Components for Building Secure Decentralized Networks
|
|
- Aubrey Dalton
- 6 years ago
- Views:
Transcription
1 Components for Building Secure Decentralized Networks Christian Grothoff Technische Universität München Never doubt your ability to change the world. Glenn Greenwald
2 Where We Are
3 Where We Are
4 My Research and Development Agenda Make decentralized systems: by: Faster, more scalable Easier to develop, deploy and use Easier to evolve and extend Secure (privacy-preserving, censorship-resistant, available,...) designing secure network protocols implementing secure software following and evolving best practices creating tools to support developers
5 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer
6 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer HTTPS/TCP/WLAN/...
7 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
8 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
9 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer Mesh (ECDHE+AES) R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
10 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNU Name System Mesh (ECDHE+AES) R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
11 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer RegEx/PSYC GNU Name System Mesh (ECDHE+AES) R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
12 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNUnet RegEx/PSYC GNU Name System Mesh (ECDHE+AES) R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
13 The GNU Name System 1 Properties of GNS Decentralized name system with secure memorable names Delegation used to achieve transitivity Also supports globally unique, secure identifiers Achieves query and response privacy Provides alternative public key infrastructure Interoperable with DNS Uses for GNS in GNUnet Identify IP services hosted in the P2P network Identities in social networking applications 1 Joint work with Martin Schanzenbach and Matthias Wachs
14 Zone Management: like in DNS
15 Name resolution in GNS Local Zone: K Bob pub www A Bob Bob's webserver K Bob priv Bob can locally reach his webserver via
16 Secure introduction Bob Builder, Ph.D. Address: Country, Street Name 23 Phone: Mobile: Mail: Bob gives his public key to his friends, possibly via QR code
17 Delegation Alice learns Bob s public key Alice creates delegation to zone bob Alice can reach Bob s webserver via
18 Name Resolution DHT Bob Alice Bob 8FS7. www A Alice A47G. bob PKEY 8FS7.
19 Name Resolution 0 PUT 8FS7-www: DHT Bob Alice Bob 8FS7. www A Alice A47G. bob PKEY 8FS7.
20 Name Resolution 0 PUT 8FS7-www: DHT 1 Bob Alice Bob Alice 8FS7. A47G. www A bob PKEY 8FS7.
21 Name Resolution 0 PUT 8FS7-www: DHT 1 Bob Alice 2 'bob'? Bob 8FS7. www A Alice A47G. bob PKEY 8FS7.
22 Name Resolution 0 PUT 8FS7-www: DHT 1 Bob Alice 3 PKEY 8FS7! 2 'bob'? Bob 8FS7. www A Alice A47G. bob PKEY 8FS7.
23 Name Resolution 0 PUT 8FS7-www: DHT 4 8FS7-www? 1 Bob Alice 3 PKEY 8FS7! 2 'bob'? Bob 8FS7. www A Alice A47G. bob PKEY 8FS7.
24 Name Resolution 0 PUT 8FS7-www: DHT 4 8FS7-www? 1 Bob 5 A ! Alice 3 PKEY 8FS7! 2 'bob'? Bob 8FS7. www A Alice A47G. bob PKEY 8FS7.
