Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture."— Presentation transcript:

1 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture notes Fall 2005 Dr. Clifford Neuman University of Southern California Information Sciences Institute

2 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Security Systems Lecture 3 – September 9, 2005 Cryptography (continued) Dr. Clifford Neuman University of Southern California Information Sciences Institute

3 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Administration http://ccss.usc.edu/530 Lab Section –Email is csci530L –New section added D Clearances –121+7 Enrolled, 26 on waiting list –Department will give clearances through 5PM today If slots open. Assignments on Web site (by Friday)

4 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Academic Integrity I take Academic Integrity Seriously –Every year I have too many cases of cheating –Last year I assigned 3 F’s for the class What is and is not OK –I encourage you to work with others to learn the material –Do not to turn in the work of others –Do not give others your work to use as their own –Do not plagiarize from others (published or not) –Do not try to deceive the instructors See section on web site and assignments –More guidelines on academic integrity –Links to university resources

5 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE DES Modes of Operation – Electronic Code Book (ECB) x1 eKeK y1 Encrypt: x2 eKeK x y2 xn eKeK x yn y1 dKdK y x1 Decrypt: y2 dKdK x2 yn dKdK xn Each block encrypted in isolation Vulnerable to block replay FROM LAST LECTURE

6 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Encrypt: IV x1 y1 eKeK eKeK x2 y2 eKeK xn yn Decrypt: IVIV y1 dKdK x1 y2 dKdK x2 yn dKdK xn DES Modes of Operation – Cipher Block Chaining (CBC) –Each plaintext block XOR’d with previous ciphertext –Easily incorporated into decryption –What if prefix is always the same? IV!

7 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Encrypt: x1 eKeK y1 x2x y2 xnx yn IV eKeK eKeK y1 x1 y2 x2 yn xn eKeK IV eKeK eKeK Decrypt: DES Modes of Operation – Cipher Feedback Mode (CFB) –For encrypting character-at-a-time (or less) –Chains as in CBC –Also needs an IV – Must be Unique – Why?

8 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Encrypt: x1 eKeK y1 x2x y2 xnx yn IV eKeK eKeK y1 x1 y2 x2 yn xn eKeK IV eKeK eKeK Decrypt: DES Modes of Operation – Output Feedback Mode (OFB) –Like CFB, but some bits of output fed back into input stream

9 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Variants and Applications 3DES: Encrypt using DES 3x –Two and three-key types –Inner and outer-CBC modes ▪Inner is more efficient, but less secure Crypt: Unix hash function for passwords –Uses variable expansion permutations DES with key-dependent S-boxes –Harder to analyze

10 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Lucifer Goes Standard Generally regarded in 1970s as one of the strongest cryptosystems Heading toward standardization as DES –NSA managed to get key size reduced to 56 bits (from 112), yielding 10 17 keys –Also apparently changed S-boxes –Why (or why not) do this?

11 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Certification of DES Had to be recertified every ~5 years –1983: Recertified routinely –1987: Recertified after NSA tried to promote secret replacement algorithms ▪Withdrawal would mean lack of protection ▪Lots of systems then using DES –1993: Recertified after continued lack of alternative

12 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Enter AES 1998: NIST finally refuses to recertify DES –1997: Call for candidates for Advanced Encryption Standard (AES) –Fifteen candidates whittled down to five –Criteria: Security, but also efficiency ▪Compare Rijndael with Serpent –2000: Rijndael selected as AES

13 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Structure of Rijndael Unlike DES, operates on whole bytes for efficiency of software implementations Key sizes: 128/192/256 bits Variable rounds: 9/11/13 rounds Rounds are not Feistel networks

14 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Structure of Rijndael Round structure –Run block through S-box –Permute result into 4x4/4x6/4x8 array of bytes –Multiply each byte by 1, 2, or 3 in GF(2 8 ) –Mix subkey into result

15 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Security of Rijndael Key size is enough Immune to linear or differential analysis But Rijndael is a very structured cipher –S-box consists of byte reciprocals in GF(2 8 ) –Permutations are regular Attack on Rijndael’s algebraic structure –Breaking can be modeled as equations

16 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Impact of Attacks on Rijndael Currently of theoretical interest only –Reduces complexity of attack to about 2 100 –Also applicable to Serpent Still, uncomfortably close to feasibility –DES is already insecure against brute force –Schneier (somewhat arbitrarily) sets limit at 2 80 Certainly usable pending further results

17 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Public Key Cryptography aka asymmetric cryptography Based on some NP-complete problem –Unique factorization –Discrete logarithms ▪For any b, n, y: Find x such that b x mod n = y Modular arithmetic produces folding

18 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE A Short Note on Primes Why are public keys (and private keys) so large? What is the probability that some large number p is prime? –About 1 in 1/ln(p) –When p ~ 2 512, equals about 1 in 355 ▪About 1 in 355 2 numbers ~ 2 1024 is product of two primes (and therefore valid RSA modulo)

