Contract Signing. Contract-Signing Protocols. Another example: stock trading. Example. Network is Asynchronous. Fundamental limitation
|
|
- Cecil Rich
- 8 years ago
- Views:
Transcription
1 ECS Week 2005 Contract-Signing Protocols John itchell Stanford Contract Signing wo parties want to sign a contract ulti-party signing is more complicated he contract is known to both parties he protocols we will look at are not for contract negotiation (e.g., auctions) he attacker could be nother party on the network he person you think you want to sign a contract with Example nother example: stock trading Immunity deal stock broker Willing to sell stock at price X Ok, willing to buy at price X customer oth parties want to sign the contract Neither wants to commit first Why signed contract? Suppose market price changes uyer or seller may want proof of agreement work is synchronous Physical solution wo parties sit at table Write their signatures simultaneously Exchange copies Problem How to sign a contract on a network? Fair exchange: general problem of exchanging information so both succeed or both fail Fundamental limitation Impossibility of consensus Very weak consensus is not solvable if one or more processes can be faulty synchronous setting Process has initial 0 or 1, and eventually decides 0 or 1 Weak termination: some correct process decides greement: no two processes decide on different values Very weak validity: there is a run in which the decision is 0 and a run in which the decision is 1 Reference. J. Fischer, N.. Lynch and. S. Paterson, Impossibility of Distributed Consensus with One Faulty Process. J C 32(2): (pril 1985).
2 FLP Partial Intuition Quote from paper: he asynchronous commit protocols in current use all seem to have a window of vulnerability - an interval of time during the execution of the algorithm in which the delay or inaccessibility of a single process can cause the entire algorithm to wait indefinitely. It follows from our impossibility result that every commit protocol has such a window, confirming a widely believed tenet in the folklore. Implication for fair exchange Need a trusted third party (P) It is impossible to solve strong fair exchange without a trusted third party. he proof is by relating strong fair exchange to the problem of consensus and adapting the impossibility result of Fischer, Lynch and Paterson. Reference H. Pagnia and F. C. Gärtner, On the impossibility of fair exchange without a trusted third party. echnical Report UD-S , Darmstadt University of echnology, arch 1999 wo forms of contract signing Easy P contract signing Gradual-release protocols lice and ob sign contract Exchange signatures a few bits at a time Issues Signatures are verifiable Work required to guess remaining signature decreases lice, ob must be able to verify that what they have received so far is part of a valid signature dd trusted third party signature contract Problem P is bottleneck Can we do better? P signature contract Optimistic contract signing Use P only if needed Can complete contract signing without P P will make decisions if asked Goals Fair: no one can cheat the other imely: no one has to wait indefinitely (assuming that P is available) Other properties General protocol outline I am going to sign the contract I am going to sign the contract Here is my signature Here is my signature rusted third party can force contract hird party can declare contract binding if presented with first two messages.
