CAESAR candidate PiCipher
|
|
- Evan Shelton
- 8 years ago
- Views:
Transcription
1 CAESAR candidate PiCipher Danilo Gligoroski, ITEM, NTNU, Norway Hristina Mihajloska, FCSE, UKIM, Macedonia Simona Samardjiska, ITEM, NTNU, Norway and FCSE, UKIM, Macedonia Håkon Jacobsen, ITEM, NTNU, Norway Rune Erlend Jensen, IDI, NTNU, Norway Mohamed El-Hadedy, University of Virginia, USA
2 Design goals for PiCipher 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
3 Design principles in PiCipher It is based on several solid cryptographic concepts Encrypt-then-MAC principle, XOR MAC scheme, Two-pass sponge construction Its permutation is based on 16-bit or 32-bit or 64- bit ARX operations Possibility to Plug&Play other permutation in PiCipher
4 The main component in PiCipher is Triplex
5 Inside the Triplex
6 Why Triplex, why not Sponge Duplex?
7 Why Triplex, why not Sponge Duplex? We did not want to violate the rights of the US Patent US A: Combined sponge and squeegee with duplex control means
8 Why Triplex, why not Sponge Duplex? We did not want to violate the rights of the US Patent US A: Combined sponge and squeegee with duplex control means
9 Why Triplex, why not Sponge Duplex? We did not want to violate the rights of the US Patent US A: Combined sponge and squeegee with duplex control means
10 Why Triplex, why not Sponge Duplex?
11 Inside PiCipher
12
13 Inside PiCipher
14
15 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
16 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
17 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
18 How AES-GCM can run in fully parallel mode? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) T
19 How AES-GCM can run in fully parallel mode? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) T MAC = (T+C[1]).H N + (C[2]).H N (C[n-1]).H 2 + (C[n]).H
20 How AES-GCM can run in fully parallel mode? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) T MAC = (T+C[1]).H N + (C[2]).H N (C[n-1]).H 2 + (C[n]).H
21 How AES-GCM can run in fully parallel mode? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) T MAC = (T+C[1]).H N + (C[2]).H N (C[n-1]).H 2 + (C[n]).H
22 How AES-GCM can run in fully parallel mode? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) T MAC = (T+C[1]).H N + (C[2]).H N (C[n-1]).H 2 + (C[n]).H
23 How AES-GCM can run in fully parallel mode? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) BUT it takes different time slots 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) to compute T different parts!! MAC = (T+C[1]).H N + (C[2]).H N (C[n-1]).H 2 + (C[n]).H
24 How parallel operations are performed in PiCipher? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) M 1 M 2 M n comparison with AES-GCM triplex and Extra feature) triplex triplex 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) M 1, M 1 2, M 2 n, M n C 1 C 2 C n t 1 t 2 t n combining operation for t i MAC
25 How parallel operations are performed in PiCipher? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) M 1 M 2 M n comparison with AES-GCM triplex and Extra feature) triplex triplex parts!! 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) M 1, M 1 2, M 2 n, M n C 1 C 2 C n t 1 t 2 t n combining operation for t i MAC Equal time to compute all
26 How parallel operations are performed in PiCipher? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) M 1 M 2 M n comparison with AES-GCM triplex and Extra feature) triplex triplex parts!! 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) M Haswell i7 4960HQ 3.4 GHz 1, M 1 2, M 2 n, M n C 1 C 2 C n t 1 t 2 t n combining operation for t i MAC Equal time to compute all
27 How parallel operations are performed in PiCipher? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) M AES-GCM ~ 1cpb ~ up to 26 Gbps? M 1 M 2 M n Haswell i7 4960HQ 3.4 GHz 1, M 1 2, M 2 n, M n comparison with AES-GCM triplex and Extra feature) triplex triplex parts!! 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) C 1 C 2 C n t 1 t 2 t n combining operation for t i MAC Equal time to compute all
28 How parallel operations are performed in PiCipher? 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES-GCM) M AES-GCM ~ 1cpb ~ up to 26 Gbps? M 1 M 2 M n Haswell i7 4960HQ 3.4 GHz 1, M 1 2, M 2 n, M n comparison with AES-GCM triplex and Extra feature) triplex triplex parts!! 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) C 1 C 2 C n t 1 t 2 t GT3 ~ 40 Execution n authentication too) (Extra Units feature) x 1.3GHz combining operation (this is a for goal t i will it be measurable in 7. For certain parameters to be lightweight in HW, for other parameters SUPERCOP?) to be fast in SW MAC Equal time to compute all PiCipher ~ 26 Gbps?
