Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
|
|
- Monica Francis
- 8 years ago
- Views:
Transcription
1 Network Security Gaurav Naik Gus Anderson, Philadelphia, PA
2 Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14: Key Agreement, Management and Distribution Feb 19: Applications: SSL, SSH, and IPSEC Feb 21: Security Lab: OpenSSL CA and Wireshark
3 Public Key Cryptography, Hash Functions, and Digital Signatures Gaurav Naik, Philadelphia, PA
4 Agenda Public Key Crypto Systems Cryptographic Hash Functions Digital Signatures Public Key Infrastructure and Trust
5 Public Key Systems Public Key Encryption Each party has a PAIR of keys (K, K -1 ) D K -1 [E K [M]] = M E encryption function (one-way) D decryption function M is the message K is public and used by anyone to encrypt K -1 is the private key - used for decryption only
6 Public Key Systems One-way Function E must be a one-way function Y= E K [x] f: {0,1} * -> {0,1} * is a trapdoor function, iff f(x) is a one way function -- given that it becomes feasible to compute f -1. Given y, find x such that y = f(x)
7 A bit of history PK Crypto concept invented in 1976 by Diffie and Hellman Approach described by Rivest, Shamir, and Adleman (RSA) in 1978 Most proposals have been broken RSA and El Gamal are viable
8 Public Key Systems Notation E - Encryption Function D - Decryption Function M - Plaintext Message C - Encrypted Message (Cipher text) K - Public Key K -1 - Private Key
9 Public Key Systems RSA Key Generation 2 prime numbers of the same size (p and q) Need to prevent discovery of p and q by exhaustive search n = p * q Select e, 1 < e < (p-1)(q-1) s.t. gcd(e, (p-1)(q-1)) = 1 Euclidian algorithm for determing whether 2 numbers are coprimes Compute d, 1 < d < (p-1)(q-1) s.t. e * d 1 mod (p- 1)(q-1) Public Key, K is (e, n) Private Key, K -1 is (d)
10 Public Key Systems RSA Encryption Introducing: Alice and Bob Used by Rivest in original paper Bob wishes to send Alice a message, M Alice has provided Bob with her public key K(e, n) Bob encrypts the message, M as follows: C = M e mod n (m < n)
11 Public Key Systems RSA Decryption Alice receives the encrypted message C, and wishes to reveal the secret message M M = C K-1 mod n = (M e ) d mod n = M ed mod n C K-1 = M mod n
12 Public Key Systems Example, Key Generation 2 prime numbers of the same size (p and q) p = 7, q = 17 (not large) n = p * q n = 119 Select e, 1 < e < (p-1)(q-1) s.t. gcd(e, (p-1)(q-1)) = 1 6 * 16 = 96, e = 5 Compute d, 1 < d < (p-1)(q-1) s.t. e * d 1 mod (p- 1)(q-1) d = 5-1 mod 96 = 77 Public Key, K is (e, n) e = 5, n = 119 Private Key, K -1 is (d) d = 77
13 K (5, 119) K -1 (77) Public Key Systems Example Encryption Bob wishes to send Alice the message, M. M = 19 Bob encrypts the message using Alice s public key, K C = M e mod n (m < n) C = 19 5 mod 119 = 66
14 K (5, 119) K -1 (77) Public Key Systems Example Decryption Alice receives the message, C C = 66 Alice applies the following function: M = C K-1 mod n = M mod n M = mod 119 = 19 mod 119
15 Agenda Public Key Crypto Systems Cryptographic Hash Functions Digital Signatures Public Key Infrastructure and Trust
16 Hash Functions Math Basics Function [ Given 2 sets, X and Y, a function f: x -> y is a relation that uniquely associates members of X with members of Y ] Image [ is set the set of y that have at least one preimage ] Injection [ one to one ] Surjection [ onto ] Bijection [ one to one and onto ] Inverse
17 Hash Functions Integrity and Authentication As opposed to Encryption Which does not protect messages from modification during transmit How can we ensure that a message arriving at the destination is in its original form as sent by the sender?
