Exercises 2013-04-18 Information Security Course Eric Laermans – Tom Dhaene.

Slides:



Advertisements
Similar presentations
1 Chapter 7-2 Signature Schemes. 2 Outline [1] Introduction [2] Security Requirements for Signature Schemes [3] The ElGamal Signature Scheme [4] Variants.
Advertisements

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.
7. Asymmetric encryption-
Session 4 Asymmetric ciphers.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown and edited by Archana Chidanandan Cryptographic Tools.
CNS2010handout 10 :: digital signatures1 computer and network security matt barrie.
Introduction to Modern Cryptography Homework assignments.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Chapter 7-1 Signature Schemes.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Security Arguments for Digital Signatures and Blind Signatures Journal of Cryptology, (2000) 13: Authors: D. Pointcheval and J. Stern Presented.
Cryptography1 CPSC 3730 Cryptography Chapter 13 Digital Signature Standard (DSS)
CS470, A.SelcukRSA1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptography and Network Security Chapter 13
1 CIS 5371 Cryptography 8. Asymmetric encryption-.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
8. Data Integrity Techniques
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Lecture 8 Digital Signatures. This lecture considers techniques designed to provide the digital counterpart to a handwritten signature. A digital signature.
11 Digital Signature.  Efficiency  Unforgeability : only signer can generate  Not reusable : not to use for other message  Unalterable : No modification.
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Bob can sign a message using a digital signature generation algorithm
1 Lect. 15 : Digital Signatures RSA, ElGamal, DSA, KCDSA, Schnorr.
The RSA Algorithm Rocky K. C. Chang, March
Lecture 15 Lecture’s outline Public algorithms (usually) that are each other’s inverse.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Lecture 3.2: Public Key Cryptography II CS 436/636/736 Spring 2014 Nitesh Saxena.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
Key Management Workshop November 1-2, Cryptographic Algorithms, Keys, and other Keying Material  Approved cryptographic algorithms  Security.
Topic 22: Digital Schemes (2)
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2013 Nitesh Saxena.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
CSCI 172/283 Fall 2010 Hash Functions, HMACs, and Digital Signatures.
Exercises Information Security Course Eric Laermans – Tom Dhaene.
Lecture 8 Overview. Secure Hash Algorithm (SHA) SHA SHA SHA – SHA-224, SHA-256, SHA-384, SHA-512 SHA-1 A message composed of b bits.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 Number Theory and Advanced Cryptography 6. Digital Signature Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced Cryptography.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Attacking RSA Brian Winant Reference “Twenty Years of Attacks on the RSA Cryptosystem” By Dan Boneh In Notices of the American Mathematical.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004.
Prepared by Dr. Lamiaa Elshenawy
DIGITAL SIGNATURE. A digital signature is an authentication mechanism that enables the creator of a message to attach a code that acts as a signature.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.3 Hash Functions.
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 11 September 23, 2004.
Digital Signature Standard (DSS) US Govt approved signature scheme designed by NIST & NSA in early 90's published as FIPS-186 in 1991 revised in 1993,
DIGITAL SIGNATURE ALGORITHM. The National Institute of Standards and Technology (NIST) has published Federal Information Processing Standard FIPS 186,
Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.
COM 5336 Lecture 8 Digital Signatures
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
1 The RSA Algorithm Rocky K. C. Chang February 23, 2007.
Cryptography and Network Security Chapter 13
B. R. Chandavarkar CSE Dept., NITK Surathkal
Digital Signature Schemes and the Random Oracle Model
Digital Signatures.
One Time Signature.
Presentation transcript:

Exercises Information Security Course Eric Laermans – Tom Dhaene

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 2 Exercise 1 (1) RSA PKCS#1 v1.5 “Million Message Attack” (MMA): illustration of principle Given  C (= M e mod n), n and e  M formatted according to PKCS#1 v1.5 (M = 00||02||PS||00||D)  error message from victim if decryption of C’ fails because of erroneous formatting Question  find a strategy to recover M  hint: think of the multiplicative properties of RSA

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 3 Exercise 1 (2) RSA-formatting: MMA illustration using more limited formatting Given  formatting: M = 0010xxxx  n = 187; e = 3; C = 81 Question  find M  hint: 32 ≤ M ≤ 47

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 4 Exercise 2 ElGamal Given  in ElGamal-encryption or –signature, and also in DSA, a unique and secret random value k is used Question  what happens if an attacker knows k?  what are the consequences if the random value k is reused: –in ElGamal-encryption? –in ElGamal-signature? –in DSA?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 5 Exercise 3 ElGamal Given:  RSA-signatures exhibit the issue of “existential forgery”, i.e. given some messages with their corresponding RSA-signatures, it is possible to generate new signed messages using RSA’s multiplicative properties, without requiring knowledge about the private key Question:  is there a similar problem with ElGamal-signatures?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 6 Exercise 4 ElGamal Given:  in ElGamal-encryption of –signature, and in DSA, a unique and secret random value k is used Question:  how could the owner of the private key used in the digital signature add hidden information without the person receiving the signature noticing? –such a technique is called a “subliminal channel”  can you find a way to use (a small part) of this subliminal channel without needing to use the private key for this purpose? (harder)

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 7 Exercise 5 Hash functions Given  a hash function with a hash value of n bits, e.g. 128 bits  a limited storage capacity (N 1 hash values), e.g. 1 TB –you may assume N 1 ≪ 2 n/2 Question:  how many hash computations are required to find two messages with identical hash values with a given probability P (e.g. 95%)? –compute this with the given values –suppose a modern PC can compute 10 million hash values per second, how much time would be required?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 8 Exercise 6 Hash functions Given:  a competition at XKCD to generate a hash value with as many bits as possible corresponding to the bits of a givcen hash value (Skein ) –Skein is 1 of the 5 finalists for SHA-3, used here with a 1024 bit hash value and 1024 bit internal state –winner was CMU, with only 384 wrong bits on 1024 (i.e. 640 corresponding bits)CMU Question:  compute if this result is an indication of some weakness in the weak collision resistance for the hash algorithm used –i.e. compute how many hash values should typically be generated to obtain a hash value with at most 384 bits (on 1024) differing from the bits of the original hash values, assuming that hash values are uniformly randomly distributed –does this seem a feasible number?

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 9 Exercise 6 Hash functions Hints:  N C k = N!/(k! (N–k)!) –number of combinations of k elementes from a group of N  for k sufficiently small w.r.t. N –∑(j:0..k. N C j ) ≈ (N–k–1)/(N–2*k–1)* N C k  for k more in the neighbourhood of N/2 –∑(j:0..k. N C j ) ≈ CDF_Norm(N/2,sqrt(N)/2) (k+½) »central limit theorem –CDF_Norm(mean, stdev) (x) = Φ ((x–mean)/stdev) –Φ (x) = ½ + ½ *erf(x/sqrt(2)) –erf(x) ≈ 1–(a 1 *t+ a 2 *t² + a 3 *t³)*exp(-x²) »with t=1/(1+p*x) »with p=0,47047 and a 1 =0, and a 2 =-0, and a 3 =0,  best approximation is minimum of both

Information Security Vakgroep Informatietechnologie – IBCN – Eric Laermans p. 10 Exercise 7 Hash functions Given  11,4 million 1024 bit RSA-keys, of which the prime factors were generated randomly Question  estimate the probability that at least two keys in this set have a common prime factor  Note –according to however keys shared a prime factor with another RSA- keyhttp://eprint.iacr.org/2012/064.pdf

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.