On Key Assignment for Hierarchical Access Control
|
|
- Jacob Shaw
- 5 years ago
- Views:
Transcription
1 On Key Assignment for Hierarchical Access Control Information Security Group, Royal Holloway, University of London
2 On Key Assignment for Hierarchical Access Control/Introduction What is hierarchical access control? Assume the existence of a set of users U and a set of objects O Assume the existence of a partially ordered set (X, ) and a function λ : U O X X associates each entity e with a security label λ(e) u U may access o O if λ(u) λ(o) Sometimes known as the simple security property Cornerstone of many military security policies
3 On Key Assignment for Hierarchical Access Control/Introduction Example X = {unclassified, classified, secret, top secret} unclassified < classified < secret < top secret λ(george) = top secret, λ(jason) = classified george can access any object jason can access any unclassified or classified object
4 On Key Assignment for Hierarchical Access Control/Introduction What is a key assignment scheme? The simple security property can be enforced by encrypting objects and supplying users with appropriate keys Give george k u, k c, k s and k t Give jason k u and k c george has to maintain a number of different keys can we do better?
5 On Key Assignment for Hierarchical Access Control/Introduction Key encrypting scheme Choose keys k u, k c, k s and k t as before Publish E kt (k s ), E ks (k c ), and E kc (k u ) Give george k t and jason k c george can decrypt any key using his key jason can decrypt k u using his key, but cannot (feasibly) compute k s or k t
6 On Key Assignment for Hierarchical Access Control/Introduction Key encrypting scheme for trees Partially ordered set (X, ) is defined by reflexive, anti-symmetric, transitive, binary relation on X Hasse diagram is graph of reflexive, transitive reduction of If (Hasse diagram of) X is a tree then Publish {E κ(x) (κ(y)) : y x} For any x, y X such that y x, there exists a unique path y = z 0 z 1 z n = x If user has security label x she can derive κ(y) by obtaining the keys κ(z n 1 ),...,κ(z 0 )
7 On Key Assignment for Hierarchical Access Control/Introduction Motivation How do we handle arbitrary posets? There is not a unique path from x 1 to x 5 x 4 x 2 x 1 x 5 x 3 x 6
8 On Key Assignment for Hierarchical Access Control/Introduction Motivation There are many schemes in the literature Rely on specific cryptographic primitives Do not consider basic requirements and features of key assignment schemes We want to develop an abstract approach to key assignment schemes Classify existing schemes Evaluate the respective merits of different types of scheme
9 On Key Assignment for Hierarchical Access Control/Introduction Structure of talk Key assignment schemes for arbitrary posets The Akl-Taylor scheme Simplifying the Akl-Taylor scheme A hybrid key assignment scheme
10 On Key Assignment for Hierarchical Access Control/Key assignment schemes Key assignment schemes
11 On Key Assignment for Hierarchical Access Control/Key assignment schemes Basic concepts We assume the existence of a scheme administrator (trusted centre) A key assignment scheme comprises four algorithms makekeys returns a labelled set of encryption keys (κ(x) : x X) makesecrets returns a labelled set of secret values (σ(x) : x X) makepublicdata returns a set of data Pub that is made public by the trusted centre getkey takes x, y X, σ(x) and Pub and returns κ(y) whenever y x A scheme has independent keys if the keys can be chosen independently of each other and Pub
12 On Key Assignment for Hierarchical Access Control/Key assignment schemes Benchmarks Amount of secret data that needs to be distributed to and stored by end users Amount of data that needs to be made public Complexity of key derivation Complexity of key update (if user leaves or key is compromised) Key independency
13 On Key Assignment for Hierarchical Access Control/Key assignment schemes Trivial key assignment scheme Independent keys κ(x) σ(x) = (κ(y) : y x) Pub = κ(y) σ(x) so key derivation is trivial σ 2 = {κ 2, κ 4, κ 5 } x 4 x 1 x 3 x 2 x 5 x 6
14 On Key Assignment for Hierarchical Access Control/Key assignment schemes Trivial key assignment scheme Independent keys κ(x) σ(x) = (κ(y) : y x) Pub = κ(y) σ(x) so key derivation is trivial High private storage costs No public storage High update costs for private data