18 Hash Functions Hash Functions Maps of message of size n bits to a fixed length strength m bits -- where m < n. Mapping of many-to-one -- collisions can occur Applications Data Integrity Message Authentication One-time passwords Digital Signatures (more on this later)
19 Hash Functions Hash Function Requirements Preimage resistance Given h, it should be hard to find any M, s.t. h = H(M) 2nd preimage resistance Give an input m 1, it should be hard to find another input, m 2 (not equal to m 1 ) s.t. H(M 1 ) = H(M 2 ) (weak collision resistance) Collision-resistant It should be hard to find any 2 messages, M 1 and M 2 s.t. H(M 1 ) = H(M 2 )
20 Hash Functions Birthday Paradox Given a group of people, the minimum number of people s.t. 2 will share the same birthday with probability > 0.5 is only 23. In general: given a random variable that is an integer with uniform distribution 1 and n and a selection of k instances, k < n of the random variable, what is the probability there is at least one duplicate? k n For the birthday problem
21 Hash Functions Data Integrity Hash function, H Publicly known algorithm Alice and Bob again.. Alice sends Bob a message, M. Along with M, she also sends the output, G 1, of the hash function H. G 1 = H(M) Bob receives the message, M and Alice s hash G 1. He re-computes the hash,g 2 using the same hash function H. If G 1 = G 2, then the message was not tampered with in transit.
22 Message Authentication Codes Requires shared secret key, K Hash Functions
23 Hash Functions MAC Example H, hash function Public S, Secret Key Shared between Alice and Bob A, Output of MAC Function Alice wants to send Bob a message, M. She computes, A 1 = MAC(M, H, S) Bob computes, A 2 = MAC(M, H, S). If A 1 = A 2, then message is from Alice Why? A 1 could have only been produced by the person who knew S.
24 Hash Functions MD5 Designed in 1991 by. Rivest Message Digest 5 RFC 1321 (128-bit output) Wide variety of applications Checking the integrity of files Store UNIX passwords Several weaknesses been discovered in the last 5 years Latest can find a collision within 1 minute on a laptop computer
25 Hash Functions SHA Hash Functions SHA - Secure Hash Standard. Published by NIST in 1993 (originally designed by the NSA) Produces a 160-bit hash. Similar applications to MD5. Approved for protecting unclassified US Gov t documents SHA-0, SHA-1, SHA-224, SHA-256, SHA- 384, and SHA
26 Agenda Public Key Crypto Systems Cryptographic Hash Functions Digital Signatures Public Key Infrastructure and Trust
27 Digital Signatures Digital Signatures? RSA/Public Key Secrecy Confidentiality Digital Signatures Authenticity / Integrity
28 Digital Signatures Wait What about hashes and MACs? MACs versus Hash Functions MACs provide protection against oracle attacks MACs versus Digital Signatures MACs don t provide non-repudiation* Based on a shared symmetric key * Anyone who can verify a MAC, can produce one
29 Digital Signatures Why? In the non-online world, how do we verify things? you buy something at the store, cashier will verify signature on your credit card Sign the back of a check How about in the electronic world?
