Digital Signatures for Flows and Multicasts


 Rhoda Hill
 1 years ago
 Views:
Transcription
1 1 Digital Signatures for Flows and Multicasts by Chung Kei Wong and Simon S. Lam in IEEE/ACM Transactions on Networking, August 1999 Digital Signature Examples: RSA, DSA Provide authenticity, integrity and nonrepudiation How to sign/verify? signing key k s, verification key k v, message digest h(m) signature = sign(h(m), k s ) verify(signature, h(m), k v ) = True/False Signing & verification operations are slow compared to symmetric key operations Digital Signatures (Simon Lam) 2
2 2 Motivation Traditional network applications (circa 1998) messageoriented unicast, e.g., , file transfer, clientserver Emerging network applications floworiented, e.g., audio, video, stock quotes multicast, e.g., teleconference, software distribution Problem: How to sign efficiently? highspeed h transmissions i realtime generated flows delaysensitive packet flows Digital Signatures (Simon Lam) 3 Allornothing flows The signer generates a message digest of the entire flow (file) and signs the message digest But most Internet applications do not create allornothing flows a flow is sent as a sequence of packets each packet is used as soon as it is received Digital Signatures (Simon Lam) 4
3 3 Signeach Approach A flow is a sequence of data packets Sign each packet individually Inefficient: one signing/verification operation per packet Rates on a PentiumII 300 MHz using 100% processing time (with 512bit modulus) Packet Rate (packets/sec) size Signing g Verification (bytes) RSA DSA RSA DSA Digital Signatures (Simon Lam) 5 Prior work on signing digital streams [Gennaro and Rohatgi 1997] One signing/verification op for an entire flow only only the first packet is signed Each packet contains authentication info for next Verification of each packet depends on previous ones Reliable delivery required P 1 P 2 P 3 P 4 digital signature message digest of following packet Digital Signatures (Simon Lam) 6
4 4 Flow Signing Problem Each packet may be used as soon as it is received Subsequences of a flow are received and used besteffort delivery, e.g., UDP, IP multicast different needs/capabilities, e.g., layered video How to efficiently sign flows with each packet being individually verifiable? Digital Signatures (Simon Lam) 7 Our Approach: Chaining Partition a flow into blocks of packets Sign the digest of each block instead of each packet individually Each packet carries its own authentication information to prove it is in the block Authentication info provided by chaining P 1 P 2 P 3 P 4 P 5 P 6 P Block Block signature Chaining info Digital Signatures (Simon Lam) 8
5 5 Star Chaining Signing Block digest D 18 = h(d 1,, D 8 ) Packet digests D 1 D 2 D 3 D 4 D 5 D 6 D 7 D 8 Block signature = sign(d 18 ) Packet signature for packet P 3: sign(d 18 ), D 1, D 2, D 4,, D 8 Chaining overhead is O(block size) Digital Signatures (Simon Lam) 9 Star Chaining Verification Verifying first received packet (say P 3 ) Block digest D' 18 = h(d 1, D 2, D' 3, D 4,, D 8 ) verify(d' 18, sign(d 18 )) D 1 D 2 D' 3 D 4 D 5 D 6 D 7 D 8 Packet digests Caching of verified nodes no verification op for other packets in the block Digital Signatures (Simon Lam) 10
6 6 Tree Chaining Signing [Merkle 1989] Block digest D 18 = h(d 14, D 58 ) Block signature = sign(d 18 ) Packet signature for packet P 3 : sign(d 18 ), D 4, D 12, D 58 Chaining overhead is O(log(block size)) D 14 D 58 D 12 D 34 D 56 D 78 D 1 D 2 D 3 D 4 D 5 D 6 D 7 D 8 Packet digests Digital Signatures (Simon Lam) 11 Tree Chaining Verification Verifying first received packet (say P 3 ) verify(d' 18, sign(d 18 )) Block digest D' 18 = h(d' 14, D 58 ) Caching of verified nodes no verification op for other packets in the block D' 14 D 58 D 12 D' 34 D 56 D 78 D 1 D 2 D' 3 D 4 D 5 D 6 D 7 D 8 Packet digests Digital Signatures (Simon Lam) 12
7 7 Chaining Technique: Signer Overhead Compute packet digests Digest comp time Build authentication tree Tree build time Sign block digest Signature comp time Build packet signatures Packet signature build time Chaining time = Tree build time + Packet signature build time Digital Signatures (Simon Lam) 13 Chaining Technique: Verifier Overhead Build authentication tree Compute packet digests Tree build time Digest comp time Verify chaining information Chaining verification time Verify block signature Signature verifying i time Chaining time = Tree build time + Chaining verification time Digital Signatures (Simon Lam) 14