15 On Key Assignment for Hierarchical Access Control/Key assignment schemes Trivial key encrypting key assignment scheme Independent keys κ(x) and set of key encrypting keys K(X) σ(x) = (K(y) : y x) Pub = (E K(x) (κ(x)) : x X) κ(y) is obtained by decrypting E K(y) (κ(y)) Pub using K(y) σ(x) σ 2 = {K 2, K 4, K 5 } Pub = {E K1 (κ 1 ), E K2 (κ 2 ),...} x 4 x 1 x 3 x 2 x 5 x 6
16 On Key Assignment for Hierarchical Access Control/Key assignment schemes Trivial key encrypting key assignment scheme Independent keys κ(x) and set of key encrypting keys K(X) σ(x) = (K(y) : y x) Pub = (E K(x) (κ(x)) : x X) κ(y) is obtained by decrypting E K(y) (κ(y)) Pub using K(y) σ(x) High private storage costs High public storage costs Very low costs for update of κ(y) High costs for update of K(y)
17 On Key Assignment for Hierarchical Access Control/Key assignment schemes Direct key encrypting key assignment scheme Independent keys κ(x) σ(x) = κ(x) Pub = (E κ(x) (κ(y)) : y < x) κ(y) is obtained by decrypting E κ(x) (κ(y)) Pub using κ(x) Pub = {E κ1 (κ 2 ), E κ1 (κ 4 ),...} x 4 x 1 x 3 x 2 x 5 x 6
18 On Key Assignment for Hierarchical Access Control/Key assignment schemes Direct key encrypting key assignment scheme Independent keys κ(x) σ(x) = κ(x) Pub = (E κ(x) (κ(y)) : y x) κ(y) is obtained by decrypting E κ(x) (κ(y)) Pub using κ(x) Minimizes private storage costs High public storage costs Moderate costs for update of private and public data
19 On Key Assignment for Hierarchical Access Control/Key assignment schemes Iterative key encrypting key assignment scheme Independent keys κ(x) σ(x) = κ(x) Pub = (E κ(x) (κ(y)) : y x) κ(y) is obtained by decrypting κ(z) for all z on a path from x to y Pub = {E κ1 (κ 2 ), E κ2 (κ 4 ),...} x 4 x 1 x 3 x 2 x 5 x 6
20 On Key Assignment for Hierarchical Access Control/Key assignment schemes Iterative key encrypting key assignment scheme Independent keys κ(x) σ(x) = κ(x) Pub = (E κ(x) (κ(y)) : y x) κ(y) is obtained by decrypting κ(z) for all z on a path from x to y Minimizes private storage costs Minimizes public storage costs Moderate costs for update of private and public data Key derivation is iterative
21 On Key Assignment for Hierarchical Access Control/Key assignment schemes IKEKAS example Atallah, Frikken and Bykova (CCS 2005) Pub = {κ(y) h(κ(x), y) : y x}, h is a hash function User with security label x can recover κ(y) by computing h(κ(x), y) All the schemes we have considered thus far make use of the order relation or the covering relation Collectively, we call these schemes edge-based
22 On Key Assignment for Hierarchical Access Control/Key assignment schemes Node-based key assignment scheme Pub (e(x) : x X) κ(x) = f(e(x)) f is a secret function There exists a public algorithm g such that for all y x g(f(e(x)), e(x), e(y)) = g(κ(x), e(x), e(y)) = κ(y) By construction κ(y) can be derived (directly) from κ(x) (using g) Dependent keys (κ(x) = f(e(x)))
23 On Key Assignment for Hierarchical Access Control/Key assignment schemes Summary Scheme Storage Update κ(x) Private Public Private Public TKAS x 0 ( x) 0 TKEKAS x m ( x) ( x) DKEKAS 1 e x x + x IKEKAS 1 c x x NBKAS 1 m?? x = {y X : y x} x = {y X : y x} m = X e = {(y, x) : y x} c = {(y, x) : y x}
24 On Key Assignment for Hierarchical Access Control/Key assignment schemes Summary We surveyed about 30 papers in the literature 2 are TKAS 3 are TKEKAS 2 are DKEKAS 7 are IKEKAS 12 are NBKAS A couple of weird hybrids Often clumsy and almost always over-complicated Wide variety of cryptographic and mathematical techniques RSA Rabin cryptosystem Polynomial interpolation Chinese remainder theorem Discrete logs Sibling intractable function families Hash functions with collisions
25 On Key Assignment for Hierarchical Access Control/Key assignment schemes An example from the literature
26 On Key Assignment for Hierarchical Access Control/The Akl-Taylor scheme The Akl-Taylor scheme
27 On Key Assignment for Hierarchical Access Control/The Akl-Taylor scheme Introduction Akl and Taylor (ACM Trans. Comp. Sys., 1983) Pub = {n} (e(x) : x X) n = pq, p and q are large primes e(x) e(y) if and only if y x κ(x) = s e(x) mod n, s Z n Note that (s e(x) ) e(y) e(x) = s e(y) Hence κ(y) = (κ(x)) e(y) e(x) It is only feasible to compute κ(y) if y x Policy enforcement relies on the assumption that it is difficult to compute integral roots modulo n (where n is composite) and the choice of e
28 On Key Assignment for Hierarchical Access Control/The Akl-Taylor scheme Choosing public parameters It can be shown that particular choices of e(x) are good It is not possible for any set of users to obtain a key that one of them couldn t already obtain See paper for details about resistance to collusion attacks Proposition 1 (Akl and Taylor) κ(y) can be feasibly computed from a set of keys κ(y ), Y X, if and only if gcd{e(x) : x Y } e(y) Corollary 2 (Akl and Taylor) A collusion secure scheme has the following property for all y X gcd{e(x) : x y} e(y)
