Linux Kernel Cryptographic API for fun and profit
|
|
- Elvin Simon
- 6 years ago
- Views:
Transcription
1 Linux Kernel Cryptographic API for fun and profit Gilad Ben-Yossef Gilad Ben-Yossef
2 About me My name is Gilad Ben-Yossef. I work on upstream Linux kernel cryptography and security in general and arm TrustZone CryptoCell support in particular. I m working in various forms with and on the Linux kernel and other Open Source projects for close to twenty years i.e. I m an old bugger I co-authored Building Embedded Linux Systems 2nd edition from O Reilly. I m a co-founder of HaMakor, an Israeli NPO for free and open source software and of August Penguin, the longest running Israeli FOSS conference. 2
3 Dedication May these teaching serve to free men and women from tyranny, oppression and suffering. How long do you want these messages to remain secret? I want them to remain secret for as long as men are capable of evil. Neal Stephenson, Cryptonomicon 3
4 4
5 Act I Alice, meet Bob A (very) short introduction to Cryptography 5
6 Symmetric Encryption K K P: Plain text C: Cipher text K: Key E: Encryption D: Decryption P E C C D P C = E(k, P) P = D(k, C) E is a function that takes a key and a block of plain text * and outputs a block of random looking cipher text *. D is the inverse function to D which takes the random looking cipher text * and the same key as input and outputs the original plain text *. 6 * Which doesn t have to be and often isn t text but rather binary data.
7 Block Ciphers Break down message to blocks, encrypt each block using the key P: Plain text C: Cipher text K: Key E: Encryption D: Decryption P = P 1 P 2 P i P n E k E k E k E k C = C 1 C 2 C i C n Examples: DES, 3DES, AES 7 Deprecated: do not use algorithms mark like these for anything new.
8 The problem with block ciphers Identical plain text block yield identical cipher text blocks 8 Tux the Penguin, the Linux mascot. Created in 1996 by Larry Ewing with The GIMP. "Permission to use and/or modify this image is granted provided you acknowledge me lewing@isc.tamu.edu and The GIMP if someone asks. ECB Tux taken from Wikipedia: No Penguins were harmed during the making of this slide.
9 Modes of Operation Symmetric cryptographic functions E and D can be treated as black boxes. We can define different ways to use these black boxes to encrypt/decrypt our messages. These are referred to as the Modes of Operation of the symmetric cipher how we choose to use it. We previously saw the most basic mode of operation called Electronic Code Book mode, or ECB mode for short. Other modes of operations are defined that can, among other things, turn a block cipher into a stream cipher, thus making it more secure. 9
10 Cipher Chaining IV This is the Cipher Block Chaining mode, or CBC mode for short: P 1 P 2 P 2 P: Plain text C: Cipher text K: Key E: Encryption D: Decryption IV: Initial Vector C 0 = IV C i = Ek(P i C i-1 ) P i = Dk(C i ) C i-1 K E K E K E C 1 C 2 C 2 Each cipher block is dependent on the key and the previous blocks. Other operation modes include Output FeedBack, Cipher FeedBack and CounTeR modes. 10
11 Cryptographic Hashes (Digests) The ideal cryptographic hash function is: Deterministic Quick to compute Infeasible to generate a message from its hash value except by brute force A small change to a message changes the hash value so extensively that the new hash value appears uncorrelated with the old hash value Infeasible to find two different messages with the same hash value Regular hash function requirements 11 Examples: MD5, SHA1, SHA2, SHA3, SM3 Source: Wikipedia
12 Message Authentication Codes Message Authentication Code, or MAC for short, is a method for generating a value that is computed from a message and a secret (key) that can tells the recipient: That the message has not be changed from the way it was originally sent That the sender knows the secret (key) For example, this can be a (bad!) MAC built on top of a cryptographic hash function: MAC k (M) = H(K M) Example MACs: CBC-MAC, HMAC, GMAC 12
13 Hash Based Message Authentication Codes Where HMAC(K, m) = H((K opad) H(K ipad) m)) H is a cryptographic hash function, K is the secret key, m is the message to be authenticated, K' is another secret key, derived from the original key K (by padding K to the right with extra zeroes to the input block size of the hash function, or by hashing K if it is longer than that block size), denotes concatenation, denotes exclusive or (XOR), opad is the outer padding (0x5c5c5c 5c5c) ipad is the inner padding (0x ). 13 Source: Wikipedia