3 Commitment (idea from crypto) Refined protocol outline Cryptographic hash function Easy to compute function f Given f(x), hard to find y with f(y)=f(x) Hard to find pairs x, y with f(y)=f(x) Commit Send f(x) for randomly chosen x Complete Reveal x sign(, contract, hash(rand_) ) sign(, contract, hash(rand_) ) rand_ rand_ rusted third party can force contract hird party can declare contract binding by signing first two messages. Optimistic Protocol [sokan, Shoup, Waidner] P,, text m 1 = sig (P, P,, text, hash(r )) P,, text sokan-shoup-waidner Outcomes Contract from normal execution m 1, R, m 2, R m 2 = sig (m 1, hash(r )) m 3 = R Contract issued by third party sig (m 1, m 2 ) m 4 = R bort token issued by third party sig (abort, a 1 ) m 1, R, m 2, R Role of rusted hird Party Resolve Subprotocol can issue a replacement contract Proof that both parties are committed can issue an abort token Proof that will not issue contract acts only when requested decides whether to abort or resolve on the first-come-first-serve basis only gets involved if requested by or r2 sig (m 1, m 2 ) sig (abort, a 1 ) m 1 = sig ( hash(r )) m 2 = sig ( hash(r )) m 3 = m 4 = r 1 = m 1, m 2 r 2 aborted? Yes: r 2 = sig (abort, a 1 ) No: resolved := true r 2 = sig (m 1, m 2 )
4 bort Subprotocol Fairness and imeliness m 1 = sig ( hash(r )) work m 2 = a 1 = sig (abort, m 1 ) Fairness If cannot obtain s signature, then should not be able to obtain s signature a 2 sig (m 1, m 2 ) sig (abort, a 1 ) resolved? Yes: a 2 = sig (m 1, m 2 ) No: aborted := true a 2 = sig (abort, a 1 ) imeliness One player cannot force the other to wait -- a fair and timely termination can always be forced by contacting P and vice versa [sokan, Shoup, Waidner Eurocrypt 98] sokan-shoup-waidner protocol ttack gree m1= sign(, c, hash(r_) ) sign(, m1, hash(r_) ) r_ r_ bort a 1 sig (a 1,abort) work If not already resolved m 1 = sig (... hash(r )) m 2 = sig (m 1, hash(r )) secret Q, m 2 m 3 = R r 1 = m 1, m 2 Resolve m 1 m 2 sig (m 1, m 2 ) ttack? r 2 = sig (m 1, m 2 ) sig (m 1, m 2 ) contracts are inconsistent! m 1, R, m 2, Q Replay ttack Fixing the Protocol sig ( hash(r )) sig (... hash(r )) R R Later... sig (P, P,, text, hash(r )) sig (m 1, hash(q )) R Q Intruder causes to commit to old contract with P,, text m 1 = sig (P, P,, text, hash(r )) m 2 = sig (m 1, hash(r )) m 3 = sig ( R, hash(r )) m 4 = R m 1, R, m 2, R P,, text
5 Desirable properties [Garay, Jakobsson, acenzie] buse-free Contract Signing Fair If one can get contract, so can other ccountability If someone cheats, message trace shows who cheated buse free No party can show that they can determine outcome of the protocol PCS (text,,) PCS (text,,) sig (text) sig (text) Private Contract Signature Special cryptographic primitive cannot take msg from and show to C converts signatures, does not use own Role of rusted hird Party Resolve Subprotocol can convert PCS to regular signature Resolve the protocol if necessary can issue an abort token Promise not to resolve protocol in future acts only when requested decides whether to abort or resolve on a first-come-first-served basis only gets involved if requested by or PCS (text,,) PCS (text,,) r 1 = PCS (text,,), sig (text) sig (a 1 ) sig (text) r 2 aborted? Yes: r 2 = sig (a 1 ) No: resolved := true r 2 = sig (text) store sig (text) bort Subprotocol Garay, Jakobsson, acenzie m 1 = PCS (text,,) gree bort work a 1 =sig (m 1,abort) PCS (text,,) PCS (text,,) sig (text) sig (text) m 1 = PCS (text,,) work a 2 sig (text) sig (a 1 ) resolved? Yes: a 2 = sig (text) No: aborted := true a 2 = sig (a 1 ) Resolve PCS (text,,) PCS (text,,) PCS (text,,) sig (text) abort ND sig (text) ttack sig (abort) Leaked by abort
6 ttack Repairing the Protocol PCS (text,,) PCS (text,,) sig PCS (text,,), (abort) sig (text) Leaked by sig sig (abort) (abort) If converts PCS into a conventional signature, can be held accountable PCS (text,,) PCS (text,,) PCS (text,,), PCS (text,,) abort ND sig (text) only abort alance dvantage No party should be able to unilaterally determine the outcome of the protocol alance may be violated even if basic fairness is satisfied! Stock sale example: there is a point in the protocol where the broker can unilaterally choose whether the sale happens or not Can a timely, optimistic protocol be fair ND balanced? stock broker Willing to sell stock at price X