A Crash Course in Modern Crypto Tools Dan Boneh Stanford University.

Slides:

Advertisements

Similar presentations

Chris Karlof and David Wagner

Advertisements

By Md Emran Mazumder Ottawa University Student no:

The Attestation Mechanism in Trusted Computing. A Simple Remote Attestation Protocol Platform TPM Verifier Application A generates PK A & SK A 2) computes.

Access control for IP multicast T Petri Jokela

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research.

Information Security & Cryptographic Principles. Infosec and Cryptography Subjects / Topics : 1. Introduction to computer cryptography 1. Introduction.

Public Key Management and X.509 Certificates

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

Digital Signatures. Anononymity and the Internet.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

1 A Fully Collusion Resistant Broadcast, Trace and Revoke System Brent Waters SRI International Dan Boneh Stanford.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Securing the Border Gateway Protocol Using S-BGP Dr. Stephen Kent Chief Scientist - Information Security APNIC Open Policy Meeting Routing.

Exchange Network Key Management Services A Security Component February 28, 2005 The Exchange Network Node Mentoring Workshop.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

Implementation of LSI for Privacy Enhancing Computation Kazue Sako, Sumio Morioka

LAAC: A Location-Aware Access Control Protocol YounSun Cho, Lichun Bao and Michael T. Goodrich IWUAC 2006.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Cryptography for Backup Navigation

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

A New Life for Group Signatures Dan Boneh Stanford University.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

Adaptive Security for Wireless Sensor Networks Master Thesis – June 2006.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Interdomain Routing Security Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays.

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

Lightwave Communications Research Laboratory Princeton University SoBGP vs SBGP Sharon Goldberg Princeton Routing Security Seminar June 27, 2006 and July.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.

Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

PKI To The Masses IPCCC 2004 Dan Massey USC/ISI. 1 March PKI Is Necessary l My PKI related actions since arriving at IPCCC n Used an.

1 Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys Dan Boneh, Craig Gentry, and Brent Waters.

Dan Boneh Introduction What is cryptography? Online Cryptography Course Dan Boneh.

Computer Science Public Key Management Lecture 5.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Kittiphan Techakittiroj (24/08/58 22:49 น. 24/08/58 22:49 น. 24/08/58 22:49 น.) Digital Certification Kittiphan Techakittiroj

Oblivious Signature-Based Envelope Ninghui Li, Stanford University Wenliang (Kevin) Du, Syracuse University Dan Boneh, Stanford University.

ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.

Basel Alomair, Krishna Sampigethaya, and Radha Poovendran University of Washington TexPoint fonts used in EMF.

1 Sequential Aggregate Signatures and Multisignatures Without Random Oracles Steve Lu, Rafail Ostrovsky, Amit Sahai, Hovav Shacham, and Brent Waters.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

DoS-Resilient Secure Aggregation Queries in Sensor Networks Haifeng Yu National University of Singapore

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

Chapter 4 Using Encryption in Cryptographic Protocols & Practices.

Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.

Electronic Commerce School of Library and Information Science PGP and cryptography I. What is encryption? Cryptographic systems II. What is PGP? How does.

Dan Boneh Introduction Course Overview Online Cryptography Course Dan Boneh.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Public / Private Key Example Dan Fleck CS 469: Security Engineering Coming up: Today 11.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

M2 Encryption techniques Gladys Nzita-Mak. What is encryption? Encryption is the method of having information such as text being converted into a format.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Authorized But Anonymous: Taking Charge of Your Personal Data Anna Lysyanskaya Brown University.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

29/Jul/2009 Young Hoon Park.  M.Bellare, D.Micciancio, B.Warinschi, Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and.

Unit 3 Section 6.4: Internet Security

SSL Certificates for Secure Websites

TRUST:Team for Research in Applied Cryptography

Public Key Infrastructure (PKI)

Jason cooper blockchain specialist Unlock blockchain 14 January 2018

Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig

Public-Key, Digital Signatures, Management, Security

Verifiable Attribute Based Keyword Search with Fine-Grained Owner-Enforced Search Authorization in the Cloud They really need a shorter title.

Presentation transcript:

A Crash Course in Modern Crypto Tools Dan Boneh Stanford University

1. Aggregate sigs Anyone can aggregate n signatures into one. Aggregate S convinces verifier that M 1, …, M n were properly signed by users 1, …, n. User 1: PK 1, M 1 S 1 User 2: PK 2, M 2 S 2 User n: PK n, M n S n S [BGLS02]

Sample applications Secure routing protocols (SBGP) # sigs in path attestation grows linearly in length of path. Aggregating sigs reduces traffic and memory. Certificate chains (chains of trust) Aggregate all sigs in chain into one ,1 4,1 3,1 4,1 9 8,2,1

2. Group Signatures Simple solution: give all users same private key … but, also need to: revoke signers when needed, and trace: trapdoor for undoing sig privacy. Key Issuer User 1 User 2 Is sig from user 1 or 2? msg sig

Example: Vehicle Safety Comm. (VSC) Car 1Car 2Car 3Car 4 brake Car Ambulance out of my way !! Require authenticated (signed) messages from cars. Prevent impersonation and DoS on traffic system. Privacy problem: cars broadcasting signed (x,y, v ). Clean solution: group sigs. Group = set of all cars.

3. Broadcast Encryption [FN93] Encrypt to arbitrary subsets S. Collusion resistance: secure even if all users in S c collude. K1K1 K2K2 K3K3 S {1,…,n} CT = E[M,S]

Example: Encrypted File Systems Broadcast to small sets: |S| << n Best construction: trivial. |CT|=O(|S|), |priv|=O(1) Examples: EFS, . File F E K F [F] E PK A [K F ] E PK C [K F ] Header < 256K E PK B [K F ]

Broadcast Encryption Public-key BE system: Setup(n):outputs private keys d 1, …, d n and public-key PK. Encrypt(S, PK, M): Encrypt M for users S {1, …, n} Output ciphertext CT. Decrypt(CT, S, j, d j, PK): If j S, output M. Broadcast contains ( [S], CT )

Broadcast size CT SizePriv-key size Small sets:trivialO(|S|)O(1) Large sets: NNL,HS,GST O(n-|S|)O(log n) Any set: BGW 05 O(1)

Broadcast size CT SizePriv-key size Small sets:trivialO(|S|)O(1) Large sets: NNL,HS,GST O(n-|S|)O(log n) Any set: BGW 05 O(1) with O(n) size public key

Summary Surveyed: Aggragate sigs, groups sigs, broadcast enc. All implemented in PBC Library: Open source under GPL