8 8 Chaining Time Overheads der (ms) chaining time at send tree deg 2 tree deg 4 tree deg 8 star block size (no. of packets) at sender ver (ms) chaining time at receiv tree deg 2 tree deg 4 tree deg 8 star block size (no. of packets) at receiver Overheads increase linearly with block size (in log scale) Much smaller than signing/verification times Digital Signatures (Simon Lam) 15 Chaining Overhead Size chaining overhead (by ytes) block size (no. of packets) Smallest when tree degree is 2 star tree deg 8 tree deg 4 tree deg 2 Increases linearly with logarithm of block size Packet signature = block signature + chaining overhead Digital Signatures (Simon Lam) 16
9 9 Flow Signing/Verification Rates ing rate kets/sec) signi (pack star tree deg 8 tree deg 4 tree deg 2 signeach verifica ation rate (pack kets/sec) block size (no. of packets) block size (no. of packets) 1024byte packets, RSA with 512bit modulus Increases with block size Varies only slightly with tree degree we recommend degree 2 tree chaining Digital Signatures (Simon Lam) 17 Flow Signing/Verification Rates signing rate (packets/sec) block size (no. of packets) e byte byte byte verification rat (packets/sec) Degree two tree, RSA with 512bit modulus, three different packet sizes block size (no. of packets) Digital Signatures (Simon Lam) 18
10 10 Realtime Generated Flows Fixed block size for nonrealtime generated flows Fixed time period T for realtime generated flows Bounded delay signing since for any packet delay T+ T chain + T sign period T m 1 packets T chain (m 1 ) + T sign period T m 2 packets T chain (m 2 ) + T sign time T should be larger than T chain + T sign delay cannot be smaller than 2(T chain + T sign ) Digital Signatures (Simon Lam) 19 Selecting a Signature Scheme RSA: signing rate not high enough DSA: both rates not high and verification rate < signing rate In a group, receivers may have widely different resources, e.g., PDAs, notebooks, desktops We proposed several extensions to FFS [Feige, Fiat and Shamir 1986] Digital Signatures (Simon Lam) 20
11 FFS Signer choose two large primes p and q compute modulus n = pq choose integers v 1,, v k s 1,, s k such that s i2 = v 1 i mod n signing g key is { {s 1,, s k, n} verification key is {v 1,, v k, n} Digital Signatures (Simon Lam) 21 How to Sign Message m choose t random integers, r 1,, r t, between 1 and n compute x i = r i2 mod n, for i = 1,, t compute message digest h(m, x 1,, x t ) where function h( ) is public knowledge and produces a digest of at least k x t bits let {b ij } be the first k x t bits of the digest compute y = r x (s b i1 x x s b ik i i 1 k ) mod n for i = 1,, t signature of m consists of {y } i and {b ij } for i = 1,, t and j = 1,, k Digital Signatures (Simon Lam) 22 11
12 12 How to Verify Signature of Message m signature of m {y } i and {b ij } for i = 1,, t and j = 1,, k compute z i = y 2 i x (v b i1 1 x x v b ik k ) mod n for i = 1,, t it can be shown that z i is equal to x i at the signer signature is valid if and only if the first k x t bits of h(m, z 1,, z t ) are equal to the {b ij } received in signature Digital Signatures (Simon Lam) 23 FFS(k,t) security level increases with size of modulus n (or size of primes p and q) value of product kt key size is (k+1) x n assuming n = v i or s i in bits signature size is t x n + k x t bits minimized for t=1 Digital Signatures (Simon Lam) 24
13 FFS key and signature sizes For a fixed kt product, signature size is minimized for t=1, but key size is maximized Digital Signatures (Simon Lam) 25 effs Signature Scheme Several extensions to FFS [Feige, Fiat and Shamir 1986] Faster signing Chinese remainder theorem (crt) Precomputation (4bit, 8bit) Faster verification Small verification key (svkey) [Micali & Shamir 1990] Adjustable and incremental verification multilevel signature lower security level with less processor time at receiver security level can be increased later by more processor time Digital Signatures (Simon Lam) 26 13