29 On Key Assignment for Hierarchical Access Control/The Akl-Taylor scheme Choosing public parameters Associate a prime p(x) with each x X and define e(x) = z x p(z) To derive κ(x 5 ) from κ(x 2 ) compute = 3.7 compute (κ(x 2 )) 3.7 mod n It is this instantiation of the scheme that has inspired much of the subsequent research on key assignment schemes
30 On Key Assignment for Hierarchical Access Control/The Akl-Taylor scheme Characteristics claimed of Akl-Taylor scheme Low private storage High public storage (product of primes is O(m log m)) Direct key derivation (but does require division of two products of primes and exponentiation) High cost for update of public data High costs for update of private data
31 On Key Assignment for Hierarchical Access Control/Simplifying the Akl-Taylor scheme Simplifying the Akl-Taylor scheme
32 On Key Assignment for Hierarchical Access Control/Simplifying the Akl-Taylor scheme Some observations The Akl-Taylor scheme has the following characteristics the enforcement of the simple security property relies on the fact this it is difficult to computer integral roots y x implies e(x) e(y) In other words, e : X D(k), where k = x X p(x) and e(x) = p(x) x X y x p(x) Essentially e is an encoding of the structure of X using order filters
33 On Key Assignment for Hierarchical Access Control/Simplifying the Akl-Taylor scheme A simpler embedding Define p : X P, where P is the set of primes, and e : X 2 X, where e (x) = X \ x Proposition 3 e = p e Instead of using products of primes as the public information, we encode subsets of X as binary strings and publish them along with p e (x) can be represented as a string of m bits e(y)/e(x) can be computed by evaluating e (y) e (x) and then multiplying the appropriate primes
34 On Key Assignment for Hierarchical Access Control/Simplifying the Akl-Taylor scheme Example x 4 x 1 x 3 x 2 x 5 x e (x 2 ) = , e (x 5 ) = e (x 2 ) e (x 5 ) = e(x) = p(x 2 )p(x 5 ) = 3.7 (which corresponds to the quotient of and )
35 On Key Assignment for Hierarchical Access Control/Simplifying the Akl-Taylor scheme Updates in the Akl-Taylor scheme and IKEKAS Proposition 4 In changing κ(x) it is necessary to change min{ L \ z : z x} keys One prime p(z), where z x Proposition 5 In changing κ(x) in IKEKAS it is necessary to change x keys O( x ) items of public information
36 On Key Assignment for Hierarchical Access Control/Simplifying the Akl-Taylor scheme Characteristics of simplified Akl-Taylor scheme Time complexity of computing the quotient of e(x) and e(y) reduces from O(m 2 log 2 m) to O(1) Update of public information is trivial because only one prime needs to be changed Updating all keys requires no change to public information (since we simply choose new secret parameter s ) Public storage reduces from O(m 2 log m) to O(m 2 ) Update of secret information remains the same
37 On Key Assignment for Hierarchical Access Control/Conclusions Conclusions
38 On Key Assignment for Hierarchical Access Control/Conclusions Contributions Classification of key assignment schemes Comparison of characteristics of such schemes Evaluation of many schemes in the literature Improvement to implementation of Akl-Taylor Significant reduction in key derivation complexity Reduction in storage requirements Improved insight into key udpates Development of hybrid key assignment scheme Poset partitioned into domains Each domain has a NBKAS Components of domain linked using IKEKAS
39 On Key Assignment for Hierarchical Access Control/Conclusions Future work
On Key Assignment for Hierarchical Access Control
On Key Assignment for Hierarchical Access Control Information Security Group Royal Holloway University of London 19th Computer Security Foundations Workshop Introduction On Key Assignment for Hierarchical
More informationTrade-Offs in Cryptographic Schemes for
in Cryptographic Jason Crampton Information Security Group Royal Holloway, University of London NordSec 2009 Cryptographic Cryptography for Suppose we have a poset of security labels (L, ) Each x L is
More informationThe Journal of Logic and Algebraic Programming xxx (2009) xxx xxx. Contents lists available at ScienceDirect
