Randomness in Cryptography
|
|
- Martina Ryan
- 6 years ago
- Views:
Transcription
1 Randomness in Cryptography JKU Linz 2007 Randomness in Cryptography 1
2 Randomness? Randomness in Cryptography 2
3 The need for randomness Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 3
4 The need for randomness Classications What classies a computer: accuracy/precision determinism predictability traceability What classies randomness: nondeterminism unpredictability untracability Randomness in Cryptography 4
5 The need for randomness Classications What classies a computer: accuracy/precision determinism predictability traceability What classies randomness: nondeterminism unpredictability untracability Randomness in Cryptography 5
6 The need for randomness Incompatible? computers randomness = ε? Find approaches to force nondeterminism within a deterministic environment. Randomness in Cryptography 6
7 The need for randomness Incompatible? computers randomness = ε? Find approaches to force nondeterminism within a deterministic environment. Randomness in Cryptography 7
8 Formal denitions, motivation for non-deterministic applications Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 8
9 Formal denitions, motivation for non-deterministic applications Denition of randomness (Knu98) a sequence of independent random numbers each number was obtained completely random no correlations Randomness in Cryptography 9
10 Formal denitions, motivation for non-deterministic applications Predictability vs entropy Predictability: A fully random process is called unpredictable A fully unpredictable process doesn't need to be completely random. Example: Dice roll Entropy: The quantity of information within a given block of data The "negative logarithm of the probability of the process' most likely output" (GNP06) Randomness in Cryptography 10
11 Formal denitions, motivation for non-deterministic applications Predictability vs entropy Predictability: A fully random process is called unpredictable A fully unpredictable process doesn't need to be completely random. Example: Dice roll Entropy: The quantity of information within a given block of data The "negative logarithm of the probability of the process' most likely output" (GNP06) Randomness in Cryptography 11
12 Formal denitions, motivation for non-deterministic applications Predictability vs entropy Predictability: A fully random process is called unpredictable A fully unpredictable process doesn't need to be completely random. Example: Dice roll Entropy: The quantity of information within a given block of data The "negative logarithm of the probability of the process' most likely output" (GNP06) Randomness in Cryptography 12
13 Formal denitions, motivation for non-deterministic applications Entropy (2) Gathering maximum entropy assures complete, uniformly distributed randomness and is therefore indispensable. Randomness in Cryptography 13
14 Formal denitions, motivation for non-deterministic applications Example: The One-time-pad The one-time-pad is the only known completely secure cryptographic algorithm. Security relies on: (the shared secret is only known by trusted partners) the shared secret is truly random every element of the random sequence is only to be used once The securness totally relies on useful random numbers. An entirely deterministic process cannot produce randomness. Hence we use mathematical approaches to gain pseudo-randomness. Randomness in Cryptography 14
15 Formal denitions, motivation for non-deterministic applications Example: The One-time-pad The one-time-pad is the only known completely secure cryptographic algorithm. Security relies on: (the shared secret is only known by trusted partners) the shared secret is truly random every element of the random sequence is only to be used once The securness totally relies on useful random numbers. An entirely deterministic process cannot produce randomness. Hence we use mathematical approaches to gain pseudo-randomness. Randomness in Cryptography 15
16 Formal denitions, motivation for non-deterministic applications Example: The One-time-pad The one-time-pad is the only known completely secure cryptographic algorithm. Security relies on: (the shared secret is only known by trusted partners) the shared secret is truly random every element of the random sequence is only to be used once The securness totally relies on useful random numbers. An entirely deterministic process cannot produce randomness. Hence we use mathematical approaches to gain pseudo-randomness. Randomness in Cryptography 16
