available at ScienceDirect Computers and Electrical Engineering journal homepage: www.elsevier.com/locate/compeleceng Contract signature
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationA Survey on Optimistic Fair Digital Signature Exchange Protocols
A Survey on Optimistic Fair Digital Signature Exchange s Alfin Abraham Vinodh Ewards Harlay Maria Mathew Abstract Security services become crucial to many applications such as e-commerce payment protocols,
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationAnalysis of Probabilistic Contract Signing
Analysis of Probabilistic Contract Signing Gethin Norman 1 and Vitaly Shmatikov 2 1 University of Birmingham, School of Computer Science, Birmingham B15 2TT U.K. email: G.Norman@cs.bham.ac.uk 2 Department
More informationComputer Security. Programming Language Methods in Computer Security. Plan. Orientation. Part I. Personal POPL timeline. How did I get here?
Programming Language Methods in Computer Security John Mitchell Stanford University Plan Perspective on computer security Protocol security Protocol examples basic rewriting model Incorporating probability
More informationBounded Cost Algorithms for Multivalued Consensus Using Binary Consensus Instances
Bounded Cost Algorithms for Multivalued Consensus Using Binary Consensus Instances Jialin Zhang Tsinghua University zhanggl02@mails.tsinghua.edu.cn Wei Chen Microsoft Research Asia weic@microsoft.com Abstract
More informationElectronic Contract Signing without Using Trusted Third Party
Electronic Contract Signing without Using Trusted Third Party Zhiguo Wan 1, Robert H. Deng 2 and David Lee 1 Sim Kim Boon Institute for Financial Economics 1, School of Information Science 2, Singapore
More informationPrinciples of Network Security
he Network Security Model Bob and lice want to communicate securely. rudy (the adversary) has access to the channel. lice channel data, control s Bob Kai Shen data secure sender secure receiver data rudy
More informationA Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer. Yale University. S. Micali Massachusetts Institute of Technology
J, Cryptoiogy (1996) 9:191-195 Joumol of CRYPTOLOGY O 1996 International Association for Cryptologic Research A Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer Yale University
More informationApache Milagro (incubating) An Introduction ApacheCon North America
Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro will establish a new independent security framework for the Internet A Distributed Cryptosystem Secure the Future of the
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationAn Overview of Common Adversary Models
An Overview of Common Adversary Karl Palmskog palmskog@kth.se 2012-03-29 Introduction Requirements of Software Systems 1 Functional Correctness: partial, termination, liveness, safety,... 2 Nonfunctional
More informationSecure Reactive Systems
Michael Backes Saarland University, Germany joint work with Birgit Pfitzmann and Michael Waidner Secure Reactive Systems Lecture at Tartu U, 02/27/06 Building Systems on Open Networks E-Government Hospital
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More information1 Signatures vs. MACs
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures
More informationA Simulation Game for Teaching Secure Data Communications Protocols
A Simulation Game for Teaching Secure Data Communications Protocols Leonard G. C. Hamey Department of Computing, Macquarie University, Sydney, Australia ABSTRACT With the widespread commercial use of the
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru
More informationSecurity of Cloud Storage: - Deduplication vs. Privacy
Security of Cloud Storage: - Deduplication vs. Privacy Benny Pinkas - Bar Ilan University Shai Halevi, Danny Harnik, Alexandra Shulman-Peleg - IBM Research Haifa 1 Remote storage and security Easy to encrypt
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationThis Course. Modelling and Analysing of Security Protocol: Lecture 1. Introductions to Modelling Protocols. Course Outline. Course Outline.
Modelling and nalysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI This Course This course will primarily teaching you: How to design your own secure communication
More informationTwo Factor Zero Knowledge Proof Authentication System
Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationElectronic Voting Protocol Analysis with the Inductive Method
Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationLecture 15 - Digital Signatures
Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationOptimal Efficiency of Optimistic Contract Signing
Optimal Efficiency of Optimistic Contract Signing Birgit Pfitzmann Matthias Schunter Michael Waidner Universität des Saarlandes Universität Dortmund IBM urich Research Laboratory
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationCryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones
Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones Gwenaëlle Martinet 1, Guillaume Poupard 1, and Philippe Sola 2 1 DCSSI Crypto Lab, 51 boulevard de La Tour-Maubourg
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationInteraction and causality in digital signature exchange protocols
Interaction and causality in digital signature exchange protocols Jonathan Hayman Computer Laboratory, University of Cambridge, UK Abstract. Causal reasoning is a powerful tool in analysing security protocols,
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationHow To Verify A Bluetooth Device Pairing With A Human Eye Oracle
Formal Analysis of Authentication in Bluetooth Device Pairing Richard Chang and Vitaly Shmatikov The University of Texas at Austin Abstract. Bluetooth is a popular standard for short-range wireless communications.