30 Digital Signatures Digital Signatures What is a digital signature? A string that associates a message with some entity that produced the message What should it provide? Authentication (who sent the msg?) Data Integrity (was the message tampered with) Non-Repudiation
31 Digital Signatures The pieces Signing Input: message, and some private key Output: signature Verification Input: public key, message, and signature
32 Digital Signatures Attack Models Key-only attack Attacker is given only the public signing key Known message attack attacker is given valid signatures for a variety of messages known by the attacker but not chosen by the attacker chosen message attack attacker first learns signatures on arbitrary messages of the attacker's choice
33 Digital Signatures The Enemy Given enough time (and horsepower), one can always forge a digital signature Total Break (discovering the secret) Universal forgery (ability to forge signature for any messages) Selective Forgery (ability to forge signature on a message of choice)
34 Digital Signatures and Hash Functions Digital Signatures Hash of the message, M, is signed. NOT the entire message efficiency: hashing is faster than signing compatibility: message length integrity: longer message would have to be split into blocks and signed Function must be: Pre-image resistant Weak collision resistant Strong collision resistant
35 The Signing Process Diagram from:
36 Validation Process Diagram from:
37 Digital Signatures RSA Digital Signatures Recall: RSA Key Generation 2 prime numbers of the same size (p and q) Need to prevent discovery of p and q by exhaustive search n = p * q Select e, 1 < e < (p-1)(q-1) s.t. gcd(e, (p-1)(q-1)) = 1 Euclidian algorithm for determing whether 2 numbers are co-primes Compute d, 1 < d < (p-1)(q-1) s.t. e * d 1 mod (p-1)(q-1) Public Key, K is (e, n) Private Key, K -1 is (d)
38 Digital Signatures RSA Signing Alice wants to send Bob a message M. Alice will: Verify 0 < M < n G 1 = H(M) S 1 = G 1 d mod n Send S 1 along with M Bob will: G 2 = H(M) S 2 e mod n = G 2 S 1 = S 2?
39 Agenda Public Key Crypto Systems Cryptographic Hash Functions Digital Signatures Public Key Infrastructure and Trust
40 Public Key Infrastructure Public Keys and Trust Bob has keys: K b, K b -1 Alice has keys: K a, K a -1 How does Bob obtain Alice s public key? How does Bob know Alice s key really belongs to Alice?
41 Public Key Infrastructure Public Key Distribution Typically we assume that Bob has Alice s public key He has verified this by some other means Key Distribution Methods Public Announcement Public Directory Both methods can easily be forged/tampered
42 Public Key Infrastructure Public Key Infrastructure Diagram from:
43 Public Key Infrastructure X.509 X.509: ITU-T Standard for the public key infrastructure (1988) Defines the concept of a Certificate Certificates are issued and signed by a strict hierarchy of certificate authorities (CAs) Defines the concept of CRLs - Certificate Revocation Lists Used by most major crypto/security applications: SSL, SSH, IPSEC, etc.
44 Public Key Infrastructure X.509 Certificates Allow key exchange Binds an identity to a public key The contents of the cert are signed by the CA This can be verified by using the CA s public key Version, serial number, algorithm ID, issuer, validity, owner name, key-info, issuer unique ID, owner unique ID, extension, signature of cert
45 Public Key Infrastructure Verifying Certificates Signature of CA must verify Date Validity What happens if the user s private key is compromised? Users must check the CRL
46 Public Key Infrastructure CA Hierarchy Everyone can t use the same CA Scalability problems CAs form hierarchy Each CA has certificates for clients (forward) and parent (backward) Each client trusts parent certificates Certificates are trusted if the signature of the CA verifies A chain of CAs (head is called root CA)
47 Problem with Certificates Management and Distribution of Certificates Issues: Detection of a compromise secret key Delay of publishing the CRL The CRL can get HUGE!