17 Formal denitions, motivation for non-deterministic applications Example: The One-time-pad The one-time-pad is the only known completely secure cryptographic algorithm. Security relies on: (the shared secret is only known by trusted partners) the shared secret is truly random every element of the random sequence is only to be used once The securness totally relies on useful random numbers. An entirely deterministic process cannot produce randomness. Hence we use mathematical approaches to gain pseudo-randomness. Randomness in Cryptography 17
18 Formal denitions, motivation for non-deterministic applications Example: The One-time-pad The one-time-pad is the only known completely secure cryptographic algorithm. Security relies on: (the shared secret is only known by trusted partners) the shared secret is truly random every element of the random sequence is only to be used once The securness totally relies on useful random numbers. An entirely deterministic process cannot produce randomness. Hence we use mathematical approaches to gain pseudo-randomness. Randomness in Cryptography 18
19 Fully algorithmic generation of random sequences Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 19
20 Fully algorithmic generation of random sequences Linear congruential generators One of the rst approaches in generating random sequences: X n := x n = (ax n 1 + b) mod m x n is taken as reminder mod m represents th n-th element of the pseudo-random sequence always liable to a maximum period θ < m + 1 maximum period will always produce the same cycle of numbers Randomness in Cryptography 20
21 Fully algorithmic generation of random sequences Linear congruential generators One of the rst approaches in generating random sequences: X n := x n = (ax n 1 + b) mod m x n is taken as reminder mod m represents th n-th element of the pseudo-random sequence always liable to a maximum period θ < m + 1 maximum period will always produce the same cycle of numbers Randomness in Cryptography 21
22 Fully algorithmic generation of random sequences Linear congruential generators - example X n := x n = (ax n 1 + b) mod m Let a = b = 3, m = 11, the initial value x n 1 = 0 X =... 3, 1, 6, 10, 0,... X obtains a maximum period of 5 Congruential generators (including quadratic and plynomial ones) have been proven to be insecure due to predictability (Sch05). Randomness in Cryptography 22
23 Fully algorithmic generation of random sequences Linear congruential generators - example X n := x n = (ax n 1 + b) mod m Let a = b = 3, m = 11, the initial value x n 1 = 0 X =... 3, 1, 6, 10, 0,... X obtains a maximum period of 5 Congruential generators (including quadratic and plynomial ones) have been proven to be insecure due to predictability (Sch05). Randomness in Cryptography 23
24 Fully algorithmic generation of random sequences Linear congruential generators - example X n := x n = (ax n 1 + b) mod m Let a = b = 3, m = 11, the initial value x n 1 = 0 X =... 3, 1, 6, 10, 0,... X obtains a maximum period of 5 Congruential generators (including quadratic and plynomial ones) have been proven to be insecure due to predictability (Sch05). Randomness in Cryptography 24
25 User-interaction driven generation of random sequences Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 25
26 User-interaction driven generation of random sequences Hybrid random sequence generators...is classied by using raw data which is not completely random, but quite non-traceable and used in combination with ordinary randomisation algorithms. Sustains upon: 1 direct user interaction 2 metadata about captured user interaction 3 various statistics 4 commonly used non-human-interface I/O-devices Randomness in Cryptography 26
27 User-interaction driven generation of random sequences Hybrid random sequence generators...is classied by using raw data which is not completely random, but quite non-traceable and used in combination with ordinary randomisation algorithms. Sustains upon: 1 direct user interaction 2 metadata about captured user interaction 3 various statistics 4 commonly used non-human-interface I/O-devices Randomness in Cryptography 27
28 User-interaction driven generation of random sequences User interaction Direct interaction: Keystrokes Mouse-movements and positioning (x,y) etc. Metadata about interaction: Inter- as well as intra-keystroke-timings Mouse-movement-timings and acceleration etc. Randomness in Cryptography 28
29 User-interaction driven generation of random sequences User interaction Direct interaction: Keystrokes Mouse-movements and positioning (x,y) etc. Metadata about interaction: Inter- as well as intra-keystroke-timings Mouse-movement-timings and acceleration etc. Randomness in Cryptography 29