29 PiCipher uses NONCE=(PMN, SMN) In case M1 is encrypted with (K, AD, (PMN,SMN1)) and M2 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) is encrypted with (K, AD, (PMN,SMN2)) then maximal (as the number of key bits) confidentiality and integrity are preserved + something EXTRA: No information if M1= M2 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
30 PiCipher uses NONCE=(PMN, SMN) In case M1 is encrypted with (K, AD, (PMN,SMN1)) and M2 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) is encrypted with (K, AD, (PMN,SMN2)) then maximal (as the number of key bits) confidentiality and integrity are preserved + something EXTRA: No information if M1= M2 This intermediate level of robustness against repeated (K, AD, PMN) have only 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM two and CAESAR Extra feature) candidates: ICEPOLE and PiCipher.
31 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
32 In last DIAC 2013 we advocated that tag second preimage resistance is in the line of ROBUSTNESS that is mentioned in the CAESAR call. 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
33 In last DIAC 2013 we advocated that tag second preimage resistance is in the line of ROBUSTNESS that is mentioned in the CAESAR call. 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) This CRYPTO 2014 we got extra argument in the comparison paper with "Security AES-GCM and of Extra Symmetric feature) Encryption against Mass Surveillance", Bellare, Paterson, Rogaway Using AEAD where the attacker (performing mass surveillance) can easily produce second tag 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) preimages is scary.
34 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) Majority of sponge-based AE ciphers offer that extra potentials feature of the of same being hardware second like many cores tag and preimage SIMD) resistant. But in that case they are not parallel and incremental. 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
35 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) In our initial submission we gave security values for the potentials hardness of the same of hardware finding like many second cores and SIMD) tag preimages that were in the range between 2 52, and for keys of 96, 128 and 256 bits. 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
36 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) In our initial submission we gave security values for potentials the hardness of the same hardware of finding like many second cores and SIMD) tag preimages that were To be faster in the than AES-GCM range on between hardware that 2does 52, 2not 104 have and AES-NI for keys of To be faster than AES-GCM 96, on any 128 parallel and architecture 256 bits. HOWEVER Gaetan in Tag Second-preimage Attack against π-cipher applied Wagner's generalized birthday attack and found second tag preimages with complexities: 2 22 using messages long 2 11 blocks, 2 31 using messages long 2 16 blocks, and 2 45 using messages long 2 22 blocks 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
37 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) We responded that: 1. Either we will abandon the claims about that Extra feature OR 2. We will tweak the cipher 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
38 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) We responded that: 1. Either we will abandon the claims about that Extra feature OR 2. We will tweak the cipher And on DIAC 2014 workshop we officially claim this: 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature) We are not tweaking the cipher, but we still claim the extra feature of being second tag preimage resistant.
39 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) How is that possible? 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
40 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) How is that possible? comparison Complexity with AES-GCM for and finding Extra feature) second tag preimages if the size of the tag is tlen, and the size of the message is m blocks. 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
41 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) How is that possible? comparison Complexity with AES-GCM for and finding Extra feature) second tag preimages if the size of the tag is tlen, and the size of the message is m blocks. 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with For AES-GCM short and messages Extra feature) For short messages such as (1500 bytes messages as the most common IP packet size) m=24 and the second preimage attack has complexity
42 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) How is that possible? We will clarify the tag second preimage resistance of PiCipher in the coming updated documentation. comparison Complexity with AES-GCM for and finding Extra feature) second tag preimages if the size of the tag is tlen, and the size of the message is m blocks. 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with For AES-GCM short and messages Extra feature) For short messages such as (1500 bytes messages as the most common IP packet size) m=24 and the second preimage attack has complexity
43 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
44 This is achieved with the use of SMN. SMN is the first value that is decrypted. If there is a protocol that tells the receiver what is the next SMN value that it expects, then there is no need to continue with the decryption if decrypted SMN is not the same as the expected SMN. 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) Much faster reaction by receiver 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
45 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
46 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) The default parameters for PiCipher are: 1. Word size 16, N=4 (internal state b=256 bits) 2. Word size 32, N=4 (internal state b=512 bits) 3. Word size 64, N=4 (internal state b=1024 bits) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
47 1.We can stretch the N parameter as it suits us: For example for encrypting each physical sector of the Advanced HDD Format with size of 4 Kbytes: 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) Word size 64, N=256 (internal state b=8 KBytes) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
48 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with AES-GCM and Extra feature)
49 2. To be easier than AES-GCM to run it in a parallel mode (CAESAR comparison with AES- GCM) comparison Lightweight with AES-GCM version: and Extra Word feature) size 16, N=4 (internal state b=256 bits) ~ 5.5K GE (not that light, but we hope we will improve it) 5. To offer better than AES-GCM properties for preventing DoS attacks (CAESAR comparison with Fast AES-GCM in SW and Extra version: feature) Word size 64, N=4 (internal state b=1024 bits) (Non-SSE version 11 cpb)
50 Inside the permutation
51 Inside the permutation
52 Inside the permutation Initial recommendation: 4 Rounds Too conservative? Soon we will submit for testing on SUPERCOP variants with 2 and 1 rounds.