More informationCS 361S - Network Security and Privacy Spring 2014. Homework #1
CS 361S - Network Security and Privacy Spring 2014 Homework #1 Due: 11am CST (in class), February 11, 2014 YOUR NAME: Collaboration policy No collaboration is permitted on this assignment. Any cheating
More informationSecure Remote Password (SRP) Authentication
Secure Remote Password (SRP) Authentication Tom Wu Stanford University tjw@cs.stanford.edu Authentication in General What you are Fingerprints, retinal scans, voiceprints What you have Token cards, smart
More informationICOM 5018 Network Security and Cryptography
ICOM 5018 Network Security and Cryptography Description This course introduces and provides practical experience in network security issues and cryptographic techniques. Cryptographic algorithms and protocols
More informationVerifiable Agreement: Limits of Non-Repudiation in Mobile Peer-to-Peer Ad Hoc Networks
Verifiable Agreement: Limits of Non-Repudiation in Mobile Peer-to-Peer Ad Hoc Networks (Extended Abstract) Zinaida Benenson 1, Felix C. Freiling 2, Birgit Pfitzmann 3, Christian Rohner 1, and Michael Waidner
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationAPPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS: EMERGING ISSUES AND TRENDS
PPLYING FORML METHODS TO CRYPTOGRPHIC PROTOCOL NLYSIS: EMERGING ISSUES ND TRENDS Catherine Meadows Code 5543 Center for High ssurance Computer Systems US Naval Research Laboratory Washington, DC 20375
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationA Blueprint for Universal Trust Management Services
A Blueprint for Universal Trust Management Services Tomasz Kaszuba Krzysztof Rzadca Adam Wierzbicki Grzegorz Wierzowiecki Polish-Japanese Institute of Information Technology Warsaw, Poland adamw@pjwstk.edu.pl
More informationalta5 Risk Disclosure Statement
alta5 Risk Disclosure Statement Welcome to alta5. alta5 is both a platform for executing algorithmic trading algorithms and a place to learn about and share sophisticated investment strategies. alta5 provides
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationAttacks on the Pairing Protocol of Bluetooth v2.1
Attacks on the Pairing Protocol of Bluetooth v2.1 Andrew Y. Lindell June 25, 2008 Abstract The Bluetooth protocol for close-range wireless communication has been a huge success. It is a widely adopted
More informationDigital Cash. is not a check, credit card or a debit card. They leave audit trails. can be sent through computer networks.
Digital Cash is not a check, credit card or a debit card. They leave audit trails. is anonymous and untraceable. can be sent through computer networks. can be used off-line (not connected to a bank). is
More informationAn Anonymous Fair Exchange E-commerce Protocol
An Anonymous Fair Exchange E-commerce Protocol Indrakshi Ray Indrajit Ray Department of Computer and Information Science University of Michigan-Dearborn 490 Evergreen Road, Dearborn, MI 488 Email: iray,
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationVoteID 2011 Internet Voting System with Cast as Intended Verification
VoteID 2011 Internet Voting System with Cast as Intended Verification September 2011 VP R&D Jordi Puiggali@scytl.com Index Introduction Proposal Security Conclusions 2. Introduction Client computers could
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationGuide for Homebuyers
Guide for Homebuyers Tips for Getting a Safe Mortgage You Can Afford Q u i c k S u m m a ry Figure out what you can afford. Contact at least 3 different lenders or brokers. When you call, say: I m buying
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More informationDRAFT P2P TRADING OF BITCOIN PAGE 1
Creating a Peer to Peer System for Buying and Selling Bitcoin Online DRAFT.1 By Rizwan Virk, 2013 riz@alum.mit.edu Table of Contents Introduction... 2 Overview of the Problem... 3 Parts of a Transaction....
