lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal


 Ginger Banks
 3 years ago
 Views:
Transcription
1 Symmetric Crypto PierreAlain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are required Let two sets N and M of random elements in a large set D, the number of expected collisions is N M / D (Birthday paradox with boys and girls) Avoiding frequency attacks Main idea: large blocksize avoid frequency attack on small block, statistics are nonrandom Block cipher Cipher (E,D) «eff. algs» such that D(k,E(k,m))=c Main drawback of stream cipher: lacks of theory to construct secure PRG Iterate many times a «small» round function F Master Key k K1 K2... Kr Round Keys m F F F c
2 Data Encryption Standard DES (IBM 1973) and NBS standard in 1977 Key Length: 56 bits Block Length: 64 bits 16 rounds with 48bit round keys K K1 K2 K3 32 bits 32 bits R0 L0 F R1 L1 F R2 L2 F R3 L3 FKi(Li,Ri)=(Ri,Li fki(ri))=(li+1,ri+1) Feistel scheme Designed by Horst Feistel at IBM Transform random function to random permutation L R K f f function Round input (32 bits) Expansion (32 to 48 bits function) Subkey (48 bits) SBox (6 to 4 bits functions) Permutation over 32 bits Round output (32 bits) Attacks against DES Before 1990: attacks against round reduced version (less than 16 rounds) : Differential cryptanalysis : Linear cryptanalysis other attacks: DaviesMurphy, sidechannel In practice, the most efficient attack is the exhaustive search (EFF, copacabana)
3 Main drawback of DES Exhaustive key search in 256 (3DES) Block size (collision for 232 blocks) Differential / Linear Cryptanalysis DES: welldesigned and withstands successfully 30 years of cryptanalysis 2DES 3DES Advanced Encryption Standard Substitution / Permutation Network Key Length: 128 / 192 / 256 bits Block Length: 128 bits Designed by Daemen and Rijmen Standardized by NIST in 2000 AES M ki S SubBytes ShiftRows MixColumns xi+1 xi
4 Security game Block cipher must be indistinguishable from a random permutation for all k, E(k,x) is a permutation which looks random provided the key is not known E(k,.) P Dist. x f(x) Chal. b {0,1} x f=e(k, ) or P() f(x) according to b... b Adv. Adv(A)= Pr[b=b ]1/2 Feistel security Could you distinguish oneround Feistel? Could you distinguish tworound Feistel? Could you distinguish threeround Feistel? Modes of operation How to encipher larger messages? ECB, CBC, CTR, OFB, CFB Drawbacks:  deterministic Advantages:  parallelisable Ciphertext Block Chaining (CBC) Encrypting: C 0=IV,..., Ci=E(k,Ci1 Mi) Decrypting: M i=d(k,ci) Ci1 Drawbacks:  sequential Advantages:  randomized  propagation of error in decryption
5 Ciphertext FeedBack (CFB) How to use a block cipher as a stream cipher? Output FeedBack (OFB) How to use a block cipher as a stream cipher? Counter Mode (CTR) Better solution Security Confidentiality is ensure by the mode of operation Integrity: first block of CBC? Main idea: the ciphertext must be indistinguishable from random for polynomialtime adversaries Security Game: Example on CBC:
6 Def: Hash Function message M M {0,1}* H hash H(M) H(M) {0,1} n A hash function H compute a hash value, a.k.a. fingerprint of n bits for a given arbitrary long message M H : {0,1}* {0,1} n Usage: integrity, password storage, signature,... Eg: SHA1 (160 bits), MD5 (128 bits), SHA2,... Use cases: File integrity Idea : we want to detect if a file has been modified by recomputing its fingerprint // Fichier code.c #include <stdio.h> #include <stdlib.h> int main(int argc, char** argv) { if (argc <2) { } } SHA1 Hash Length of 160 bits : SHA1 (code.c) = A51F 07BB 62EC 44A3 F118 Use cases: Passwords Instead of storing a password on a machine, we store its hash h = H(password) To authenticate, the user must send h On the web, the server sends a random value N and the user must answer with H(N Password) Compression Function f a compression function f:{0,1} m+n {0,1} n FixedLength hashing function data For SHA1 : n = 160 et m = 512 Chaining Variable m bits n bits f n bits output 23