Ok, willing to buy at price X ust be able to ask P to cancel this instance of protocol, or will be stuck indefinitely if customer does not respond customer Can go ahead and complete the sale, Optimistically waits for broker to respond can still ask P to cancel (P doesn t know customer has responded) Chooses whether deal will happen: does not have to commit stock for sale, can cancel if sale looks unprofitable Cannot back out of the deal: must commit money for stock buse free : as good as it gets Specifically: One signer always has an advantage over the other, no matter what the protocol is heorem In any fair, optimistic, timely contract-signing protocol, if one player is optimistic*, the other player has an advantage. est case: signer with advantage cannot prove it has the advantage to an outside observer * optimistic player: waits a little before going to the third party
7 buse-freeness alance impossible No party should be able to unilaterally determine the outcome of the protocol buse-freeness No party should be able to prove that it can unilaterally determine the outcome of the protocol How to prove something like this? Define protocol Program for lice, ob, P Each move depends on Local State (what s happened so far) essage from network imeout Consider possible optimistic runs Show someone gets advantage [Garay, Jakobsson, acenzie Crypto 99] ey idea (omitting many subtleties) dvantage (intuition for main argument) Define power of a signer ( or ) in a state s Power (s) = if can get contract by reading a message already in network, doing internal computation if can get contract by communicating with, assuming does nothing otherwise Look at optimistic transition s s where Power (s) =1 > Power (s) = 0. If Power (s) = 0 Power (s ) =1 then his is result of some move by Power (s) = 0 means cannot get contract without s help he move by is not a message to P he proof is for an optimistic protocol, so we are thinking about a run without msg to could abort in state s We assume protocol is timely and fair: must be able to do something, cannot get contract can still abort in s, so has advantage! Conclusions Online contract signing is subtle Fair buse-free ccountability Several interdependent subprotocols any cases and interleavings Finite-state tools great for case analysis! Find bugs in protocols proved correct Proving properties of all protocols is harder Understand what is possible and what is not
Next few lectures. Contract-Signing Protocols. Contract Signing. Example. Network is Asynchronous. Another example: stock trading. Today.
CS 259 Next few lectures Contract-Signing Protocols J. itchell V. Shmatikov oday Contract-signing protocols hursday ore about contract signing, probability Next ues Probabilistic model checking Next hurs
More informationA FORMAL ANALYSIS OF EXCHANGE OF DIGITAL SIGNATURES. Rohit Chadha. A Dissertation in Mathematics
A FORMAL ANALYSIS OF EXCHANGE OF DIGITAL SIGNATURES Rohit Chadha A Dissertation in Mathematics Presented to the Faculties of the University of Pennsylvania in Partial Fulfillment of the Requirements for
More informationA Survey on Optimistic Fair Digital Signature Exchange Protocols
A Survey on Optimistic Fair Digital Signature Exchange s Alfin Abraham Vinodh Ewards Harlay Maria Mathew Abstract Security services become crucial to many applications such as e-commerce payment protocols,
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationComputers and Electrical Engineering
Computers and Electrical Engineering 37 (2011) 169 173 Contents lists available at ScienceDirect Computers and Electrical Engineering journal homepage: www.elsevier.com/locate/compeleceng Contract signature
More informationElectronic Contract Signing without Using Trusted Third Party
Electronic Contract Signing without Using Trusted Third Party Zhiguo Wan 1, Robert H. Deng 2 and David Lee 1 Sim Kim Boon Institute for Financial Economics 1, School of Information Science 2, Singapore
More informationAnalysis of Probabilistic Contract Signing
Analysis of Probabilistic Contract Signing Gethin Norman 1 and Vitaly Shmatikov 2 1 University of Birmingham, School of Computer Science, Birmingham B15 2TT U.K. email: G.Norman@cs.bham.ac.uk 2 Department
More informationComputer Security. Programming Language Methods in Computer Security. Plan. Orientation. Part I. Personal POPL timeline. How did I get here?