25 GNS as PKI (via DANE/TLSA)
26 Query Privacy: Terminology G generator in ECC curve, a point n size of ECC group, n := G, n prime x private ECC key of zone ( Z n ) P public key of zone, a point P := xg l label for record in a zone ( Z n ) R P,l q P,l B P,l set of records for label l in zone P query hash (hash code for DHT lookup) block with information for label l in zone P published in the DHT under q P,l
27 Query Privacy: Cryptography Publishing B under q P,l := H(dG) h : = H(l, P) (1) d : = h x mod n (2) B P,l : = S d (E HKDF (l,p) (R P,l )), dg (3)
28 Query Privacy: Cryptography Publishing B under q P,l := H(dG) h : = H(l, P) (1) d : = h x mod n (2) B P,l : = S d (E HKDF (l,p) (R P,l )), dg (3) Searching for l in zone P h = H(l, P) (4) q P,l = H(dG) = H(hxG) = H(hP) obtain B P,l (5) R P,l = D HKDF (l,p) (B P,l ) (6)
29 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNUnet RegEx/PSYC GNS Mesh (ECDHE+AES) R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
30 PSYC2 for GNUnet Properties of PSYC2 Extensible syntax and semantics: try-and-slice pattern Supports stateful multicast Uses for PSYC2 in GNUnet P2P social networking foundation Push social profiles (state) to all recipients Replay from local database used as primary access method My data is stored on my machine
31 The Evolution Challenge 2 Features are frequently added to social applications Some require changes ( extensions ) to data formats and messages Centralized, browser-based networks can easily update to new version Decentralized systems must transition gracefully 2 Joint work with Carlo v. Loesch and Gabor Toth
32 Related Work: XML Extensible Markup Language Syntax is extensible Extensions have no semantics
33 PSYC We are working on PSYC2, the successor to PSYC: More compact, mostly human-readable, faster-to-parse relative of XML/JSON/XMPP PSYC messages consist of a state update and a method invocation PSYC includes interesting ideas for social networking: Stateful multicast History Difference-based updates PSYC addresses extensibility problem using try-and-slice pattern
34 PSYC State: Example The PSYC state is a set of key-value pairs where the names of keys use underscores to create an inheritance relationship: name name first name first chinese address address street address country The data format for each state is fixed for each top-level label.
35 PSYC Methods: Example A PSYC method has a name which follows the same structure as keys: message message private message public message public whisper message announcement message announcement anonymous Methods have access to the current state and a per-message bytestream.
36 The Try-and-Slice Pattern int msg (string method) { while (1) { switch (method) { case "_notice_update_news": // handle news update return 1; case "_notice": // handle generic notice return 1; case "_message": // handle generic message return 1; //... } int glyph = strrpos (method, _ ); if (glyph <= 1) break; truncate (method, glyph); } }
37 Advantages of Try-and-Slice Extensible, can support many applications Can be applied to state and methods Defines what backwards-compatible extensibility means: Can incrementally expand implementations by deepening coverage Incompatible updates = introduce new top-level methods
38 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNUnet RegEx/PSYC GNS Mesh (ECDHE+AES) R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
39 RegEx Search for GNUnet Properties of RegEx Search Capability discovery in DHT-based P2P networks using regular expressions Linear latency in the length of the search string Suitable for applications that can tolerate moderate latency Uses for RegEx in GNUnet Discovery of matching services, such as VPN exit nodes Topic-based subscriptions in messaging (decentralized MQTT)
40 Distributed Search via Regular Expressions: Idea 3 1. Offerer creates regular expression describing service 2. Regular expression is compiled to a DFA 3. DFA is stored in the DHT 4. Patron matches using a string Offerer Patron DFA Search string PUT GET DHT NFA 3 Joint work with Max Szengel, Ralph Holz, Bart Polot and Heiko Niedermayer
41 Problem: Mapping of States to Keys Regular expression (ab cd)e f and corresponding DFA e q0 a a b (ab cd)e* f (ab cd)e*f c c d h("(ab cd)e*") h("c") DHT h("a") h("(ab cd)e*f")
42 Problem: Merging of DFAs Regular expressions (ab cd)e f and (ab cd)e fg with corresponding DFAs e q0 a c a c b d (ab cd)e* f (ab cd)e*f e g q0 a c a c b d (ab cd)e* f (ab cd)e*fg*
43 Problem: Merging of DFAs Merged NFA for regular expressions (ab cd)e fg and (ab cd)e f e q0 a c a c b d (ab cd)e* f f (ab cd)e*f g (ab cd)e*fg*