14 14 effs extension (1) Chinese remainder theorem instead of y i = r i x (s bi1 1 x x s k bik) mod n signer computes a i = r i x (s bi1 1 x x s k bik) mod p b i = r i x (s bi1 1 x x s k bik) mod q y i = ((a i b ) i x q x q 1 p + b ) i mod n where q 1 denotes 1 p q mod p, multiplications in mod p and mod q faster than in mod n Only signer knows p and q Digital Signatures (Simon Lam) 27 effs extension (2) small verification key [Micali & Shamir]: use first k prime numbers that satisfy s 2 = p 1 mod n where p is prime and s is an integer faster verifying time and smaller key size Digital Signatures (Simon Lam) 28
15 15 effs extension (3) To compute y i = r i x (s 1 b i1 x x s k b ik ) mod n for i = 1,, t precomputation of (s 1 b i1 x x s k b ik ) additional memory of 31 KB and 261 KB required for 4bit and 8bit precomp respectively only minor improvement at verifier when used with small vkey Digital Signatures (Simon Lam) 29 effs Signing basic FFS svkey crt+svkey 4bit+crt+svkey 8bit+crt+svkey effs(128,1) signing time (ms) svkey does not reduce signing time crt reduces signing time by 1020% 8bit + crt reduces signing time by 6070% Digital Signatures (Simon Lam) 30
16 16 effs Verification basic FFS svkey 4bit+svkey 8bit+svkey effs(128,1) 1) verification time (ms) svkey reduces verification time by 90% 4bit or 8bit slightly reduces verification time Digital Signatures (Simon Lam) 31 effs Key Size ize (bits) modulus si ize (bits) 512 Rabin RSA effs(128,1) DSA ElGamal modulus si 1024 Rabin RSA effs(128,1) DSA ElGamal signing key size (bytes) verification key size (bytes) Large signing i key bytes private to signer Verification key bytes Digital Signatures (Simon Lam) 32
17 17 effs Signature Size modulus siz ze (bits) Rabin RSA effs(128,1) DSA ElGamal signature size (bytes) Signature size comparable to RSA and Rabin Digital Signatures (Simon Lam) 33 Signing Time Comparison modulus size (bits) Rabin RSA effs(128,1) DSA ElGamal signing time (ms) 8bit + crt + svkey extensions effs has the smallest signing time Digital Signatures (Simon Lam) 34
18 18 Verification Time Comparison modulus siz ze (bits) Rabin RSA effs(128,1) DSA ElGamal verification time (ms) DSA and ElGamal verification times very large Rabin, RSA and effs too small to see Digital Signatures (Simon Lam) 35 Verification Time Comparison modulus siz ze (bits) Rabin RSA effs(128,1) verification time (ms) effs verification time comparable to RSA (Rabin most efficient verification) Digital Signatures (Simon Lam) 36
19 19 Flow Signing/Verification Rates modulus size (bits) Rabin RSA effs(128,1) DSA ElGamal Rabin RSA effs(128,1) DSA ElGamal signing rate (packets/sec) verification rate (packets/sec) 1024byte packets, block size 16, degree two tree chaining effs has highest signing rate effs verification rate comparable to RSA Digital Signatures (Simon Lam) 37 effs Adjustable and Incremental Verification Security level of effs(k,t) depends on modulus size and product kt same kt and modulus size ~ same security level Adjustable and incremental verification using t > 1 with additional info in signature up to t steps adjustable and incremental: receiver verifies steps one by one Digital Signatures (Simon Lam) 38
20 20 effs Adjustable and Incremental Verification (cont.) tlevel signature includes {x i } for i = 2,, t note that {x } i can be computed from original signature together with verification key verify a tlevel signature at security level l t, (1) compute z i = y 2 i x (v b i1 1 x x v b ik k ) mod n for i = 1,, l, (2) verify that the first k x t bits of h(m, z 1, x 2,, x t ) are equal to the {b ij } received, and z 2,, z l are equal to x 2,, x l Digital Signatures (Simon Lam) 39 effs Adjustable and Incremental Verification (cont.) increase security level from l 1 to l 2, (1) compute z i = y 2 i x (v b i1 1 x x v b ik k ) mod n for i = l 1 + 1,, l 2, (2) verify that z l1 +1,, z l2 are equal to x l1 +1,, x l2 Digital Signatures (Simon Lam) 40
21 21 Incremental signing times 2level signature takes less time to sign than two 1level signatures Digital Signatures (Simon Lam) 41 Incremental verification times Digital Signatures (Simon Lam) 42