14 Authenticated Encryption Authenticated Encryption with Associated Data (AEAD) is a form of encryption which simultaneously provides confidentiality, integrity, and authenticity assurances on the data; decryption is combined in single step with integrity verification. These attributes are provided under a single, easy to use programming interface. An example of an AEAD in common use is Galois/Counter Mode, or GCM for short, shown in the picture above. GCM is considered a very efficient AEAD since it can produce both the cipher text and the MAC in a single pass on the data. 14
15 Public Key Encryption Public key cryptography, or asymmetrical cryptography, uses a pair of keys: Public keys which may be disseminated widely and Private keys which are known only to the owner. A public keys can encrypt a message only the private key can decrypt. The public key can authenticate a signature of a message generated by the private key. 15
16 Act II Here be Dragons - The Linux kernel Crypto API 16
17 Transformations A transformation is an algorithm that transforms data. A transformation can be a cipher (i.e. encryption and decryption), whether symmetric or asymmetric, a hash, compression of data, IV generation and random number generation TIP: this is the reason the handle to crypto API object is typically named tfm. A transformation implementation is a code module that registers with the kernel that can provide a transformation. It can be just code running on the CPU, code that uses a special instruction as part of the CPU or a driver to some piece of hardware off of the CPU. Multiple transformation implementation can exist that provide that same transformation. e.g. for an Arm CPU there might be five implementations of AES: the on-core implementations AES-CE, NEON, assembly and plain C and an off-core CryptoCell implementation. 17
18 Templates A transformation can be self contained (.e.g AES or SHA-2) but it can also be a template that works on another transformation: cts(aes) is AES working in Counter operation mode. hmac(sha256) is SHA 256 being used as an HMAC. Templates can be cascaded e.g. rfc4106(gcm(aes))) is AES in GCM operation mode as used in IPsec. Templates can also express generic implementation augmentation. For example cryptd(aes) refers to code that runs an AES implementation in parallel inside kernel threads on all the system CPUs in parallel. The same template works on multiple underlying transformations. e.g. cts(aes) and cts(3des) 18
19 Priorities and true names There can be multiple transformation implementation, including template implementation, which provided the exact same transformation E.g. aes-ni, aes-asm and aes-generic are three different AES implementation on x86_64 When you use a generic name (e.g. aes) to refer to a transformation, the Crypto API will provide you the implementation with the highest priority that matches your request, based on priority value provided by the implementation when they register with the Crypto API. As we will see ahead you can limit the Crypto API to ignore certain type of providers based on their properties as we will see ahead. If you want to refer to a specific implementation, use its driver name to refer to it. E.g. aes-ni forces the selection of the implementation that uses the AES-NI instruction. 19
20 /proc/crypto cat /proc/crypto name : crc32 driver : crc32-pclmul module : crc32_pclmul priority : 200 refcnt : 1 selftest : passed type : shash blocksize : 1 digestsize : 4 Generic name Driver s name Priority name : xts(aes) driver : xts-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed type : ablkcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 geniv : <default> 20
21 /proc/crypto continued cat /proc/crypto grep name name : crc32 name : xts(aes) name : lrw(aes) name : xts-aes-aesni name : lrw-aes-aesni name : pcbc(aes) name : rfc4106(gcm(aes)) name : gcm-aes-aesni name : ctr(aes) name : ctr-aes-aesni name : cbc(aes) name : ecb-aes-aesni name : ecb(aes) name : cbc-aes-aesni name : ecb-aes-aesni name : aes-aesni name : aes name : aes name : crct10dif name : crct10dif name : crc32c name : stdrng name : lzo name : aes name : sha1 name : md5 We have 3 different implementations of AES We can use AES in 7 different operation modes 21