Programming Language Methods in Computer Security John Mitchell Stanford University Plan Perspective on computer security Protocol security Protocol examples basic rewriting model Incorporating probability
More informationBounded Cost Algorithms for Multivalued Consensus Using Binary Consensus Instances
Bounded Cost Algorithms for Multivalued Consensus Using Binary Consensus Instances Jialin Zhang Tsinghua University zhanggl02@mails.tsinghua.edu.cn Wei Chen Microsoft Research Asia weic@microsoft.com Abstract
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationPrinciples of Network Security
he Network Security Model Bob and lice want to communicate securely. rudy (the adversary) has access to the channel. lice channel data, control s Bob Kai Shen data secure sender secure receiver data rudy
More informationA Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer. Yale University. S. Micali Massachusetts Institute of Technology
J, Cryptoiogy (1996) 9:191-195 Joumol of CRYPTOLOGY O 1996 International Association for Cryptologic Research A Secure Protocol for the Oblivious Transfer (Extended Abstract) M. J. Fischer Yale University
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationA Simulation Game for Teaching Secure Data Communications Protocols
A Simulation Game for Teaching Secure Data Communications Protocols Leonard G. C. Hamey Department of Computing, Macquarie University, Sydney, Australia ABSTRACT With the widespread commercial use of the
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationLecture 9 - Message Authentication Codes
Lecture 9 - Message Authentication Codes Boaz Barak March 1, 2010 Reading: Boneh-Shoup chapter 6, Sections 9.1 9.3. Data integrity Until now we ve only been interested in protecting secrecy of data. However,
More informationSecure Remote Password (SRP) Authentication
Secure Remote Password (SRP) Authentication Tom Wu Stanford University tjw@cs.stanford.edu Authentication in General What you are Fingerprints, retinal scans, voiceprints What you have Token cards, smart
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationApache Milagro (incubating) An Introduction ApacheCon North America
Apache Milagro (incubating) An Introduction ApacheCon North America Apache Milagro will establish a new independent security framework for the Internet A Distributed Cryptosystem Secure the Future of the
More informationElectronic Voting Protocol Analysis with the Inductive Method
Electronic Voting Protocol Analysis with the Inductive Method Introduction E-voting use is spreading quickly in the EU and elsewhere Sensitive, need for formal guarantees Inductive Method: protocol verification
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationSecure Reactive Systems
Michael Backes Saarland University, Germany joint work with Birgit Pfitzmann and Michael Waidner Secure Reactive Systems Lecture at Tartu U, 02/27/06 Building Systems on Open Networks E-Government Hospital
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationAn Overview of Common Adversary Models
An Overview of Common Adversary Karl Palmskog palmskog@kth.se 2012-03-29 Introduction Requirements of Software Systems 1 Functional Correctness: partial, termination, liveness, safety,... 2 Nonfunctional
More informationCryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones
Cryptanalysis of a Partially Blind Signature Scheme or How to make $100 bills with $1 and $2 ones Gwenaëlle Martinet 1, Guillaume Poupard 1, and Philippe Sola 2 1 DCSSI Crypto Lab, 51 boulevard de La Tour-Maubourg
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationICOM 5018 Network Security and Cryptography
ICOM 5018 Network Security and Cryptography Description This course introduces and provides practical experience in network security issues and cryptographic techniques. Cryptographic algorithms and protocols
More informationA Blueprint for Universal Trust Management Services
A Blueprint for Universal Trust Management Services Tomasz Kaszuba Krzysztof Rzadca Adam Wierzbicki Grzegorz Wierzowiecki Polish-Japanese Institute of Information Technology Warsaw, Poland adamw@pjwstk.edu.pl
More informationTwo Factor Zero Knowledge Proof Authentication System
Two Factor Zero Knowledge Proof Authentication System Quan Nguyen Mikhail Rudoy Arjun Srinivasan 6.857 Spring 2014 Project Abstract It is often necessary to log onto a website or other system from an untrusted
More information1 Signatures vs. MACs
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationAttacks on the Pairing Protocol of Bluetooth v2.1
Attacks on the Pairing Protocol of Bluetooth v2.1 Andrew Y. Lindell June 25, 2008 Abstract The Bluetooth protocol for close-range wireless communication has been a huge success. It is a widely adopted
More informationDigital Cash. is not a check, credit card or a debit card. They leave audit trails. can be sent through computer networks.