30 User-interaction driven generation of random sequences Statistics and non-hi devices Statistics: Network-, and packet statistics process- and timetables etc. Non-human-interface I/O-devices: cameras microphones etc. Randomness in Cryptography 30
31 User-interaction driven generation of random sequences Statistics and non-hi devices Statistics: Network-, and packet statistics process- and timetables etc. Non-human-interface I/O-devices: cameras microphones etc. Randomness in Cryptography 31
32 User-interaction driven generation of random sequences Sidestep: Algebraical random generator under Linux Linux also uses a hybrid random number generator, which supplies two random number sources: /dev/random: Provides a very high level of entropy and therefore gives good but limited randomness /dev/urandom: Provides unlimited random numbers, but reuses entropy if not enough available The algebraical part of this generator sustains upon multiple iterations of the SHA-1 hashing-algorithm. Especially via /dev/urandom gathered entropy is re-used via re-hashing the collected data. Randomness in Cryptography 32
33 User-interaction driven generation of random sequences Sidestep: UI-driven randomness under Linux The UI-driven part of the Linux RNG mainly uses the following input sources: 1 Keystrokes (and timings), 2 Mouse movements (and timings), 3 Disk I/O operations, 4 System interrupts Note: Embedded Linux distributions like OpenWRT for routers often cannot provide good entropy, due to inexistence of input devices and harddisks; especially after resets! Randomness in Cryptography 33
34 Quantum mechanical physical randomness Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 34
35 Quantum mechanical physical randomness True randomness Atomic decay represents a good source for true randomness by measuring the quantity of emissions within a xed time-frame by a Geiger-counter. (SR07) describes the construction of a true quantum random number generator, measuring the quantum physical processes of photonic emissions in semiconductors. Provides up to 12Mbit s 1 Randomness in Cryptography 35
36 Quantum mechanical physical randomness True randomness Atomic decay represents a good source for true randomness by measuring the quantity of emissions within a xed time-frame by a Geiger-counter. (SR07) describes the construction of a true quantum random number generator, measuring the quantum physical processes of photonic emissions in semiconductors. Provides up to 12Mbit s 1 Randomness in Cryptography 36
37 Randomness through ordinary disk drives Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 37
38 Randomness through ordinary disk drives Randomness through ordinary disk drives Tests have shown, that rotantional speed, disk spacing and (cooling) air-ow directly aect the disk accessing behaviour. The algorithm measures the access-time for reading single sectors on the disk and uses the variation of these times as input source. Results still deserve the removal of correlations! Why results are supposed to be random: Main reason for disk-jitter is found in natural air turbulences inside the drive. (DIF94, ES00) Randomness in Cryptography 38
39 Randomness through ordinary disk drives Randomness through ordinary disk drives Tests have shown, that rotantional speed, disk spacing and (cooling) air-ow directly aect the disk accessing behaviour. The algorithm measures the access-time for reading single sectors on the disk and uses the variation of these times as input source. Results still deserve the removal of correlations! Why results are supposed to be random: Main reason for disk-jitter is found in natural air turbulences inside the drive. (DIF94, ES00) Randomness in Cryptography 39
40 Balancing asymmetric occurences Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 40
41 Balancing asymmetric occurences Neumann-ltering When a (pseudo) bitstream is gathered, the focus should be set on eliminitating correlations. One possible algorithm is the Neumann-Filter (Ert03). f = 00 ɛ 11 ɛ Randomness in Cryptography 41
42 Balancing asymmetric occurences Neumann-ltering When a (pseudo) bitstream is gathered, the focus should be set on eliminitating correlations. One possible algorithm is the Neumann-Filter (Ert03). f = 00 ɛ 11 ɛ Randomness in Cryptography 42
43 Balancing asymmetric occurences Let p be the possibility of any bit x inside the stream X to be 1, then the possibility of getting the value 1 after using the Neumann-Filter is dened through p n = p (1 p) 2p (1 p) = 0.5 Randomness in Cryptography 43