22 Synchronous versus Asynchronous A transformation s implementation may be either synchronous or asynchronous. Synchronous implementations: Run wholly on the CPU itself in a synchronous fashion (take CPU cycles during all the run) Access virtual memory using the CPU MMU mechanism Asynchronous implementations: MAY be implemented using off-cpu resources (i.e. typically dedicated hardware), or not MAY access memory via DMA and not have access to MMU, or not. In fact, synchronous implementation are a sub group of asynchronous ones! e.g. cryptd(aes-ni) turns the synchronous aes-ni implementation into an asynchronous implementation by running it on several cores in parallel. You can limit yourself to working only with synchronous implementations by passing the CRYPTO_ALG_ASYNC flag to allocation calls. 22
23 Backlog Transformation implementations have a certain capacity for in flight requests i.e. descriptor ring space, hardware FIFO etc. If you pass the CRYPTO_TFM_REQ_MAY_BACKLOG flag to callback setting API call, you will allow the implementation provider to queue up back log word to a software queue if it doesn t have enough capacity. If this happens, your callback function will be called twice: Once with err set to EINPROGRESS to indicate it got queued off of the backlog. A second time when it is actually processed The kernel now has a generic implementation of this mechanism for transformation providers can use to implement this. However, the author believes it is currently buggy and is working to fix it 23
24 API Typical Life Cycle 1. Allocate a transformation object (tfm) 2. Get properties of the transformation chosen by the kernel (e.g. digest size) 3. Set global transformation properties (e.g. encryption key) 4. Allocate a request object 5. Set request specific parameters, such as GFP flags and callback function to call when operation finish 6. Initialize the request 7. Feed data (e.g. buffers to encrypt or hash) 8. Finalize (e.g. read final HMAC value) 9. Free request object 10. Free transformation object 24
25 Symmetric cryptography code example I struct tcrypt_result { struct completion completion; int err; }; /* tie all data structures together */ struct skcipher_def { struct scatterlist sg; struct crypto_skcipher *tfm; struct skcipher_request *req; struct tcrypt_result result; }; /* Callback function */ static void test_skcipher_cb(struct crypto_async_request *req, int error) { struct tcrypt_result *result = req->data; } if (error == -EINPROGRESS) return; result->err = error; complete(&result->completion); pr_info("encryption finished successfully\n"); /* Perform cipher operation */ static unsigned int test_skcipher_encdec(struct skcipher_def *sk, int enc) { int rc = 0; if (enc) rc = crypto_skcipher_encrypt(sk->req); else rc = crypto_skcipher_decrypt(sk->req); switch (rc) { case 0: break; case -EINPROGRESS: case -EBUSY: rc = wait_for_completion_interruptible( &sk->result.completion); if (!rc &&!sk->result.err) { reinit_completion(&sk->result.completion); break; } default: pr_info("skcipher encrypt returned with %d result %d\n", rc, sk->result.err); break; } init_completion(&sk->result.completion); 25 } return rc;
26 Symmetric cryptography code example II /* Initialize and trigger cipher operation */ static int test_skcipher(void) { struct skcipher_def sk; struct crypto_skcipher *skcipher = NULL; struct skcipher_request *req = NULL; char *scratchpad = NULL; char *ivdata = NULL; unsigned char key[32]; int ret = -EFAULT; skcipher = crypto_alloc_skcipher("cbc-aes-aesni", 0, 0); if (IS_ERR(skcipher)) { pr_info("could not allocate skcipher handle\n"); return PTR_ERR(skcipher); } req = skcipher_request_alloc(skcipher, GFP_KERNEL); if (!req) { pr_info("could not allocate skcipher request\n"); ret = -ENOMEM; goto out; } skcipher_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, test_skcipher_cb, &sk.result); /* AES 256 with random key */ get_random_bytes(&key, 32); if (crypto_skcipher_setkey(skcipher, key, 32)) { pr_info("key could not be set\n"); ret = -EAGAIN; goto out; } /* IV will be random */ ivdata = kmalloc(16, GFP_KERNEL); if (!ivdata) { pr_info("could not allocate ivdata\n"); goto out; } get_random_bytes(ivdata, 16); /* Input data will be random */ scratchpad = kmalloc(16, GFP_KERNEL); if (!scratchpad) { pr_info("could not allocate scratchpad\n"); goto out; } get_random_bytes(scratchpad, 16); sk.tfm = skcipher; sk.req = req; 26
27 Symmetric cryptography code example III /* We encrypt one block */ sg_init_one(&sk.sg, scratchpad, 16); skcipher_request_set_crypt(req, &sk.sg, &sk.sg, 16, ivdata); init_completion(&sk.result.completion); /* encrypt data */ ret = test_skcipher_encdec(&sk, 1); if (ret) goto out; pr_info("encryption triggered successfully\n"); out: if (skcipher) crypto_free_skcipher(skcipher); if (req) skcipher_request_free(req); if (ivdata) kfree(ivdata); if (scratchpad) kfree(scratchpad); return ret; } 27