53 Security of PiCipher Since it is based on several solid cryptographic concepts Encrypt-then-MAC principle, XOR MAC scheme, Two-pass sponge construction We hope that soon will have a security proof similar as the other sponge constructions (we are working on that)
54 Security of PiCipher We have extensively tested the quality of used ARX permutation Even after one round, one bit difference introduced in the counter variable propagates in b/2 bits where b is the size of the internal state The number of variables that are collectively and bijectively transformed in the operation * is 4. This is making the operation * not so suitable for automatic ARX Tools that search for high probability differential characteristics (ARXTool, Gaetan Leurent)
55 Conclusions In PiCipher we tried to bring novel ideas combined with solid concepts that have been confirmed and accepted by cryptographic community PiCipher has unique features such as massive and easy parallel capability, incrementality, a certain level of second tag preimage resistance, and a certain level of resistance if key, associated data and the public message number are repeatedly used (misused).
56 Thank you for your attention!
SHA3 WHERE WE VE BEEN WHERE WE RE GOING
SHA3 WHERE WE VE BEEN WHERE WE RE GOING Bill Burr May 1, 2013 updated version of John Kelsey s RSA2013 presentation Overview of Talk Where We ve Been: Ancient history 2004 The Competition Where We re Going
More informationGCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte. Yehuda Lindell Bar-Ilan University
GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte Shay Gueron Haifa Univ. and Intel Yehuda Lindell Bar-Ilan University Appeared at ACM CCS 2015 How to Encrypt with
More informationTable of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationHash Function JH and the NIST SHA3 Hash Competition
Hash Function JH and the NIST SHA3 Hash Competition Hongjun Wu Nanyang Technological University Presented at ACNS 2012 1 Introduction to Hash Function Hash Function Design Basics Hash function JH Design
More informationAES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition
Directions in Authenticated Ciphers DIAC 2013, 11 13 August 2013, Chicago, USA AES-GCM software performance on the current high end CPUs as a performance baseline for CAESAR competition Shay Gueron University
More informationError oracle attacks and CBC encryption. Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm
Error oracle attacks and CBC encryption Chris Mitchell ISG, RHUL http://www.isg.rhul.ac.uk/~cjm Agenda 1. Introduction 2. CBC mode 3. Error oracles 4. Example 1 5. Example 2 6. Example 3 7. Stream ciphers
More informationAscon. Ch. Dobraunig 1, M. Eichlseder 1, F. Mendel 1, M. Schläffer 2. 22nd Crypto Day, Infineon, Munich. (A Submission to CAESAR)
Ascon (A Submission to CAESAR) Ch. Dobraunig 1, M. Eichlseder 1, F. Mendel 1, M. Schläffer 2 1 IAIK, Graz University of Technology, Austria 2 Infineon Technologies AG, Austria 22nd Crypto Day, Infineon,
More informationAuthenticated Encryption (AE) Instructor: Ahmad Boorghany
Sharif University of Technology Department of Computer Engineering Data and Network Security Lab Authenticated Encryption (AE) Instructor: Ahmad Boorghany Most of the slides are obtained from Bellare and
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationSecret File Sharing Techniques using AES algorithm. C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002
Secret File Sharing Techniques using AES algorithm C. Navya Latha 200201066 Garima Agarwal 200305032 Anila Kumar GVN 200305002 1. Feature Overview The Advanced Encryption Standard (AES) feature adds support
More informationFast Implementations of AES on Various Platforms
Fast Implementations of AES on Various Platforms Joppe W. Bos 1 Dag Arne Osvik 1 Deian Stefan 2 1 EPFL IC IIF LACAL, Station 14, CH-1015 Lausanne, Switzerland {joppe.bos, dagarne.osvik}@epfl.ch 2 Dept.