1 2 3 4 56 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 The Journal of Logic and Algebraic Programming xxx (2009) xxx xxx Contents lists available at ScienceDirect The Journal of Logic and Algebraic
More informationNumber Theory and RSA Public-Key Encryption
Number Theory and RSA Public-Key Encryption Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu CIA Triad: Three Fundamental
More informationIntroduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption
Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 7 January 30, 2012 CPSC 467b, Lecture 7 1/44 Public-key cryptography RSA Factoring Assumption Computing with Big Numbers Fast Exponentiation
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationAlgorithms (III) Yijia Chen Shanghai Jiaotong University
Algorithms (III) Yijia Chen Shanghai Jiaotong University Review of the Previous Lecture Factoring: Given a number N, express it as a product of its prime factors. Many security protocols are based on the
More informationChapter 3 Public Key Cryptography
Cryptography and Network Security Chapter 3 Public Key Cryptography Lectured by Nguyễn Đức Thái Outline Number theory overview Public key cryptography RSA algorithm 2 Prime Numbers A prime number is an
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationAlgorithms (III) Yu Yu. Shanghai Jiaotong University
Algorithms (III) Yu Yu Shanghai Jiaotong University Review of the Previous Lecture Factoring: Given a number N, express it as a product of its prime factors. Many security protocols are based on the assumed
More informationPublic Key Cryptography and RSA
Public Key Cryptography and RSA Major topics Principles of public key cryptosystems The RSA algorithm The Security of RSA Motivations A public key system is asymmetric, there does not have to be an exchange
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationChannel Coding and Cryptography Part II: Introduction to Cryptography
Channel Coding and Cryptography Part II: Introduction to Cryptography Prof. Dr.-Ing. habil. Andreas Ahrens Communications Signal Processing Group, University of Technology, Business and Design Email: andreas.ahrens@hs-wismar.de
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More informationMessage authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:
Message authentication and secure hashing Why message authentication To prevent against: Masquerade/impersonation Modification of message content Modification of message sequence Acceptance of replayed/delayed
More informationCryptography and Network Security Chapter 10. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture out of the
More informationCryptography and Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would
More informationAlgorithms (III) Yijia Chen Shanghai Jiaotong University
Algorithms (III) Yijia Chen Shanghai Jiaotong University Review of the Previous Lecture Factoring: Given a number N, express it as a product of its prime factors. Many security protocols are based on the
More informationAttribute-based encryption with encryption and decryption outsourcing
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Attribute-based encryption with encryption and decryption outsourcing
More informationAlgorithmic number theory Cryptographic hardness assumptions. Table of contents
Algorithmic number theory Cryptographic hardness assumptions Foundations of Cryptography Computer Science Department Wellesley College Fall 2016 Table of contents Introduction Primes and Divisibility Modular
More informationPublic Key Encryption. Modified by: Dr. Ramzi Saifan
Public Key Encryption Modified by: Dr. Ramzi Saifan Prime Numbers Prime numbers only have divisors of 1 and itself They cannot be written as a product of other numbers Prime numbers are central to number
More information- 0 - CryptoLib: Cryptography in Software John B. Lacy 1 Donald P. Mitchell 2 William M. Schell 3 AT&T Bell Laboratories ABSTRACT
- 0 - CryptoLib: Cryptography in Software John B. Lacy 1 Donald P. Mitchell 2 William M. Schell 3 AT&T Bell Laboratories ABSTRACT With the capacity of communications channels increasing at the current
More informationKey Management and Distribution
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 10 Key Management; Other Public Key Cryptosystems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan
More informationA SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS
A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS Ounasser Abid 1 and Omar Khadir 2 1, 2 Laboratory of Mathematics, Cryptography and Mechanics, FSTM University Hassan II of Casablanca, Morocco