7 MerkleDamgard f a compression function f:{0,1} m+n {0,1} n Let M = M 1 M m a message to hash (l blocks of m bits) Construction: H f (M): h1=f(iv,), h2=f(h1,),..., hn=f(hn1,pad) Th: If we have a collision on H f, then we have a collision on f Ml f IV f f H( M ) Security notions Collision Resistance Find M 1 and M 2 such that H(M 1 ) = H(M 2 ) (2 n/2 + Pollard) Secondpreimage Resistance Given M 1, find M 2 such that H(M 1 ) = H(M 2 ) (2 n ) Preimage Resistance Given x, find M such that H(M) = x (2 n ) Length extension Attacks: Could you predict the value of H(M) without having to recompute from the beginning? Message Authentication Code (MAC) Warning: Encryption does not provide integrity Eg: CTR mode ensures confidentiality if the blockcipher used is secure. However, no integrity is guaranteed. (CBC first block) C 1 Alice Bank = «$200 on Bob s account» = (ctr) M 1 Eve M 1 = «$2000 on Eve s account» C 1 = C 1 M 1 M 1
8 Definition of Message Authentication Code Key generation: randomized alg. output: key uniformly distributed Tag MAC generation: randomized or deterministic input: M {0,1} * output: tag τ {0,1}t : τ = M K ( M ) Verification: deterministic alg. input: tag τ {0,1} t and message M output: bit if the tag is valid for this message s.t. for any K and message M, if τ = M K ( M ), then V K (τ, M ) = 1 Security game Adversary s goals: 1. key recovery attacks 2. forgery: producing a valid MAC for some message M (of his choice, or any) Adversary s ressources: 1. known message attack: interception of MACs. Adv. knows pair (M, τ) of already tagged messages 2. chosen message attack: Adv. knows the tag of message of his choice (access to a MAC generation alg. adaptively or not) Security game Def: Combining an adversary s goal and some ressources SUFCMA: strongly inforgeability against chosen message attacks Challenger M i τ i (M, τ) 1 : valid tag Adversary A Adv ( A ) = Pr ( Expérience retourne 1) Generic Security 1. For a tbit MAC, advantage (forgery probability) is always at least 1/2 t 2. Among 2 t/2 MACs, by the birthday paradox, there is a collision between two of them: these collisions can be used to recover the keys...
9 MAC vs. Signature Signatures: used for vertifying public keys, guarantee nonrepudiation, same properties than handwritten signature MACs: very good performences, secretkey shared between two users no nonrepudiation, no public verification First construction Let F : {0,1} k {0,1} * {0,1} t a random function (i.e. outputs are indistinguishable from random values) MAC construction: For message M = M 1 M m, τ = F K ( M 1 ) F K ( M m ) Is this scheme secure? Second Example Let F : {0,1} k {0,1} * {0,1} t random function For message M = M 1 M m For i = 1 to m, y i = F K ( <i>, M i ) τ = y 1 y m Is this scheme secure? unencrypted CBCMAC C i = (M i C i1 ) MAC = C m Secure only for constant length messages C2 Mac = C m
10 Security CBCMAC Let 2 arbitrary messages M and M M3 MAC(M) is C 3 = Mac C2 M Mac = C 1 M 2 3 MAC(M ) is C 2 = Mac C 1 Mac = C 2 unencrypted CBCMAC Given MACs of M and M, it is possible to forge MAC of another message M3 M 1 Mac M 2 C2 C3 C 1 Mac =C 2 Recovering the secret key is in 2 k MAC computation where k is the bit length of the used key (exhaustive search) No IV in CBCMAC The integrity of the first block is not ensured if an IV is used IV IV IV IV Mac = C 2 Mac = C 2 ( M, IV, Mac ) ( M, IV, Mac ) 20 Encrypted CBCMAC (EMAC) C i = (M i C i1 ) and MAC = (C m ) Secure if less than 2 n/2 MACs are computed Keys can be recovered using 2 exhaustive search in time 2 k (for kbit keys) C2 Cm Mac = C m+1