44 Why randomness is important Cryptography often relies on true randomness Randomness commonly builds the basement of key-generation processes Possibilities of reproduction/traceability must not exist Numerous vulnerabilities and exploits have been reported, which invalidate (strong) cryptographic routines due to corrupt random sources. Randomness in Cryptography 44
45 Early Netscape SSL implementations Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 45
46 Early Netscape SSL implementations How Netscape gathered entropy 1 global variable seed ; 2 3 RNG_ CreateContext () 4 ( seconds, microseconds ) = time of day ; 5 pid = process ID ; ppid = parent process ID ; 6 a = mklcpr ( microseconds ); 7 b = mklcpr ( pid + seconds + ( ppid << 12)); 8 seed = MD5 (a, b ); Randomness in Cryptography 46
47 Early Netscape SSL implementations Early SSL implementations The original Netscape code only took three parameters to gather entropy for key generation and exchange: system ID of current process system ID of parent process current time of day Several papers have shown that this combination of pseudo-random sources is breakable within under one minute (Gut98). Randomness in Cryptography 47
48 Early Netscape SSL implementations Early SSL implementations The original Netscape code only took three parameters to gather entropy for key generation and exchange: system ID of current process system ID of parent process current time of day Several papers have shown that this combination of pseudo-random sources is breakable within under one minute (Gut98). Randomness in Cryptography 48
49 TCP sequence number prediction Contents 1 Introduction The need for randomness Formal denitions, motivation for non-deterministic applications 2 Algebraical pseudo-randomness Fully algorithmic generation of random sequences User-interaction driven generation of random sequences 3 True unbiased bitstreams Quantum mechanical physical randomness Randomness through ordinary disk drives Balancing asymmetric occurences 4 Cryptographic endangerments due to lacks of entropy Early Netscape SSL implementations TCP sequence number prediction 5 Q & A Randomness in Cryptography 49
50 TCP sequence number prediction TCP sequence number prediction (Bel98) TCP uses stateful connections, and hence sequence numbering to assure correctness Both, server and client, chose their own random values as initial sequence number θ C, θ S TCP 3-way-handshake: 1 C S: SYN (θ C ) 2 S C: SYN (θ S ), ACK (θ C ) 3 C S: ACK (θ S ) Randomness in Cryptography 50
51 TCP sequence number prediction TCP sequence number prediction (Bel98) TCP uses stateful connections, and hence sequence numbering to assure correctness Both, server and client, chose their own random values as initial sequence number θ C, θ S TCP 3-way-handshake: 1 C S: SYN (θ C ) 2 S C: SYN (θ S ), ACK (θ C ) 3 C S: ACK (θ S ) Randomness in Cryptography 51
52 TCP sequence number prediction Prediction on Berkeley systems On Berkeley systems, sequence numbers are permanently incremented once a second by a constant amount Morover, they're increased by half of this amount everytime a connection is initiated This levels the ground for serious TCP session hijacking, interception and manipulation attacks, due to sequence number predictability. Randomness in Cryptography 52
53 Any questions? delta-xi.net Thank you. Randomness in Cryptography 53
Random and Pseudorandom Bit Generators
Random and Pseudorandom Bit Generators Random bit generators Pseudorandom bit generators Cryptographically Secure PRBG Statistical tests Unpredictable quantities The security of many cryptographic systems
More informationChapter 6 Random Number Generation
Chapter 6 Random Number Generation Requirements / application Pseudo-random bit generator Hardware and software solutions [NetSec/SysSec], WS 2007/2008 6.1 Requirements and Application Scenarios Security
More informationA Secured Key Generation Scheme Using Enhanced Entropy
236 A Secured Key Generation Scheme Using Enhanced Entropy M.S. Irfan Ahmed Asst. Professor, VLB Engineering College, Coimbatore E.R. Naganathan Reader, Computer Science Department Alagappa University,
More informationRandom number generation
Cryptographic Protocols (EIT ICT MSc) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationPseudo-random number generators
Pseudo-random number generators -- Definition and motivation -- Classification of attacks -- Examples: DSA PRNG and Yarrow-160 (c) Levente Buttyán (buttyan@crysys.hu) Definitions a random number is a number
More informationNetwork Security. Random Number Generation. Chapter 6. Network Security (WS 2003): 06 Random Number Generation 1 Dr.-Ing G.