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 Question Setup: Assume you and I donʼt know anything about
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationPublic Key Cryptography
Public Key Cryptography Giuseppe F. Italiano Universita` di Roma Tor Vergata italiano@disp.uniroma2.it Motivation Until early 70s, cryptography was mostly owned by government and military Symmetric cryptography
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationElliptic Curve Public Key Cryptography
Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. Why? Elliptic Curve Public Key Cryptography ECC offers greater security for a given key size. The smaller key
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationLECTURE NOTES ON PUBLIC- KEY CRYPTOGRAPHY. (One-Way Functions and ElGamal System)
Department of Software The University of Babylon LECTURE NOTES ON PUBLIC- KEY CRYPTOGRAPHY (One-Way Functions and ElGamal System) By College of Information Technology, University of Babylon, Iraq Samaher@itnet.uobabylon.edu.iq
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 2 information security cryptographic primitives unkeyed primitives NSA... one-way functions hash functions
More informationPublic Key Cryptography
graphy CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 29 December 2011 CSS322Y11S2L07, Steve/Courses/2011/S2/CSS322/Lectures/rsa.tex,
More informationPublic Key Cryptography and the RSA Cryptosystem
Public Key Cryptography and the RSA Cryptosystem Two people, say Alice and Bob, would like to exchange secret messages; however, Eve is eavesdropping: One technique would be to use an encryption technique
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Attacking Cryptographic Schemes Cryptanalysis Find mathematical weaknesses in constructions
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationLogic and Discrete Mathematics. Section 2.5 Equivalence relations and partitions
Logic and Discrete Mathematics Section 2.5 Equivalence relations and partitions Slides version: January 2015 Equivalence relations Let X be a set and R X X a binary relation on X. We call R an equivalence
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lectures 16, 17: Security of RSA El Gamal Cryptosystem Announcement Final exam will be on May 11, 2015 between 11:30am 2:00pm in FMH 319 http://www.njit.edu/registrar/exams/finalexams.php
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationCS669 Network Security
UNIT II PUBLIC KEY ENCRYPTION Uniqueness Number Theory concepts Primality Modular Arithmetic Fermet & Euler Theorem Euclid Algorithm RSA Elliptic Curve Cryptography Diffie Hellman Key Exchange Uniqueness
More informationApplications of The Montgomery Exponent
Applications of The Montgomery Exponent Shay Gueron 1,3 1 Dept. of Mathematics, University of Haifa, Israel (shay@math.haifa.ac.il) Or Zuk 2,3 2 Dept. of Physics of Complex Systems, Weizmann Institute
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationBlum-Blum-Shub cryptosystem and generator. Blum-Blum-Shub cryptosystem and generator
BBS encryption scheme A prime p is called a Blum prime if p mod 4 = 3. ALGORITHM Alice, the recipient, makes her BBS key as follows: BBS encryption scheme A prime p is called a Blum prime if p mod 4 =
More informationCryptanalyzing the Polynomial Reconstruction based Public-Key System under Optimal Parameter Choice
Cryptanalyzing the Polynomial Reconstruction based Public-Key System under Optimal Parameter Choice Aggelos Kiayias - Moti Yung U. of Connecticut - Columbia U. (Public-Key) Cryptography intractability
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationTECHNISCHE UNIVERSITEIT EINDHOVEN Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017
Faculty of Mathematics and Computer Science Exam Cryptology, Tuesday 31 October 2017 Name : TU/e student number : Exercise 1 2 3 4 5 6 total points Notes: Please hand in this sheet at the end of the exam.
More information9.5 Equivalence Relations
9.5 Equivalence Relations You know from your early study of fractions that each fraction has many equivalent forms. For example, 2, 2 4, 3 6, 2, 3 6, 5 30,... are all different ways to represent the same
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 9 Elliptic Curve Cryptography
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 9 Elliptic Curve Cryptography ver. February 2nd, 2015 These slides were prepared by Tim Güneysu, Christof Paar
More informationRSA (Rivest Shamir Adleman) public key cryptosystem: Key generation: Pick two large prime Ô Õ ¾ numbers È.
