Quantification of Information Leakage by Statistical Method Combined with Program Analysis
|
|
- Randolph Neil Montgomery
- 7 years ago
- Views:
Transcription
1 Quantification of Information Leakage by Statistical Method Combined with Program Analysis Yusuke Kawamoto (AIST, Japan) Joint work with Fabrizio Biondi (INRIA/IRISA Rennes, France) Axel Legay (INRIA/IRISA Rennes, France) In French-Japanese Cybersecurity Workshop, September 2016
2 Information leakage In real world systems, there are usually some information leakage. Receipt of credit card always leaks 4 digits of card number **** **** **** 1234 Timing/power consumption in decrypting ciphertexts leaks information on the secret key Acceptable Security breach! Password checking leaks the password with small probability Message length/packet patterns leaks the sender of the message in (guess) if guess == password then out(secret) Acceptable Privacy breach! Want to quantify the information leakage! 2
3 3 Entropy as a secrecy measure Larger entropy Larger uncertainty Stronger secrecy When a secret value uniformly distributed over { 1, 2,, }, it s hard to guess the secret. sec = 1 sec = 2 sec = 3 sec = Stronger secrecy Shannon entropy = 999 bit (= ( log )) When a secret value is not uniformly distributed, it s easier to guess the secret. sec = 1 sec = 2 sec = 3 sec = Weaker secrecy Shannon entropy = 0.88 bit (= (0.7 log 0.7) (0.3 log 0.3))
4 Overview of this talk (1) Introduction on modelling information leakage: How much secret information is leaked by output in a system? (2) Statistical method for estimating information leakage amount: The accuracy of estimation is described by 95% confidence intervals. (3) Hybrid method combining statistical method with program improves the quality and cost of. 4
5 5 Information flow Systems are modeled as information-theoretic channels: secret s System output o Examples Secret decryption key Cipher Decryption time & power consumption Sender of message Anonymity protocol Packet patterns Secret in a process Process scheduler Scheduling of processes
6 Modelling a probabilistic system Probabilistic system Initial state s = 0 s = 1 s = 2 s = Observed outputs (no non-deterministic transitions) Joint distribution of secret & output Secret Output o = 0 o = 1 o = 2 o = 3 s = s = s = s = bit of s is leaked when observing o = 1 6
7 7 Modelling information leakage Probabilities of secrets Before observing output: After observing output: p(s) Distribution on secrets p(s, o) Joint distribution on secrets & outputs Secret Probability s = s = s = s = Output Secret o = 0 o = 1 o = 2 o = 3 s = s = s = s =
8 8 Modelling information leakage Probabilities of secrets Before observing output: p(s) Distribution on secrets Amount of information leakage Difference of the secrecy levels before and after the observation (Leakage amount) = (entropy before observation) (entropy after observation) E.g. (Mutual information) Secret Probability s = s = s = s = = Σ p(s) log p(s) Σ p(o) Σ p(s o) log p(s o) s Sec After observing output: p(s, o) Joint distribution on secrets & outputs Output Secret o Obs o = 0 o = 1 o = 2 o = 3 s = s = s = s = s Sec Remark: Other kinds of entropy (e.g. min-entropy) for other attack scenarios
9 9 Modelling information leakage Probabilities of secrets Before observing output: p(s) Distribution on secrets Secret Probability s = s = s = s = Amount of information leakage (Leakage amount) = (entropy before observation) (entropy after observation) Hardness in computing leakage amount After observing output: p(s, o) Joint distribution on secrets & outputs Output Secret o = 0 o = 1 o = 2 o = 3 s = s = s = s = Computation is hard if there are many traces, shown by T. Terauchi (JAIST, Japan). Limited compositionality (e.g. in QEST 14 with K. Chatzikokolakis & C. Palamidessi): Composing two systems may produce additional information leakage.