22 22 Conclusions Flow signing/verification procedures much more efficient than signeach small communication overhead can be used by a sender that signs a large number of packets to different receivers there is no requirement that the packets belong to a flow but if they do, verification is also more efficient effs digital signature scheme most efficient signing compared to RSA, Rabin, DSA, and ElGamal highly efficient verification and comparable to RSA (only Rabin is more efficient) adjustable and incremental verification Digital Signatures (Simon Lam) 43 End Digital Signatures (Simon Lam) 44
Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationImplementation and Comparison of Various Digital Signature Algorithms. Nazia Sarang Boise State University
Implementation and Comparison of Various Digital Signature Algorithms Nazia Sarang Boise State University What is a Digital Signature? A digital signature is used as a tool to authenticate the information
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the reallife example where a person pays by credit card and signs a bill; the seller verifies
More informationDigital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse57111/
More informationMultimedia Networking and Network Security
CMPT371 121 Multimedia Networking and Network Security 1 Multimedia Networking and Network Security This note is based on Chapters 7 and 8 of the text book. Outline of multimedia networking Multimedia
More informationAuthenticating Streamed Data in the Presence of Random Packet Loss
Authenticating Streamed Data in the Presence of Random Packet Loss (Extended Abstract) Philippe Golle pgolle@cs.stanford.edu Nagendra Modadugu nagendra@cs.stanford.edu Abstract e propose a new scheme for
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita Rotaru
More informationSoftware Implementation of GongHarn Publickey Cryptosystem and Analysis
Software Implementation of GongHarn Publickey Cryptosystem and Analysis by Susana Sin A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master
More informationPublic Key (asymmetric) Cryptography
PublicKey Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationA Novel Approach to combine Publickey encryption with Symmetrickey encryption
Volume 1, No. 4, June 2012 ISSN 22781080 The International Journal of Computer Science & Applications (TIJCSA) RESEARCH PAPER Available Online at http://www.journalofcomputerscience.com/ A Novel Approach
More informationSignature Amortization Technique for Authenticating Delay Sensitive Stream
Signature Amortization Technique for Authenticating Delay Sensitive Stream M Bruntha 1, Dr J. Premalatha Ph.D. 2 1 M.E., 2 Professor, Department of Information Technology, Kongu Engineering College, Perundurai,
More informationA Digital Signature Scheme in Webbased Negotiation Support System
A Digital Signature Scheme in Webbased Negotiation Support System Yuxuan Meng 1 and Bo Meng 2 1 Department of Computer Science, University of Saskatchewan, Saskatoon, Saskatchewan, S7N 5C9, Canada yxmeng68@yahoo.ca
More informationA Practical Authentication Scheme for InNetwork Programming in Wireless Sensor Networks
A Practical Authentication Scheme for InNetwork Programming in Wireless Sensor Networks Ioannis Krontiris Athens Information Technology P.O.Box 68, 19.5 km Markopoulo Ave. GR 19002, Peania, Athens, Greece
More informationImproved Online/Offline Signature Schemes
Improved Online/Offline Signature Schemes Adi Shamir and Yael Tauman Applied Math. Dept. The Weizmann Institute of Science Rehovot 76100, Israel {shamir,tauman}@wisdom.weizmann.ac.il Abstract. The notion
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIENCHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationCommunications security
University of Roma Sapienza DIET Communications security Lecturer: Andrea Baiocchi DIET  University of Roma La Sapienza Email: andrea.baiocchi@uniroma1.it URL: http://net.infocom.uniroma1.it/corsi/index.htm
More information2. Cryptography 2.4 Digital Signatures
DIFCTUNL Computer and Network Systems Security Segurança de Sistemas e Redes de Computadores 20102011 2. Cryptography 2.4 Digital Signatures 2010, Henrique J. Domingos, DI/FCT/UNL 2.4 Digital Signatures
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 81
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 81 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA DiffieHellman Key Exchange Public key and
More informationDigital signatures are one of the most important inventions/applications of modern cryptography.