RSA (Rivest Shamir Adleman) public key cryptosystem: Key generation: Pick two large prime Ô Õ ¾ numbers È. Let Ò Ô Õ. Pick ¾ ½ ³ Òµ ½ so, that ³ Òµµ ½. Let ½ ÑÓ ³ Òµµ. Public key: Ò µ. Secret key Ò µ.
More informationCS 161 Computer Security
Paxson Spring 2013 CS 161 Computer Security 3/14 Asymmetric cryptography Previously we saw symmetric-key cryptography, where Alice and Bob share a secret key K. However, symmetric-key cryptography can
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 8 September 28, 2015 CPSC 467, Lecture 8 1/44 Chaining Modes Block chaining modes Extending chaining modes to bytes Public-key Cryptography
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationA Combined Encryption Compression Scheme Using Chaotic Maps
BULGARIAN ACADEMY OF SCIENCES CYBERNETICS AND INFORMATION TECHNOLOGIES Volume 13, No 2 Sofia 2013 Print ISSN: 1311-9702; Online ISSN: 1314-4081 DOI: 10.2478/cait-2013-0016 A Combined Encryption Compression
More informationECE 646 Fall 2009 Final Exam December 15, Multiple-choice test
ECE 646 Fall 2009 Final Exam December 15, 2009 Multiple-choice test 1. (1 pt) Parallel processing can be used to speed up the following cryptographic transformations (please note that multiple answers
More informationCryptography: More Primitives
Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital
More informationINTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET)
INTERNATIONAL JOURNAL OF ELECTRONICS AND COMMUNICATION ENGINEERING & TECHNOLOGY (IJECET) International Journal of Electronics and Communication Engineering & Technology (IJECET), ISSN 0976 ISSN 0976 6464(Print)
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationCS Network Security. Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA.
CS 393 - Network Security Nasir Memon Polytechnic University Module 7 Public Key Cryptography. RSA. Course Logistics Homework 2 revised. Due next Tuesday midnight. 2/26,28/02 Module 7 - Pubic Key Crypto
More informationRSA (Rivest Shamir Adleman) public key cryptosystem: Key generation: Pick two large prime Ô Õ ¾ numbers È.
RSA (Rivest Shamir Adleman) public key cryptosystem: Key generation: Pick two large prime Ô Õ ¾ numbers È. Let Ò Ô Õ. Pick ¾ ½ ³ Òµ ½ so, that ³ Òµµ ½. Let ½ ÑÓ ³ Òµµ. Public key: Ò µ. Secret key Ò µ.
More informationA nice outline of the RSA algorithm and implementation can be found at:
Cryptography Lab: RSA Encryption and Decryption Lab Objectives: After this lab, the students should be able to Explain the simple concepts of encryption and decryption to protect information in transmission.
More informationUzzah and the Ark of the Covenant
Uzzah and the Ark of the Covenant And when they came to the threshing floor of Chidon, Uzzah put out his hand to take hold of the ark, for the oxen stumbled. 10 And the anger of the LORD was kindled against
More informationSome Stuff About Crypto
Some Stuff About Crypto Adrian Frith Laboratory of Foundational Aspects of Computer Science Department of Mathematics and Applied Mathematics University of Cape Town This work is licensed under a Creative
More informationUNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 10 Digital Signatures Israel Koren ECE597/697 Koren Part.10.1 Content of this part
More informationSecret Sharing With Trusted Third Parties Using Piggy Bank Protocol
Secret Sharing With Trusted Third Parties Using Piggy Bank Protocol Adnan Memon Abstract This paper presents a new scheme to distribute secret shares using two trusted third parties to increase security
More informationPublic Key Encryption
Public Key Encryption A case study THE RSA CRYPTOSYSTEM Public 31/05/14 Key Encryption 2 Rivest Shamir Adleman (1978) Key generation 1. Generate two large, distinct primes p, q (100 200 decimal digits)
More informationDigital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2
Digital Signatures KG November 3, 2017 Contents 1 Introduction 1 2 Digital Signatures 2 3 Hash Functions 3 3.1 Attacks.................................... 4 3.2 Compression Functions............................