10 10 Overview Model of information leakage Statistical method for estimating leakage amount Hybrid statistical method Evaluation of the method Summary & future work
11 11 Statistical method [Chatzikokolakis, Chothia, Guha 10] CSF 13, ESORICS 14 with T. Chothia, C. Novakovic, D. Parker System Tool LeakWatch (1) (2) (3) Approximate (4) Execution Numbers probability traces of traces distribution Running many times Estimated leakage: bit? Probabilistic assignment produces different traces. bool sec 0 := { 0 0.5, }; bool sec 1 := { 0 0.5, }; secret sec 0, sec 1 ; bool r := { 0 0.5, }; bool obs 0 := sec 0 XOR r ; bool obs 1 := sec 1 XOR r ; output obs 0, obs 1 ; Record of 1000 traces (sec 0 =0, sec 1 =0, obs 0 =0, obs 1 =0) (sec 0 =0, sec 1 =0, obs 0 =1, obs 1 =1) (sec 0 =0, sec 1 =0, obs 0 =1, obs 1 =1) (sec 0 =0, sec 1 =0, obs 0 =0, obs 1 =0) (sec 0 =0, sec 1 =0, obs 0 =1, obs 1 =1)
12 12 Statistical method [Chatzikokolakis, Chothia, Guha 10] CSF 13, ESORICS 14 with T. Chothia, C. Novakovic, D. Parker System Tool LeakWatch (1) (2) (3) Approximate (4) Execution Numbers probability traces of traces distribution Running many times Estimated leakage: bit? Probabilistic assignment produces different traces. bool sec 0 := { 0 0.5, }; bool sec 1 := { 0 0.5, }; secret sec 0, sec 1 ; bool r := { 0 0.5, }; bool obs 0 := sec 0 XOR r ; bool obs 1 := sec 1 XOR r ; output obs 0, obs 1 ; Record of 1000 traces output secret obs 0 =0obs 0 =0obs 0 =1obs 0 =1 obs 1 =0obs 1 =1obs 1 =0obs 1 =1 sec 0 =0,sec 1 = sec 0 =0,sec 1 = sec 0 =1,sec 1 = sec 0 =1,sec 1 = secret output obs 0 =0 obs 0 =0 obs 0 =1 obs 0 =1 obs 1 =0 obs 1 =1 obs 1 =0 obs 1 =1 sec 0 =0,sec 1 = sec 0 =0,sec 1 = sec 0 =1,sec 1 = sec 0 =1,sec 1 =
13 13 Statistical method [Chatzikokolakis, Chothia, Guha 10] CSF 13, ESORICS 14 with T. Chothia, C. Novakovic, D. Parker System Tool LeakWatch (1) (2) (3) Approximate (4) Execution Numbers probability traces of traces distribution Running many times By Statistics Estimated leakage: bit? bit 95% confidence interval : [0.998, 1.003] secret output True distribution obs 0 =0 obs 1 =0 obs 0 =0 obs 1 =1 obs 0 =1 obs 1 =0 obs 0 =1 obs 1 =1 sec 0 =0,sec 1 = sec 0 =0,sec 1 = sec 0 =1,sec 1 = difference Approximate distribution secret output obs 0 =0 obs 1 =0 obs 0 =0 obs 1 =1 obs 0 =1 obs 1 =0 obs 0 =1 obs 1 =1 sec 0 =0,sec 1 = sec 0 =0,sec 1 = sec 0 =1,sec 1 = sec 0 =1,sec 1 = True value bit bias sec 0 =1,sec 1 = Estimate bit
14 Statistical method [Chatzikokolakis, Chothia, Guha 10] CSF 13, ESORICS 14 with T. Chothia, C. Novakovic, D. Parker System Lower bound (95% confidence) Tool LeakWatch (1) (2) (3) Approximate (4) Execution Numbers probability traces of traces distribution Running many times Mutual information (after removing bias) secret output obs 0 =0 obs 1 =0 obs 0 =0 obs 1 =1 By Statistics Estimated leakage: bit? bit 95% confidence interval : [0.998, 1.003] Approximate distribution obs 0 =1 obs 1 =0 obs 0 =1 obs 1 =1 sec 0 =0,sec 1 = Upper bound (95% confidence) sec 0 =0,sec 1 = sec 0 =1,sec 1 = sec 0 =1,sec 1 = More traces, more accurate estimate (less bias and smaller confidence interval). 14
15 15 Statistical method [Chatzikokolakis, Chothia, Guha 10] CSF 13, ESORICS 14 with T. Chothia, C. Novakovic, D. Parker System Implementation is enough. Source code is not necessary. Tool LeakWatch (1) (2) (3) Approximate (4) Execution Numbers probability traces of traces distribution Running many times May include side-channel info e.g. timing Estimated leakage: bit? bit 95% confidence interval : [0.998, 1.003]
16 E.g. Pseudorandom number generators Consecutive pseudorandom numbers r 1, r 2 (by a stateful generator) are correlated. By using LeakWatch, we can estimate how much information on r 1 is leaked by r 2. seed Pseudo-random number generator r 1 r 2 Correlated with r 1 Random.class SecureRandom.class Leakage estimate (after removing bias) distinguishable Leakage is not detected (with 95% confidence level) Estimates above this green line are the evidence of leakage (with 95% confidence level). 16
17 17 Overview Model of information leakage Statistical method for estimating leakage amount Hybrid statistical method Evaluation of the method Summary & future work
18 18 Statistical methods vs formal methods Both methods have advantages and disadvantages: Statistical methods (Monte Carlo simulation) Formal methods (program ) Analysis approach Black box (analyzing execution traces) White box (analyzing a source code) Produces Estimate + confidence interval Exact value Reduces costs by Random sampling Knowledge of code & abstraction Impractical for Large joint distribution matrix Large number of traces E.g. Linear congruential generators E.g. Conditional branching r 2 := (4801 * r ) mod 8192 Many internal states if 5 sec 100 then obs := 1; else.. We do not have to check every value of sec.