11 N1 N1 N2 N2 Some attacks Mac = C m+1 Nm Mac = C m +1 Some attacks Mac = C m+1 Nm Mac = C m +1 collision Some attacks Mac = C m+1 N1 N2 Nm collision Mac = C m +1 Attacks R τ N1 N2 Nm R τ = =
12 Security Analysis Assume 2 n/2 MACs computed: ( M i, τ i ), 0 i 2 n/2 and M i M j Using Birthday Paradox, there exists i,j s.t. i j and τ i = τ j Ask MAC τ of M i R, where R is a random block Claim: One can forge MAC for message M j R : τ Key Recovery DES K DES K DES K TDES K,K C2 Cm Mac = C m+1 For efficiency and security reasons, one decide E = DES with key K and E = TDES, with keys K,K. What is the complexity to recover keys K and K? Hashbased MAC Consider the following MAC scheme: MAC K ( M ) = H ( K M ) Is it secure? HMAC HMAC K ( M ) = H(K opad, H( K ipad, M )) where ipad and opad are constant values:
13 Encryption and Authentication IPSEC: MACThenEncrypt SSL/TLS: EncryptThenMAC SSH: MACAndEncrypt
Symmetric Crypto MAC. PierreAlain Fouque
Symmetric Crypto MAC PierreAlain Fouque Birthday Paradox In a set of D elements, by picking at random D elements, we have with high probability a collision two elements are equal D=365, about 23 people
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBCMAC Digital signatures 2 Encryption/Decryption
More informationMAC. SKE in Practice. Lecture 5
MAC. SKE in Practice. Lecture 5 Active Adversary Active Adversary An active adversary can inject messages into the channel Active Adversary An active adversary can inject messages into the channel Eve
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n A tremendous tool n The basis for many security mechanisms Is not n The solution to all security problems n Reliable unless implemented properly n Reliable
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationMessage Authentication Codes (MACs)
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 12 Message Authentication Codes (MACs) Israel Koren ECE597/697 Koren Part.12.1 Content
More informationAPNIC elearning: Cryptography Basics. Contact: esec02_v1.0
APNIC elearning: Cryptography Basics Contact: training@apnic.net esec02_v1.0 Overview Cryptography Cryptographic Algorithms Encryption SymmetricKey Algorithm Block and Stream Cipher Asymmetric Key Algorithm
More informationAuthenticated encryption
Authenticated encryption Dr. Enigma Department of Electrical Engineering & Computer Science University of Central Florida wocjan@eecs.ucf.edu October 16th, 2013 Active attacks on CPAsecure encryption
More information9/17/2015. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. MonoAlphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Instructor: Bo Sheng Outline Basic concepts in cryptography system Secret cryptography Public cryptography Hash functions 1 2 Encryption/Decryption
More informationApplied Cryptology. Ed Crowley
Applied Cryptology Ed Crowley 1 Basics Topics Basic Services and Operations Symmetric Cryptography Encryption and Symmetric Algorithms Asymmetric Cryptography Authentication, Nonrepudiation, and Asymmetric
More informationDesigning Hash functions. Reviewing... Message Authentication Codes. and message authentication codes. We have seen how to authenticate messages:
Designing Hash functions and message authentication codes Reviewing... We have seen how to authenticate messages: Using symmetric encryption, in an heuristic fashion Using publickey encryption in interactive
More informationShift Cipher. Ahmet Burak Can Hacettepe University. Substitution Cipher. Enigma Machine. How perfect secrecy can be satisfied?