Digital Cash is not a check, credit card or a debit card. They leave audit trails. is anonymous and untraceable. can be sent through computer networks. can be used off-line (not connected to a bank). is
More informationYALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467a: Cryptography and Computer Security Notes 1 (rev. 1) Professor M. J. Fischer September 3, 2008 1 Course Overview Lecture Notes 1 This course is
More informationGuide for Homebuyers
Guide for Homebuyers Tips for Getting a Safe Mortgage You Can Afford Q u i c k S u m m a ry Figure out what you can afford. Contact at least 3 different lenders or brokers. When you call, say: I m buying
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationDRAFT P2P TRADING OF BITCOIN PAGE 1
Creating a Peer to Peer System for Buying and Selling Bitcoin Online DRAFT.1 By Rizwan Virk, 2013 riz@alum.mit.edu Table of Contents Introduction... 2 Overview of the Problem... 3 Parts of a Transaction....
More informationPrinciples of Computer Security. Dr George Danezis (g.danezis@ucl.ac.uk)
Principles of Computer Security Dr George Danezis (g.danezis@ucl.ac.uk) Why SecAppDev? Learning security on the job is necessary. However, Foundations: Principles. (Today) Access control. Advances: Privacy-friendly
More informationSecurity of Cloud Storage: - Deduplication vs. Privacy
Security of Cloud Storage: - Deduplication vs. Privacy Benny Pinkas - Bar Ilan University Shai Halevi, Danny Harnik, Alexandra Shulman-Peleg - IBM Research Haifa 1 Remote storage and security Easy to encrypt
More informationComputer Science 308-547A Cryptography and Data Security. Claude Crépeau
Computer Science 308-547A Cryptography and Data Security Claude Crépeau These notes are, largely, transcriptions by Anton Stiglic of class notes from the former course Cryptography and Data Security (308-647A)
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationHow To Verify A Bluetooth Device Pairing With A Human Eye Oracle
Formal Analysis of Authentication in Bluetooth Device Pairing Richard Chang and Vitaly Shmatikov The University of Texas at Austin Abstract. Bluetooth is a popular standard for short-range wireless communications.
More informationCSC 774 -- Network Security
CSC 774 -- Network Security Topic 4.1: NetBill Dr. Peng Ning CSC 774 Network Security 1 Outline Why is NetBill developed? NetBill Transaction Model NetBill Transaction Protocol Basic Protocol Optimizations
More informationDNS security: poisoning, attacks and mitigation
DNS security: poisoning, attacks and mitigation The Domain Name Service underpins our use of the Internet, but it has been proven to be flawed and open to attack. Richard Agar and Kenneth Paterson explain
More informationREGISTER ME TODAY FOR INTERNET ACCESS
REGISTER ME TODAY FOR INTERNET ACCESS Kindly complete this form and sign where indicated then return to our office via fax: Fax: 416-348-8311 or 1-866-399-3651 You will be contacted vie e-mail when your
More informationAn Anonymous Fair Exchange E-commerce Protocol
An Anonymous Fair Exchange E-commerce Protocol Indrakshi Ray Indrajit Ray Department of Computer and Information Science University of Michigan-Dearborn 490 Evergreen Road, Dearborn, MI 488 Email: iray,
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC
More informationOptimal Efficiency of Optimistic Contract Signing
Optimal Efficiency of Optimistic Contract Signing Birgit Pfitzmann Matthias Schunter Michael Waidner Universität des Saarlandes Universität Dortmund IBM urich Research Laboratory
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationModeling and verification of security protocols
Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available
More informationFair Exchange in E-commerce
Fair Exchange in E-commerce INDRAJIT RAY and INDRAKSHI RAY Department of Computer Science Colorado State University Many business transactions over the Internet involve the exchange of digital products