CHAPTER 7: DIGITAL SIGNATURES Digital signatures are one of the most important inventions/applications of modern cryptography. Part VII Digital signatures The problem is how can a user sign (electronically)
More informationVerifying Data Integrity in PeertoPeer Video Streaming
Verifying Data Integrity in PeertoPeer Video Streaming Ahsan Habib, Dongyan Xu, Mikhail Atallah, Bharat Bhargava CERIAS and Department of Computer Sciences Purdue University, West Lafayette, IN 47907
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; DH key exchange; Hash functions; Application of hash
More informationEmbedding more security in digital signature system by using combination of public key cryptography and secret sharing scheme
International Journal of Computer Sciences and Engineering Open Access Research Paper Volume4, Issue3 EISSN: 23472693 Embedding more security in digital signature system by using combination of public
More informationEvaluation of Digital Signature Process
Evaluation of Digital Signature Process Emil SIMION, Ph. D. email: esimion@fmi.unibuc.ro Agenda Evaluation of digital signatures schemes: evaluation criteria; security evaluation; security of hash functions;
More informationAuthenticated InNetwork Programming for Wireless Sensor Networks
Authenticated InNetwork Programming for Wireless Sensor Networks Ioannis Krontiris and Tassos Dimitriou Athens Information Technology, P.O.Box 68, 19.5 km Markopoulo Ave., GR 19002, Peania, Athens, Greece
More informationFinal exam review, Fall 2005 FSU (CIS5357) Network Security
Final exam review, Fall 2005 FSU (CIS5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationPrinciples of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms
Principles of Public Key Cryptography Chapter : Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter : Security on Network and Transport
More informationDigital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015
Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationWireless Network Security 14814 Spring 2014
Wireless Network Security 14814 Spring 2014 Patrick Tague Class #8 Broadcast Security & Key Mgmt 1 Announcements 2 Broadcast Communication Wireless networks can leverage the broadcast advantage property
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 035742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationDigital signatures. Informal properties
Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property.
More informationAuthentication, digital signatures, PRNG
Multimedia Security Authentication, digital signatures, PRNG Mauro Barni University of Siena Beyond confidentiality Up to now, we have been concerned with protecting message content (i.e. confidentiality)
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More information18731 Midterm. Name: Andrew user id:
18731 Midterm 6 March 2008 Name: Andrew user id: Scores: Problem 0 (10 points): Problem 1 (10 points): Problem 2 (15 points): Problem 3 (10 points): Problem 4 (20 points): Problem 5 (10 points): Problem
More informationEncapsulating Voice in IP Packets
Encapsulating Voice in IP Packets Major VoIP Protocols This topic defines the major VoIP protocols and matches them with the seven layers of the OSI model. Major VoIP Protocols 15 The major VoIP protocols
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? Oneway functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More information2. Securing Transactions
INVESTIGATING THE EFFICIENCY OF CRYPTOGRAPHIC ALGORITHMS IN ONLINE TRANSACTIONS C. Lamprecht 1 A. van Moorsel P. Tomlinson N. Thomas School of Computing Science, University of Newcastle upon Tyne, UK Abstract
More informationComputer Science 308547A Cryptography and Data Security. Claude Crépeau
Computer Science 308547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308647A)
More informationDigital Signatures. What are Signature Schemes?
Digital Signatures Debdeep Mukhopadhyay IIT Kharagpur What are Signature Schemes? Provides message integrity in the public key setting Counterparts of the message authentication schemes in the public
More informationSecure Transmission of Video on an End System Multicast Using Public Key Cryptography
Secure Transmission of Video on an End System Multicast Using Public Key Cryptography Istemi Ekin Akkus, Oznur Ozkasap, and M. Reha Civanlar Koc University, Department of Computer Engineering, Istanbul,
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationNetwork Security. HIT Shimrit TzurDavid
Network Security HIT Shimrit TzurDavid 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA PrivateKey Cryptography traditional private/secret/single key cryptography uses one key shared
More informationApplied Cryptography Public Key Algorithms
Applied Cryptography Public Key Algorithms Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Public Key Cryptography Independently invented by Whitfield Diffie & Martin
More informationClient Server Registration Protocol
Client Server Registration Protocol The ClientServer protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationCS 348: Computer Networks.  Security; 30 th  31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay
CS 348: Computer Networks  Security; 30 th  31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationTable of Contents. Bibliografische Informationen http://dnb.info/996514864. digitalisiert durch
1 Introduction to Cryptography and Data Security 1 1.1 Overview of Cryptology (and This Book) 2 1.2 Symmetric Cryptography 4 1.2.1 Basics 4 1.2.2 Simple Symmetric Encryption: The Substitution Cipher...