More informationLength extension attack on narrow-pipe SHA-3 candidates
Length extension attack on narrow-pipe SHA-3 candidates Danilo Gligoroski Department of Telematics, Norwegian University of Science and Technology, O.S.Bragstads plass 2B, N-7491 Trondheim, NORWAY danilo.gligoroski@item.ntnu.no
More informationlundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal
Symmetric Crypto Pierre-Alain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are
More informationMessage Authentication Codes
2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,
More informationCryptography and Network Security Chapter 12
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 12 Message Authentication Codes At cats' green on the Sunday he
More informationA PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS)
A PERFORMANCE EVALUATION OF COMMON ENCRYPTION TECHNIQUES WITH SECURE WATERMARK SYSTEM (SWS) Ashraf Odeh 1, Shadi R.Masadeh 2, Ahmad Azzazi 3 1 Computer Information Systems Department, Isra University,
More informationTriathlon of Lightweight Block Ciphers for the Internet of Things
NIST Lightweight Cryptography Workshop 2015 Triathlon of Lightweight Block Ciphers for the Internet of Things Daniel Dinu, Yann Le Corre, Dmitry Khovratovich, Leo Perrin, Johann Großschädl, Alex Biryukov
More informationAuthenticated encryption
Authenticated encryption Dr. Enigma Department of Electrical Engineering & Computer Science University of Central Florida wocjan@eecs.ucf.edu October 16th, 2013 Active attacks on CPA-secure encryption
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationAuthenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Some slides were also taken from Chanathip Namprempre's defense
More informationSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen, and David Culler Department of Electrical Engineering & Computer Sciences, University of California
More informationHaswell Cryptographic Performance
White Paper Sean Gulley Vinodh Gopal IA Architects Intel Corporation Haswell Cryptographic Performance July 2013 329282-001 Executive Summary The new Haswell microarchitecture featured in the 4 th generation
More informationNetwork Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers - Modes of Encryption ECB (1)
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 3 Symmetric Cryptography General Description Modes of ion Data ion Standard (DES)
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationAES-COPA v.2. Designers/Submitters: Elena Andreeva 1,2, Andrey Bogdanov 3, Atul Luykx 1,2, Bart Mennink 1,2, Elmar Tischhauser 3, and Kan Yasuda 1,4
Submission to the CAESAR competition AES-COPA v.2 Designers/Submitters: Elena Andreeva 1,2, Andrey Bogdanov 3, Atul Luykx 1,2, Bart Mennink 1,2, Elmar Tischhauser 3, and Kan Yasuda 1,4 Affiliation: 1 Dept.
More informationWEP Overview 1/2. and encryption mechanisms Now deprecated. Shared key Open key (the client will authenticate always) Shared key authentication
WLAN Security WEP Overview 1/2 WEP, Wired Equivalent Privacy Introduced in 1999 to provide confidentiality, authentication and integrity Includes weak authentication Shared key Open key (the client will
More informationHow To Understand And Understand The History Of Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professors Jaeger Lecture 5 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07/
More information802.11 Security (WEP, WPA\WPA2) 19/05/2009. Giulio Rossetti Unipi Giulio.Rossetti@gmail.com
802.11 Security (WEP, WPA\WPA2) 19/05/2009 Giulio Rossetti Unipi Giulio.Rossetti@gmail.com 802.11 Security Standard: WEP Wired Equivalent Privacy The packets are encrypted, before sent, with a Secret Key
More informationMessage Authentication Code
Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the
More informationRELEASE NOTES. Table of Contents. Scope of the Document. [Latest Official] ADYTON Release 2.12.9 - corrections. ADYTON Release 2.12.