19 19 Motivation Examples that neither statistical method nor program can handle: Complicated subsystem Probability 0.5 Initial state Probability 0.5 Subsystem with too many traces Subsystem with too large matrix Statistical method Program Combine the two methods!
20 Motivation Examples that neither statistical method nor program can handle: Complicated subsystem Leakage by rare events Probability 0.5 Initial state Probability 0.5 Probability 0.99 Initial state Probability 0.01 May not be sampled Subsystem with too many traces Subsystem with too large matrix No leakage Much leakage Too many traces are executed Too few traces are executed Statistical method Program Smaller sample size Larger sample size Combine the two methods! Kind of importance sampling! 20
21 21 Hybrid statistical We combine statistical method with program. true conditional false To appear in FM 16 with F. Biondi, A. Legay conditional conditional true false true false large matrix many traces many traces large matrix Program Statistical Statistical Program sample size n 1 sample size n 2 Precise Approximate Approximate Precise = Estimated distribution
22 22 Hybrid statistical We combine statistical method with program. true conditional false To appear in FM 16 with F. Biondi, A. Legay conditional conditional true false true false large matrix Program many traces Statistical many traces Statistical sample size n 1 sample size n 2 Joint distribution large matrix Example of composing 3 subsystems Program Precise Approximate Approximate Precise = Estimated distribution
23 Hybrid statistical We combine statistical method with program. conditional true conditional false conditional true false true false To appear in FM 16 with F. Biondi, A. Legay large matrix many traces many traces large matrix Program Statistical Statistical Program sample size n 1 sample size n 2 Precise We ignored higher order terms in Taylor expansion of mutual information Approximate Approximate b 1 / n 1 b 2 / n 2 v 1 / n 1 v 2 / n Precise = bias = Estimated distribution Estimated value of mutual information = variance Confidence compositional interval 23
24 Hybrid statistical Formally please see our paper To appear in FM 16 with F. Biondi, A. Legay Theorem expectation = variance = (1-α) confidence interval: 24
25 25 Quality vs cost of Can optimize the sample size (the number of traces) for each component: true conditional false To appear in FM 16 with F. Biondi, A. Legay conditional conditional true false true false large matrix many traces many traces large matrix Program Statistical Statistical Program sample size n 1 sample size n 2 Precise Adaptively updating the sample sizes n i as Approximate Approximate b 1 / n 1 b 2 / n 2 v 1 / n 1 v 2 / n Precise = bias = Estimated distribution Estimated value of mutual information = variance Confidence interval
26 Abstraction-then-sampling To appear in FM 16 with F. Biondi, A. Legay Statistical method can be combined with qualitative program : of a subsystem If we know these rows are identical output secret obs =0 obs=1 obs=2 obs=3 sec = sec = sec = sec = sec = sec = it s sufficient to sample only one row. By program, we can find whether the output is independent of the secret inside a subsystem. More generally, prior knowledge on the system can reduce the cost of sampling. 26
27 27 Design of tool Decompose a source code into components and choose an type for each component: true conditional false conditional conditional true false Abstraction if possible true false To appear in FM 16 with F. Biondi, A. Legay We apply a rough static heuristics to estimate the number of traces & the size of the matrix for each component. large matrix many traces many traces large matrix Program Statistical Statistical Program sample size n 1 sample size n 2 Precise Adaptively updating the sample sizes n i as Approximate Approximate b 1 / n 1 b 2 / n 2 v 1 / n 1 v 2 / n Precise = bias = Estimated distribution Estimated value of mutual information = variance Confidence interval
28 28 Overview Model of information leakage Statistical method for estimating leakage amount Hybrid statistical method Evaluation of the method Summary & future work
29 29 Quality of the hybrid method Larger samples size, then narrower confidence interval More program, then narrower confidence interval
30 Comparison of approaches Our hybrid method outperforms the precise program and the fully statistical : We are still trying to add more techniques from formal methods. 30
31 31 Overview Model of information leakage Statistical method for estimating leakage amount Hybrid statistical method Evaluation of the method Summary & future work
32 Summary & future work Showed a hybrid method for estimating information leakage that combines statistical method with program. Gets the best of the both methods to improve the quality & cost. Our ongoing work: Developing a tool for estimating information leakage by hybrid method. My future work: More fusion of statistical methods & formal methods. 32