48 Public Key Infrastructure Problems with CRLs Must check the CRL every time Delay between revocation and detection of revocation Key owner is responsible for protection of private key Abuse only takes seconds Not suitable for real-time online applications CRLs are valid for 24 hours - certs are valid for years
49 Next Class Key Management, Agreement, and Distribution
50 Additional Slides
51 one.drexel.edu certificate
52 one.drexel.edu
53 expired certificate
54 Cert from a non-trusted CA
Introduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationDigital Signatures. Murat Kantarcioglu. Based on Prof. Li s Slides. Digital Signatures: The Problem
Digital Signatures Murat Kantarcioglu Based on Prof. Li s Slides Digital Signatures: The Problem Consider the real-life example where a person pays by credit card and signs a bill; the seller verifies
More informationIntroduction to Computer Security
Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationOutline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures
Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike
More informationOutline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg
Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationHash Functions. Integrity checks
Hash Functions EJ Jung slide 1 Integrity checks Integrity vs. Confidentiality! Integrity: attacker cannot tamper with message! Encryption may not guarantee integrity! Intuition: attacker may able to modify
More informationCryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs
Cryptographic hash functions and MACs Solved Exercises for Cryptographic Hash Functions and MACs Enes Pasalic University of Primorska Koper, 2014 Contents 1 Preface 3 2 Problems 4 2 1 Preface This is a
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationAuthentication requirement Authentication function MAC Hash function Security of
UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationPublic Key Cryptography and RSA. Review: Number Theory Basics
Public Key Cryptography and RSA Murat Kantarcioglu Based on Prof. Ninghui Li s Slides Review: Number Theory Basics Definition An integer n > 1 is called a prime number if its positive divisors are 1 and
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationAn Introduction to Cryptography as Applied to the Smart Grid
An Introduction to Cryptography as Applied to the Smart Grid Jacques Benoit, Cooper Power Systems Western Power Delivery Automation Conference Spokane, Washington March 2011 Agenda > Introduction > Symmetric
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More information1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies
1720 - Forward Secrecy: How to Secure SSL from Attacks by Government Agencies Dave Corbett Technical Product Manager Implementing Forward Secrecy 1 Agenda Part 1: Introduction Why is Forward Secrecy important?
More informationCryptographic Hash Functions Message Authentication Digital Signatures
Cryptographic Hash Functions Message Authentication Digital Signatures Abstract We will discuss Cryptographic hash functions Message authentication codes HMAC and CBC-MAC Digital signatures 2 Encryption/Decryption
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationDigital Signature. Raj Jain. Washington University in St. Louis
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationDigital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?
Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)
More informationOverview of Public-Key Cryptography
CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows
More informationCryptography and Network Security Chapter 9
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 9 Public Key Cryptography and RSA Every Egyptian received two names,
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More informationCryptography Lecture 8. Digital signatures, hash functions
Cryptography Lecture 8 Digital signatures, hash functions A Message Authentication Code is what you get from symmetric cryptography A MAC is used to prevent Eve from creating a new message and inserting
More information7 Key Management and PKIs
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationCryptography & Digital Signatures
Cryptography & Digital Signatures CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration Prof. Sloan s Slides, 2007, 2008 Robert H.
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond
More information1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.
1 Digital Signatures A digital signature is a fundamental cryptographic primitive, technologically equivalent to a handwritten signature. In many applications, digital signatures are used as building blocks
More informationPublic Key (asymmetric) Cryptography
Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,
More informationLecture 15 - Digital Signatures
Lecture 15 - Digital Signatures Boaz Barak March 29, 2010 Reading KL Book Chapter 12. Review Trapdoor permutations - easy to compute, hard to invert, easy to invert with trapdoor. RSA and Rabin signatures.
More informationSignature Schemes. CSG 252 Fall 2006. Riccardo Pucella
Signature Schemes CSG 252 Fall 2006 Riccardo Pucella Signatures Signatures in real life have a number of properties They specify the person responsible for a document E.g. that it has been produced by
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationMessage Authentication
Message Authentication message authentication is concerned with: protecting the integrity of a message validating identity of originator non-repudiation of origin (dispute resolution) will consider the
More informationHow encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and
How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and non-repudiation. How to obtain a digital certificate. Installing
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationAuthentication, digital signatures, PRNG
Multimedia Security Authentication, digital signatures, PRNG Mauro Barni University of Siena Beyond confidentiality Up to now, we have been concerned with protecting message content (i.e. confidentiality)
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More information1 Signatures vs. MACs
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Nov. 22, 2006 Lecture Notes 17: Digital Signatures Recommended Reading. Katz-Lindell 10 1 Signatures vs. MACs Digital signatures
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationKey Management and Distribution
Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationSecure Network Communication Part II II Public Key Cryptography. Public Key Cryptography
Kommunikationssysteme (KSy) - Block 8 Secure Network Communication Part II II Public Key Cryptography Dr. Andreas Steffen 2000-2001 A. Steffen, 28.03.2001, KSy_RSA.ppt 1 Secure Key Distribution Problem
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationAuthenticity of Public Keys
SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!
