CSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
|
|
- Branden Miles
- 7 years ago
- Views:
Transcription
1 CSCI-E46: Applied Network Security Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
2 Welcome to CSCI-E46 Classroom & Schedule 53 Church Street L01 Wednesdays, 5:30pm-7:30pm Office Hours Before/after class or by appointment TA Session On-line, scheduling TBD 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
3 Welcome to CSCI-E46 Expectations Familiarity with Linux/UNIX CLI and Windows GUI Understanding of networking topics by way of Successful completion of CSCI-E45[ab] or permission of instructor Objectives Provide a solid overview of the concepts, threats, and controls inherent to network security Keep topics interesting through use of in-class lecture, demonstration, and lab work 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
4 Readings Course Text Computer Security: Principles and Practice, 3 rd Edition, William Stallings Safari Books Online Additional readings listed in module on Canvas 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
5 Canvas All course material and grading will be posted to the course site Each Week readings will be available at midnight on Thursday slides will be posted prior to lecture live video of the lecture available for streaming recorded video posted for review 1-2 days after lecture Discussion forums available for questions and collaborating with your classmates 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
6 Class Participation Wednesdays, 53 Church Street L01 Timely discussion topics to open each lecture Questions and discussion throughout lecture encouraged! Be courteous, silence your phones and take calls outside ~10 minute break at half-way point On-campus and remote students Attendance and in-class participation not graded! 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
7 Tasks/Assignments Tasks Assigned most lecture weeks (10 total) Majority of class participation score Assignments 3 assignments, 1 quiz 20% of final grade 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
8 Labs 5 labs Environments Local (your laptop/desktop) Amazon Web Services (AWS) Resources VirtualBox AWS Educate 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
9 Exams Midterm Exam On-line Week of 03/17 Essay, short answer, true/false, multiple choice Final Exam Week of 04/05 Same format as midterm Not cumulative 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
10 Grading Class Participation/Tasks 20% Labs 20% Assignments/Quiz 20% Midterm Exam 20% Final Exam 20% Total 100% 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
11 Plagiarism and Academic Integrity Unless otherwise specified, all work must be completed independently Please review the Harvard Extension School Academic Integrity Policy Do not cheat, you will be caught and reported! If found responsible, no credit for affected material Academic suspension 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
12 Course Schedule Week Dates Topic 1 01/27 Introductions, Cryptography Primer 2 01/28 02/03 Networking Primer 3 02/04 02/10 Network Security Controls and Architecture 4 02/11 02/17 Enterprise Identity and Authentication 5 02/18 02/24 (In)Secure Protocols 6 02/25 03/02 Network-based Threats 7 03/03 03/09 Reconnaissance and Social Attacks 8 03/10 03/16 Spring Break 9 03/17 03/23 Midterm Exam 10 03/24 03/30 Exploitation and Persistence 11 03/31 04/06 Instrumenting the Network 12 04/07 04/13 Intrusion Detection 13 04/14 04/20 Firewalling and Access Control 14 04/21 04/27 Wireless Security 15 04/28 04/04 Cloud Security and Future Trends 16 04/05 05/11 Final Exam 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
13 Introductions About Me Director, Infrastructure Design & MIT 15+ years of systems, networking, and security experience davidlaporte@fas.harvard.edu Phone: Teaching/Lab Assistant Scott Doliner TBD 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
14 Today... Discussion Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
15 Cryptography Primer Random numbers Symmetric encryption Public-key (asymmetric) encryption Beyond encryption Message authentication codes Hash functions Digital Signatures 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
16 Random Numbers random numbers used in cryptographic key generation requirements: randomness based on statistical tests for uniform distribution and independence unpredictability successive values not related to previous clearly true for real random sequences true random number generators use a nondeterministic source e.g. radiation, leaky capacitors, thermal noise 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
17 Pseudorandom Numbers an algorithm is used to create pseudorandom numbers satisfy statistical randomness tests likely to be predictable since based on initial seed value eg. time or system state Source: w/subsamples.html 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
18 Symmetric Encryption Same key used for encryption and decryption 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
19 Symmetric Encryption Historical Implementations Caesar Cipher (ROT13) Enigma Machine Modern Implementations DES Old US federal standard 56-bit key Extremely vulnerable to brute force attacks Deprecated in favor of 3DES in 1999 Triple DES (3DES) Encrypt, decrypt, encrypt using DES Effective 168-bit key (56-bit * 3) AES Current US federal standard (2002) Result of public competition (was Rijndael ) 128, 192, and 256-bit key lengths Blowfish, IDEA, etc. Source: cipher 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
20 Symmetric Encryption Fast, easily implemented in hardware Key distribution Difficult to securely transport shared key to recipient Key management, (n 2 -n)/2 2 participants, 1 key 3 participants, 3 keys and then it gets much worse 10,000,000,000,000, ,000,000,000,000 1,000,000,000,000 10,000,000, ,000,000 1,000,000 10, /26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