19 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE RSA Rivest, Shamir, Adleman Generate two primes: p, q –Let n = pq –Choose e, a small number, relatively prime to (p-1)(q-1) –Choose d such that ed = 1 mod (p-1)(q-1) Then, c = m e mod n and m = c d mod n

20 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE An Example Let p = 5, q = 11, e = 3 –Then n = 55 –d = 27, since (3)(27) mod 40 = 1 If m = 7, then c = 7 3 mod 55 = 343 mod 55 = 13 Then m should = 13 27 mod 55

21 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE An Example Computing 13 27 mod 55 –13 1 mod 55 = 13, 13 2 mod 55 = 4, 13 4 mod 55 = 16, 13 8 mod 55 = 36, 13 16 mod 55 = 31 –13 27 mod 55 = (13)(4)(36)(31) mod 55 = (1872 mod 55)(31) mod 55 = 62 mod 55 = 7 (check)

22 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Other Public Cryptosystems ElGamal (signature, encryption) –Choose a prime p, and two random numbers g, x < p –Public key is g, p, and y = g x mod p –Private key is x; to obtain from public key requires extracting discrete log –Mostly used for signatures

23 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Other Public Cryptosystems Elliptic curve cryptosystems –y 2 = x 3 + ax 2 + bx + c –Continuous elliptic curves used in FLT proof –Discrete elliptic curves used to implement existing public-key systems ▪Allow for shorter keys and greater efficiency

24 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Digital Signatures Provides data integrity –Can it be done with symmetric systems? ▪Verification requires shared key ▪Doesn’t provide non-repudiation Need proof of provenance –Hash the data, encrypt with private key –Verification uses public key to decrypt hash –Provides “non-repudiation” ▪But what does non-repudiation really mean?

25 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Digital Signatures RSA can be used DSA: Digital Signature Algorithm –Variant of ElGamal signature –Adopted as part of DSS by NIST in 1994 –Slower than RSA (but likely unimportant) –NSA had a hand in its design (?!) –Key size ranges from 512 to 1024 bits –Royalty-free

26 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Key Exchange Diffie-Hellman key exchange –Choose large prime n, and generator g ▪For any b in (1, n-1), there exists an a such that g a = b –Alice, Bob select secret values x, y, resp –Alice sends X = g x mod n –Bob sends Y = g y mod n –Both compute g xy mod n, a shared secret ▪Can be used as keying material

27 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Hash Functions Given m, compute H(m) Should be… –Efficient: H() easy to compute –One-way: Given H(m), hard to find m’ such that H(m’) = H(m) –Collision-resistant: Hard to find m and m’ such that H(m’) = H(m)

28 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Use of Hashes in Signatures Reduce input to fixed data size –MD5 produces 128 bits –SHA1 produces 160 bits Encrypt the output using private key Why do we need collision- resistance?

29 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Signing Using Only Hashes Generate random n 1, n 2, n 3, … Distribute H(n 1 ), H(n 2 ), H(n 3 ), … To authenticate message m i, release n i Problems –Seem to need 2 128 or 2 160 hashes to sign –Need to bootstrap signature Resolvable?

30 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Security Systems Lecture 4 – September 16, 2005 Key Management Dr. Clifford Neuman University of Southern California Information Sciences Institute

31 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Cryptography in Use Provides foundation for security services But can it bootstrap itself? –Must establish shared key –Straightforward plan ▪One side generates key ▪Transmits key to other side ▪But how?

32 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Security Through Obscurity? Caesar ciphers –Very simple permutation –Only 25 different cases –Relies strictly on no one knowing the method

33 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Passwords Reduces permutation space to key space Caesar cipher: one-letter “key” 10-letter key for MSC reduces 26! (~4x10 20 ) to 26 C 10 (~2x10 13 ) 8-byte key for DES reduces 2 64 ! (~10 10 200 ) to 2 56 (~10 17 )

34 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Two Problems Peer-to-peer key sharing Prob 1: Known peer, insecure channel Prob 2: Secure channel, unknown peer

35 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Peer-to-Peer Distribution Technically easy But it doesn’t scale –Hundreds of servers… –Times thousands of users… –Yields ~ million keys Centralized key server –Needham-Schroeder

36 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Using Cryptography Touched upon one form of key exchange Can cryptography bootstrap itself? –Must establish shared key –Straightforward plan ▪One side generates key ▪Transmits key to other side ▪But how?

37 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Diffie Hellman Choosing Generator for Diffie Hellman –Choose large prime p, and generator g ▪For any b in (1, p-1), there exists an a such that g a = b ▪This means that every number mod p can be written as a power of g (mod p). –One way to find such a g is to pick the p such that p = 2q + 1 where q is also prime. –For such choices of p, half the numbers will be generators, and you can test if a candidate g is a generator by testing whether g^q (mod n) is equal to n-1.