More informationCryptography and Network Security Chapter 11
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 11 Cryptographic Hash Functions Each of the messages, like each
More informationCryptography and Network Security Chapter 11. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Chapter 11 Message Authentication and Hash Functions At cats' green on the Sunday he took the message from the inside of
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationChapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory
There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution
More informationCS549: Cryptography and Network Security
CS549: Cryptography and Network Security by Xiang-Yang Li Department of Computer Science, IIT Cryptography and Network Security 1 Notice This lecture note (Cryptography and Network Security) is prepared
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationThe Mathematics of the RSA Public-Key Cryptosystem
The Mathematics of the RSA Public-Key Cryptosystem Burt Kaliski RSA Laboratories ABOUT THE AUTHOR: Dr Burt Kaliski is a computer scientist whose involvement with the security industry has been through
More informationCIS433/533 - Computer and Network Security Cryptography
CIS433/533 - Computer and Network Security Cryptography Professor Kevin Butler Winter 2011 Computer and Information Science A historical moment Mary Queen of Scots is being held by Queen Elizabeth and
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationPublic Key Infrastructure (PKI)
Public Key Infrastructure (PKI) In this video you will learn the quite a bit about Public Key Infrastructure and how it is used to authenticate clients and servers. The purpose of Public Key Infrastructure
More informationIntroduction. Digital Signature
Introduction Electronic transactions and activities taken place over Internet need to be protected against all kinds of interference, accidental or malicious. The general task of the information technology
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationlundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal
Symmetric Crypto Pierre-Alain Fouque Birthday Paradox In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal N=365, about 23 people are
More informationBrocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1
PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority
More informationDigital signatures. Informal properties
Digital signatures Informal properties Definition. A digital signature is a number dependent on some secret known only to the signer and, additionally, on the content of the message being signed Property.
More informationDigital Signatures. Meka N.L.Sneha. Indiana State University. nmeka@sycamores.indstate.edu. October 2015
Digital Signatures Meka N.L.Sneha Indiana State University nmeka@sycamores.indstate.edu October 2015 1 Introduction Digital Signatures are the most trusted way to get documents signed online. A digital
More informationNetwork Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec
Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication
More informationComputer and Network Security. Outline
Computer and Network Security Lecture 10 Certificates and Revocation Outline Key Distribution Certification Authorities Certificate revocation 1 Key Distribution K A, K B E KA ( K AB, E KB (KAB) ) K A
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationPractice Questions. CS161 Computer Security, Fall 2008
Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice
More informationOne-Way Encryption and Message Authentication
One-Way Encryption and Message Authentication Cryptographic Hash Functions Johannes Mittmann mittmann@in.tum.de Zentrum Mathematik Technische Universität München (TUM) 3 rd Joint Advanced Student School
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More informationCSCI-E46: Applied Network Security. Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING 2016 1
CSCI-E46: Applied Network Security Class 1: Introduction Cryptography Primer 1/26/16 CSCI-E46: APPLIED NETWORK SECURITY, SPRING 2016 1 Welcome to CSCI-E46 Classroom & Schedule 53 Church Street L01 Wednesdays,
More informationHow To Protect Your Data From Attack
Security in Communication Networks Lehrstuhl für Informatik 4 RWTH Aachen Prof. Dr. Otto Spaniol Dr. rer. nat. Dirk Thißen Page 1 Organization Lehrstuhl für Informatik 4 Lecture Lecture takes place on
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationSymmetric Crypto MAC. Pierre-Alain Fouque
Symmetric Crypto MAC Pierre-Alain Fouque Birthday Paradox In a set of D elements, by picking at random D elements, we have with high probability a collision two elements are equal D=365, about 23 people
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More information