33 Question/comments?
34 References Yusuke Kawamoto, Fabrizio Biondi and Axel Legay. Hybrid Statistical Estimation of Mutual Information for Quantifying Information flow. In FM 2016, LNCS, November 2016, To appear. Yusuke Kawamoto, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. Compositionality Results for Quantitative Information Flow. In QEST 2014, LNCS, Vol.8657, pp , September Tom Chothia, Yusuke Kawamoto and Chris Novakovic. LeakWatch: Estimating Information Leakage from Java Programs. In ESORICS 2014, LNCS, Vol.8713, pp , September Tom Chothia, Yusuke Kawamoto and Chris Novakovic. A Tool for Estimating Information Leakage. In CAV 2013, LNCS, Vol.8044, pp , July Tom Chothia, Yusuke Kawamoto, Chris Novakovic and David Parker. Probabilistic Point-to-Point Information Leakage. In CSF 2013, pp , June
CladICT & the Different Types of Information - Tutorial
Michael Clarkson and Fred B. Schneider Cornell University RADICAL May 10, 2010 Goal Information-theoretic Quantification of programs impact on Integrity of Information [Denning 1982] (relationship to database
More informationA Numerical Study on the Wiretap Network with a Simple Network Topology
A Numerical Study on the Wiretap Network with a Simple Network Topology Fan Cheng and Vincent Tan Department of Electrical and Computer Engineering National University of Singapore Mathematical Tools of
More information1 Message Authentication
Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions
More informationIdentity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks
Identity-based Encryption with Post-Challenge Auxiliary Inputs for Secure Cloud Applications and Sensor Networks Tsz Hon Yuen - Huawei, Singapore Ye Zhang - Pennsylvania State University, USA Siu Ming
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. #01 Lecture No. #10 Symmetric Key Ciphers (Refer
More informationThe Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)
The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?) Hugo Krawczyk Abstract. We study the question of how to generically compose symmetric encryption and authentication
More informationSECURITY EVALUATION OF EMAIL ENCRYPTION USING RANDOM NOISE GENERATED BY LCG
SECURITY EVALUATION OF EMAIL ENCRYPTION USING RANDOM NOISE GENERATED BY LCG Chung-Chih Li, Hema Sagar R. Kandati, Bo Sun Dept. of Computer Science, Lamar University, Beaumont, Texas, USA 409-880-8748,
More informationLecture 10: CPA Encryption, MACs, Hash Functions. 2 Recap of last lecture - PRGs for one time pads
CS 7880 Graduate Cryptography October 15, 2015 Lecture 10: CPA Encryption, MACs, Hash Functions Lecturer: Daniel Wichs Scribe: Matthew Dippel 1 Topic Covered Chosen plaintext attack model of security MACs
More informationCh.9 Cryptography. The Graduate Center, CUNY.! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis
Ch.9 Cryptography The Graduate Center, CUNY! CSc 75010 Theoretical Computer Science Konstantinos Vamvourellis Why is Modern Cryptography part of a Complexity course? Short answer:! Because Modern Cryptography
More informationTowards a Tight Finite Key Analysis for BB84
The Uncertainty Relation for Smooth Entropies joint work with Charles Ci Wen Lim, Nicolas Gisin and Renato Renner Institute for Theoretical Physics, ETH Zurich Group of Applied Physics, University of Geneva
More informationLarge-Scale IP Traceback in High-Speed Internet
2004 IEEE Symposium on Security and Privacy Large-Scale IP Traceback in High-Speed Internet Jun (Jim) Xu Networking & Telecommunications Group College of Computing Georgia Institute of Technology (Joint
More informationCryptography & Network Security. Introduction. Chester Rebeiro IIT Madras
Cryptography & Network Security Introduction Chester Rebeiro IIT Madras The Connected World 2 Information Storage 3 Increased Security Breaches 81% more in 2015 http://www.pwc.co.uk/assets/pdf/2015-isbs-executive-summary-02.pdf
More informationTraffic Analysis. Scott E. Coull RedJack, LLC. Silver Spring, MD USA. Side-channel attack, information theory, cryptanalysis, covert channel analysis
Traffic Analysis Scott E. Coull RedJack, LLC. Silver Spring, MD USA Related Concepts and Keywords Side-channel attack, information theory, cryptanalysis, covert channel analysis Definition Traffic analysis
More informationQuantitative Inventory Uncertainty
Quantitative Inventory Uncertainty It is a requirement in the Product Standard and a recommendation in the Value Chain (Scope 3) Standard that companies perform and report qualitative uncertainty. This
More informationA Case Study in Software Enhancements as Six Sigma Process Improvements: Simulating Productivity Savings