44 Problem: Decentralizing the Start State Regular expression: abc defg h and k = 4. abcd ef g abcc c def c def abc*defg* h abc*defg*h q0 ab abc* abde f
45 Evaluation Implementation in GNUnet Profiling of Internet-scale routing using regular expressions to describe AS address ranges CAIDA AS data set: Real AS data
46 Evaluation AS / / / / / / / / /24 AS / / / / / /22 AS / / / /24 AS / / / / / / / / / / / /21 AS / / / / / / / / / /21 AS / / / / /22 AS / / / / /20 AS /24 AS / /24 AS / / / /24 AS / / /20 Distributed Hash Table
47 Evaluation: Results of Simulation (1) Number of transitions and states in the merged NFA # of transitions / states no compr Maximum path compression length transitions states Dataset: All 40, 696 ASes
48 Evaluation: Results of Simulation Degree of non-determinism at states in the merged NFA 1e+07 1e # states max path length 1 max path length degree of non-determinism max path length 4 max path length 6 3 max path length 8 max path length 16 Dataset: All 40, 696 ASes
49 Evaluation: Results of Simulation (3) % of states e-05 1e >= k out degree max. path compression length 6 max. path compression length 8 max. path compression length 16 Dataset: All 40, 696 ASes
50 Evaluation: Results of Emulation Search duration averaged over five runs with randomly connected peers % of matched strings ,000 peers 10 2,000 peers 4,000 peers Search duration in seconds
51 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNUnet News/Timeline Scalarproduct Mesh (ECDHE+AES) R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
52 Scalarproduct for GNUnet Properties of SMC Scalarproduct Scalarproduct over map on intersecting sets, not just vectors Privacy-preserving (but need to limit number of interactions) Relatively efficient in bandwidth and CPU usage Uses for Scalarproduct in GNUnet Collaborative filtering Maybe: collaborative attack detection
53 Background: Paillier We use the Paillier cryptosystem: E K (m) : = g m r n mod n 2, (7) D K (c) : = (cλ mod n 2 ) 1 n µ mod n (8) where the public key K = (n, g), m is the plaintext, c the ciphertext, n the product of p, q P of equal length, and g Z n 2. The private key is (λ, µ), which is computed from p and q as follows: λ : = lcm(p 1, q 1), (9) ( (g λ mod n 2 ) 1 ) 1 µ : = n mod n. (10)
54 Paillier offers additive homomorphism Paillier offers additive homomorphic public-key encryption, that is: for some public key K. E K (a) E K (b) E K (a + b) (11)
55 Background: Secure Multiparty Computation Alice and Bob have private inputs a i and b i. Alice and Bob run a protocol to jointly calculate f (a i, b i ). One of them learns the result. Adversary model: honest but curious
56 Secure Scalar Product Original idea by Ioannids et al. in 2002 (use: (a b) 2 = a 2 2ab + b 2 ) Refined by Amirbekyan et al. in 2007 (corrected math) Implemented with practical extensions in GNUnet (negative numbers, small numbers, concrete protocol, set intersection, implementation).
57 Preliminaries Alice has public key A and input map m A : M A Z. Bob has public key B and input map m B : M B Z. We want to calculate m A (i)m B (i) (12) i M A M B We first calculate M = M A M B. Define a i := m A (i) and b i := m B (i) for i M. Let s denote a shared static offset.
58 Network Protocol Alice transmits E A (s + a i ) for i M to Bob. Bob creates two random permutations π and π over the elements in M, and a random vector r i for i M and sends R : = E A (s + a π(i) ) E A (s r π(i) b π(i) ) (13) = E A (2 s + a π(i) r π(i) b π(i) ), (14) R : = E A (s + a π (i)) E A (s r π (i)) (15) = E A (2 s + a π (i) r π (i)), (16) S : = (r i + b i ) 2, (17) S : = r 2 i (18)
59 Decryption (1/3) Alice decrypts R and R and computes for i M: a π(i) b π(i) r π(i) = D A (R) 2 s, (19) ( a π (i) r π (i) = D A R ) 2 s, (20) which is used to calculate T : = ai 2 (21) i M U : = i M(a π(i) b π(i) r π(i) ) 2 (22) U : = i M(a π (i) r π (i)) 2 (23)
60 Decryption (2/3) She then computes P : = S + T + U ( = (b i + r i ) 2 + ai 2 + i M i M ) (a i b i r i ) 2 i M = ( (bi + r i ) 2 + ai 2 (a i b i r i ) 2) i M = 2 a i (b i + r i ). i M P : = S + T + U = ri 2 + ( ai 2 + ) (a i r i ) 2 i M i M i M = ( r 2 i + ai 2 (a i r i ) 2) = 2 a i r i. i M i M
61 Decryption (3/3) Finally, Alice computes the scalar product using: P P 2 = i M a i (b i + r i ) i M a i r i = i M a i b i. (24)
62 Our Vision Internet Google/Facebook DNS/X.509 TCP/UDP IP/BGP Ethernet Phys. Layer GNUnet News/Timeline Scalarproduct Mesh (ECDHE+AES) R 5 N DHT CORE (ECDHE+AES) HTTPS/TCP/WLAN/...