More informationPrinciples of Computer Security. Dr George Danezis (g.danezis@ucl.ac.uk)
Principles of Computer Security Dr George Danezis (g.danezis@ucl.ac.uk) Why SecAppDev? Learning security on the job is necessary. However, Foundations: Principles. (Today) Access control. Advances: Privacy-friendly
More informationLecture 2: Complexity Theory Review and Interactive Proofs
600.641 Special Topics in Theoretical Cryptography January 23, 2007 Lecture 2: Complexity Theory Review and Interactive Proofs Instructor: Susan Hohenberger Scribe: Karyn Benson 1 Introduction to Cryptography
More informationComputer Science 308-547A Cryptography and Data Security. Claude Crépeau
Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationMinimal message complexity of asynchronous multi-party contract signing
Minimal message complexity of asynchronous multi-party contract ning Sjouke Mauw University of Luxembourg sjouke.mauw@uni.lu Saša adomirović University of Luxembourg sasa.radomirovic@uni.lu Mohammad Torabi
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationCSC 774 -- Network Security
CSC 774 -- Network Security Topic 4.1: NetBill Dr. Peng Ning CSC 774 Network Security 1 Outline Why is NetBill developed? NetBill Transaction Model NetBill Transaction Protocol Basic Protocol Optimizations
More informationDNS security: poisoning, attacks and mitigation
DNS security: poisoning, attacks and mitigation The Domain Name Service underpins our use of the Internet, but it has been proven to be flawed and open to attack. Richard Agar and Kenneth Paterson explain
More informationREGISTER ME TODAY FOR INTERNET ACCESS
REGISTER ME TODAY FOR INTERNET ACCESS Kindly complete this form and sign where indicated then return to our office via fax: Fax: 416-348-8311 or 1-866-399-3651 You will be contacted vie e-mail when your
More informationNon-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak
Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a
More informationAuthentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques
Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationA Survey on Untransferable Anonymous Credentials
A Survey on Untransferable Anonymous Credentials extended abstract Sebastian Pape Databases and Interactive Systems Research Group, University of Kassel Abstract. There are at least two principal approaches
More informationModeling and verification of security protocols
Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available
More informationSmart Cards in Interaction: Towards Trustworthy Digital Signatures
Smart Cards in Interaction: Towards Trustworthy Digital Signatures Roger Kilian-Kehr 1 and Joachim Posegga 2 1 T-Systems Nova, Roger.Kilian-Kehr@T-Systems.com 2 SAP Corporate Research, Joachim.Posegga@SAP.com
More informationFair Exchange in E-commerce
Fair Exchange in E-commerce INDRAJIT RAY and INDRAKSHI RAY Department of Computer Science Colorado State University Many business transactions over the Internet involve the exchange of digital products
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationDepartment of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus
Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies
More informationOverview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification
Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by
More informationto hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many
In the world of secure email, there are many options from which to choose from to hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many cryptographical concepts to achieve a supposedly
More informationAn Electronic Voting System Based On Blind Signature Protocol
CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer
More informationIPSEC: IKE. Markus Hidell mahidell@kth.se. Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers
IPSEC: IKE Markus Hidell mahidell@kth.se Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers 1 Reading Kaufman, chapter 18 (and some of 16) 2 Secure Key Establishment
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationPart 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext
Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private
More informationHigh-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago
High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address,
More informationRound-Efficient Secure Computation in Point-to-Point Networks
Round-Efficient Secure Computation in Point-to-Point Networks Jonathan Katz and Chiu-Yuen Koo Dept. of Computer Science, University of Maryland, College Park, USA {jkatz,cykoo}@cs.umd.edu Abstract. Essentially
More informationNetwork Security - ISA 656 Email Security
Network Security - ISA 656 Angelos Stavrou November 13, 2007 The Usual Questions The Usual Questions Assets What are we trying to protect? Against whom? 2 / 33 Assets The Usual Questions Assets Confidentiality
More information9 Digital Signatures: Definition and First Constructions. Hashing.
Leo Reyzin. Notes for BU CAS CS 538. 1 9 Digital Signatures: Definition and First Constructions. Hashing. 9.1 Definition First note that encryption provides no guarantee that a message is authentic. For
More informationOfficial Arbitration with Secure Cloud Storage Application
Official Arbitration with Secure Cloud Storage Application Alptekin Küpçü Koç University, İstanbul, Turkey akupcu@ku.edu.tr February 11, 2013 Abstract Static and dynamic proof of storage schemes have been
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationUsing Generalized Forecasts for Online Currency Conversion
Using Generalized Forecasts for Online Currency Conversion Kazuo Iwama and Kouki Yonezawa School of Informatics Kyoto University Kyoto 606-8501, Japan {iwama,yonezawa}@kuis.kyoto-u.ac.jp Abstract. El-Yaniv
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationCUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631
Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More information