A Case Study in Software Enhancements as Six Sigma Process Improvements: Simulating Productivity Savings Dan Houston, Ph.D. Automation and Control Solutions Honeywell, Inc. dxhouston@ieee.org Abstract
More informationPredictive Models for Min-Entropy Estimation
Predictive Models for Min-Entropy Estimation John Kelsey Kerry A. McKay Meltem Sönmez Turan National Institute of Standards and Technology meltem.turan@nist.gov September 15, 2015 Overview Cryptographic
More informationSecret Sharing based on XOR for Efficient Data Recovery in Cloud
Secret Sharing based on XOR for Efficient Data Recovery in Cloud Computing Environment Su-Hyun Kim, Im-Yeong Lee, First Author Division of Computer Software Engineering, Soonchunhyang University, kimsh@sch.ac.kr
More informationIPsec Details 1 / 43. IPsec Details
Header (AH) AH Layout Other AH Fields Mutable Parts of the IP Header What is an SPI? What s an SA? Encapsulating Security Payload (ESP) ESP Layout Padding Using ESP IPsec and Firewalls IPsec and the DNS
More informationPrivacy Preserving Similarity Evaluation of Time Series Data
Privacy Preserving Similarity Evaluation of Time Series Data Haohan Zhu Department of Computer Science Boston University zhu@cs.bu.edu Xianrui Meng Department of Computer Science Boston University xmeng@cs.bu.edu
More informationWireless LAN Security Mechanisms
Wireless LAN Security Mechanisms Jingan Xu, Andreas Mitschele-Thiel Technical University of Ilmenau, Integrated Hard- and Software Systems Group jingan.xu@tu-ilmenau.de, mitsch@tu-ilmenau.de Abstract.
More informationMathematical Model Based Total Security System with Qualitative and Quantitative Data of Human
Int Jr of Mathematics Sciences & Applications Vol3, No1, January-June 2013 Copyright Mind Reader Publications ISSN No: 2230-9888 wwwjournalshubcom Mathematical Model Based Total Security System with Qualitative
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationOverview of Symmetric Encryption
CS 361S Overview of Symmetric Encryption Vitaly Shmatikov Reading Assignment Read Kaufman 2.1-4 and 4.2 slide 2 Basic Problem ----- ----- -----? Given: both parties already know the same secret Goal: send
More informationSecurity Aspects of. Database Outsourcing. Vahid Khodabakhshi Hadi Halvachi. Dec, 2012
Security Aspects of Database Outsourcing Dec, 2012 Vahid Khodabakhshi Hadi Halvachi Security Aspects of Database Outsourcing Security Aspects of Database Outsourcing 2 Outline Introduction to Database
More informationMessage Authentication Code
Message Authentication Code Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 Outline 1 CBC-MAC 2 Authenticated Encryption 3 Padding Oracle Attacks 4 Information Theoretic MACs 2 of 44
More informationLecture 5 - CPA security, Pseudorandom functions
Lecture 5 - CPA security, Pseudorandom functions Boaz Barak October 2, 2007 Reading Pages 82 93 and 221 225 of KL (sections 3.5, 3.6.1, 3.6.2 and 6.5). See also Goldreich (Vol I) for proof of PRF construction.
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationMonte Carlo Simulations for Patient Recruitment: A Better Way to Forecast Enrollment
Monte Carlo Simulations for Patient Recruitment: A Better Way to Forecast Enrollment Introduction The clinical phases of drug development represent the eagerly awaited period where, after several years
More informationCatch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks
Catch Me If You Can: A Practical Framework to Evade Censorship in Information-Centric Networks Reza Tourani, Satyajayant (Jay) Misra, Joerg Kliewer, Scott Ortegel, Travis Mick Computer Science Department
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationCredibility and Pooling Applications to Group Life and Group Disability Insurance
Credibility and Pooling Applications to Group Life and Group Disability Insurance Presented by Paul L. Correia Consulting Actuary paul.correia@milliman.com (207) 771-1204 May 20, 2014 What I plan to cover
More informationInformation Leakage in Encrypted Network Traffic
Information Leakage in Encrypted Network Traffic Attacks and Countermeasures Scott Coull RedJack Joint work with: Charles Wright (MIT LL) Lucas Ballard (Google) Fabian Monrose (UNC) Gerald Masson (JHU)
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationCUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631
Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.
More informationSecurity Sensor Network. Biswajit panja
Security Sensor Network Biswajit panja 1 Topics Security Issues in Wired Network Security Issues in Wireless Network Security Issues in Sensor Network 2 Security Issues in Wired Network 3 Security Attacks
More informationSIMULATION STUDIES IN STATISTICS WHAT IS A SIMULATION STUDY, AND WHY DO ONE? What is a (Monte Carlo) simulation study, and why do one?
