CSC 482/582: Computer Security. Applying Cryptography
|
|
- Gervase Hancock
- 5 years ago
- Views:
Transcription
1 Applying Cryptography
2 Topics 1. Applications of Randomness 2. Defining and Evaluating Randomness 3. Pseudo-Random Number Generators (PRNGs) 4. Cryptographically Secure PRNGs (CSPRNGs) 5. Attacks on PRNGs 6. Entropy Gathering 7. Storing Secrets
3 Key Generation Goal: generate difficult to guess keys Given set of K potential keys, choose one randomly. Equivalent to selecting a random number between 0 and K 1 inclusive. Difficulty: generating random numbers Software generated numbers are pseudo-random, that is, generated by an algorithm. If you start with the same random seed, then software random number generators will produce the same sequence of numbers each time.
4 Cryptographic Use of Randomness 1. Generation of session keys. 2. Seeds for routines that generate large prime numbers for public key ciphers like RSA. 3. Salts for password hashing. 4. Initialization vectors for block cipher chaining modes. 5. Nonces for cryptographic protocols.
5 How can we measure randomness? For a fair coin flip, our uncertainty is 2 results. It could be either heads or tails. The uncertainty of 2 flips would be 2*2 = 4. Logarithmic measure of uncertainty. We feel uncertainties should add, not multiply. Measures uncertainties in bits, instead of raw #s. Uncertainty is log 2 (M), where M is # results. U = log 2 M
6 Information The amount of information in a message is the minimal number of bits needed to encode all possible meanings. Example: day of the week (7 possibilities) Encode in 3 bits 000 Sunday to 110 Saturday, with 111 unused ASCII strings Sunday through Saturday use more bits, but don t encode more information.
7 Information The amount of information in a message is the minimal number of bits needed to encode all possible meanings. Example: day of the week Encode in <3 bits 000 Sunday to 110 Saturday, with 111 unused ASCII strings Sunday through Saturday use more bits, but don t encode more information. In general, if N possible items, log 2 N bits needed. I = log 2 N which is the same formula as for uncertainty, so U = I.
8 Information and Probability If the probability of each of the N messages being sent is equal, then p = 1/N. I = log 2 1/p What does 1/p really mean? Let's see: Message: "Coin comes up heads or tails" Probability p=1 Information I = log 2 1/1 = log 2 1 = 0 Message: "Coin comes up heads" Probability p=0.5 Information I = log 2 1/0.5 = log 2 2 = 1
9 What if probabilities aren t equal? Given a message of N symbols, such that each symbol occurs N i times i=1..m N i = N Our average uncertainty for the string is i=1..m N i (-log 2 (P i )) / i=1..m N i which can be rewritten as - i=1..m N i /N log 2 (P i )
10 Information I = - i=1..m P i log 2 (P i ) Reduces to original formula if all symbols equiprobable, i.e., P i = 1/M: I = - i=1..m 1/M log 2 (1/M) = 1/M log 2 (M) i=1..m 1 = log 2 (M)
11 Information Content of English For random English letters, log 2 (26) = 4.7 bits/letter For large samples of English text, 1.3 bits/letter For bzipped English text, bits/letter
12 Testing for Randomness A byte stream is random if I is approximately 8 bits/byte This means that Compression is a good randomizing function. Encryption is a good randomizing function too. Statistical tests for randomness provide precise checks.
13 Statistical Tests of Randomness Frequency (Monobits) Test: proportion of 1s in a bit sequence is approximately ½. Runs Test: A run is an uninterrupted sequence of identical bits. This test checks runs of various lengths to see if they appear in approximately the proportion that would be expected for a random sequence. Serial Test: Determine whether number of occurrences of the 2 m m-bit overlapping patterns is approximately the same as would be expected for a random sequence. NIST SP describes a statistical test suite for PRNGs.
14 PRNGs 1. Seeding the PRNG 2. Linear Congruential 3. CSPNRGs 4. Blum-Blum-Shub 5. Tiny 6. Attacks on PNRGs
15 Seeds Input used to generate initial pseudo-random (PR) numbers. Seeds should be computationally infeasible to predict Generate seed from random, not PR, data. Size: 32 bits too small; only 2 32 combinations. Sequence is periodic, but starts from different point for each different seed. Identical sequences produced for identical seeds. Period needs to be large for security.