Table of Contents Scope of the Document... 1 [Latest Official] ADYTON Release 2.12.9... 1 ADYTON Release 2.12.4... 1 ADYTON Release 2.9.3... 3 ADYTON Release 2.7.7... 3 ADYTON Release 2.6.2... 4 ADYTON
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Secret Key Cryptography (I) 1 Introductory Remarks Roadmap Feistel Cipher DES AES Introduction
More informationFast Software AES Encryption
Calhoun: The NPS Institutional Archive Faculty and Researcher Publications Faculty and Researcher Publications 2010 Fast Software AES Encryption Osvik, Dag Arne Proceedings FSE'10 Proceedings of the 17th
More informationAnalyzing the Security Schemes of Various Cloud Storage Services
Analyzing the Security Schemes of Various Cloud Storage Services ECE 646 Project Presentation Fall 2014 12/09/2014 Team Members Ankita Pandey Gagandeep Singh Bamrah Pros and Cons of Cloud Storage Services
More informationData Encryption WHITE PAPER ON. Prepared by Mohammed Samiuddin. www.itmr.ac.in
01 0110 0001 01101 WHITE PAPER ON Data Encryption Prepared by Mohammed Samiuddin www.itmr.ac.in Contents INTRODUCTION... 2 NEED FOR DATA ENCRYPTION... 3 DUE CARE... 3 REPUTATIONAL RISK... 3 REGULATORY
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCSCI 454/554 Computer and Network Security. Topic 8.1 IPsec
CSCI 454/554 Computer and Network Security Topic 8.1 IPsec Outline IPsec Objectives IPsec architecture & concepts IPsec authentication header IPsec encapsulating security payload 2 IPsec Objectives Why
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationDeveloping and Investigation of a New Technique Combining Message Authentication and Encryption
Developing and Investigation of a New Technique Combining Message Authentication and Encryption Eyas El-Qawasmeh and Saleem Masadeh Computer Science Dept. Jordan University for Science and Technology P.O.
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationA Comparative Study Of Two Symmetric Encryption Algorithms Across Different Platforms.
A Comparative Study Of Two Symmetric Algorithms Across Different Platforms. Dr. S.A.M Rizvi 1,Dr. Syed Zeeshan Hussain 2 and Neeta Wadhwa 3 Deptt. of Computer Science, Jamia Millia Islamia, New Delhi,
More informationCIS433/533 - Computer and Network Security Cryptography
CIS433/533 - Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and
More information13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) 13.2 Layer 2/3/4 VPNs 13.3 Multi-Protocol Label Switching 13.4 IPsec Transport Mode
13 Virtual Private Networks 13.1 Point-to-Point Protocol (PPP) PPP-based remote access using dial-in PPP encryption control protocol (ECP) PPP extensible authentication protocol (EAP) 13.2 Layer 2/3/4
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationHigh-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago
High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address,
More informationETHERNET ENCRYPTION MODES TECHNICAL-PAPER
1 ETHERNET ENCRYPTION MODES TECHNICAL-PAPER The CN series encryption platform is designed to secure information transmitted over a number of network protocols. The CN series encryptors secure Ethernet
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n A tremendous tool n The basis for many security mechanisms Is not n The solution to all security problems n Reliable unless implemented properly n Reliable
More informationChaCha, a variant of Salsa20
ChaCha, a variant of Salsa20 Daniel J. Bernstein Department of Mathematics, Statistics, and Computer Science (M/C 249) The University of Illinois at Chicago Chicago, IL 60607 7045 snuffle6@box.cr.yp.to
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastr, David Wagner Presented By: Tristan Brown Outline Motivation Cryptography Overview TinySec Design Implementation
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationDFW Backup Software. Whitepaper Data Security
Version 6 Jan 2012 Table of Content 1 Introduction... 3 2 DFW Backup Offsite Backup Server Secure, Robust and Reliable... 4 2.1 Secure 128-bit SSL communication... 4 2.2 Backup data are securely encrypted...
More informationA PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR
A PPENDIX H RITERIA FOR AES E VALUATION C RITERIA FOR William Stallings Copyright 20010 H.1 THE ORIGINS OF AES...2 H.2 AES EVALUATION...3 Supplement to Cryptography and Network Security, Fifth Edition
More informationWireless Sensor Network Security. Seth A. Hellbusch CMPE 257
Wireless Sensor Network Security Seth A. Hellbusch CMPE 257 Wireless Sensor Networks (WSN) 2 The main characteristics of a WSN include: Power consumption constrains for nodes using batteries or energy
More informationAES-GCM for Efficient Authenticated Encryption Ending the Reign of HMAC-SHA-1?