SIMULATION STUDIES IN STATISTICS WHAT IS A SIMULATION STUDY, AND WHY DO ONE? What is a (Monte Carlo) simulation study, and why do one? Simulations for properties of estimators Simulations for properties
More informationA comprehensive survey on various ETC techniques for secure Data transmission
A comprehensive survey on various ETC techniques for secure Data transmission Shaikh Nasreen 1, Prof. Suchita Wankhade 2 1, 2 Department of Computer Engineering 1, 2 Trinity College of Engineering and
More informationREAL-TIME PRICE FORECAST WITH BIG DATA
REAL-TIME PRICE FORECAST WITH BIG DATA A STATE SPACE APPROACH Lang Tong (PI), Robert J. Thomas, Yuting Ji, and Jinsub Kim School of Electrical and Computer Engineering, Cornell University Jie Mei, Georgia
More informationarxiv:1402.3426v3 [cs.cr] 27 May 2015
Privacy Games: Optimal User-Centric Data Obfuscation arxiv:1402.3426v3 [cs.cr] 27 May 2015 Abstract Consider users who share their data (e.g., location) with an untrusted service provider to obtain a personalized
More informationNon Linear Dependence Structures: a Copula Opinion Approach in Portfolio Optimization
Non Linear Dependence Structures: a Copula Opinion Approach in Portfolio Optimization Jean- Damien Villiers ESSEC Business School Master of Sciences in Management Grande Ecole September 2013 1 Non Linear
More informationHow to Conduct the Method Validation with a New IPT (In-Process Testing) Method
How to Conduct the Method Validation with a New IPT (In-Process Testing) Method Weifeng Frank Zhang QA Engineer BMS Ernest Lee Senior Manager, Facilities & Engineering Medarex, a fully owned subsidiary
More informationDesigning a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology
Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY
More informationSAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK
SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION September 2010 (reviewed September 2014) ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK NETWORK SECURITY
More informationVirtual Private Networks
Virtual Private Networks ECE 4886 Internetwork Security Dr. Henry Owen Definition Virtual Private Network VPN! Virtual separation in protocol provides a virtual network using no new hardware! Private communication
More informationSecurity Analysis of DRBG Using HMAC in NIST SP 800-90
Security Analysis of DRBG Using MAC in NIST SP 800-90 Shoichi irose Graduate School of Engineering, University of Fukui hrs shch@u-fukui.ac.jp Abstract. MAC DRBG is a deterministic random bit generator
More informationGraph Security Testing
JOURNAL OF APPLIED COMPUTER SCIENCE Vol. 23 No. 1 (2015), pp. 29-45 Graph Security Testing Tomasz Gieniusz 1, Robert Lewoń 1, Michał Małafiejski 1 1 Gdańsk University of Technology, Poland Department of
More informationCryptography: Authentication, Blind Signatures, and Digital Cash
Cryptography: Authentication, Blind Signatures, and Digital Cash Rebecca Bellovin 1 Introduction One of the most exciting ideas in cryptography in the past few decades, with the widest array of applications,
More informationKey Agreement from Close Secrets over Unsecured Channels Winter 2010
Key Agreement from Close Secrets over Unsecured Channels Winter 2010 Andreas Keller Contens 1. Motivation 2. Introduction 3. Building Blocks 4. Protocol Extractor Secure Sketches (MAC) message authentication
More informationSandeep Mahapatra Department of Computer Science and Engineering PEC, University of Technology s.mahapatra15101987@gmail.com
Computing For Nation Development, March 10 11, 2011 Bharati Vidyapeeth s Institute of Computer Applications and Management, New Delhi A Comparative Evaluation of Various Encryptions Techniques Committing
More informationBusiness Valuation under Uncertainty
Business Valuation under Uncertainty ONDŘEJ NOWAK, JIŘÍ HNILICA Department of Business Economics University of Economics Prague W. Churchill Sq. 4, 130 67 Prague 3 CZECH REPUBLIC ondrej.nowak@vse.cz http://kpe.fph.vse.cz
More informationIntroduction to Hill cipher
Introduction to Hill cipher We have explored three simple substitution ciphers that generated ciphertext C from plaintext p by means of an arithmetic operation modulo 26. Caesar cipher: The Caesar cipher
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationAdversary Modelling 1
Adversary Modelling 1 Evaluating the Feasibility of a Symbolic Adversary Model on Smart Transport Ticketing Systems Authors Arthur Sheung Chi Chan, MSc (Royal Holloway, 2014) Keith Mayes, ISG, Royal Holloway
More informationJigsaw-based Secure Data Transfer over Computer Networks
Jigsaw-based Secure Data Transfer over Computer Networks Rangarajan A. Vasudevan Dept. of Computer Science and Engineering Indian Institute of Technology Chennai 600036 India ranga@cs.iitm.ernet.in Ajith
More informationBuildings Performance Database
DOE Building Technologies Program Buildings Performance Database 10/9/12 Cody Taylor Cody.Taylor@ee.doe.gov Elena Alschuler Elena.Alschuler@ee.doe.gov 1 API Standard Data Taxonomy API Data Platforms and