63 Future Work: Privacy-enhanced Gossple 1. Alice selects peers Bob 2. Alice and Bob compute scalar product similarity 3. Bob forwards news to Alice with ranking based on similarity 4. Alice constructs timeline, ranks news, and 5. adapts her forwarding (2) and peer selection (1)
64 Dimensions for ranking news quality Agreement (on opinion, highly subjective)
65 Dimensions for ranking news quality Agreement (on opinion, highly subjective) Presentation (use of language, formatting, graphics)
66 Dimensions for ranking news quality Agreement (on opinion, highly subjective) Presentation (use of language, formatting, graphics) Accuracy (use of scientific method, well-sourced)
67 Dimensions for ranking news quality Agreement (on opinion, highly subjective) Presentation (use of language, formatting, graphics) Accuracy (use of scientific method, well-sourced) Relevance (by topic need tags)
68 Components for Future Work Efficient set intersection (current design: O(n log n) with O(log n) rounds) Secure decentralized random peer selection Tagging system Reputation system for authors
69 More Open Issues Information leakage over time! Evaluation scenarios? Usability Social effects
70 Conclusion Decentralization is necessary Security and scalability are hard issues We need to build systems that address both!
71 Do you have any questions? References: Glenn Greenwald and Ewen MacAskill. NSA Prism program taps in to user data of Apple, Google and others. In The Guardian, June Nathan Evans and Christian Grothoff. R5N. Randomized Recursive Routing for Restricted-Route Networks. 5th International Conference on Network and System Security, M. Schanzenbach Design and Implementation of a Censorship Resistant and Fully Decentralized Name System. Master s Thesis (TUM), M. Szengel. Decentralized Evaluation of Regular Expressions for Capability Discovery in Peer-to-Peer Networks. Master s Thesis (TUM), 2012.
72 GNUnet: Framework Architecture dv consensus pt gns fs set exit vpn dns namestore datastore mesh tun regex dht topology nse datacache hostlist block core transport ats nat fragmentation peerinfo hello
73 GNUnet: Envisioned Applications secushare gns fs reuters psyc vpn exit voting messaging dotproduct core multicast consensus dht regex set mesh ats
74 Research Agenda Secure, scaleable multicast Practical secure multiparty computation Tool support for building distributed systems Secure routing, censorship circumvention
The GNU Name System and the Future of Social Networking with GNUnet
The GNU Name System and the Future of Social Networking with GNUnet Christian Grothoff Technische Universität München 24.08.2013 Never doubt your ability to change the world. Glenn Greenwald Cyberwar Presidential
More informationDecentralized Evaluation of Regular Expressions for Capability Discovery in Peer-to-Peer Networks
Decentralized Evaluation of Regular Expressions for Capability Discovery in Peer-to-Peer Networks Maximilian Szengel Advisors: C. Grothoff, R. Holz, H. Niedermayer, B. Polot Master s thesis Chair for Network
More informationThe GNU name system. Christian Grothoff Inria Rennes Bretagne Atlantique
The GNU name system Christian Grothoff Inria Rennes Bretagne Atlantique 11.7.2016 The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee Trouble at the root ICANN asserts cctlds are not
More informationPRISM and an Agenda for European Network Security Research
PRISM and an Agenda for European Network Security Research Another Turn of the Wheel: Mainframe, Desktop, Cloud, Peer Christian Grothoff Technische Universität München 02.07.2013 Never doubt your ability
More informationThe GNU Name System: A Public Key Infrastructure for Social Movements in the Age of Universal Surveillance
The GNU Name System: A Public Key Infrastructure for Social Movements in the Age of Universal Surveillance Christian Grothoff The GNUnet Project 28.04.2017 Never doubt your ability to change the world.
More informationTowards Secure Name Resolution on the Internet
Towards Secure Name Resolution on the Internet C. Grothoff M. Wachs M. Ermert J. Appelbaum 26.2.2017 The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee Security Goals for Name Systems
More informationSecure Name Resolution
Secure Name Resolution Christian Grothoff Berner Fachhochschule 10.11.2017 The Domain Name System is the Achilles heel of the Web. Tim Berners-Lee Background: Efficient Set Union (based on What s the difference?