One Time Pad, Block Ciphers, Encryption Modes Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Basic Ciphers Shift Cipher Bruteforce attack can easily break Substitution Cipher Frequency analysis
More informationTable of Contents. Bibliografische Informationen http://dnb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationMessage Authentication Codes. Lecture Outline
Message Authentication Codes Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Message Authentication Code Lecture Outline 1 Limitation of Using Hash Functions for Authentication Require an authentic
More informationCryptography Overview
Cryptography Overview Cryptography Is n A tremendous tool n The basis for many security mechanisms Is not n The solution to all security problems n Reliable unless implemented properly n Reliable unless
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator nonrepudiation of origin (dispute resolution) will consider the
More informationCIS433/533  Computer and Network Security Cryptography
CIS433/533  Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and
More informationEXAM questions for the course TTM4135  Information Security May 2013. Part 1
EXAM questions for the course TTM4135  Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationCryptography and Network Security Chapter 12
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 12 Message Authentication Codes At cats' green on the Sunday he
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationNetwork Security. Omer Rana
Network Security Omer Rana CM0255 Material from: Cryptography Components Sender Receiver Plaintext Encryption Ciphertext Decryption Plaintext Encryption algorithm: Plaintext Ciphertext Cipher: encryption
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationModes of Operation of Block Ciphers
Chapter 3 Modes of Operation of Block Ciphers A bitblock encryption function f: F n 2 Fn 2 is primarily defined on blocks of fixed length n To encrypt longer (or shorter) bit sequences the sender must
More informationLecture 4 Data Encryption Standard (DES)
Lecture 4 Data Encryption Standard (DES) 1 Block Ciphers Map nbit plaintext blocks to nbit ciphertext blocks (n = block length). For nbit plaintext and ciphertext blocks and a fixed key, the encryption
More informationNetwork Security. Chapter 3 Symmetric Cryptography. Symmetric Encryption. Modes of Encryption. Symmetric Block Ciphers  Modes of Encryption ECB (1)
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 3 Symmetric Cryptography General Description Modes of ion Data ion Standard (DES)
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationMessage Authentication Codes
2 MAC Message Authentication Codes : and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l08, Steve/Courses/2013/s2/css322/lectures/mac.tex,
More information1 Data Encryption Algorithm
Date: Monday, September 23, 2002 Prof.: Dr JeanYves Chouinard Design of Secure Computer Systems CSI4138/CEG4394 Notes on the Data Encryption Standard (DES) The Data Encryption Standard (DES) has been
More informationCRYPTOGRAPHIC PRIMITIVES AN INTRODUCTION TO THE THEORY AND PRACTICE BEHIND MODERN CRYPTOGRAPHY
CRYPTOGRAPHIC PRIMITIVES AN INTRODUCTION TO THE THEORY AND PRACTICE BEHIND MODERN CRYPTOGRAPHY Robert Sosinski Founder & Engineering Fellow Known as "America's Cryptologic Wing", is the only Air Force
More informationTalk announcement please consider attending!
Talk announcement please consider attending! Where: Maurer School of Law, Room 335 When: Thursday, Feb 5, 12PM 1:30PM Speaker: Rafael Pass, Associate Professor, Cornell University, Topic: Reasoning Cryptographically
More informationLecture 9  Network Security TDTS412006 (ht1)
Lecture 9  Network Security TDTS412006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.110.2.3; 10.2.510.7.1; 10.8.1 910am on Oct. 4+5,
More informationOneWay Encryption and Message Authentication
OneWay Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School
More informationAuthenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre Some slides were also taken from Chanathip Namprempre's defense
More informationNetwork Security  ISA 656 Introduction to Cryptography
Network Security  ISA 656 Angelos Stavrou September 18, 2007 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationComputer Science A Cryptography and Data Security. Claude Crépeau
Computer Science 308547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308647A)
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 PublicKey Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown PublicKey Cryptography
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Secret Key Cryptography (I) 1 Introductory Remarks Roadmap Feistel Cipher DES AES Introduction
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationStream Ciphers. Example of Stream Decryption. Example of Stream Encryption. Real Cipher Streams. Terminology. Introduction to Modern Cryptography
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream ith bit/byte of keying stream is a function
More informationLecture 5  Cryptography
CSE497b Introduction to Computer and Network Security  Spring 2007  Professors Jaeger Lecture 5  Cryptography CSE497b  Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497bs07/
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationProvableSecurity Analysis of Authenticated Encryption in Kerberos
ProvableSecurity Analysis of Authenticated Encryption in Kerberos Alexandra Boldyreva Virendra Kumar Georgia Institute of Technology, School of Computer Science 266 Ferst Drive, Atlanta, GA 303320765
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Introduction to Cryptography What is cryptography?
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationMidterm Exam Solutions CS161 Computer Security, Spring 2008
Midterm Exam Solutions CS161 Computer Security, Spring 2008 1. To encrypt a series of plaintext blocks p 1, p 2,... p n using a block cipher E operating in electronic code book (ECB) mode, each ciphertext
More informationMessage authentication
Message authentication  Hash based MAC unctions  MAC unctions based on bloc ciphers  Authenticated encryption (c) Levente Buttyán (buttyan@crysys.hu) Secret preix method MAC (x) = H( x) insecure!
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 81
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 81 Goals v understand principles of network security: cryptography and its many uses beyond
More informationMassachusetts Institute of Technology Handout 13 6.857: Network and Computer Security October 9, 2003 Professor Ronald L. Rivest.