21 Attacking Symmetric Encryption cryptanalysis rely on nature of the algorithm plus some knowledge of plaintext characteristics even some sample plaintext-ciphertext pairs exploits characteristics of algorithm to deduce specific plaintext or key brute-force attack try all possible keys on some ciphertext until get an intelligible translation into plaintext 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
22 Public Key Encryption Two keys ( public and private ) are used Keys are complementary Private key can decrypt public key encrypted messages Public key can decrypt private key encrypted messages In practice Public key is used to encrypt messages Private key is used to decrypt messages Example: Bob wants to send Alice a message. He encrypts the message with Alice s public key. Alice receives the message and decrypts using her private key. 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
23 Public Key Encryption Two different keys used for encryption/decryption 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
24 Public Key Requirements computationally easy to create key pairs computationally easy for sender knowing public key to encrypt messages computationally easy for receiver knowing private key to decrypt ciphertext computationally infeasible for opponent to determine private key from public key computationally infeasible for opponent to otherwise recover original message useful if either key can be used for each role 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
25 Public Key Encryption Originated in the 1970s at British Government Government Communications Headquarters (GCHQ) This remained secret until 1997 Proposed in 1976 by Whitfield Diffie and Matin Hellman RSA algorithm published in 1978 by Rivest, Shamir, and Adleman Patent expired in 2000 DSS/DSA developed by NSA useful only in digital signatures, not encryption Elliptic Curve based on solutions to y 2 =x 3 + ax + b less computationally intensive and efficiently implemented in hardware not as well vetted as factoring-based approaches, so not yet widely implemented 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
26 Public Key Encryption RSA Uses product of two large prime numbers Keys derived mathematically from product Depends upon difficulty of factoring large numbers Not provably unbreakable Discovery of short-cut in factoring large numbers would undermine entire system Key lengths can be increased to mitigate increases in brute-force capabilities RSA Laboratories currently recommends key sizes of 1024 bits for corporate use and 2048 bits for extremely valuable keys like the root key pair used by a certifying authority. Several recent standards specify a bit minimum for corporate use. RSA website 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
27 Public Key Encryption Extremely slow, orders of magnitude slower than symmetric algorithms Key distribution Separate keys eliminates need for secure transport Key management, 2n total keys, n+1 keys/participant 2 participants, 4 keys, 3 keys/participant 10 participants, 20 keys, 11 keys/participant Only one key (the participant s private key) need be kept secret Remaining keys can be centrally maintained 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
28 Asymmetric/Symmetric Hybrid Public key systems offer major benefits in key management and distribution, at the cost of speed Symmetric systems offer speed, but distribution and management do not scale In many protocols, the benefits of each are exploited through use of a session key Use public-key system to establish secure channel Transmit symmetric session key to perform bulk encryption eg., SSL, PGP 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
29 Digital Envelope 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
30 Beyond Encryption Message encryption provides confidentiality, but how to assure integrity and non-repudiation? Encryption of the message does not provide either Reordering of the encrypted blocks may result in a properly decrypted, coherent, and incorrect message Message authentication guarantees: contents unaltered from authentic source timely and in correct sequence Can be accomplished with or without encryption 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
31 Message Authentication Codes Parties agree upon a secret key Use the secret key and the input message to generate a small block of data (MAC) Transmit message and MAC Recipient uses input message and secret key to regenerate MAC If they match The receiver is assured that the message has not been altered. The receiver is assured that the message is from the alleged sender. If the message includes a sequence number, then the receiver can be assured of the proper sequence. 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
32 Message Authentication Codes Note that the message/mac bundle is unencrypted 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
33 Hash Functions A hash function generates a fixed length value ( fingerprint ) from a variable length input MD5, 128-bits SHA1, 160-bits SHA-256, 256-bits SHA-384, 384-bits SHA-512, 512-bits 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
34 Secure Hash Functions A secure hash function has the following properties applied to any size data H produces a fixed-length output H(x) is relatively easy to compute for any given x one-way property (pre-image resistance) computationally infeasible to find x such that H(x) = h weak collision resistance (second pre-image resistance) given x, computationally infeasible to find y x such that H(y) = H(x) strong collision resistance computationally infeasible to find any pair (x, y) such that H(x) = H(y) Since there is no secret key involved in generation of the hash value, additional steps are necessary to provide message authentication 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
35 Keyed Hash A secret key (previously agreed upon) is added to the input message before hash function is performed Recipient adds same key to message before computing hash value No encryption necessary Bypasses any encryption export issues Lower CPU requirements Functionally equivalent to MAC 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