28 API documentation and code examples Documentation/crypto or 28
29 Pitfalls to look out for This call requests only synchronous implementations tfm = crypto_alloc_ahash("md5", 0, CRYPTO_ALG_ASYNC); Yes, it s totally backwards the mask flag masks out the async. Implementations! If you see code that passes NULL as a callback like the following, it s probably used the mask flag (see above) to request only synchronous implementations: ahash_request_set_callback(req, 0, NULL, NULL); Remember that operation may complete synchronously or asynchronously based on the transformation provider discretion only and you need to handle both cases! Don t ignore the err parameter of the callback. Remember that if you passed the CRYPTO_TFM_REQ_MAY_BACKLOG flag when setting the callback, your callback may be called twice. Even the request init function might sometime complete asynchronously. 29
30 Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 30
31 Auxiliary Slides
32 DM-Crypt and DM-Verity Protecting your file systems 32 from the scum of the universe
33 DM-Crypt dm-crypt is a transparent disk encryption subsystem in Linux It is part of the device mapper infrastructure, and uses cryptographic routines from the kernel's Crypto API. dm-crypt was designed to support advanced modes of operation, such as XTS, LRW and ESSIV, in order to avoid watermarking attacks. dm-crypt is implemented as a device mapper target and may be stacked on top of other device mapper transformations. It can thus encrypt whole disks (including removable media), partitions, software RAID volumes, logical volumes, as well as files. It appears as a block device, which can be used to back file systems, swap or as an LVM physical volume. It is used by Android devices to implement Full Disk Encryption. 33
34 Simple dm-crypt setup example # cryptsetup luksformat fs3.img # cryptsetup open --type luks fs3.img croot # mke2fs /dev/mapper/croot # mount -t ext2 /dev/mapper/croot /media # umount /media/ # cryptsetup close croot This examples uses AES in XTS operating mode to protect a loopback mounted partition file. Make sure to remember your chosen key or your data is lost! 34
35 DM-Verity Device-Mapper's "verity" target provides transparent integrity checking of block devices using a cryptographic digest provided by the kernel crypto API. T This target is read-only. dm-verity helps prevent persistent rootkits that can hold onto root privileges and compromise devices. The dm-verity feature lets you look at a block device, the underlying storage layer of the file system, and determine if it matches its expected configuration. It does this using a cryptographic hash tree. For every block (typically 4k), there is a SHA256 hash. Dm-verity can optionally FEC to protect against hash data corruptions. DM-Verity is used by Android devices. 35
36 How does DM-Verity work? Dm-verity uses a Merkle tree of storage blocks to protect the integrity of the read only data on the storage device, in a way that the integrity can be evaluated in a lazy fashion during runtime instead of pre-mount time. It needs a singular trusted root hash to achieve security 36
37 Simple dm-verity setup example # veritysetup format filesystem.img signature.img # veritysetup create vroot filesystem.img signature.img \ ffa0a985fd78462d95c9b1ae7c9e49 5e3f13c10e b8ed28 # mount -t ext2 /dev/mapper/vroot /media/ # umount /media # veritysetup remove vroot This examples uses SHA 256 to protect the integrity of the loopback file system provided the root hash is secure. 37
38 The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. 38
Confessions of a security hardware driver maintainer
Confessions of a security hardware driver maintainer Gilad Ben-Yossef Principal Software Engineer About me My name is Gilad Ben-Yossef. I work on upstream Linux kernel cryptography and security in genera,l
More informationProtecting your system from the scum of the universe
Protecting your system from the scum of the universe Gilad Ben-Yossef gilad@benyossef.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on applied cryptography and security of the upstream
More informationProtecting your system from the scum of the universe
Protecting your system from the scum of the universe Gilad Ben-Yossef gilad@benyossef.com Twitter: @giladby About me My name is Gilad Ben-Yossef. I work on applied cryptography and security of the upstream
More informationPOWER7+ Accelerated Encryption and Random Number Generation for Linux