Workshop on Real-World Cryptography Stanford University Jan. 9-11, 2013 AES-GCM for Efficient Authenticated Encryption Ending the Reign of HMAC-SHA-1? Shay Gueron University of Haifa Department of Mathematics,
More informationWireless security (WEP) 802.11b Overview
Wireless security (WEP) 9/01/10 EJ Jung 802.11b Overview! Standard for wireless networks Approved by IEEE in 1999! Two modes: infrastructure and ad hoc IBSS (ad hoc) mode Independent Basic Service Set
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More informationA Secure Software Implementation of Nonlinear Advanced Encryption Standard
IOSR Journal of VLSI and Signal Processing (IOSR-JVSP) ISSN: 2319 4200, ISBN No. : 2319 4197 Volume 1, Issue 5 (Jan. - Feb 2013), PP 44-48 A Secure Software Implementation of Nonlinear Advanced Encryption
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationLightweight Cryptography. Lappeenranta University of Technology
Lightweight Cryptography Dr Pekka Jäppinen Lappeenranta University of Technology Outline Background What is lightweight Metrics Chip area Performance Implementation tradeoffs Current situation Conclusions
More informationPermutation-based encryption, authentication and authenticated encryption
Permutation-based encryption, authentication and authenticated encryption Guido Bertoni 1, Joan Daemen 1, Michaël Peeters 2, and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors Abstract.
More informationCryptography and Network Security Chapter 3
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationA low-cost Alternative for OAEP
A low-cost Alternative for OAEP Peter Schartner University of Klagenfurt Computer Science System Security peter.schartner@aau.at Technical Report TR-syssec-11-02 Abstract When encryption messages by use
More informationHow to Send Stealth Text From Your Cell Phone
anonymous secure decentralized SMS stealthtext transactions WHITEPAPER STATE OF THE ART 2/8 WHAT IS STEALTHTEXT? stealthtext is a way to send stealthcoin privately and securely using SMS texting. stealthtext
More informationSalsa20/8 and Salsa20/12
Salsa20/8 and Salsa20/12 Daniel J. Bernstein Department of Mathematics, Statistics, and Computer Science (M/C 249) The University of Illinois at Chicago Chicago, IL 60607 7045 snuffle@box.cr.yp.to Introduction.
More informationHASH CODE BASED SECURITY IN CLOUD COMPUTING
ABSTRACT HASH CODE BASED SECURITY IN CLOUD COMPUTING Kaleem Ur Rehman M.Tech student (CSE), College of Engineering, TMU Moradabad (India) The Hash functions describe as a phenomenon of information security
More informationThe Misuse of RC4 in Microsoft Word and Excel
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationEvaluating The Performance of Symmetric Encryption Algorithms
International Journal of Network Security, Vol.10, No.3, PP.213 219, May 2010 213 Evaluating The Performance of Symmetric Encryption Algorithms Diaa Salama Abd Elminaam 1, Hatem Mohamed Abdual Kader 2,
More informationCSci 530 Midterm Exam. Fall 2012
CSci 530 Midterm Exam Fall 2012 Instructions: Show all work. No electronic devices are allowed. This exam is open book, open notes. You have 100 minutes to complete the exam. Please prepare your answers
More informationDr. Arjan Durresi. Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/
Set of Problems 2 Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/ Louisiana State University
More informationA Study of New Trends in Blowfish Algorithm
A Study of New Trends in Blowfish Algorithm Gurjeevan Singh*, Ashwani Kumar**, K. S. Sandha*** *(Department of ECE, Shaheed Bhagat Singh College of Engg. & Tech. (Polywing), Ferozepur-152004) **(Department
More informationSecuring IP Networks with Implementation of IPv6
Securing IP Networks with Implementation of IPv6 R.M.Agarwal DDG(SA), TEC Security Threats in IP Networks Packet sniffing IP Spoofing Connection Hijacking Denial of Service (DoS) Attacks Man in the Middle
More informationThe implementation and performance/cost/power analysis of the network security accelerator on SoC applications
The implementation and performance/cost/power analysis of the network security accelerator on SoC applications Ruei-Ting Gu grating@eslab.cse.nsysu.edu.tw Kuo-Huang Chung khchung@eslab.cse.nsysu.edu.tw
More informationEnhancing McAfee Endpoint Encryption * Software With Intel AES-NI Hardware- Based Acceleration
SOLUTION BLUEPRINT IT SECURITY MANAGEMENT Enhancing McAfee Endpoint Encryption * Software With Intel AES-NI Hardware- Based Acceleration Industry IT security management across industries Business Challenge
More informationHow To Encrypt With A 64 Bit Block Cipher
The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today - symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric
More informationEXAM questions for the course TTM4135 - Information Security May 2013. Part 1
EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationReconsidering Generic Composition
Reconsidering Generic Composition Chanathip Namprempre Thammasat University, Thailand Phillip Rogaway University of California, Davis, USA Tom Shrimpton Portland State University, USA 1/24 What is the
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 6. Wireless Network Security
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 6 Wireless Network Security Objectives Overview of IEEE 802.11 wireless security Define vulnerabilities of Open System Authentication,
More informationELECTRONIC COMMERCE WORKED EXAMPLES
MODULE 13 ELECTRONIC COMMERCE WORKED EXAMPLES 13.1 Explain B2B e-commerce using an example of a book distributor who stocks a large number of books, which he distributes via a large network of book sellers.