36 Digital Signatures A digital signature is a hash value encrypted with the private key of the sender Leverages hash function and public key encryption to provide message authentication Example: Bob wants to send Alice a message. He generates a hash value of the message and encrypts it with his private key. This digital signature is appended to the message. Alice receives the message, removes the digital signature, and decrypts it using Bob s public key. If the hash values match, Alice can be assured that the message was received intact, in order, and from Bob. 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
37 Digital Signatures 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
38 Attacks Against Hashes attack approaches birthday attack name comes from the observation that there is a probability of > 1/2 that 2 people in a group of 23 share a birthday attack works where hash output is not evenly distributed cryptanalysis exploit logical weakness in algorithm brute-force attacks collision attack create two inputs that generate same hash value pre-image attack create input based on known hash value Source: 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
39 References Various images and content from: Computer Security: Principles and Practice, Third Edition. William Stallings, Pearson, 2014 Chapters 1, 2 See Chapter 21 in Stallings for more in-depth information on public-key cryptography and message authentication 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
40 Task 1: VirtualBox, Kali, and Introductions 1) Download and install VirtualBox 2) Download, verify, and install Kali Linux 3) Introduce yourself! Please say hello in the Introductions discussion forum and let me us know what you hope to take from the class. Additional task details in the Canvas assignment link 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
41 For next class Topic Networking Refresher Readings Computer Security, Principles and Practice Appendix F TCP/IP Illustrated, Vol. 1: The Protocols (Safari) Chapters 2, 4, 8 (ICMPv4 only), 10, 11, 12 Background/reference material, review as appropriate Additional Readings on Canvas 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING
Computer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationCryptography & Digital Signatures
Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationCryptography & Network Security
Cryptography & Network Security Lecture 1: Introduction & Overview 2002. 3. 27 chlim@sejong.ac.kr Common Terms(1) Cryptography: The study of mathematical techniques related to aspects of information security
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationMessage Authentication Codes
2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More information1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationCryptography and Network Security Chapter 12
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 12 Message Authentication Codes At cats' green on the Sunday he
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the
More informationDepartment of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus
Department of Computer & Information Sciences CSCI-445: Computer and Network Security Syllabus Course Description This course provides detailed, in depth overview of pressing network security problems
More informationEncryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1
Encryption, Data Integrity, Digital Certificates, and SSL Developed by Jerry Scott 2002 SSL Primer-1-1 Ideas Behind Encryption When information is transmitted across intranets or the Internet, others can
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about
More informationCryptography & Network Security. Introduction. Chester Rebeiro IIT Madras
Cryptography & Network Security Introduction Chester Rebeiro IIT Madras The Connected World 2 Information Storage 3 Increased Security Breaches 81% more in 2015 http://www.pwc.co.uk/assets/pdf/2015-isbs-executive-summary-02.pdf
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Intro Encryption Hash Functions A Message From Our Sponsors Fundamentals System/Network Security, crypto How do things work Why How to design secure
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationCIS433/533 - Computer and Network Security Cryptography
CIS433/533 - Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and
More informationCryptography and Network Security Chapter 11. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Chapter 11 Message Authentication and Hash Functions At cats' green on the Sunday he took the message from the inside of
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationAN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES
HYBRID RSA-AES ENCRYPTION FOR WEB SERVICES AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES Kalyani Ganesh
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationKy Vu DeVry University, Atlanta Georgia College of Arts & Science
Ky Vu DeVry University, Atlanta Georgia College of Arts & Science Table of Contents - Objective - Cryptography: An Overview - Symmetric Key - Asymmetric Key - Transparent Key: A Paradigm Shift - Security
More informationAuthentication, digital signatures, PRNG
Multimedia Security Authentication, digital signatures, PRNG Mauro Barni University of Siena Beyond confidentiality Up to now, we have been concerned with protecting message content (i.e. confidentiality)
More informationCommon Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/
Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting shayz@comsecglobal.com Copyright 2006 - The OWASP
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
More informationCenter for Internet Security. INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO
INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Private and Public Key Cryptography and Ransomware December 2014 Authored by:ted Fischer (CIS) Security Operations
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationEfficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms
Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms Radhika G #1, K.V.V. Satyanarayana *2, Tejaswi A #3 1,2,3 Dept of CSE, K L University, Vaddeswaram-522502,
More informationCryptography: Motivation. Data Structures and Algorithms Cryptography. Secret Writing Methods. Many areas have sensitive information, e.g.