POWER7+ Accelerated Encryption and Random Number Generation for Linux Kent Yoder IBM Linux Technology Center February 22, 2013 Contents 1 Introduction 2 2 Hardware Architecture
More informationData Integrity. Modified by: Dr. Ramzi Saifan
Data Integrity Modified by: Dr. Ramzi Saifan Encryption/Decryption Provides message confidentiality. Does it provide message authentication? 2 Message Authentication Bob receives a message m from Alice,
More informationWriting drivers for the Linux Crypto subsystem
May 18, 2014 Marek Vasut Software engineer at DENX S.E. since 2011 Embedded and Real-Time Systems Services, Linux kernel and driver development, U-Boot development, consulting, training. Versatile Linux
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationCryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 12 Message Authentication Codes At cats' green on the Sunday he took the message from
More informationMessage Authentication Codes and Cryptographic Hash Functions
Message Authentication Codes and Cryptographic Hash Functions Readings Sections 2.6, 4.3, 5.1, 5.2, 5.4, 5.6, 5.7 1 Secret Key Cryptography: Insecure Channels and Media Confidentiality Using a secret key
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lecture 18: Cryptographic hash functions, Message authentication codes Functions Definition Given two sets, X and Y, a function f : X Y (from set X to set Y), is
More informationRefresher: Applied Cryptography
Refresher: Applied Cryptography (emphasis on common tools for secure processors) Chris Fletcher Fall 2017, 598 CLF, UIUC Complementary reading Intel SGX Explained (ISE) Victor Costan, Srini Devadas https://eprint.iacr.org/2016/086.pdf
More informationUnit 8 Review. Secure your network! CS144, Stanford University
Unit 8 Review Secure your network! 1 Basic Problem Internet To first approximation, attackers control the network Can snoop, replay, suppress, send How do we defend against this? Communicate securely despite
More informationCryptographic hash functions and MACs
Cryptographic hash functions and MACs Myrto Arapinis School of Informatics University of Edinburgh October 05, 2017 1 / 21 Introduction Encryption confidentiality against eavesdropping 2 / 21 Introduction
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationUses of Cryptography
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can
More informationIntegrity of messages
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 106 Integrity of messages Goal: Ensure change of message by attacker can be detected Key tool: Cryptographic hash function Definition
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationStorage encryption... what about data integrity?
Centre for Research on Cryptography and Security Storage encryption... what about data integrity? Milan Brož mbroz@redhat.com DevConf, Brno January 28, 2017 Agenda Data integrity what it is? Encryption
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationA hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 5 5.1 A hash function is an efficient function mapping binary strings of arbitrary length to binary strings of fixed length (e.g. 128 bits), called the hash-value
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationCryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015
Cryptographic Hash Functions Rocky K. C. Chang, February 5, 2015 1 This set of slides addresses 2 Outline Cryptographic hash functions Unkeyed and keyed hash functions Security of cryptographic hash functions
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n n A tremendous tool The basis for many security mechanisms Is not n n n n The solution to all security problems Reliable unless implemented properly Reliable
More informationCryptographic Hash Functions
ECE458 Winter 2013 Cryptographic Hash Functions Dan Boneh (Mods by Vijay Ganesh) Previous Lectures: What we have covered so far in cryptography! One-time Pad! Definition of perfect security! Block and
More informationThe Linux Kernel Cryptographic API
Published on Linux Journal (http://www.linuxjournal.com) The Linux Kernel Cryptographic API By James Morris Created 2003-04-01 02:00 This article provides a brief overview of the new cryptographic API
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (receiver) Fran
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationCryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security
Recall from last lecture Cryptography To a first approximation, attackers control network Next two lectures: How to defend against this 1. Communicate securely despite insecure networks cryptography 2.