16 Linear Congruential Generator n k = (an k 1 + b) mod m m Modulus (a large prime integer), maximum period a Multiplier (integer from 2..m-1) b Increment n 0 Sequence initializer (seed)
17 LCG Example in Python #!/usr/bin/env python import sys def lcg(x): return a*x % 13 i = 0; li=[] a, x = map(int, sys.argv[1:3]) while(i < 10): x = lcg(x) li.append(str(x)) i += 1 print ", ".join(li) Modulus Multiplier Seed >./prng.py , 4, 8, 2, 11, 4, 8, 2, 11, 4 >./prng.py 6 2 0, 1, 7, 4, 12, 8, 10, 9, 3, 6
18 LCG Period The period of an LCG is at most m, the modulus. Modulus only allows numbers 0.. m-1 to be produced. An LCG with a period of m is aid to have a full period. An LCG will have a full period for all seeds if and only if b and m are relatively prime, a-1 is divisible by all prime factors of m, a-1 is a multiple of 4 if m is a multiple of 4 For production LCGs, m= common a = is well studied full period multiplier LCGs are predictable, and thus not secure for crypto Knowing just one LCG output allows prediction of next.
19 Secure PRNGs Cryptographically Secure PRNGs (CSPRNGs) must: 1. Statistically appear random. 2. Difficult to predict next member of sequence from previous members. 3. Difficult to extract internal state of PRNG from observing output. May be re-seeded at runtime, unlike PRNGs.
20 Classes of CSPRNGs 1. Designs based on cryptographic primitives Based on block cipher in counter mode or Use a secure hash of a counter. 2. Number theoretic designs Based on hard mathematical problems. Example: Blum Blum Shub 3. Special purpose designs May introduce extra entropy when available. Example: Yarrow (FreeBSD, Mac OS X)
21 Block cipher-based CSPRNG Operate block cipher in counter mode. Choose a random key. Nonce is a random initialization vector. Plaintext is a predictable sequence, produced by incrementing by 1 or by any aperiodic function.
22 Blum Blum Shub x n+1 = x n2 mod M Blum Number M Seed Product of two large primes, p and q p mod 4 = 3, q mod 4 = 3 Choose random integer x, relatively prime to M. x 0 = x 2 mod M
23 Blum Blum Shub Random Output: Least significant bit of x n+1 Can safely use log 2 M bits. Provably secure Slow Distinguishing output bits from random bits is as difficult as factoring M for large M. Requires arbitrary precision software math libraries.
24 Yarrow Yarrow is named after plant whose leaves are used in I Ching divination. Steps Used for /dev/random in FreeBSD and Mac OS X. 1. Accumulates entropy from system sources. 2. Pools are SHA-1 hash contexts, 160 bits maximum. 3. Reseeds generator with key made from pool entropy to limit state compromise attacks. 4. Generates numbers using Triple-DES in counter mode.
25 Attacks on PNRGs Direct Cryptanalytic Distinguish between PRNG output and random output with better than 50% accuracy. Input-Based Use knowledge of PRNG input to predict output, or Insert input into PRNG to control output. State Compromise Extension Extend previously successful attack that has recovered internal state to recover either or both: past unknown PRNG outputs future PRNG outputs after additional inputs given to PRNG
26 ASF On-line Gambling Re-seeded PRNG before each shuffle always start with ordered deck. Shuffling Fair: combinations 32-bit seed: 2 32 combinations ms seed: 86,400,000 combinations synchronize time: 200,000 combinations Predict deck based on 5 known cards.
27 Entropy Collection 1. Hardware Solutions 2. Software Solutions 3. Poor Entropy Collection 4. Entropy Estimation
28 Hardware Sources Radioactive Decay Hotbits: 256 bits/s Thermal or Electrical Noise Comscire QNG Model J1000KU, 1 Mbit/s Digital RNG (DRNG) on Ivy Bridge and later Intel CPUs LavaRnd SGI used LavaLite; LavaRnd uses lenscapped digicam up to 200 kbits/s
29 Software Sources Less Secure, More Convenient Software systems can be sufficiently complex to be almost impossible to predict. Example: time between user keystrokes or mouse events. User Input: Push, don t Pull Record time stamp when keystroke or mouse event occurs. Don t poll most recent user input every.1s Far fewer possible timestamps. UNIX systems provide via /dev/random User inputs, network inputs, disk seeks, etc. with an algorithm like Yarrow to aggregate entropy and reseed.
30 Linux Sources: /dev/random /dev/random each bit is truly random. blocks unless enough random bits are available. /dev/urandom supplies requested number of bits immediately. reuses current state of pool lower quality randomness.
31 Poor Entropy: Netscape 1.1 SSL encryption generates random 40- or 128-bit session key Netscape 1.1 seeded PRNG with time of day PID and PPID All visible to attacker on same machine. Remote attack broke keys in 30 seconds guessed limited randomness in PID/PPID. packet sniffing can determine time of day.