More informationSide Channel Analysis and Embedded Systems Impact and Countermeasures
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks Cryptographic devices Side
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture No. # 11 Block Cipher Standards (DES) (Refer Slide
More informationSecure Large-Scale Bingo
Secure Large-Scale Bingo Antoni Martínez-Ballesté, Francesc Sebé and Josep Domingo-Ferrer Universitat Rovira i Virgili, Dept. of Computer Engineering and Maths, Av. Països Catalans 26, E-43007 Tarragona,
More informationBreaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring
Breaking Generalized Diffie-Hellman Modulo a Composite is no Easier than Factoring Eli Biham Dan Boneh Omer Reingold Abstract The Diffie-Hellman key-exchange protocol may naturally be extended to k > 2
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 13 Some More Secure Channel Issues Outline In the course we have yet only seen catastrophic
More informationAN OFFLINE CAPTURE THE FLAG-STYLE VIRTUAL MACHINE FOR CYBER SECURITY EDUCATION
AN OFFLINE CAPTURE THE FLAG-STYLE VIRTUAL MACHINE FOR CYBER SECURITY EDUCATION Tom Chothia Chris Novakovic University of Birmingham Introduction A VM to support cyber security education. The VM creates
More informationSecure Physical-layer Key Generation Protocol and Key Encoding in Wireless Communications
IEEE Globecom Workshop on Heterogeneous, Multi-hop Wireless and Mobile Networks Secure Physical-layer ey Generation Protocol and ey Encoding in Wireless Communications Apirath Limmanee and Werner Henkel
More informationThree attacks in SSL protocol and their solutions
Three attacks in SSL protocol and their solutions Hong lei Zhang Department of Computer Science The University of Auckland zhon003@ec.auckland.ac.nz Abstract Secure Socket Layer (SSL) and Transport Layer
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationPeer Reviewed. Abstract
Peer Reviewed William J. Trainor, Jr.(trainor@etsu.edu) is an Associate Professor of Finance, Department of Economics and Finance, College of Business and Technology, East Tennessee State University. Abstract
More informationThe Economic Importance of the Country of Origin Principle in the Proposed Services Directive. Final report
The Economic Importance of the Country of Origin Principle in the Proposed Services Final report Table of Contents Preface... 3 Executive summary... 4 Chapter 1 The economic importance of the Country of
More informationConfidence Intervals for Cp
Chapter 296 Confidence Intervals for Cp Introduction This routine calculates the sample size needed to obtain a specified width of a Cp confidence interval at a stated confidence level. Cp is a process
More informationFlexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks
Flexible Deterministic Packet Marking: An IP Traceback Scheme Against DDOS Attacks Prashil S. Waghmare PG student, Sinhgad College of Engineering, Vadgaon, Pune University, Maharashtra, India. prashil.waghmare14@gmail.com
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationIntroduction To Security and Privacy Einführung in die IT-Sicherheit I
Introduction To Security and Privacy Einführung in die IT-Sicherheit I Prof. Dr. rer. nat. Doğan Kesdoğan Institut für Wirtschaftsinformatik kesdogan@fb5.uni-siegen.de http://www.uni-siegen.de/fb5/itsec/
More informationSecurity/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan
Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan 1 Internet of Things (IoT) CASAGRAS defined that: A global
More informationMutual Anonymous Communications: A New Covert Channel Based on Splitting Tree MAC
Mutual Anonymous Communications: A New Covert Channel Based on Splitting Tree MAC Zhenghong Wang 1, Jing Deng 2, and Ruby B. Lee 1 1 Dept. of Electrical Engineering Princeton University Princeton, NJ 08544,
More informationThe application of prime numbers to RSA encryption
The application of prime numbers to RSA encryption Prime number definition: Let us begin with the definition of a prime number p The number p, which is a member of the set of natural numbers N, is considered
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationAachen Summer Simulation Seminar 2014
Aachen Summer Simulation Seminar 2014 Lecture 07 Input Modelling + Experimentation + Output Analysis Peer-Olaf Siebers pos@cs.nott.ac.uk Motivation 1. Input modelling Improve the understanding about how
More informationMIMO CHANNEL CAPACITY
MIMO CHANNEL CAPACITY Ochi Laboratory Nguyen Dang Khoa (D1) 1 Contents Introduction Review of information theory Fixed MIMO channel Fading MIMO channel Summary and Conclusions 2 1. Introduction The use
More informationProject Cash Flow Forecasting Using Value at Risk
Technical Journal of Engineering and Applied Sciences Available online at www.tjeas.com 213 TJEAS Journal21332/2681268 ISSN 2183 213 TJEAS Project Cash Flow Forecasting Using Value at Risk Mohammad Reza
More informationMAC. SKE in Practice. Lecture 5