More informationRandomized Hashing for Digital Signatures
NIST Special Publication 800-106 Randomized Hashing for Digital Signatures Quynh Dang Computer Security Division Information Technology Laboratory C O M P U T E R S E C U R I T Y February 2009 U.S. Department
More informationInformation Security Basic Concepts
Information Security Basic Concepts 1 What is security in general Security is about protecting assets from damage or harm Focuses on all types of assets Example: your body, possessions, the environment,
More informationFixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006
Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006 Introduction: Fixity, in preservation terms, means that the digital object
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru
More informationInteraction and causality in digital signature exchange protocols
Interaction and causality in digital signature exchange protocols Jonathan Hayman Computer Laboratory, University of Cambridge, UK Abstract. Causal reasoning is a powerful tool in analysing security protocols,
More information3-6 Toward Realizing Privacy-Preserving IP-Traceback
3-6 Toward Realizing Privacy-Preserving IP-Traceback The IP-traceback technology enables us to trace widely spread illegal users on Internet. However, to deploy this attractive technology, some problems
More informationalta5 Risk Disclosure Statement
alta5 Risk Disclosure Statement Welcome to alta5. alta5 is both a platform for executing algorithmic trading algorithms and a place to learn about and share sophisticated investment strategies. alta5 provides
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationPaillier Threshold Encryption Toolbox
Paillier Threshold Encryption Toolbox October 23, 2010 1 Introduction Following a desire for secure (encrypted) multiparty computation, the University of Texas at Dallas Data Security and Privacy Lab created
More informationAPPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS: EMERGING ISSUES AND TRENDS
PPLYING FORML METHODS TO CRYPTOGRPHIC PROTOCOL NLYSIS: EMERGING ISSUES ND TRENDS Catherine Meadows Code 5543 Center for High ssurance Computer Systems US Naval Research Laboratory Washington, DC 20375
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies
More informationOverview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification
Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by
More informationMinimal message complexity of asynchronous multi-party contract signing
Minimal message complexity of asynchronous multi-party contract ning Sjouke Mauw University of Luxembourg sjouke.mauw@uni.lu Saša adomirović University of Luxembourg sasa.radomirovic@uni.lu Mohammad Torabi
More informationto hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many
In the world of secure email, there are many options from which to choose from to hide away details from prying eyes. Pretty Good Privacy (PGP) utilizes many cryptographical concepts to achieve a supposedly
More informationVictor Shoup Avi Rubin. fshoup,rubing@bellcore.com. Abstract
Session Key Distribution Using Smart Cards Victor Shoup Avi Rubin Bellcore, 445 South St., Morristown, NJ 07960 fshoup,rubing@bellcore.com Abstract In this paper, we investigate a method by which smart
More informationAn Electronic Voting System Based On Blind Signature Protocol
CSMR, VOL. 1, NO. 1 (2011) An Electronic Voting System Based On Blind Signature Protocol Marius Ion, Ionuţ Posea University POLITEHNICA of Bucharest Faculty of Automatic Control and Computers, Computer
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationVerifiable Agreement: Limits of Non-Repudiation in Mobile Peer-to-Peer Ad Hoc Networks
Verifiable Agreement: Limits of Non-Repudiation in Mobile Peer-to-Peer Ad Hoc Networks (Extended Abstract) Zinaida Benenson 1, Felix C. Freiling 2, Birgit Pfitzmann 3, Christian Rohner 1, and Michael Waidner
More informationData Security. So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc.
