Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS/ECE 478 Introduction to Network Security

Published byLeo Sullivan Modified over 5 years ago

Similar presentations

Presentation on theme: "CS/ECE 478 Introduction to Network Security"— Presentation transcript:

1 CS/ECE 478 Introduction to Network Security
Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig Dr. Attila A. Yavuz

2 Ki=F(Ki+1), F: hash function
One-way Hash Chain Used for many network security applications S/Key Authenticate data streams Key derivation in crypto schemes Forward-security Commitments Good for authentication of the hash values Commitment Ki=F(Ki+1), F: hash function K4 F K3 K2 K1 K0 Kn= R

3 Properties of One-way Hash Chain
Given Ki Anybody can compute Kj, where j<i It is computationally infeasible to compute Kl, where l > i, if Kl is unknown Any Kl disclosed later can be authenticated by verifying if Hl-i(Ki) = Kl Disclosing of Ki+1 or a later value authenticates the owner of the hash chain K4 F K3 K2 K1 K0 Kn= R

4 Using “Disposable” Passwords
Simple idea: generate a long list of passwords, use each only one time attacker gains little/no advantage by eavesdropping on password protocol, or cracking one password Disadvantages storage overhead users would have to memorize lots of passwords! Alternative: the S/Key protocol based on use of one-way (e.g. hash) function

5 S/Key Password Generation
Alice selects a password x Alice specifies n, the number of passwords to generate Alice’s computer then generates a sequence of passwords x1 = H(x) x2 = H(x1) xn = H(xn-1) x1 H x2 x3 x4 x x (Password)

6 Generation… (cont’d) Alice communicates (securely) to a server the last value in the sequence: xn Key feature: no one knowing xi can easily find an xi-1 such that H(xi-1) = xi only Alice possesses that information

7 Limitations Value of n limits number of passwords
need to periodically regenerate a new chain of passwords Does not authenticate server! Do not substitute bad seed password Just a tool enhance password systems

8 Chained Hashes More general construction than one-way hash chains
Useful for authenticating a sequence of data values D0 , D1 , …, DN H* authenticates entire chain D0 DN-2 DN-1 DN H* H0 HN-1 HN-2 H( DN-1 || HN-1 ) H(DN)

9 Merkle Hash Tree A binary tree over data values
For authentication purpose The root is the commitment of the Merkle tree Known to the verifier. Example To authenticate k2, send (k2, m3,m01,m47) Verify m07= h(h(m01||h(f(k2)||m3)||m47)

10 Merkle Hash Tree (Cont’d)
Hashing at the leaf level is necessary to prevent unnecessary disclosure of data values Authentication of the root is necessary to use the tree Typically done through a digital signature or pre-distribution Limitation All leaf values must be known ahead of time

11 Untrusted External Storage
Problem: how can we store memory of a secure coprocessor in untrusted storage? Solution: construct Merkle hash tree over all memory pages Mallory’s Storage Secure Coprocessor Small persistent storage

12 One-Time Signatures Basis of all digital signatures
Valuable tool to learn the principles Still, the fastest and most secure signature schemes! Quantum computer resistant! Caveat: Impractical for real-life applications They can be used as a “support unit”, seldomly Offline/online signatures Tailoring for application (e.g., smart-grid, vehicular)

13 One-Time Signatures Use one-way functions without trapdoor
Efficient for signature generation and verification Caveat: can only use one time Example: 1-bit one-time signature P0, P1 are public values (public key) S0, S1 are private values (private key) S0 P0 S0 S0’ P S1 P1 S1 S1’

14 Lamport’s One-Time Signature
Uses 1-bit signature construction to sign multiple bits S0 S0’ S0’’ S0* Sign 0 Private values P0 P0’ P0’’ P0* Public values P1 P1’ P1’’ P1* S1 S1’ S1’’ S1* Sign 1 Private values Bit 0 Bit 1 Bit 2 Bit n

15 Hash to Obtain Random Subset (HORS)
Merkle-Winternitz  Still impractical BiBa (ancestor of HORS, please read) Fast signature verification, but Signing cost is high HORS goal: Develop a one-time signature scheme with Fast signing and verification Still same signature sizes with Merkle-Winternitz

16 Initial Scheme: Based on One-way Functions
Generalization of Bos and Chaum one-time signatures A distant variant of Lamport OTS! Key generation Generate t numbers of random l-bit values Let these be the private key: SK = (s1,…,st) Compute the public key PK = (v1,…,vt), where vi = f(si) and f() is a one-way function

17 Efficiency Analysis Key generation Signature generation Verification
Requires t evaluations of the one-way function Secret key size = l*t bits Public key size = fl*t bits fl = length of the one-way function output Signature generation Time to find the m-th k-element subset of T Verification Time to sign + k one-way function operations

18 HORS Operations

Download ppt "CS/ECE 478 Introduction to Network Security"

Similar presentations

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”

Hash Function. What are hash functions? Just a method of compressing strings – E.g., H : {0,1}*  {0,1} 160 – Input is called “message”, output is “digest”
Advanced Security Constructions and Key Management Class 16.

Advanced Security Constructions and Key Management Class 16.
CSC 774 Advanced Network Security

CSC 774 Advanced Network Security
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Hash-based Primitives Credits: Dr. Peng Ning and Dr. Adrian Perrig.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Authenticating streamed data in the presence of random packet loss March 17th, 2000. Philippe Golle, Stanford University.

Authenticating streamed data in the presence of random packet loss March 17th, Philippe Golle, Stanford University.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.

SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.

DSAC (Digital Signature Aggregation and Chaining) Digital Signature Aggregation & Chaining An approach to ensure integrity of outsourced databases.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Topic 5 Essential Public Key Crypto Methods.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

Similar presentations

Ads by Google