More informationOverview of PublicKey Cryptography
CS 361S Overview of PublicKey Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.16 slide 2 PublicKey Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationEXAM questions for the course TTM4135  Information Security May 2013. Part 1
EXAM questions for the course TTM4135  Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question
More informationAuthenticating Real Time Packet Streams and Multicasts
Authenticating Real Time Packet Streams and Multicasts Alain Pannetrat, Réfik Molva Institut Eurécom, SophiaAntipolis, France. Abstract In this work we propose a new stream authentication scheme that
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationDigital Signatures. Prof. Zeph Grunschlag
Digital Signatures Prof. Zeph Grunschlag (Public Key) Digital Signatures PROBLEM: Alice would like to prove to Bob, Carla, David,... that has really sent them a claimed message. E GOAL: Alice signs each
More informationDigital Signature CHAPTER 13. Review Questions. (Solution to OddNumbered Problems)
CHAPTER 13 Digital Signature (Solution to OddNumbered Problems) Review Questions 1. We mentioned four areas in which there is a differences between a conventional and a digital signature: inclusion, verification,
More informationHighSpeed RSA Implementation C etin Kaya Koc Koc@ece.orst.edu RSA Laboratories RSA Data Security, Inc. 100 Marine Parkway, Suite 500 Redwood City, CA 940651031 Copyright c RSA Laboratories Version 2.0
More informationCRC Press has granted the following specific permissions for the electronic version of this book:
This is a Chapter from the Handbook of Applied Cryptography, by A. Menezes, P. van Oorschot, and S. Vanstone, CRC Press, 1996. For further information, see www.cacr.math.uwaterloo.ca/hac CRC Press has
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationThe Mathematics of the RSA PublicKey Cryptosystem
The Mathematics of the RSA PublicKey Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationRSA Attacks. By Abdulaziz Alrasheed and Fatima
RSA Attacks By Abdulaziz Alrasheed and Fatima 1 Introduction Invented by Ron Rivest, Adi Shamir, and Len Adleman [1], the RSA cryptosystem was first revealed in the August 1977 issue of Scientific American.
More informationInstant Revocation. Jon A. Solworth. 16 June 2008. Dept. of Computer Science and Center for RITES University of Illinois at Chicago
Instant Revocation Jon A. Solworth Dept. of Computer Science and Center for RITES University of Illinois at Chicago 16 June 2008 Certificates and Revocation Part I Certificates and Revocation Certificates
More informationHashbased Digital Signature Schemes
Hashbased Digital Signature Schemes Johannes Buchmann Erik Dahmen Michael Szydlo October 29, 2008 Contents 1 Introduction 2 2 Hash based onetime signature schemes 3 2.1 Lamport Diffie onetime signature
More informationSecurity Policy Revision Date: 23 April 2009
Security Policy Revision Date: 23 April 2009 Remote Desktop Support Version 3.2.1 or later for Windows Version 3.1.2 or later for Linux and Mac 4 ISL Light Security Policy This section describes the procedure
More informationMTAT.07.003 Cryptology II. Digital Signatures. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Digital Signatures Sven Laur University of Tartu Formal Syntax Digital signature scheme pk (sk, pk) Gen (m, s) (m,s) m M 0 s Sign sk (m) Ver pk (m, s)? = 1 To establish electronic
More informationVoice over IP: RTP/RTCP The transport layer
Advanced Networking Voice over IP: /RTCP The transport layer Renato Lo Cigno Requirements For RealTime Transmission Need to emulate conventional telephone system Isochronous output timing same with input
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationPeertoPeer Networks Anonymity (1st part) 8th Week
PeertoPeer Networks Anonymity (1st part) 8th Week Department of Computer Science 1 Motivation Society Free speech is only possible if the speaker does not suffer negative consequences Thus, only an anonymous
More informationCryptography and Network Security Digital Signature
Cryptography and Network Security Digital Signature XiangYang Li Message Authentication Digital Signature Authentication Authentication requirements Authentication functions Mechanisms MAC: message authentication
More informationPart VII. Digital signatures
Part VII Digital signatures CHAPTER 7: Digital signatures Digital signatures are one of the most important inventions/applications of modern cryptography. The problem is how can a user sign a message such
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationSecurity. Contents. S72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Maninthemiddle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationTCP  Introduction. Features of TCP
