Class 5 Channels and Preview CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Slides:



Advertisements
Similar presentations
MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.
Advertisements

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Web Security for Network and System Administrators1 Chapter 4 Encryption.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Wired Equivalent Privacy (WEP)
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
1 Introduction to Information Security , Spring 2015 Lecture 7: Applied cryptography: asymmetric Eran Tromer Slides credit: John Mitchell, Stanford.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Lecture 23 Cryptography CPE 401 / 601 Computer Network Systems Slides are modified from Jim Kurose & Keith Ross.
Security. Cryptography Why Cryptography Symmetric Encryption – Key exchange Public-Key Cryptography – Key exchange – Certification.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
COEN 350 Mobile Security. Wireless Security Wireless offers additional challenges: Physical media can easily be sniffed. War Driving Legal? U.S. federal.
Introduction to Stream Cipher Sayed Mahdi Mohammad Hasanzadeh Spring 2004.
Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
CS 4/585: Cryptography Tom Shrimpton FAB
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Class 5 Practical Considerations and Physical Security CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Class 7 Practical Considerations CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Intercepting Mobile Communications: The Insecurity of Nikita Borisov Ian Goldberg David Wagner UC Berkeley Zero-Knowledge Sys UC Berkeley Presented.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Chapter 21 Public-Key Cryptography and Message Authentication.
Class 4 Secure Channels and Practical Considerations CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Cryptography Chapter 7 Part 2 Pages 781 to 812. Symmetric Cryptography Secret Key Figure 7-10 on page 782 Key distribution problem – Secure courier Many.
Internet-security.ppt-1 ( ) 2000 © Maximilian Riegel Maximilian Riegel Kommunikationsnetz Franken e.V. Internet Security Putting together the.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Key Exchange Methods Diffie-Hellman and RSA CPE 701 Research Case Study Derek Eiler | April 2012.
Intercepting Mobiles Communications: The Insecurity of ► Paper by Borisov, Goldberg, Wagner – Berkley – MobiCom 2001 ► Lecture by Danny Bickson.
Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Class 4 Asymmetric Cryptography and Trusting Internal Components CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Class 3 Cryptography Refresher II CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Intro to Cryptography Lesson Introduction
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
WLAN Security1 Security of WLAN Máté Szalay
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Symmetric Cryptography
Cryptography Basics and Symmetric Cryptography
Foundations of Network and Computer Security
Review of Cryptography: Symmetric and Asymmetric Crypto Advanced Network Security Peter Reiher August, 2014.
Presentation transcript:

Class 5 Channels and Preview CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Administrative stuff Quiz survey today (end of class) Project due dates posted No office hours tomorrow Schedule always being updated – watch for changes What would you like to see covered? Paper reading and the “huh?” moment Use Google ScholarGoogle Scholar

Last time: Basic primitives Confidentiality (encryption) – Symmetric (e.g. AES) – Asymmetric (e.g. RSA) Hash functions Integrity and authentication – Symmetric (authentication codes) – Asymmetric (signatures) Random numbers

Preview of Math in Asymmetric Crypto Diffie-Hellman – Discrete logarithm is “hard” – Computational, decisional (“flavors”) RSA – Prime factorization is “hard” Quantum computing and Shor’s algorithm Elliptic Curves Bilinear Maps

Person-in-the-middle Alice Bob Alice Confidential NOT Authenticated Bob ?

Muahaha! Person-in-the-middle Alice Bob Alice? NOT Confidential NOT Authenticated Bob

Certificates Alice Bob Alice! Confidential Authenticated Bob CRAP!

Confidential? Authenticated? PKI Example: Confidential Bob Alice Bob Alice?

Confidential Authenticated PKI Example: Confidential Bob Alice Bob Alice!

Questions?

In practice: Optimizations Asymmetric encryption: – Password  Secret Key  E SK (K), E K (M) Signatures: – Password  Secret Key  M, Sig SK (h(M)) Why do this? Why is this safe? Symmetric: – Password  Key derivation/stretching/strengthening function  K

In practice: Problems Composability: Attack on PKCS #1 v2 standard-compliant RSA OAEP leaks plaintext bits: / This attack also leaks plaintext bits in a lot of systems that use CBC block cipher mode: xkcd.com

Example: WEP – IV, RC4(IV, k)  (M, c(M)) – Claim: 24-bit IV + 40-bit key = 64-bit security Example: WEP – IV, RC4(IV, k)  (M, c(M)) – Claim: 24-bit IV bit key = 64-bit security On the right: text from Jonathan Katz Problems: Composability Is this secure against chosen-plaintext attacks? – It is randomized… 40-bit key (in some implementations)! – Claims that, with IV, this gives a 64-bit effective key(!) And how is the IV chosen? – Only 24 bits long -- IV repetitions are a problem! – Reset to 0 upon re-initialization – Some implementations increment the IV as a counter A repeating IV allows the attacker to compute the XOR of two plaintexts – We have discussed already how this can be damaging Small IV space means the attacker can build a dictionary of (IV, RC4(IV, k)) pairs – If portions of some plaintexts known, this enables determination of other plaintexts Known-plaintext attacks discovered on this usage of RC4 – Possible because the first byte of plaintext is a fixed, known header! Chosen-plaintext attacks – Send IP traffic/ to the mobile host and watch it get forwarded – Transmit broadcast messages to access point – Authentication spoofing No cryptographic integrity protection – The checksum is linear (i.e., c(x  y) = c(x)  c(y)) and unkeyed, and therefore easy to attack – Allows IP redirection attack – Allows TCP “reaction” attacks Look at whether TCP checksum is valid Form of chosen-ciphertext attack Encryption used to provide authentication of mobile station (access point sends nonce; station returns an encryption of the nonce) – Allows easy spoofing after eavesdropping

Problems: Side channels Side-channel attacks VERY damaging – Power – Timing See news (2013) and cool stuff (2014) pagesnewscool stuff – Error messages! Different errors in SSH leak information (mismatch between implementation and specification of CBC block cipher mode):

Questions?

Cool stuff Elliptic curves – y 2 = x 3 + ax + b Secure multiparty computation – General existence result Communication complexity Threshold cryptography – Encryption, signatures, secret sharing

More cool stuff Identity-based encryption (IBE) – Time period-based Attribute-based encryption (ABE) Zero-knowledge (ZK) proofs – General existence result in NP – Interactive or non-interactive (NZIK) Strength from number of rounds or predefined Homomorphic encryption

Yet more cool stuff Key management – Key trees Hierarchical, time-based access One-time use tokens – Compare to capabilities Blind signatures Compact signature aggregation Commitments (vs. hashes)

Questions? Quiz Survey

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.