CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 26 Review of Some Mid-Term Problems.

Slides:



Advertisements
Similar presentations
Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
Advertisements

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.
1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Session 4 Asymmetric ciphers.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Computer Security CS 426 Lecture 3
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Dan Boneh Stream ciphers The One Time Pad Online Cryptography Course Dan Boneh.
8. Data Integrity Techniques
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Background on security
Section 4.4: The RSA Cryptosystem Practice HW Handwritten and Maple Exercises p at end of class notes.
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
Password Mistyping in Two-Factor Authenticated Key Exchange Vladimir KolesnikovCharles Rackoff Bell LabsU. Toronto ICALP 2008.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
CS426Fall 2010/Lecture 61 Computer Security CS 426 Lecture 6 Cryptography: Message Authentication Code.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Network Security – Special Topic on Skype Security.
CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.
Information Security CS 526
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.
Cryptography Readings Encryption, Decryption, & Digital Certificates.
Homework #1 J. H. Wang Oct. 2, 2013.
CS 4803 Fall 04 Public Key Algorithms. Modular Arithmetic n Public key algorithms are based on modular arithmetic. n Modular addition. n Modular multiplication.
CS555Spring 2012/Topic 31 Cryptography CS 555 Topic 3: One-time Pad and Perfect Secrecy.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
CS555Spring 2012/Topic 71 Cryptography CS 555 Topic 7: Stream Ciphers and CPA Security.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004.
Key Management Network Systems Security Mort Anvari.
CS555Spring 2012/Topic 81 Cryptography CS 555 Topic 8: Pseudorandom Functions and CPA Security.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
CS526Topic 2: Classical Cryptography1 Information Security CS 526 Topic 2 Cryptography: Terminology & Classic Ciphers.
Part 1  Cryptography 1 Integrity Part 1  Cryptography 2 Data Integrity  Integrity  detect unauthorized writing (i.e., modification of data)  Example:
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Problem Set 1: Cryptography.
Encryption and Integrity
Authenticated encryption
Cryptography Lecture 12.
Key Management Network Systems Security
Information-Theoretic Security
Cryptography Lecture 9.
Cryptography Lecture 12.
Presentation transcript:

CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 26 Review of Some Mid-Term Problems

One-Time Pad: Restating The Question One may argue that one-time pad cipher is completely useless for the following reason. As OTP requires the agreement of a key that is as long as the message, any channel that is used to send the key can also be used to send the message instead. Hence one does not need OTP encryption. Explain why this argument is incorrect by describing a scenario where one- time pad can still be useful. CS426Fall 2010/Lecture 252

Answers to the OTP Question Standard Answer: A secure channel can exist before messages exist. An interesting answer: –One can send message & key through multiple channels, assume that the adversary cannot eavesdrop all channels –Related to secret sharing: How to split a secret to be shared in multiple shares so that one needs all shares to recover the secret? CS426Fall 2010/Lecture 253

Other Answers to the OTP Question With an authentic, but insecure channel, two parties can agree on a secret key without sending it –Has integrity (authenticity), but not confidentiality Can then use OTP to send messages E.g.: Diffie-Hellman Key agreement Protocol: –See next slide Quantum communication provide another kind of channels suitable for sending keys but not messages: any eavesdropping will be detected CS426Fall 2010/Lecture 254

CS526Spring 2009/Lecture 235 Key Agreement: Diffie-Hellman Protocol  Key agreement protocol, A and B agree on K  Setup: choose a prime p, and g in {2,…,p-1}, p and g public. K = (g b mod p) a = g ab mod p g a mod p g b mod p K = (g a mod p) b = g ab mod p Pick random, secret a Compute and send g a mod p Pick random, secret b Compute and send g b mod p

Semantic Security Question Restated We require secure ciphers to provide Semantic Security (Ciphertext indistinguishability), that is, if an adversary chooses two equal-length messages M 0 and M 1, and is given E K [M b ], where b is uniformaly randomly chosen from {0,1}, the adversary has little advantage in guessing b. Suppose that ECB mode is used, show how to choose M 0 and M 1 such that from the ciphertext C=E K [M b ], one can easily tell whether it is an encryption of M 0 or M 1. CS426Fall 2010/Lecture 256

Why Ciphertext Indistinguishability? Information Theoretical Security: Given C, each M is equally likely –Cannot achieve in practice Computational Security (attempt 1): Given C, cannot recover M –What is some information about M is recovered? –What if adv. has some knowledge about M already? Computational Security (attempt 2): Given C, cannot find any additional info about M, except its length. CS426Fall 2010/Lecture 257

How to Formalize Computational Security? Given C, suppose adv. knows it is the cihpertext of either M 0 or M 1, still cannot tell which one it is. –What if adv. can tell some pairs but not others? Have the adv choose M 0 or M 1, let C be ciphertext of one of them, still cannot tell which one it is. Note: The Adv sees only one ciphertext C CS426Fall 2010/Lecture 258

Answers to the Semantic Security Question Choose M 0 be B 1 B 1 and M 1 be B 1 B 2, where B 1 and B 2 are two different blocks. –If C has two repeated blocks, then it encrypts M 0, otherwise, it encrypts M 1 –Any B 1 and B 2 would work, no need to be all 0’s, or all 1’s Incorrect answer: –Let M 0 be all 0’s, and M 1 be all 1’s. –Using a secure block cipher, one cannot tell CS426Fall 2010/Lecture 259

New ScareWare: Kenzero [BBC News, April 2010] A trojan spread through P2P file sharing Prompts you to a game installation window on your PC and asks for your personal information. Take browser’s history, publishes online. Also, once found proof of illegally downloading files, sends an or another pop-up that threatens legal action if you don't pay (1500 Yen) $15 to "settle your violation of copyright law.“ Website Yomiuri claims that 5500 people have so far admitted to being infected. Also similar incident in Europe CS426Fall 2010/Lecture 2510

Confused Deputy Problem How is confused deputy problem solved in UNIX? –Use the setuid family of system calls to Drop root privilege when no longer needed. Switch between two users ids –Require programmers to proactively use these while writing the programs. CS426Fall 2010/Lecture 2511

No Confused Deputy Problem in Capability Systems Two masters each pass in their own capabilities (for file accesses) to the program A file access by the program must select a capability –The selection of a capability also selects the master The master for each access is thus specified –No designation without authority Cannot talk about an object w/o some authority over it CS426Fall 2010/Lecture 2512

BLP Question: Possible Flows From one object to another of the same level –Legal Human users leaking information –Out of hand channel Use channels not intended for transmitting inf –Covert channels, not overt From low level object to high –Integrity concern, but legal wrt intend of BLP Read high file, close file, drop to low, and write –Satisfy BLP definition, illegal wrt intent CS426Fall 2010/Lecture 2513