Authenticated Encryption (AE) Instructor: Ahmad Boorghany

Similar documents

Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm By Mihir Bellare and Chanathip Namprempre

Reconsidering Generic Composition

Authenticated Encryption: Relations among notions and analysis of the generic composition paradigm

CryptoVerif Tutorial

Provable-Security Analysis of Authenticated Encryption in Kerberos

Symmetric Crypto MAC. Pierre-Alain Fouque

Authenticated encryption

Cryptography Overview

CS155. Cryptography Overview

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Ascon. Ch. Dobraunig 1, M. Eichlseder 1, F. Mendel 1, M. Schläffer 2. 22nd Crypto Day, Infineon, Munich. (A Submission to CAESAR)

Ciphertext verification security of symmetric encryption schemes

Soran University Faculty of Science and Engineering Computer Science Department Information Security Module Specification

Generalized Single Packet Authorization for Cloud Computing Environments

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 13

The Order of Encryption and Authentication for Protecting Communications (Or: How Secure is SSL?)

Network Security - ISA 656 Review

Cryptography for Secure Channels Kenny Paterson

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

Message Authentication Code

Computer Networks. Secure Systems

Internet Engineering Task Force (IETF) Request for Comments: Category: Standards Track ISSN: A. Langley Google June 2015

CSci 530 Midterm Exam. Fall 2012

CPSC 467b: Cryptography and Computer Security

Encrypting*a*Windows*7*Hard*Disk* with%bitlocker%disk%encryption!

lundi 1 octobre 2012 In a set of N elements, by picking at random N elements, we have with high probability a collision two elements are equal

Thanks, But No Thanks

NETWORK ADMINISTRATION AND SECURITY

Vulnerabilities in WEP Christopher Hoffman Cryptography

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

ICOM 5018 Network Security and Cryptography

TinySec: A Link Layer Security Architecture for Wireless Sensor Networks

CONNECTING THE RASPBERRY PI TO A NETWORK

Data Encryption and Network Security

NETWORK SECURITY (W/LAB) Course Syllabus

Study on cryptographic protocols

Threat modeling of the security architectures of various wireless technologies

Chapter 8. Network Security

Chapter 7 Transport-Level Security

DRAFT Standard Statement Encryption

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 3.0 to 3.1

Next Generation Credit Services

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Snow Agent System Pilot Deployment version

PENN. Social Sciences Computing a division of SAS Computing. SAS Computing SSC. File Security. John Marcotte Director of SSC.

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

Release: 1. ICANWK502A Implement secure encryption technologies

Cryptography & Network Security. Introduction. Chester Rebeiro IIT Madras

Table of Contents. Introduction. Audience. At Course Completion

Authenticated Encryption in TLS Kenny Paterson

SubmitedBy: Name Reg No Address. Mirza Kashif Abrar T079 kasmir07 (at) student.hh.se

HIPAA COMPLIANCE AND DATA PROTECTION Page 1

CS549: Cryptography and Network Security

Privacy + Security + Integrity

Key Management and Distribution

Virtual Private Networks

How To Understand And Understand The Security Of A Key Infrastructure

WLAN Authentication and Data Privacy

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

Department of Computer & Information Sciences. CSCI-445: Computer and Network Security Syllabus

ENHANCED SECURITY IN SECURE SOCKET LAYER 3.0 SPECIFICATION

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

CS 458 / 658 Computer Security and Privacy. Module outline. Module outline. Module 5 Internet Application Security and Privacy.

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

HW/Lab 1: Security with PGP, and Crypto CS 336/536: Computer Network Security DUE 09/28/2015 (11am)

Ensuring HIPAA Compliance with Pros 4 Technology Online Backup and Archiving Services

INFORMATION SECURITY A MULTIDISCIPLINARY. Stig F. Mjolsnes INTRODUCTION TO. Norwegian University ofscience & Technology. CRC Press

Network Security Part II: Standards

TLS/SSL in distributed systems. Eugen Babinciuc

Cyber Exercises, Small and Large

Application Note. Onsight Device Certificate Management

Wireless Encryption Protection

Transport Level Security

Lecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References

RYERSON UNIVERSITY Ted Rogers School of Information Technology Management And G. Raymond Chang School of Continuing Education

Network Security Course Specifications

Secure Network Communication Based on Text-to-Image Encryption

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

Securing Data on Microsoft SQL Server 2012

Kerberos authentication made easy on OpenVMS

SE 4472a / ECE 9064a: Information Security

Textbooks: Matt Bishop, Introduction to Computer Security, Addison-Wesley, November 5, 2004, ISBN

Transcription:

Sharif University of Technology Department of Computer Engineering Data and Network Security Lab Authenticated Encryption (AE) Instructor: Ahmad Boorghany Most of the slides are obtained from Bellare and Rogaway s Introduction to Modern Cryptography course. 1 / 41

Outline Motivation Generic Composition Authenticated Encryption with Associated Data (AEAD) 2 / 41

Motivation 3 / 41

Authenticated Encryption 4 / 41

Authenticated Encryption Schemes 5 / 41

Privacy of Authenticated Encryption Schemes 6 / 41

Integrity of Authenticated Encryption Schemes 7 / 41

INT-CTXT 8 / 41

Integrity with privacy 9 / 41

Relations 10 / 41

Plain Encryption Does Not Provide Integrity 11 / 41

Encryption with Redundancy 12 / 41

Encryption with Redundancy Fails 13 / 41

WEP Attack 14 / 41

Generic Composition 15 / 41

Generic Composition 16 / 41

Generic Composition Methods 17 / 41

Encrypt-and-MAC 18 / 41

Encrypt-and-MAC 19 / 41

Encrypt-and-MAC 20 / 41

Encrypt-and-MAC 21 / 41

MAC-then-Encrypt 22 / 41

MAC-then-Encrypt 23 / 41

MAC-then-Encrypt 24 / 41

MAC-then-Encrypt 25 / 41

Encrypt-then-MAC 26 / 41

Encrypt-then-MAC 27 / 41

Encrypt-then-MAC 28 / 41

Encrypt-then-MAC 29 / 41

Achieving IND-CCA 30 / 41

Two keys or one? 31 / 41

Generic Composition in Practice 32 / 41

AE in SSH 33 / 41

AE in SSL 34 / 41

Authenticated Encryption with Associated Data (AEAD) 35 / 41

AEAD 36 / 41

AEAD Privacy 37 / 41

AEAD Integrity 38 / 41

AEAD Schemes 39 / 41

Performance Comparisons x32 40 / 41

Questions? 41 / 41