More informationThe GNUnet. Decentralizing Privacy-Preserving Network Applications. Christian Grothoff, PhD (UCLA) November 17, 2017 BFH
The GNUnet Decentralizing Privacy-Preserving Network Applications Christian Grothoff, PhD (UCLA) BFH November 17, 2017 Part I: Goals Never doubt your ability to change the world. Glenn Greenwald Decentralizing
More informationGNUnet Distributed Data Storage
GNUnet Distributed Data Storage DHT and Distance Vector Transport Nathan S. Evans 1 1 Technische Universität München Department of Computer Science Network Architectures and Services July, 24 2010 Overview
More informationThe Internet is Broken: Idealistic Ideas for Building a NEWGNU Network. Christian Grothoff Bartlomiej Polot Carlo von Loesch. The GNUnet Project
The Internet is Broken: Idealistic Ideas for Building a NEWGNU Network Christian Grothoff Bartlomiej Polot Carlo von Loesch 1 Introduction The GNUnet Project The Internet is broken, by design. Recent revelations
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security The GNUnet Architecture Christian Grothoff Technische Universität München April 10, 2014 The architects who benefit us most maybe those generous enough to lay aside their
More informationHow Alice and Bob meet if they don t like onions
How Alice and Bob meet if they don t like onions Survey of Network Anonymisation Techniques Erik Sy 34th Chaos Communication Congress, Leipzig Agenda 1. Introduction to Anonymity Networks Anonymity Strategies
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationAnonymous Communications
Anonymous Communications Andrew Lewman andrew@torproject.org December 05, 2012 Andrew Lewman andrew@torproject.org () Anonymous Communications December 05, 2012 1 / 45 Who is this guy? 501(c)(3) non-profit
More informationS. Erfani, ECE Dept., University of Windsor Network Security
4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationEncrypted Data Deduplication in Cloud Storage
Encrypted Data Deduplication in Cloud Storage Chun- I Fan, Shi- Yuan Huang, Wen- Che Hsu Department of Computer Science and Engineering Na>onal Sun Yat- sen University Kaohsiung, Taiwan AsiaJCIS 2015 Outline
More informationAn Overview of Secure Multiparty Computation
An Overview of Secure Multiparty Computation T. E. Bjørstad The Selmer Center Department of Informatics University of Bergen Norway Prøveforelesning for PhD-graden 2010-02-11 Outline Background 1 Background
More informationCS November 2017
Distributed Systems 21. Delivery Networks () Paul Krzyzanowski Rutgers University Fall 2017 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance Flash
More informationSecuring Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh
Securing Distributed Computation via Trusted Quorums Yan Michalevsky, Valeria Nikolaenko, Dan Boneh Setting Distributed computation over data contributed by users Communication through a central party
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationDistributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017
Distributed Systems Fall 2017 Exam 3 Review Paul Krzyzanowski Rutgers University Fall 2017 December 11, 2017 CS 417 2017 Paul Krzyzanowski 1 Question 1 The core task of the user s map function within a
More informationCIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries
CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative
More informationAttribute Based Encryption with Privacy Protection in Clouds
Attribute Based Encryption with Privacy Protection in Clouds Geetanjali. M 1, Saravanan. N 2 PG Student, Department of Information Technology, K.S.R College of Engineering, Tiruchengode, Tamilnadu, India
More informationIntroduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.
Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:
More informationWatermark-Based Authentication and Key Exchange in Teleconferencing Systems
Watermark-Based Authentication and Key Exchange in Teleconferencing Systems Ulrich Rührmair a, Stefan Katzenbeisser b, Martin Steinebach c, and Sascha Zmudzinski c a Technische Universität München, Department
More informationCryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL Transpositional Ciphers-A Review Decryption 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Encryption 1 2 3 4 5 6 7 8 A G O O D F R I E N D I S A T R E
More informationDifferential Privacy
CPSC 426/526 Differential Privacy Ennan Zhai Computer Science Department Yale University Recall: Lec-11 In lec-11, we learned: - Cryptographic basics - Symmetric key cryptography - Public key cryptography
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationBuilding a Privacy-Preserving Semantic Overlay for Peer-to-Peer Networks
Building a Privacy-Preserving Semantic Overlay for Peer-to-Peer Networks Niels Zeilemaker #1, Zekeriya Erkin 2, Paolo Palmieri #3, Johan Pouwelse #4 # Parallel and Distributed Systems Group, Delft University
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security Introduction to GNUnet 0.9.x for Developers Christian Grothoff Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Technische Universität München April
More informationTrusted Intermediaries
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationPeer-to-Peer Systems and Security
Peer-to-Peer Systems and Security Attacks! Christian Grothoff Technische Universität München April 13, 2013 Salsa & AP3 Goal: eliminate trusted blender server Idea: Use DHT (AP3: Pastry, Salsa: custom
More informationSaarland University Faculty of Natural Sciences and Technology I Department of Computer Science. Masters Thesis
Saarland University Faculty of Natural Sciences and Technology I Department of Computer Science Masters Thesis Experimental Comparison of Byzantine Fault Tolerant Distributed Hash Tables submitted by Supriti
More informationThèse d habilitation à diriger des recherches Université de Rennes 1 Mention: Informatique. The GNUnet System. Christian Grothoff
1 Thèse d habilitation à diriger des recherches Université de Rennes 1 Mention: Informatique The GNUnet System Christian Grothoff Soutenue le 10 octobre 2017 devant le jury composé de Messieurs les Professeurs:
More informationFoundations of Cryptography CS Shweta Agrawal
Foundations of Cryptography CS 6111 Shweta Agrawal Course Information 4-5 homeworks (20% total) A midsem (25%) A major (35%) A project (20%) Attendance required as per institute policy Challenge questions
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationUsing Cryptography CMSC 414. October 16, 2017
Using Cryptography CMSC 414 October 16, 2017 Digital Certificates Recall: K pub = (n, e) This is an RSA public key How do we know who this is for? Need to bind identity to a public key We can do this using
More informationDistributed Knowledge Organization and Peer-to-Peer Networks
Knowledge Organization and Peer-to-Peer Networks Klaus Wehrle Group Chair of Computer Science IV RWTH Aachen University http://ds.cs.rwth-aachen.de 1 Organization of Information Essential challenge in?
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 7 January 30, 2012 CPSC 467b, Lecture 7 1/44 Public-key cryptography RSA Factoring Assumption Computing with Big Numbers Fast Exponentiation
More informationDistributed Privacy Preserving Data Collection using Cryptographic Techniques
Distributed Privacy Preserving Data Collection using Cryptographic Techniques Mingqiang Xue 1, Panagiotis Papadimitriou 2, Chedy Raïssi 1, Panos Kalnis 3 and Hung Keng Pung 1 1 Computer Science Department,
More informationCooperative Private Searching in Clouds
Cooperative Private Searching in Clouds Jie Wu Department of Computer and Information Sciences Temple University Road Map Cloud Computing Basics Cloud Computing Security Privacy vs. Performance Proposed
More informationPartitioning the Internet
Partitioning the Internet Matthias Wachs Christian Grothoff 1 Ramakrishna Thurimella 2 Technische Universität München 1 University of Denver 2 CRiSIS 2012, Cork, Ireland FSNSG (TUM) Partitioning the Internet
More informationCyber-Physical Chain (CPChain) Light Paper
Cyber-Physical Chain (CPChain) Light Paper Decentralized Infrastructure for Next Generation Internet of Things Cyber-Physical Chain (CPChain) Team December 10, 2017 Abstract Deeply integrating blockchain
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More information1 A Tale of Two Lovers
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Dec. 12, 2006 Lecture Notes 19 (expanded): Secure Two-Party Computation Recommended Reading. Goldreich Volume II 7.2.2, 7.3.2, 7.3.3.
More informationHarmony Open Consensus for 10B People
Harmony Open Consensus for 10B People @ 10M tx/sec, 100ms latency, 0.1% fee Let s build an open marketplace at Google-scale. To 1,000x the decentralized economy. By speed & incentives. 2 State of Research:
More informationIntroduction. Overview of Tor. How Tor works. Drawback of Tor s directory server Potential solution. What is Tor? Why use Tor?