Massachusetts Institute of Technology Handout 13 6.857: Network and Computer Security October 9, 2003 Professor Ronald L. Rivest Quiz 1 1. This quiz is intended to provide a fair measure of your understanding
More informationCrypto Basics. Ed Crowley. Spring 2010
Crypto Basics Ed Crowley Spring 2010 Kerckhoff s Principle Symmetric Crypto Overview Key management problem Attributes Modes Symmetric Key Algorithms DES Attributes Modes 3DES AES Other Symmetric Ciphers
More information6.857 Computer and Network Security Fall Term, 1997 Lecture 4 : 16 September 1997 Lecturer: Ron Rivest Scribe: Michelle Goldberg 1 Conditionally Secure Cryptography Conditionally (or computationally) secure
More informationCryptography and Network Security Chapter 3
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon
More informationPublic Key Cryptography Overview
Ch.20 PublicKey Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 16301830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationOn the Security of CTR + CBCMAC
On the Security of CTR + CBCMAC NIST Modes of Operation Additional CCM Documentation Jakob Jonsson * jakob jonsson@yahoo.se Abstract. We analyze the security of the CTR + CBCMAC (CCM) encryption mode.
More informationThe Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) All of the cryptographic algorithms we have looked at so far have some problem. The earlier ciphers can be broken with ease on modern computation systems. The DES
More informationSecurity usually depends on the secrecy of the key, not the secrecy of the algorithm (i.e., the open design model!)
1 A cryptosystem has (at least) five ingredients: 1. 2. 3. 4. 5. Plaintext Secret Key Ciphertext Encryption algorithm Decryption algorithm Security usually depends on the secrecy of the key, not the secrecy
More informationDeveloping and Investigation of a New Technique Combining Message Authentication and Encryption
Developing and Investigation of a New Technique Combining Message Authentication and Encryption Eyas ElQawasmeh and Saleem Masadeh Computer Science Dept. Jordan University for Science and Technology P.O.
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers OneTime Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy wellknown in network security world Bob, Alice (lovers!) want to communicate
More informationData integrity and data origin authentication
Network Security Elements of Applied Cryptography Hash functions and data integrity Manipulation Detection Code (MDC) Message Authentication Code (MAC) Data integrity and origin authentication Data integrity
More informationSecurity. Contents. S72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Maninthemiddle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationCryptography and Network Security Chapter 11
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 11 Cryptographic Hash Functions Each of the messages, like each
More informationAsymmetric Encryption. With material from Jonathan Katz, David Brumley, and Dave Levin
Asymmetric Encryption With material from Jonathan Katz, David Brumley, and Dave Levin Warmup activity Overview of asymmetrickey crypto Intuition for El Gamal and RSA And intuition for attacks Digital
More informationNetwork Security Technology Network Management
COMPUTER NETWORKS Network Security Technology Network Management Source Encryption E(K,P) Decryption D(K,C) Destination The author of these slides is Dr. Mark Pullen of George Mason University. Permission
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita Rotaru
More information20092010. SSL Firewalls
& 20092010 & ( ) SSL Firewalls :. :.. byte 0x01 : 1,. 1 , :,, : ( ) ). : : (Confidentiality) (Integrity) (Availability) :.,,. :. :...,,. :,,. 2 (Identification) (Authentication).,,, )... (Authorization)
More informationSAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK
SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION September 2010 (reviewed September 2014) ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK NETWORK SECURITY
More informationMACs Message authentication and integrity. Table of contents
MACs Message authentication and integrity Foundations of Cryptography Computer Science Department Wellesley College Table of contents Introduction MACs Constructing Secure MACs Secure communication and
More informationSecurity Protocols/Standards
Security Protocols/Standards Security Protocols/Standards Security Protocols/Standards How do we actually communicate securely across a hostile network? Provide integrity, confidentiality, authenticity
More informationNetwork Security. Modes of Operation. Steven M. Bellovin February 3, 2009 1
Modes of Operation Steven M. Bellovin February 3, 2009 1 Using Cryptography As we ve already seen, using cryptography properly is not easy Many pitfalls! Errors in use can lead to very easy attacks You
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationOn the Security of the CCM Encryption Mode and of a Slight Variant