Network Security Chapter 6 Random Number Generation Network Security (WS 2003): 06 Random Number Generation 1 Tasks of Key Management (1) Generation: It is crucial to security, that keys are generated
More informationCSC 580 Cryptography and Computer Security
CSC 580 Cryptography and Computer Security Random Bit Generators (Sections 8.1-8.3) February 20, 2018 Overview Today: HW 4 solution discussion Pseudorandom generation - concepts and simple techniques Reminder:
More informationTopics. Key Generation. Applying Cryptography
Applying Cryptography Topics 1. Key Generation 2. Randomness and Information Theory 3. PRNGs 4. Entropy Gathering 5. Key Storage 6. Cryptographic APIs Key Generation Goal: generate difficult to guess keys
More informationPseudorandom Number Generation
Pseudorandom Number Generation Thanks once again to A. Joseph, D. Tygar, U. Vazirani, and D. Wagner at the University of California, Berkeley 1 What Can Go Wrong? An example: This generates a 16 byte (128
More informationWhat is the Q in QRNG?
What is the Q in QRNG? V1.2 October 2017 Table of Content 1. What is the Q in QRNG?... 3 2. What is a random number?... 3 3. Generating random numbers... 4 3.1 Types of random number generator... 4 3.2
More informationCryptographic Engineering. Steven M. Bellovin October 16,
Cryptographic Engineering Steven M. Bellovin October 16, 2012 1 Cryptographic Engineering Issues Suppose we want to use crypto to protect files. Now what? What to encrypt? Where should keys be stored?
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationCryptographic Engineering
Cryptographic Engineering Last lecture, we touched on some real-world crypto issues, such as how keys get into or out of secure devices Let s look more at real-world cryptographic issues Steven M. Bellovin
More informationCSC 482/582: Computer Security. Applying Cryptography
Applying Cryptography Topics 1. Applications of Randomness 2. Defining and Evaluating Randomness 3. Pseudo-Random Number Generators (PRNGs) 4. Cryptographically Secure PRNGs (CSPRNGs) 5. Attacks on PRNGs
More informationPRNGs & DES. Luke Anderson. 16 th March University Of Sydney.
PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs
More informationGeorge Landon Chao Shen Chengdong Li
George Landon Chao Shen Chengdong Li An Introduction George Landon Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin. John Von Neumann (1951) Introduction
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationLecture 4: Hashes and Message Digests,
T-79.159 Cryptography and Data Security Lecture 4: Hashes and Message Digests Helsinki University of Technology mjos@tcs.hut.fi 1 Cryptographic hash functions Maps a message M (a bit string of arbitrary
More informationInformation Security CS526
Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days
More informationStream Ciphers. Çetin Kaya Koç Winter / 13
Çetin Kaya Koç http://koclab.cs.ucsb.edu Winter 2016 1 / 13 Block Ciphers Cryptography Plaintext: M i with M i = n, where n is the block length (in bits) Ciphertext: C i with C i = m, where m n, however,
More informationFall 2005 Joseph/Tygar/Vazirani/Wagner Notes 21
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 21 Anyone who uses software to produce random numbers is in a state of sin. John von Neumann The generation of random numbers is too
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lecture 18: Cryptographic hash functions, Message authentication codes Functions Definition Given two sets, X and Y, a function f : X Y (from set X to set Y), is
More informationComputational Methods. Randomness and Monte Carlo Methods
Computational Methods Randomness and Monte Carlo Methods Manfred Huber 2010 1 Randomness and Monte Carlo Methods Introducing randomness in an algorithm can lead to improved efficiencies Random sampling
More informationAPPLICATION NOTE. Generating Random Secrets. ATSHA204A, ATECC108A, and ATECC508A. Description. Topics
APPLICATION NOTE Generating Random Secrets ATSHA204A, ATECC108A, and ATECC508A Description When defining a secret that will be used for cryptographic authentication, it is important that the secret is
More informationReproducibility in Stochastic Simulation
Reproducibility in Stochastic Simulation Prof. Michael Mascagni Department of Computer Science Department of Mathematics Department of Scientific Computing Graduate Program in Molecular Biophysics Florida