Introduction 1 Overview of Tor What is Tor? Why use Tor? How Tor works Encryption, Circuit Building, Directory Server Drawback of Tor s directory server Potential solution Using DNS Security Extension
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationECE 646 Lecture 3. Key management
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationComputer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes
More informationPrivate Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes
Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationOn the Security of Group-based Proxy Re-encryption Scheme
On the Security of Group-based Proxy Re-encryption Scheme Purushothama B R 1, B B Amberker Department of Computer Science and Engineering National Institute of Technology Warangal Warangal, Andhra Pradesh-506004,
More informationContent Overlays. Nick Feamster CS 7260 March 12, 2007
Content Overlays Nick Feamster CS 7260 March 12, 2007 Content Overlays Distributed content storage and retrieval Two primary approaches: Structured overlay Unstructured overlay Today s paper: Chord Not
More informationDistributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 21. Content Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance
More informationCS November 2018
Distributed Systems 21. Delivery Networks (CDN) Paul Krzyzanowski Rutgers University Fall 2018 1 2 Motivation Serving web content from one location presents problems Scalability Reliability Performance
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationSearch Engines. Information Retrieval in Practice
Search Engines Information Retrieval in Practice All slides Addison Wesley, 2008 Web Crawler Finds and downloads web pages automatically provides the collection for searching Web is huge and constantly
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationComputational Security, Stream and Block Cipher Functions
Computational Security, Stream and Block Cipher Functions 18 March 2019 Lecture 3 Most Slides Credits: Steve Zdancewic (UPenn) 18 March 2019 SE 425: Communication and Information Security 1 Topics for
More informationFujitsu World Tour 2018
Fujitsu World Tour 2018 May 30, 2018 #FujitsuWorldTour 1 Copyright 2018 FUJITSU Security and Privacy of Big Data A NIST Perspective Arnab Roy Fujitsu Laboratories of America Co-Chair, NIST Big Data WG:
More informationYada. A blockchain-based social graph
Yada A blockchain-based social graph January 2018 Abstract The goal of Yada is to achieve an acceptable level anonymity, privacy, and freedom of expression while making available to the public a structure
More informationAnalysis of Partially and Fully Homomorphic Encryption
Analysis of Partially and Fully Homomorphic Encryption Liam Morris lcm1115@rit.edu Department of Computer Science, Rochester Institute of Technology, Rochester, New York May 10, 2013 1 Introduction Homomorphic
More informationCryptographic Systems
CPSC 426/526 Cryptographic Systems Ennan Zhai Computer Science Department Yale University Recall: Lec-10 In lec-10, we learned: - Consistency models - Two-phase commit - Consensus - Paxos Lecture Roadmap
More informationUsing Commutative Encryption to Share a Secret
Using Commutative Encryption to Share a Secret Saied Hosseini Khayat August 18, 2008 Abstract It is shown how to use commutative encryption to share a secret. Suppose Alice wants to share a secret with
More informationAssignment 9 / Cryptography
Assignment 9 / Cryptography Michael Hauser March 2002 Tutor: Mr. Schmidt Course: M.Sc Distributed Systems Engineering Lecturer: Mr. Owens CONTENTS Contents 1 Introduction 3 2 Simple Ciphers 3 2.1 Vignère
More informationPrivacy-Preserving Bayesian Network Structure Computation on Distributed Heterogeneous Data
Privacy-Preserving Bayesian Network Structure Computation on Distributed Heterogeneous Data Rebecca Wright Zhiqiang Yang Computer Science Department Stevens Institute of Technology www.cs.stevens.edu/~rwright
More informationAdvanced Topics in Cryptography
Advanced Topics in Cryptography Lecture 9: Identity based encryption (IBE), Cocks scheme. Benny Pinkas page 1 1 Related papers Lecture notes from MIT http://crypto.csail.mit.edu/classes/6.876/lecture-notes.html
More informationDistributed Systems Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2016
Distributed Systems 2015 Exam 3 Review Paul Krzyzanowski Rutgers University Fall 2016 2013-2016 Paul Krzyzanowski 1 2015 Question 1 What information does each node need to store for a three-dimensional
More informationTelecommunication Services Engineering Lab. Roch H. Glitho
1 Support Infrastructure Support infrastructure for application layer Why? Re-usability across application layer protocols Modularity (i.e. separation between application layer protocol specification /
More informationSecure Data Storage in Clouds by Using Decentralized Access Control Scheme
Secure Data Storage in Clouds by Using Decentralized Access Control Scheme N. Suneel Kumar 1, A. NarayanaRao 2 M.Tech., (Ph.D.) 1 Computer Science and Engineering, Shree Institute of Technical Education
More informationChapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationcommunication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.