MAC. SKE in Practice. Lecture 5 Active Adversary Active Adversary An active adversary can inject messages into the channel Active Adversary An active adversary can inject messages into the channel Eve
More information159.334 Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology
Network Security 1 Professor Richard Harris School of Engineering and Advanced Technology Presentation Outline Overview of Identification and Authentication The importance of identification and Authentication
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationConfinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:
Confinement Problem The confinement problem Isolating entities Virtual machines Sandboxes Covert channels Mitigation 1 Example Problem Server balances bank accounts for clients Server security issues:
More informationAmajor benefit of Monte-Carlo schedule analysis is to
2005 AACE International Transactions RISK.10 The Benefits of Monte- Carlo Schedule Analysis Mr. Jason Verschoor, P.Eng. Amajor benefit of Monte-Carlo schedule analysis is to expose underlying risks to
More informationBasic Algorithms In Computer Algebra
Basic Algorithms In Computer Algebra Kaiserslautern SS 2011 Prof. Dr. Wolfram Decker 2. Mai 2011 References Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, 1993. Cox, D.; Little,
More informationDynamic Trust Management for the Internet of Things Applications
Dynamic Trust Management for the Internet of Things Applications Fenye Bao and Ing-Ray Chen Department of Computer Science, Virginia Tech Self-IoT 2012 1 Sept. 17, 2012, San Jose, CA, USA Contents Introduction
More informationOne Time Password Generation for Multifactor Authentication using Graphical Password
One Time Password Generation for Multifactor Authentication using Graphical Password Nilesh B. Khankari 1, Prof. G.V. Kale 2 1,2 Department of Computer Engineering, Pune Institute of Computer Technology,
More informationAuthentication and Encryption: How to order them? Motivation
Authentication and Encryption: How to order them? Debdeep Muhopadhyay IIT Kharagpur Motivation Wide spread use of internet requires establishment of a secure channel. Typical implementations operate in
More informationDevelopment of dynamically evolving and self-adaptive software. 1. Background
Development of dynamically evolving and self-adaptive software 1. Background LASER 2013 Isola d Elba, September 2013 Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEIB 1 Requirements Functional requirements
More informationTalk announcement please consider attending!
Talk announcement please consider attending! Where: Maurer School of Law, Room 335 When: Thursday, Feb 5, 12PM 1:30PM Speaker: Rafael Pass, Associate Professor, Cornell University, Topic: Reasoning Cryptographically
More informationAPPENDIX N. Data Validation Using Data Descriptors
APPENDIX N Data Validation Using Data Descriptors Data validation is often defined by six data descriptors: 1) reports to decision maker 2) documentation 3) data sources 4) analytical method and detection
More informationCounter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart. OV-Chipkaart Security Issues Tutorial for Non-Expert Readers
Counter Expertise Review on the TNO Security Analysis of the Dutch OV-Chipkaart OV-Chipkaart Security Issues Tutorial for Non-Expert Readers The current debate concerning the OV-Chipkaart security was
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationAn Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud
An Efficient and Secure Data Sharing Framework using Homomorphic Encryption in the Cloud Sanjay Madria Professor and Site Director for NSF I/UCRC Center on Net-Centric Software and Systems Missouri University
More informationReflections on Probability vs Nonprobability Sampling
Official Statistics in Honour of Daniel Thorburn, pp. 29 35 Reflections on Probability vs Nonprobability Sampling Jan Wretman 1 A few fundamental things are briefly discussed. First: What is called probability
More informationHow To Research Security And Privacy Using Data Science
Research Topics in Security and Privacy using Data Science School of Informatics University of Edinburgh David Aspinall David.Aspinall@ed.ac.uk http://secpriv.inf.ed.ac.uk/ http://cybersec.ed.ac.uk/ Outline
More informationAN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES
HYBRID RSA-AES ENCRYPTION FOR WEB SERVICES AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES Kalyani Ganesh
More informationE- Encryption in Unix
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 A. Arpaci-Dusseau Intro to Operating Systems Spring 2000 Security Solutions and Encryption Questions answered in these notes: How does
More informationKey Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards
White Paper Key Hopping A Security Enhancement Scheme for IEEE 802.11 WEP Standards By Dr. Wen-Ping Ying, Director of Software Development, February 2002 Introduction Wireless LAN networking allows the
More information