More informationRandomness and the Netscape Browser
Randomness and the Netscape Browser No one was more surprised than Netscape Communications when a pair of computer-science students broke the Netscape encryption scheme. Ian and David describe how they
More informationRecurrent Neural Network Models for improved (Pseudo) Random Number Generation in computer security applications
Recurrent Neural Network Models for improved (Pseudo) Random Number Generation in computer security applications D.A. Karras 1 and V. Zorkadis 2 1 University of Piraeus, Dept. of Business Administration,
More informationAttack on Sun s MIDP Reference Implementation of SSL
Attack on Sun s MIDP Reference Implementation of SSL Kent Inge Simonsen, Vebjørn Moen, and Kjell Jørgen Hole Department of Informatics, University of Bergen Pb. 7800, N-5020 Bergen, Norway {kentis,moen,kjell.hole}@ii.uib.no
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationCrypto: Passwords and RNGs. CS 642 Guest Lecturer: Adam Everspaugh
Crypto: Passwords and RNGs CS 642 Guest Lecturer: Adam Everspaugh http://pages.cs.wisc.edu/~ace Topics! Password-based Crypto!! Random Number Generators Symmetric Key Encryption key generation R k Gen
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationStream Ciphers. Koç ( ucsb ccs 130h explore crypto fall / 13
Stream Ciphers Çetin Kaya Koç http://cs.ucsb.edu/~koc koc@cs.ucsb.edu Koç (http://cs.ucsb.edu/~koc) ucsb ccs 130h explore crypto fall 2014 1 / 13 Block Ciphers Plaintext: M i with M i = n, where n is the
More informationRandom Number Generator Andy Chen
Andy Chen University of California, Santa Barbara Andy Chen University of California, Santa Barbara Spring 2017 1 / 17 Introduction Does true randomness exist scientifically? If you know all the elements
More informationThe Sources of Randomness in Smartphones with Symbian OS
The Sources of Randomness in Smartphones with Symbian OS Jan Krhovják, Petr Švenda, Vašek Matyáš, Luděk Smolík Faculty of Informatics Masaryk University, Brno Outline Basics on random number generation
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationHOWTO: A Simple Random Number Generator for the ATmega1280 Microcontroller under C and TinyOS
HOWTO: A Simple Random Number Generator for the ATmega1280 Microcontroller under C and TinyOS Patrik Fimml Martin Perner Bernhard Petschina May 21, 2015 (v2.0) Contents 1 Introduction 1 1.1 True randomness
More informationCryptography and Network Security Chapter 7
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 7 Stream Ciphers and Random Number Generation The comparatively
More informationUpdate of German Guidance for RNG Evaluation. Wolfgang Killmann T-Systems
Update of German Guidance for RNG Evaluation Wolfgang Killmann T-Systems Motivation Why random number generators? Randomness The outcome of random experiments are unpredictable. Outcomes of ideal random
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationOpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.
1 OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications. The toolkit offers a series of command-line tools to perform
More informationThe Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array. By Paul Kohlbrenner November 20, 2003
The Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array By Paul Kohlbrenner November 20, 2003 Presentation Organization 1. Thesis goal 2. The need for random bits in
More informationA Class of Weak Keys in the RC4 Stream Cipher Preliminary Draft
A Class of Weak Keys in the RC4 Stream Cipher Preliminary Draft Andrew Roos Vironix Software Laboratories 22 September 1995 1 Introduction This paper discusses a class of weak keys in RSA s RC4 stream
More informationThere are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has
1 There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has unpatched buffer-overflow vulnerabilities. New projects should
More informationCryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi
Cryptographic Primitives A brief introduction Ragesh Jaiswal CSE, IIT Delhi Cryptography: Introduction Throughout most of history: Cryptography = art of secret writing Secure communication M M = D K (C)
More informationYou ve already read basics of simulation now I will be taking up method of simulation, that is Random Number Generation