Introduction to anonymous communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.Leuven) 1 a few words on the scope of the
More informationPrivCount: A Distributed System for Safely Measuring Tor
PrivCount: A Distributed System for Safely Measuring Tor Rob Jansen Center for High Assurance Computer Systems Invited Talk, October 4 th, 2016 University of Oregon Department of Computer and Information
More informationDiffie-Hellman Key Agreement
Diffie-Hellman Key Agreement (Anonymous) Diffie-Hellman 0. params: p, g 1. generate: a 2. compute: A= g a p 3. compute: s= B a p Alice A B s = g ab p Bob 0. params: p, g 1. generate: b 2. compute: B= g
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationIntroduction to Secure Multi-Party Computation
Introduction to Secure Multi-Party Computation Many thanks to Vitaly Shmatikov of the University of Texas, Austin for providing these slides. slide 1 Motivation General framework for describing computation
More informationTest 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationSecure Algorithms and Data Structures for Massive Networks
Secure Algorithms and Data Structures for Massive Networks Jared Saia Joint work with: Amos Fiat(U. Tel Aviv), Valerie King(U. Vic), Erik Vee (IBM Labs), Vishal Sanwalani(U. Waterloo), and Maxwell Young(UNM)
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationDistributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust
1 Distributed Scalar Product Protocol With Application To Privacy-Preserving Computation of Trust Danfeng Yao, Member, IEEE, Roberto Tamassia, Member, IEEE, Seth Proctor, Member, IEEE Abstract In this
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationRSA and ECDSA. Geoff Huston APNIC. #apricot2017
RSA and ECDSA Geoff Huston APNIC It s all about Cryptography Why use Cryptography? Public key cryptography can be used in a number of ways: protecting a session from third party eavesdroppers Encryption
More informationEating from the Tree of Ignorance Part 2
Eating from the Tree of Ignorance Part 2 Jan van Eijck, CWI Amsterdam and Uil-OTS Utrecht Rineke Verbrugge, Institute of AI, University of Groningen ESSLLI 2009, Bordeaux, July 22, 2009 Overview of Part
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationNumber Theory and RSA Public-Key Encryption
Number Theory and RSA Public-Key Encryption Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu CIA Triad: Three Fundamental
More informationOnlineAnonymity. OpenSource OpenNetwork. Communityof researchers, developers,usersand relayoperators. U.S.501(c)(3)nonpro%torganization
The Tor Project Our mission is to be the global resource for technology, advocacy, research and education in the ongoing pursuit of freedom of speech, privacy rights online, and censorship circumvention.
More informationNetwork Security Technology Project
Network Security Technology Project Shanghai Jiao Tong University Presented by Wei Zhang zhang-wei@sjtu.edu.cn!1 Part I Implement the textbook RSA algorithm. The textbook RSA is essentially RSA without
More informationOBLIVIOUS ENFORCEMENT OF HIDDEN INFORMATION RELEASE POLICIES USING ONLINE CERTIFICATION AUTHORITIES
OBLIVIOUS ENFORCEMENT OF HIDDEN INFORMATION RELEASE POLICIES USING ONLINE CERTIFICATION AUTHORITIES by Brian Wongchaowart B.S. in Computer Science, University of Pittsburgh, 2008 Submitted to the Graduate
More informationCS 470 Spring Distributed Web and File Systems. Mike Lam, Professor. Content taken from the following:
CS 470 Spring 2017 Mike Lam, Professor Distributed Web and File Systems Content taken from the following: "Distributed Systems: Principles and Paradigms" by Andrew S. Tanenbaum and Maarten Van Steen (Chapters
More informationThe Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
More information