More informationAndroid Bootloader and Verified Boot
Android Bootloader and Verified Boot Lecture 7 Security of Mobile Devices 2018 SMD Android Bootloader and Verified Boot, Lecture 7 1/38 Bootloader Recovery Verified Boot Bibliography SMD Android Bootloader
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 4 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Announcements Homework 2, assigned. Due Friday, January
More informationCS 111. Operating Systems Peter Reiher
Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources Operating Systems Peter Reiher Page 1 Outline Basic concepts in computer security Design principles for security
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationCS 161 Computer Security. Week of September 11, 2017: Cryptography I
Weaver Fall 2017 CS 161 Computer Security Discussion 3 Week of September 11, 2017: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric key
More informationMore on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017
More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017 Page 1 Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of cryptography Symmetric
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationOracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of
More information6 Cryptographic Operations API
118/202 TEE Internal API Specification Public Release v1.0 6 Cryptographic Operations API This part of the Cryptographic API defines how to actually perform cryptographic operations: Cryptographic operations
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography! Is n A tremendous tool n The basis for many security mechanisms! Is not n The solution to all security problems n Reliable unless implemented properly n Reliable
More informationAn Introduction to Key Management for Secure Storage. Walt Hubis, LSI Corporation
An Introduction to Key Management for Secure Storage Walt Hubis, LSI Corporation SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationLecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security CHF-s are used for many authentication, integrity, digital
More informationLecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security In crypto, CHF instantiates a Random Oracle paradigm In security,
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationCrypto Library. Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved.
Crypto Library Microchip Libraries for Applications (MLA) Copyright (c) 2012 Microchip Technology Inc. All rights reserved. MLA - Crypto Library Help Table of Contents 1 Crypto Library 6 1.1 Introduction
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationNew Approaches to Connected Device Security
New Approaches to Connected Device Security Erik Jacobson Architecture Marketing Director Arm Arm Techcon 2017 - If you connect it to the Internet, someone will try to hack it. - If what you put on the
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security MAC, HMAC, Hash functions and DSA Vinod Ganapathy Lecture 6 Message Authentication message authentication is concerned with: protecting the integrity of a message validating
More informationSecure Storage with Encrypted file systems
2018/02/18 01:06 1/10 Secure Storage with Encrypted file systems Secure Storage with Encrypted file systems Encryption is done through dm-crypt using LUKS as the key setup using kernel crypto API. Linux
More informationAuthenticated Encryption
18733: Applied Cryptography Anupam Datta (CMU) Authenticated Encryption Online Cryptography Course Authenticated Encryption Active attacks on CPA-secure encryption Recap: the story so far Confidentiality:
More informationNetwork and System Security
Network and System Security Lecture 5 2/12/2013 Hashes and Message Digests Mohammad Almalag 1 Overview 1. What is a cryptographic hash? 2. How are hashes used? 3. One-Way Functions 4. Birthday Problem
More informationCryptology complementary. Symmetric modes of operation
Cryptology complementary Symmetric modes of operation Pierre Karpman pierre.karpman@univ-grenoble-alpes.fr https://www-ljk.imag.fr/membres/pierre.karpman/tea.html 2018 05 03 Symmetric modes 2018 05 03
More informationIntroduction to Cryptography in Blockchain Technology. December 23, 2018
Introduction to Cryptography in Blockchain Technology December 23, 2018 What is cryptography? The practice of developing protocols that prevent third parties from viewing private data. Modern cryptography
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationSecurity features for UBIFS. Richard Weinberger sigma star gmbh