Unit 5 SIMULATION THEORY Lesson 39 Learning objective: To learn random number generation. Methods of simulation. Monte Carlo method of simulation You ve already read basics of simulation now I will be
More informationTable of Contents 1 TCP Proxy Configuration 1-1
Table of Contents 1 TCP Proxy Configuration 1-1 Overview 1-1 Introduction to SYN Flood Attack 1-1 Introduction to TCP Proxy 1-1 How TCP Proxy Works 1-2 Configuring TCP Proxy 1-3 Configuration Task List
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationIntroduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
More informationEnding the Entropy Drought
White Paper: Ending the Entropy Drought February 2018 All questions and enquiries regarding this white paper should be directed to: John Lister Director of Cyber Security jlister@cognitiocorp.com February
More informationCryptographic Hash Functions
ECE458 Winter 2013 Cryptographic Hash Functions Dan Boneh (Mods by Vijay Ganesh) Previous Lectures: What we have covered so far in cryptography! One-time Pad! Definition of perfect security! Block and
More informationCPS2323. Symmetric Ciphers: Stream Ciphers
Symmetric Ciphers: Stream Ciphers Content Stream and Block Ciphers True Random (Stream) Generators, Perfectly Secure Ciphers and the One Time Pad Cryptographically Strong Pseudo Random Generators: Practical
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationUNIT 9A Randomness in Computation: Random Number Generators
UNIT 9A Randomness in Computation: Random Number Generators 1 Last Unit Computer organization: what s under the hood 3 This Unit Random number generation Using pseudorandom numbers 4 Overview The concept
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 11 public-key cryptography Die-Hellman some math some problems 2 how to share a secret? private-key
More informationUniversal Fuzzy Statistical Test for Pseudo Random Number Generators (UFST-PRNG)
Universal Fuzzy Statistical Test for Pseudo Random Number Generators (UFST-PRNG) Raad A. Muhajjar, Ph.D. ICCR Scholar, Dept. of Computer Science, Dr. S. Kazim Naqvi, Sr. System Analyst, Centre for IT,
More informationCryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers
Cryptography Dr. Michael Schneider michael.schneider@h-da.de Chapter 10: Pseudorandom Bit Generators and Stream Ciphers December 12, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Random and Pseudorandom
More informationMessage Authentication Codes and Cryptographic Hash Functions
Message Authentication Codes and Cryptographic Hash Functions Readings Sections 2.6, 4.3, 5.1, 5.2, 5.4, 5.6, 5.7 1 Secret Key Cryptography: Insecure Channels and Media Confidentiality Using a secret key
More informationCategory: Informational May 1996
Network Working Group S. Bellovin Request for Comments: 1948 AT&T Research Category: Informational May 1996 Status of This Memo Defending Against Sequence Number Attacks This memo provides information
More informationCryptography. Summer Term 2010
Cryptography Summer Term 2010 Harald Baier Chapter 3: Pseudo Random Bit Generators and Stream Ciphers Contents Random bits and pseudo random bits Stream ciphers Harald Baier Cryptography h_da, Summer Term
More informationU-II BLOCK CIPHER ALGORITHMS
U-II BLOCK CIPHER ALGORITHMS IDEA: Idea is block cipher similar to DES Works on 64 bit plaintext block Key is longer and consist of 128 bits Idea is reversible like DES i.e. same algorithm can be used
More informationCIT 480: Securing Computer Systems. Hashes and Random Numbers
CIT 480: Securing Computer Systems Hashes and Random Numbers Topics 1. Hash Functions 2. Applications of Hash Functions 3. Secure Hash Functions 4. Collision Attacks 5. Pre-Image Attacks 6. Current Hash
More informationBasic principles of pseudo-random number generators
Basic principles of pseudo-random number generators Faculty of Informatics, Masaryk University Outline PRNGs True-randomness and pseudo-randomness Linear feedback shift registers Cryptographically secure
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationLinux Random Number Generator A New Approach
Linux Random Number Generator A New Approach Stephan Müller September 17, 2017 Abstract The venerable Linux /dev/random served users of cryptographic mechanisms well for a long time.