Data Security So many businesses leave their data exposed, That doesn t mean you have to. 2014 Computerbilities, Inc. Table of Contents: 1. Introduction 3 2. Cybersecurity: The loopholes in the system
More informationLecture 15 - Digital Signatures
Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationPart 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext
Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private
More informationAuthentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques
Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)
More informationHigh-speed cryptography and DNSCurve. D. J. Bernstein University of Illinois at Chicago
High-speed cryptography and DNSCurve D. J. Bernstein University of Illinois at Chicago Stealing Internet mail: easy! Given a mail message: Your mail software sends a DNS request, receives a server address,
More informationRound-Efficient Secure Computation in Point-to-Point Networks
Round-Efficient Secure Computation in Point-to-Point Networks Jonathan Katz and Chiu-Yuen Koo Dept. of Computer Science, University of Maryland, College Park, USA {jkatz,cykoo}@cs.umd.edu Abstract. Essentially
More informationSmart Cards in Interaction: Towards Trustworthy Digital Signatures
Smart Cards in Interaction: Towards Trustworthy Digital Signatures Roger Kilian-Kehr 1 and Joachim Posegga 2 1 T-Systems Nova, Roger.Kilian-Kehr@T-Systems.com 2 SAP Corporate Research, Joachim.Posegga@SAP.com
More informationA Survey on Untransferable Anonymous Credentials
A Survey on Untransferable Anonymous Credentials extended abstract Sebastian Pape Databases and Interactive Systems Research Group, University of Kassel Abstract. There are at least two principal approaches
More informationInformation Security
Information Security Dr. Vedat Coşkun Malardalen September 15th, 2009 08:00 10:00 vedatcoskun@isikun.edu.tr www.isikun.edu.tr/~vedatcoskun What needs to be secured? With the rapid advances in networked
More informationNon-Black-Box Techniques In Crytpography. Thesis for the Ph.D degree Boaz Barak
Non-Black-Box Techniques In Crytpography Introduction Thesis for the Ph.D degree Boaz Barak A computer program (or equivalently, an algorithm) is a list of symbols a finite string. When we interpret a
More informationDomain Name System Security
Abstract Domain Name System Security Ladislav Hagara hgr@vabo.cz Department of Automated Command Systems and Informatics Military Academy in Brno Brno, Czech Republic Domain Name System (DNS) is one of
More informationdocuments Supplier handbook - Introduction to Digital Signature - Rome, January 2012
Digital signature on received/sent documents Supplier handbook - Introduction to Digital Signature - Rome, January 2012 Digital signature - overview Digital signature is defined as an attestation system
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationAn Introduction to Digital Signature Schemes
An Introduction to Digital Signature Schemes Mehran Alidoost Nia #1, Ali Sajedi #2, Aryo Jamshidpey #3 #1 Computer Engineering Department, University of Guilan-Rasht, Iran m.alidoost@hotmail.com #2 Software
More informationPart I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT
Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationBuying a Property. The steps to buying a property. Finding a Property
Buying a Property For most of us, buying a house or a flat is the most important financial transaction that we will ever get involved with. It can be a complicated business but your solicitor can help
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationSecurity within a development lifecycle. Enhancing product security through development process improvement
Security within a development lifecycle Enhancing product security through development process improvement Who I am Working within a QA environment, with a focus on security for 10 years Primarily web
More informationHow To Use Kerberos
KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed
More informationKAZAKHSTAN STOCK EXCHANGE
KAZAKHSTAN STOCK EXCHANGE A p p r o v e d by Kazakhstan Stock Exchange Board of Directors decision (minutes No. 15 of November 6, 2002) Effective from November 7, 2002 N O T I C E Rules have been translated
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationHow to Protect Peer-to-Peer Online Games from Cheats
How to Protect Peer-to-Peer Online Games from Cheats Haruhiro Yoshimoto Rie Shigetomi Hideki Imai University of Tokyo Imai Laboratory, Institute of Industrial Science, The University of Tokyo, 4-6-1 Komaba,
More information