TCP  Introduction The Internet Protocol (IP) provides unreliable datagram service between hosts The Transmission Control Protocol (TCP) provides reliable data delivery It uses IP for datagram delivery
More informationSPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, J.D. Tygar, Victor Wen, and David Culler Department of Electrical Engineering & Computer Sciences, University of California
More informationFactoring. Factoring 1
Factoring Factoring 1 Factoring Security of RSA algorithm depends on (presumed) difficulty of factoring o Given N = pq, find p or q and RSA is broken o Rabin cipher also based on factoring Factoring like
More informationSecurity Sensor Network. Biswajit panja
Security Sensor Network Biswajit panja 1 Topics Security Issues in Wired Network Security Issues in Wireless Network Security Issues in Sensor Network 2 Security Issues in Wired Network 3 Security Attacks
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an applicationlevel protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationAdvanced Networking Voice over IP: RTP/RTCP The transport layer
Advanced Networking Voice over IP: RTP/RTCP The transport layer Renato Lo Cigno Requirements For RealTime Transmission Need to emulate conventional telephone system Isochronous output timing same with
More informationBy: Chunyan Fu, PhD, Ericsson Canada
TCP/UDP Basics By: Chunyan Fu, PhD, Ericsson Canada Internet Model Application TCP/UDP IP Link layer Physical layer Transport Service Overview Provide service to application layer by using the service
More informationACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES. Daniela Bojan and Sidonia Vultur
ACTA UNIVERSITATIS APULENSIS No 13/2007 MATHEMATICAL FOUNDATION OF DIGITAL SIGNATURES Daniela Bojan and Sidonia Vultur Abstract.The new services available on the Internet have born the necessity of a permanent
More informationDIRECT ONLINE/OFFLINE DIGITAL SIGNATURE SCHEMES. Ping Yu, M.S. Dissertation Prepared for the Degree of DOCTOR OF PHILOSOPHY UNIVERSITY OF NORTH TEXAS
DIRECT ONLINE/OFFLINE DIGITAL SIGNATURE SCHEMES Ping Yu, M.S. Dissertation Prepared for the Degree of DOCTOR OF PHILOSOPHY UNIVERSITY OF NORTH TEXAS December 2008 APPROVED: Stephen R. Tate, Major Professor
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More informationFirst Semester Examinations 2011/12 INTERNET PRINCIPLES
PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES
More informationEfficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu Peng Ning Department of Computer Science North Carolina State University Raleigh,
More informationMulticast Authentication Based on Batch Signature (MABS) in Network Security
Multicast Authentication Based on Batch Signature (MABS) in Network Security Srikanth Bethu 1,,AsrarAhmedM.D. 2, Jesurun Prem Kumar Dasari 3, Soujanya S. 4 and Kanthi Kumar K. 5 1,4 Department of Computer
More informationPhysical Data Organization
Physical Data Organization Database design using logical model of the database  appropriate level for users to focus on  user independence from implementation details Performance  other major factor
More informationAC76/AT76 CRYPTOGRAPHY & NETWORK SECURITY DEC 2014
Q.2a. Define Virus. What are the four phases of Viruses? In addition, list out the types of Viruses. A virus is a piece of software that can infect other programs by modifying them; the modification includes
More informationCMSS An Improved Merkle Signature Scheme
CMSS An Improved Merkle Signature Scheme Johannes Buchmann 1, Luis Carlos Coronado García 2, Erik Dahmen 1, Martin Döring 1, and Elena Klintsevich 1 1 Technische Universität Darmstadt Department of Computer
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More information9 Modular Exponentiation and Cryptography
9 Modular Exponentiation and Cryptography 9.1 Modular Exponentiation Modular arithmetic is used in cryptography. In particular, modular exponentiation is the cornerstone of what is called the RSA system.
More informationCrittografia e sicurezza delle reti. Digital signatures DSA
Crittografia e sicurezza delle reti Digital signatures DSA Signatures vs. MACs Suppose parties A and B share the secret key K. Then M, MAC K (M) convinces A that indeed M originated with B. But in case
More informationChapter 3. Internet Applications and Network Programming
Chapter 3 Internet Applications and Network Programming 1 Introduction The Internet offers users a rich diversity of services none of the services is part of the underlying communication infrastructure
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511517 HIKARI Ltd, www.mhikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More information