Richard Weinberger sigma star gmbh /me Richard Weinberger Co-founder of sigma star gmbh Linux kernel developer and maintainer Strong focus on Linux kernel, lowlevel components, virtualization, security
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationTungsten Security Whitepaper
Tungsten Labs UG (haftungsbeschränkt) Email: contact@tungsten-labs.com Web: http://tungsten-labs.com Monbijouplatz 5, 10178 Berlin Tungsten Security Whitepaper Berlin, May 2018 Version 1 Contents Introduction
More informationCRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext
CRYPTOLOGY CRYPTOGRAPHY KEY MANAGEMENT CRYPTANALYSIS Cryptanalytic Brute-Force Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext 58 Types of Cryptographic Private key (Symmetric) Public
More informationCryptographic Hash Functions
Cryptographic Hash Functions Cryptographic Hash Functions A cryptographic hash function takes a message of arbitrary length and creates a message digest of fixed length. Iterated Hash Function A (compression)
More informationAuthenticated Encryption in TLS
Authenticated Encryption in TLS Same modelling & verification approach concrete security: each lossy step documented by a game and a reduction (or an assumption) on paper Standardized complications - multiple
More informationAES Cryptosystem Acceleration Using Graphics Processing Units. Ethan Willoner Supervisors: Dr. Ramon Lawrence, Scott Fazackerley
AES Cryptosystem Acceleration Using Graphics Processing Units Ethan Willoner Supervisors: Dr. Ramon Lawrence, Scott Fazackerley Overview Introduction Compute Unified Device Architecture (CUDA) Advanced
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (reciever) Fran
More informationChapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationIntel R Integrated Performance Primitives. Cryptography Guide. Andrzej Chrzȩszczyk Jakub Chrzȩszczyk
Intel R Integrated Performance Primitives Cryptography Guide Andrzej Chrzȩszczyk Jakub Chrzȩszczyk November, 2010 Foreword The aim of this document is to make the first steps in using the IPP cryptography
More informationVPN Overview. VPN Types
VPN Types A virtual private network (VPN) connection establishes a secure tunnel between endpoints over a public network such as the Internet. This chapter applies to Site-to-site VPNs on Firepower Threat
More informationFIPS Security Policy
FIPS 140-2 Security Policy BlackBerry Cryptographic Library Version 2.0.0.10 Document Version 1.2 BlackBerry Certifications, Research In Motion This document may be freely copied and distributed provided
More informationSecurity IP-Cores. AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing. l e a d i n g t h e w a y
AES Encryption & decryption RSA Public Key Crypto System H-MAC SHA1 Authentication & Hashing l e a d i n g t h e w a y l e a d i n g t h e w a y Secure your sensitive content, guarantee its integrity and
More informationHow many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?
Homework 1. Come up with as efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. 2. Token cards display a number that
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More information18-642: Cryptography 11/15/ Philip Koopman
18-642: Cryptography 11/15/2017 Cryptography Overview Anti-Patterns for Cryptography Using a home-made cryptographic algorithm Using private key when public key is required Not considering key distribution
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationsymmetric cryptography s642 computer security adam everspaugh
symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcements Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationIntroduction to Symmetric Cryptography
Introduction to Symmetric Cryptography Tingting Chen Cal Poly Pomona 1 Some slides are from Dr. Cliff Zou. www.cs.ucf.edu/~czou/cis3360-12/ch08-cryptoconcepts.ppt Basic Cryptography Private Key Cryptography
More informationHash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18
Hash Function Guido Bertoni Luca Breveglieri Fundations of Cryptography - hash function pp. 1 / 18 Definition a hash function H is defined as follows: H : msg space digest space the msg space is the set
More informationSymantec Corporation
Symantec Corporation Symantec PGP Cryptographic Engine FIPS 140-2 Non-proprietary Security Policy Document Version 1.0.4 Revision Date 05/01/2015 Symantec Corporation, 2015 May be reproduced only in its
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationLecture 4: Hashes and Message Digests,
T-79.159 Cryptography and Data Security Lecture 4: Hashes and Message Digests Helsinki University of Technology mjos@tcs.hut.fi 1 Cryptographic hash functions Maps a message M (a bit string of arbitrary
More information