38 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Man in the middle of DH DH provides key exchange, but not authentication –You don’t really know you have a secure channel –Man in the middle –You exchange a key with eavesdropper, who exchanges key with the person you think you are talking to. –Eavesdropper relays all messages, but observes or changes them in transit. –Solutions: ▪Published public values ▪Authenticated DH (Sign or encrypt DH value) ▪Encrypt the DH exchange ▪Subsequently send has of DH value, with secret

39 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Peer-to-Peer Distribution Technically easy –Each pair of users exchanges keys But it doesn’t scale –Hundreds of servers… –Times thousands of users… –Yields ~ million keys

40 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE KDC Based Key Distirbution User sends request to KDC: {s} KDC generates a random key: K c,s –Encrypted twice: {K c,s }K c, {K c,s }K s –Typically called ticket and credentials, resp –Ticket forwarded with application request No keys ever traverse net in the clear

41 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Problem #1 How does user know session key is encrypted for the server? And vice versa? Attacker intercepts initial request, and substitutes own name for server –Can now read all of user’s messages intended for server

42 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Solution #1 Add names to ticket, credentials –Request looks like {c, s} –{K c,s, s}K c and {K c,s, c}K s, resp Both sides can verify intended target for key sharing This is basic Needham-Schroeder

43 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Problem #2 How can user and server know that session key is fresh? Attacker intercepts and records old KDC reply, then inserts this in response to future requests –Can now read all traffic between user and server

44 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Solution #2 Add nonces to ticket, credentials –Request looks like {c, s, n} –{K c,s, s, n}K c and {K c,s, c, n}K s Client can now check that reply made in response to current request

45 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Problem #3 User now trusts credentials But can server trust user? How can server tell this isn’t a replay? Legitimate user makes electronic payment to attacker; attacker replays message to get paid multiple times –Requires no knowledge of session key

46 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Solution #3 Add challenge-response –Server generates second random nonce –Sends to client, encrypted in session key –Client must decrypt, decrement, encrypt Effective, but adds second round of messages

47 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Problem #4 What happens if attacker does get session key? –Answer: Can reuse old session key to answer challenge-response, generate new requests, etc

48 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Solution #4 Replace (or supplement) nonce in request/reply with timestamp [Denning, Sacco] –{K c,s, s, n, t}K c and {K c,s, c, n, t}K s, resp –Also send {t}K c,s as authenticator ▪Prevents replay without employing second round of messages as in challenge-response

49 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Problem #5 Each client request yields new known-plaintext pairs Attacker can sit on the network, harvest client request and KDC replies

50 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Solution #5 Introduce Ticket Granting Server (TGS) –Daily ticket plus session keys –(How is this different from Enigma?!) TGS+AS = KDC –This is modified Needham-Schroeder –Basis for Kerberos

51 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Problem #6 Active attacker can obtain arbitrary numbers of known-plaintext pairs –Can then mount dictionary attack at leisure –Exacerbated by bad password selection

52 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Solution #6 Preauthentication –Establish weak authentication for user before KDC replies –Examples ▪Password-encrypted timestamp ▪Hardware authentication ▪Single-use key

53 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Public Key Distribution Public key can be public! –How does either side know who and what the key is for? Private agreement? (Not scalable.) –Chosen plaintext Must delegate certification –Why? –How?

54 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Certification Infrastructures Public keys represented by certificates Certificates signed by other certificates –User delegates trust to trusted certificates –Certificate chains transfer trust up several links

55 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Examples PGP –“Web of Trust” –Can model as connected digraph of signers X.500 –Hierarchical model: tree (or DAG?) –(But X.509 certificates use ASN.1!

56 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Examples SSH –User keys - out of band exchange. –Weak assurance of server keys. ▪Was the same host you spoke with last time. –Discussion of benefits

57 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE What to do with keys Practical issues –How to carry them ▪Passwords vs. disks vs. smartcards –Where do they stay, where do they go –How many do you have –How do you get them to begin with.

58 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Key Distribution linked to Authentication Its all about knowing who has the keys. We will revisit Kerberos when we discuss authentication.

59 Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Current Event Cryptography flaw shoots down traffic conviction Declan McCullagh and Alex Coby, 12 August 2005 uk.builder.com Flaws in the MD5 hashing algorithm have thrown every Australian speeding conviction that relied on camera data into doubt Suspected flaws in a computer algorithm have invalidated a fine issued by a speed camera in Australia, and cast thousands more into doubt. A Sydney magistrate tossed out a speeding ticket after the Roads and Traffic Authority (RTA), a government agency, failed to prove in court that the MD5 algorithm was cryptographically sound, despite being given eight weeks to do so. The problem lay with suspected flaws in the hashing algorithm that had previously been relied upon to prove image authenticity, as it is used to encode the time and date of alleged speeding incidents, as well as details of the car in question.

Download ppt "Copyright © 1995-2005 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture."

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.

 Stream ciphers o Encrypt chars/bits one at a time o Assume XOR w the key, need long key to be secure  Keystream generators (pseudo-random key) o Synchronous.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptographic Technologies

Cryptographic Technologies
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Copyright © 1995-2009 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)

Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)

Similar presentations

Ads by Google