More informationDataTrust Backup Software. Whitepaper Data Security. Version 6.8
Version 6.8 Table of Contents 1 Introduction... 3 2 DataTrust Offsite Backup Server Secure, Robust and Reliable... 4 2.1 Secure 128-bit SSL communication... 4 2.2 Backup data are securely encrypted...
More informationSymmetric Crypto MAC. Pierre-Alain Fouque
Symmetric Crypto MAC Pierre-Alain Fouque Birthday Paradox In a set of D elements, by picking at random D elements, we have with high probability a collision two elements are equal D=365, about 23 people
More informationSECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS
SECURELY CONNECTING INSTANT MESSAGING SYSTEMS FOR AD HOC NETWORKS TO SERVER BASED SYSTEMS Philipp Steinmetz Introduction Motivation for Tactical Instant Messaging Bandwidth-efficient Silent information
More informationPermutation Based Cryptography for IoT
Permutation Based Cryptography for IoT Guido Bertoni 1 Joint work with Joan Daemen 1, Michaël Peeters 2 and Gilles Van Assche 1 1 STMicroelectronics 2 NXP Semiconductors CIoT 2012, Antwerp, November 21
More informationComputer and Network Security. Alberto Marchetti Spaccamela
Computer and Network Security Alberto Marchetti Spaccamela Slides are strongly based on material by Amos Fiat Good crypto courses on the Web with interesting material on web site of: Ron Rivest, MIT Dan
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationKeywords Web Service, security, DES, cryptography.
Volume 3, Issue 10, October 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Provide the
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard
More informationNetwork Security. Security. Security Services. Crytographic algorithms. privacy authenticity Message integrity. Public key (RSA) Message digest (MD5)
Network Security Security Crytographic algorithms Security Services Secret key (DES) Public key (RSA) Message digest (MD5) privacy authenticity Message integrity Secret Key Encryption Plain text Plain
More informationThanks, But No Thanks
Thanks, But No Thanks Current Cryptographic Standards Are Sufficient for Software Dan Shumow MSR Security and Cryptography Group Microsoft Research Introduction Disclaimer: I am a Software Developer, so
More informationNetwork Security. Lecture 3
Network Security Lecture 3 Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Security protocols application transport network datalink physical Contents IPSec overview
More informationPrivacy and Security in library RFID Issues, Practices and Architecture
Privacy and Security in library RFID Issues, Practices and Architecture David Molnar and David Wagner University of California, Berkeley CCS '04 October 2004 Overview Motivation RFID Background Library
More informationGoldKey Product Info. Do not leave your Information Assets at risk Read On... Detailed Product Catalogue for GoldKey
GoldKey Product Info Detailed Product Catalogue for GoldKey Do not leave your Information Assets at risk Read On... GoldKey: Reinventing the Security Strategy The Changing Landscape of Data Security With
More informationFailures of secret-key cryptography. D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven. http://xkcd.
Failures of secret-key cryptography D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven http://xkcd.com/538/ 2011 Grigg Gutmann: In the past 15 years no one ever lost
More informationImplementation of Full -Parallelism AES Encryption and Decryption
Implementation of Full -Parallelism AES Encryption and Decryption M.Anto Merline M.E-Commuication Systems, ECE Department K.Ramakrishnan College of Engineering-Samayapuram, Trichy. Abstract-Advanced Encryption
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Exercise: Chapters 13, 15-18 18 1. [Kaufman] 13.1
More information