Cryptography: Motivation Many areas have sensitive information, e.g. Data Structures and Algorithms Cryptography Goodrich & Tamassia Sections 3.1.3 & 3.1.4 Introduction Simple Methods Asymmetric methods:
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond
More informationIntroduction to Encryption
Computers and Society Introduction to Encryption Chris Brooks Department of Computer Science University of San Francisco Department of Computer Science University of San Francisco p.1/35 3-0: Terminology
More informationPGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO
PGP (Pretty Good Privacy) INTRODUCTION ZHONG ZHAO In The Next 15 Minutes, You May Know What is PGP? Why using PGP? What can it do? How did it evolve? How does it work? How to work it? What s its limitation?
More informationExpert Reference Series of White Papers. Fundamentals of the PKI Infrastructure
Expert Reference Series of White Papers Fundamentals of the PKI Infrastructure 1-800-COURSES www.globalknowledge.com Fundamentals of the PKI Infrastructure Boris Gigovic, Global Knowledge Instructor, CEI,
More informationPublic Key (asymmetric) Cryptography
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationCryptography and Network Security Chapter 11
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 11 Cryptographic Hash Functions Each of the messages, like each
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationNetwork Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015
Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationChapter 8 Network Security. Slides adapted from the book and Tomas Olovsson
Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing
More informationSSL A discussion of the Secure Socket Layer
www.harmonysecurity.com info@harmonysecurity.com SSL A discussion of the Secure Socket Layer By Stephen Fewer Contents 1 Introduction 2 2 Encryption Techniques 3 3 Protocol Overview 3 3.1 The SSL Record
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationThe Misuse of RC4 in Microsoft Word and Excel
The Misuse of RC4 in Microsoft Word and Excel Hongjun Wu Institute for Infocomm Research, Singapore hongjun@i2r.a-star.edu.sg Abstract. In this report, we point out a serious security flaw in Microsoft
More informationAC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014
Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes
More informationGlobal Telehealth Conference 2012
A Best Practice Guide to Encryption for Telehealth Liam Caffery PhD Centre for Online Health The University of Queensland Recommendations on best practice Slide 1 of 33 Slide 2 of 33 Introduction Security
More informationAdvanced Topics in Cryptography and Network Security
Advanced Topics in Cryptography and Network Security Breno de Medeiros Department of Computer Science Florida State University Advanced Topics in Cryptography and Network Security p.1 Class Reference Sheet
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationTable of Contents. Bibliografische Informationen http://d-nb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationFIPS 140-2 Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0
FIPS 40-2 Non- Proprietary Security Policy McAfee SIEM Cryptographic Module, Version.0 Document Version.4 December 2, 203 Document Version.4 McAfee Page of 6 Prepared For: Prepared By: McAfee, Inc. 282
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure Email
CS 393 Network Security Nasir Memon Polytechnic University Module 11 Secure Email Course Logistics HW 5 due Thursday Graded exams returned and discussed. Read Chapter 5 of text 4/2/02 Module 11 - Secure
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationSPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128
SPC5 Software Cryptography Library Data brief SHA-512 Random engine based on DRBG-AES-128 RSA signature functions with PKCS#1v1.5 ECC (Elliptic Curve Cryptography): Key generation Scalar multiplication
More informationCS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationAn Introduction to Cryptography and Digital Signatures
An Introduction to Cryptography and Digital Signatures Author: Ian Curry March 2001 Version 2.0 Copyright 2001-2003 Entrust. All rights reserved. Cryptography The concept of securing messages through
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationIntroduction to Network Security. 1. Introduction. And People Eager to Take Advantage of the Vulnerabilities
TÜBİTAK Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü Introduction to Network Security (Revisit an Historical 12 year old Presentation) Prof. Dr. Halûk Gümüşkaya Why Security? Three primary reasons
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 1: Introduction Ion Petre Department of IT, Åbo Akademi University January 10, 2012 1 Motto Unfortunately, the technical
More informationModeling and verification of security protocols
Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available
More informationUsable Crypto: Introducing minilock. Nadim Kobeissi HOPE X, NYC, 2014
Usable Crypto: Introducing minilock Nadim Kobeissi HOPE X, NYC, 2014 2012 Browsers are an environment that is hostile to cryptography Malleability of the JavaScript runtime. The lack of low-level (system-level)
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationA Novel Approach to combine Public-key encryption with Symmetric-key encryption
Volume 1, No. 4, June 2012 ISSN 2278-1080 The International Journal of Computer Science & Applications (TIJCSA) RESEARCH PAPER Available Online at http://www.journalofcomputerscience.com/ A Novel Approach
More informationDRAFT Standard Statement Encryption
DRAFT Standard Statement Encryption Title: Encryption Standard Document Number: SS-70-006 Effective Date: x/x/2010 Published by: Department of Information Systems 1. Purpose Sensitive information held
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More information