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationIntroduction to Cryptography. Lecture 3
Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationAccountability of Sequence Number
Accountability of Sequence Number by Jean-Benoit Aubin Comp 4905 : Honour Project Bachelor of Science Supervisor : Evangelos Kranakis Computer Science : Honours Computer and Internet Security Stream Carleton
More informationCryptography and Network Security Chapter 7. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Chapter 7 Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first
More informationIntroduction to Cryptography. Lecture 3
Introduction to Cryptography Lecture 3 Benny Pinkas March 6, 2011 Introduction to Cryptography, Benny Pinkas page 1 Pseudo-random generator seed s (random, s =n) Pseudo-random generator G Deterministic
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationCuttingedge crypto graphy
The latest cryptographic solutions from Linux on the System z platform BY PETER SPERA Cuttingedge crypto graphy Can Linux* for the IBM* System z* platform meet the cryptographic needs of today s enterprise
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationn-bit Output Feedback
n-bit Output Feedback Cryptography IV Encrypt Encrypt Encrypt P 1 P 2 P 3 C 1 C 2 C 3 Steven M. Bellovin September 16, 2006 1 Properties of Output Feedback Mode No error propagation Active attacker can
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Discussion 3 Week of February 5, 2018: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationScientific Computing: An Introductory Survey
Scientific Computing: An Introductory Survey Chapter 13 Random Numbers and Stochastic Simulation Prof. Michael T. Heath Department of Computer Science University of Illinois at Urbana-Champaign Copyright
More informationGarantía y Seguridad en Sistemas y Redes
Garantía y Seguridad en Sistemas y Redes Tema 2. Cryptographic Tools Esteban Stafford Departamento de Ingeniería Informá2ca y Electrónica Este tema se publica bajo Licencia: Crea2ve Commons BY- NC- SA
More informationSyrvey on block ciphers
Syrvey on block ciphers Anna Rimoldi Department of Mathematics - University of Trento BunnyTn 2012 A. Rimoldi (Univ. Trento) Survey on block ciphers 12 March 2012 1 / 21 Symmetric Key Cryptosystem M-Source
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationDescrambling Privacy Protected Information for Authenticated users in H.264/AVC Compressed Video
Descrambling Privacy Protected Information for Authenticated users in H.264/AVC Compressed Video R.Hemanth Kumar Final Year Student, Department of Information Technology, Prathyusha Institute of Technology
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More information4.1 DESIGN ISSUES OF TRANSPORT LAYER 4.2 DESIGN ISSUES OF SESSION LAYER 4.3 DESIFN ISSUES OF PRESENTATION LAYER 4.5 TCP WINDOW MANAGEMENT
UNIT-4 4.1 DESIGN ISSUES OF TRANSPORT LAYER 4.2 DESIGN ISSUES OF SESSION LAYER 4.3 DESIFN ISSUES OF PRESENTATION LAYER 4.4 CONNECTION MANAGEMENT & THREE WAY HANDSHAKE 4.5 TCP WINDOW MANAGEMENT 4.6 REMOTE
More informationCS UDP: User Datagram Protocol, Other Transports, Sockets. congestion worse);
CS314-26 UDP: User Datagram Protocol, Other Transports, Sockets! IP is an unreliable datagram protocol " congestion or transmission errors cause lost packets " multiple routes may lead to out-of-order
More informationAnalysis, demands, and properties of pseudorandom number generators
Analysis, demands, and properties of pseudorandom number generators Jan Krhovják Department of Computer Systems and Communications Faculty of Informatics, Masaryk University Brno, Czech Republic Jan Krhovják
More informationImplementing Cryptography: Good Theory vs. Bad Practice
Implementing Cryptography: Good Theory vs. Bad Practice Viet Pham Information Security Group, Department of Mathematics Royal Holloway, University of London Outline News report What is cryptography? Why
More informationSP Reviewing The Standard. Stephan Müller atsec information security GmbH
SP800-90 Reviewing The Standard Stephan Müller atsec information security GmbH Email: smueller@atsec.com 13 ICMC 2013, September 24-26, Gaithersburg, MD 13 Agenda Practical aspects of implementing SP800-90A
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationFIPS Non-Proprietary Security Policy
Quantum Corporation Scalar Key Manager Software Version 2.0.1 FIPS 140-2 Non-Proprietary Security Policy Document Version 1.4 Last Update: 2010-11-03 8:43:00 AM 2010 Quantum Corporation. May be freely
More information