On the Security of the CCM Encryption Mode and of a Slight Variant PierreAlain Fouque 1 and Gwenaëlle Martinet 2 and Frédéric Valette 3 and Sébastien Zimmer 1 1 École normale supérieure, 45 rue d Ulm,
More informationCSC474/574  Information Systems Security: Homework1 Solutions Sketch
CSC474/574  Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a oneround Feistel cipher
More informationencrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher basic unit is the bit
Overview of the DES Introduction to Computer Security Lecture 6 Cryptography October 2, 2003 A block cipher: encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher
More informationCryptography & Network Security
Cryptography & Network Security Lecture 1: Introduction & Overview 2002. 3. 27 chlim@sejong.ac.kr Common Terms(1) Cryptography: The study of mathematical techniques related to aspects of information security
More informationRemotely Keyed Encryption Using NonEncrypting Smart Cards
THE ADVANCED COMPUTING SYSTEMS ASSOCIATION The following paper was originally published in the USENIX Workshop on Smartcard Technology Chicago, Illinois, USA, May 10 11, 1999 Remotely Keyed Encryption
More informationCryptography and Network Security Chapter 11. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Chapter 11 Message Authentication and Hash Functions At cats' green on the Sunday he took the message from the inside of
More informationThe Data Encryption Standard (DES)
The Data Encryption Standard (DES) As mentioned earlier there are two main types of cryptography in use today  symmetric or secret key cryptography and asymmetric or public key cryptography. Symmetric
More informationWINTER SCHOOL ON COMPUTER SECURITY. Prof. Eli Biham
WINTR SCHOOL ON COMPUTR SCURITY Prof. li Biham Computer Science Department Technion, Haifa 3200003, Israel January 27, 2014 c li Biham c li Biham  January 27, 2014 1 Cryptanalysis of Modes of Operation
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationCryptographic mechanisms
General Secretariat for National Defence Central Directorate for Information Systems Security PRIME MINISTER Paris, 2007 september 14 No. 1904/SGDN/DCSSI/SDS/LCR Cryptographic mechanisms Rules and recommendations
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 3: Block ciphers and DES Ion Petre Department of IT, Åbo Akademi University January 17, 2012 1 Data Encryption Standard
More informationChapter 8 Network Security. Slides adapted from the book and Tomas Olovsson
Chapter 8 Network Security Slides adapted from the book and Tomas Olovsson Roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity Security protocols and measures: Securing
More informationINFORMATION SECURITY PRINCIPLES AND PRACTICE
INFORMATION SECURITY PRINCIPLES AND PRACTICE Mark Stamp San Jose State University 'INTERSCIENCE A JOHN WILEY & SONS, INC., PUBLICATION Preface About The Author Acknowledgments xv xix xxi 1 INTRODUCTION
More informationNetwork security and all ilabs
Network security and all ilabs Modern cryptography for communications security part 1 Benjamin Hof hof@in.tum.de Lehrstuhl für Netzarchitekturen und Netzdienste Fakultät für Informatik Technische Universität
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure email transport
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the reallife example where a person pays by credit card and signs a bill; the seller verifies
More informationOverview of Symmetric Encryption
CS 361S Overview of Symmetric Encryption Vitaly Shmatikov Reading Assignment Read Kaufman 2.14 and 4.2 slide 2 Basic Problem   ? Given: both parties already know the same secret Goal: send
More informationCS419: Computer Security
CS419: Computer Security MAC, HMAC, Hash functions, DSA, SSL Vinod Ganapathy Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of
More informationDigital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationSecure Network Communications FIPS 140 2 Non Proprietary Security Policy
Secure Network Communications FIPS 140 2 Non Proprietary Security Policy 21 June 2010 Table of Contents Introduction Module Specification Ports and Interfaces Approved Algorithms Test Environment Roles
More informationGeneral about the course. Course assignment. Outline. T Cryptosystems. Summary and review of lectures
General about the course T 110.5211 Cryptosystems Summary and review of lectures 4.12.2008 This is the fifth time the course was arranged We need a course covering practical cryptographic topics Security
More informationCommon Pitfalls in Cryptography for Software Developers. OWASP AppSec Israel July 2006. The OWASP Foundation http://www.owasp.org/
Common Pitfalls in Cryptography for Software Developers OWASP AppSec Israel July 2006 Shay Zalalichin, CISSP AppSec Division Manager, Comsec Consulting shayz@comsecglobal.com Copyright 2006  The OWASP
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More information6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 6 Block Ciphers 6.1 Block Ciphers Block Ciphers Plaintext is divided into blocks of fixed length and every block is encrypted one at a time. A block cipher is a
More information