32 Random Number APIs Windows Java rand() insecure PRNG, uses LCG CryptGenRandom() CSRNG CryptGenKey() to securely generate keys java.util.random insecure PRNG java.security.securerandom CSRNG Relies on OS, so SecureRandom can fall back to insecure Random if OS does not provide /dev/random or similar
33 Key Storage Source Code Can use strings command to extract from binary. File on Disk Attacker can search disk for files with high entropy, which are likely to contain keys. Encryption of file adds another layer of difficulty, but there must be a key someplace. Many languages provide APIs for storing keys or certificates in encrypted files. Registry Attacker can access with regedit. External Device, e.g. smartcards, smartphones, remote server, Attacker can obtain PINs or use power analysis attackers to extract keys from device. Remote servers can be compromised too. Store parts of key in different places Break up key, then store part in source, part in file, part in db, etc.
34 Lifetime of 64MB of freed memory
35 Key Storage in Memory 1. Minimize time spent holding secrets. Load only when needed. Erase when not needed any longer. Prevent pages with secrets from being written to disk. mlock() and munlock() in UNIX VirtualLock() and VirtualUnLock() in MS Windows 2. Erase secrets securely. Use memset() to overwrite secret with zeros. 3. Prevent unnecessary duplication. Avoid realloc() in C. If your threat model includes attacks on secrets in memory, then you cannot use a garbage-collected language like Java or Python.
36 Key Points 1. Measuring randomness 1. Measure information (entropy) content. 2. Statistical tests: frequency of 1s, bit sequences, etc. 2. CSPRNGs must have the following qualities: 1. Statistically appear random. 2. Difficult to predict next member of sequence from previous members. 3. Difficult to extract internal state of PRNG from observing output. 3. Algorithmic PRNG techniques: 1. Linear congruential generators are insecure. 2. CSPRNG types: cipher-based, algorithmic, special designs. 4. Computer sources of randomness: 1. Hardware RNGs: thermal noise, radioactive decay. 2. Software RNGs: disk seeks, interrupts, time btw keystrokes. 5. Securely storing keys: 1. Permanent: disk, db, registry, hardware device. 2. In memory: minimize time holding secrets, erase securely.
37 References 1. Brian Chess and Jacob West. Secure programming with static analysis. Pearson Education, D. Eastlake, Randomness Recommendations for Security, RFC 1750, Ian Goldberg and David Wagner, Randomness and the Netscape Browser, Doctor Dobbs Journal, John Kelsey, Bruce Schneier, and Niels Ferguson. "Yarrow-160: Notes on the design and analysis of the yarrow cryptographic pseudorandom number generator." Selected Areas in Cryptography. Springer Berlin Heidelberg, Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, CRC Press, S. K. Park, K. W. Miller, Random number generators: good ones are hard to find, Communications of the ACM, Volume 31 Issue 10, October John R. Pierce, An Introduction to Information Theory, Dover Press, Tom Schneider, Information Theory Primer, Bruce Schneier, Applied Cryptography, 2 nd edition, Wiley, 1996.
Topics. Key Generation. Applying Cryptography
Applying Cryptography Topics 1. Key Generation 2. Randomness and Information Theory 3. PRNGs 4. Entropy Gathering 5. Key Storage 6. Cryptographic APIs Key Generation Goal: generate difficult to guess keys
More informationCIT 480: Securing Computer Systems. Hashes and Random Numbers
CIT 480: Securing Computer Systems Hashes and Random Numbers Topics 1. Hash Functions 2. Applications of Hash Functions 3. Secure Hash Functions 4. Collision Attacks 5. Pre-Image Attacks 6. Current Hash
More informationRandom number generation
Cryptographic Protocols (EIT ICT MSc) Dr. Levente Buttyán associate professor BME Hálózati Rendszerek és Szolgáltatások Tanszék Lab of Cryptography and System Security (CrySyS) buttyan@hit.bme.hu, buttyan@crysys.hu
More informationPseudo-random number generators
Pseudo-random number generators -- Definition and motivation -- Classification of attacks -- Examples: DSA PRNG and Yarrow-160 (c) Levente Buttyán (buttyan@crysys.hu) Definitions a random number is a number
More informationA Secured Key Generation Scheme Using Enhanced Entropy
236 A Secured Key Generation Scheme Using Enhanced Entropy M.S. Irfan Ahmed Asst. Professor, VLB Engineering College, Coimbatore E.R. Naganathan Reader, Computer Science Department Alagappa University,
More informationCSC 580 Cryptography and Computer Security
CSC 580 Cryptography and Computer Security Random Bit Generators (Sections 8.1-8.3) February 20, 2018 Overview Today: HW 4 solution discussion Pseudorandom generation - concepts and simple techniques Reminder:
More informationAttack on Sun s MIDP Reference Implementation of SSL
Attack on Sun s MIDP Reference Implementation of SSL Kent Inge Simonsen, Vebjørn Moen, and Kjell Jørgen Hole Department of Informatics, University of Bergen Pb. 7800, N-5020 Bergen, Norway {kentis,moen,kjell.hole}@ii.uib.no
More informationBasic principles of pseudo-random number generators
Basic principles of pseudo-random number generators Faculty of Informatics, Masaryk University Outline PRNGs True-randomness and pseudo-randomness Linear feedback shift registers Cryptographically secure
More informationAnalysis, demands, and properties of pseudorandom number generators
Analysis, demands, and properties of pseudorandom number generators Jan Krhovják Department of Computer Systems and Communications Faculty of Informatics, Masaryk University Brno, Czech Republic Jan Krhovják
More informationChapter 6 Random Number Generation
Chapter 6 Random Number Generation Requirements / application Pseudo-random bit generator Hardware and software solutions [NetSec/SysSec], WS 2007/2008 6.1 Requirements and Application Scenarios Security
More informationNetwork Security. Random Number Generation. Chapter 6. Network Security (WS 2003): 06 Random Number Generation 1 Dr.-Ing G.