More informationLecture 2 Algorithms with numbers
Advanced Algorithms Floriano Zini Free University of Bozen-Bolzano Faculty of Computer Science Academic Year 2013-2014 Lecture 2 Algorithms with numbers 1 RSA Algorithm Why does RSA work? RSA is based
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationA Mathematical Proof. Zero Knowledge Protocols. Interactive Proof System. Other Kinds of Proofs. When referring to a proof in logic we usually mean:
A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. Zero Knowledge Protocols 3. Each statement is derived via the derivation rules.
More informationZero Knowledge Protocols. c Eli Biham - May 3, Zero Knowledge Protocols (16)
Zero Knowledge Protocols c Eli Biham - May 3, 2005 442 Zero Knowledge Protocols (16) A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms.
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 6 Introduction to Public-Key Cryptography ver. November 18, 2010 These
More informationCrypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion
Crypto Basics Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion 1 What is a cryptosystem? K = {0,1} l P = {0,1} m C = {0,1} n, C C E: P K C D: C
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationDavenport University ITS Lunch and Learn February 2, 2012 Sneden Center Meeting Hall Presented by: Scott Radtke
Davenport University ITS Lunch and Learn February 2, 2012 Sneden Center Meeting Hall Presented by: Scott Radtke A discussion on the mathematics behind coding and decoding using RSA Public-Key Cryptography.
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Misconceptions Concerning Public-Key Encryption Public-key encryption is more secure from
More informationPart VI. Public-key cryptography
Part VI Public-key cryptography Drawbacks with symmetric-key cryptography Symmetric-key cryptography: Communicating parties a priori share some secret information. Secure Channel Alice Unsecured Channel
More informationCHAPTER 6 A SECURE FAST 2D-DISCRETE FRACTIONAL FOURIER TRANSFORM BASED MEDICAL IMAGE COMPRESSION USING SPIHT ALGORITHM WITH HUFFMAN ENCODER
115 CHAPTER 6 A SECURE FAST 2D-DISCRETE FRACTIONAL FOURIER TRANSFORM BASED MEDICAL IMAGE COMPRESSION USING SPIHT ALGORITHM WITH HUFFMAN ENCODER 6.1. INTRODUCTION Various transforms like DCT, DFT used to
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationCryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland
Cryptographic Primitives and Protocols for MANETs Jonathan Katz University of Maryland Fundamental problem(s) How to achieve secure message authentication / transmission in MANETs, when: Severe resource
More informationRSA (algorithm) History
RSA (algorithm) RSA is an algorithm for public-key cryptography that is based on the presumed difficulty of factoring large integers, the factoring problem. RSA stands for Ron Rivest, Adi Shamir and Leonard
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationCryptographic protocols
Cryptographic protocols Lecture 3: Zero-knowledge protocols for identification 6/16/03 (c) Jussipekka Leiwo www.ialan.com Overview of ZK Asymmetric identification techniques that do not rely on digital
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 13 Digital Signatures To guard against the baneful influence exerted by strangers is therefore an elementary dictate of savage
More informationInternational Journal of Scientific Research and Reviews
Research article Available online www.ijsrr.org ISSN: 2279 0543 International Journal of Scientific Research and Reviews Asymmetric Digital Signature Algorithm Based on Discrete Logarithm Concept with
More informationThreshold Paillier and Naccache-Stern Cryptosystems Based on Asmuth-Bloom Secret Sharing
Threshold Paillier and Naccache-Stern Cryptosystems Based on Asmuth-Bloom Secret Sharing Kamer Kaya 1, Baha Güçlü Dündar 2, Said Kalkan 1, and Ali Aydın Selçuk 1 1 Department of Computer Engineering Bilkent
More informationImplementing Cryptography: Good Theory vs. Bad Practice
Implementing Cryptography: Good Theory vs. Bad Practice Viet Pham Information Security Group, Department of Mathematics Royal Holloway, University of London Outline News report What is cryptography? Why
More informationUsing Commutative Encryption to Share a Secret
Using Commutative Encryption to Share a Secret Saied Hosseini Khayat August 18, 2008 Abstract It is shown how to use commutative encryption to share a secret. Suppose Alice wants to share a secret with
More informationReduced Memory Meet-in-the-Middle Attack against the NTRU Private Key
Reduced Memory Meet-in-the-Middle Attack against the NTRU Private Key Christine van Vredendaal Eindhoven, University of Technology c.v.vredendaal@tue.nl Twelfth Algorithmic Number Theory Symposium University
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More information