Network Security Chapter 6 Random Number Generation Network Security (WS 2003): 06 Random Number Generation 1 Tasks of Key Management (1) Generation: It is crucial to security, that keys are generated
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 11 public-key cryptography Die-Hellman some math some problems 2 how to share a secret? private-key
More informationRandomness in Cryptography
Randomness in Cryptography JKU Linz 2007 Randomness in Cryptography 1 Randomness? Randomness in Cryptography 2 The need for randomness Contents 1 Introduction The need for randomness Formal denitions,
More informationCryptography and Network Security Chapter 7
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 7 Stream Ciphers and Random Number Generation The comparatively
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationCPS2323. Symmetric Ciphers: Stream Ciphers
Symmetric Ciphers: Stream Ciphers Content Stream and Block Ciphers True Random (Stream) Generators, Perfectly Secure Ciphers and the One Time Pad Cryptographically Strong Pseudo Random Generators: Practical
More informationWheel of Fortune ANALYZING EMBEDDED OS (CS)PRNGS JOS WETZELS ALI ABBASI
Wheel of Fortune ANALYZING EMBEDDED OS (CS)PRNGS JOS WETZELS ALI ABBASI WHOIS Jos Wetzels 1,2 Researcher, MSc student samvartaka.github.io Ali Abbasi 1,3 Ph.D. candidate http://wwwhome.cs.utwente.nl/~abbasia/
More informationRandom and Pseudorandom Bit Generators
Random and Pseudorandom Bit Generators Random bit generators Pseudorandom bit generators Cryptographically Secure PRBG Statistical tests Unpredictable quantities The security of many cryptographic systems
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationCryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers
Cryptography Dr. Michael Schneider michael.schneider@h-da.de Chapter 10: Pseudorandom Bit Generators and Stream Ciphers December 12, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Random and Pseudorandom
More informationUniversal Fuzzy Statistical Test for Pseudo Random Number Generators (UFST-PRNG)
Universal Fuzzy Statistical Test for Pseudo Random Number Generators (UFST-PRNG) Raad A. Muhajjar, Ph.D. ICCR Scholar, Dept. of Computer Science, Dr. S. Kazim Naqvi, Sr. System Analyst, Centre for IT,
More informationPRNGs & DES. Luke Anderson. 16 th March University Of Sydney.
PRNGs & DES Luke Anderson luke@lukeanderson.com.au 16 th March 2018 University Of Sydney Overview 1. Pseudo Random Number Generators 1.1 Sources of Entropy 1.2 Desirable PRNG Properties 1.3 Real PRNGs
More informationAPPENDIX D RANDOM AND PSEUDORANDOM NUMBER GENERATION
APPENDIX D RANDOM AND PSEUDORANDOM NUMBER GENERATION William Stallings D.1 THE USE OF RANDOM NUMBERS... 2 Randomness... 2 Unpredictability... 4 D.2 PSEUDORANDOM NUMBER GENERATORS (PRNGS)... 4 Linear Congruential
More informationLecture 4: Hashes and Message Digests,
T-79.159 Cryptography and Data Security Lecture 4: Hashes and Message Digests Helsinki University of Technology mjos@tcs.hut.fi 1 Cryptographic hash functions Maps a message M (a bit string of arbitrary
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Introduction, Randomness, One-Time Pad, Stream Ciphers University of Tartu Spring 2014 1 / 31 Who am I Arnis Paršovs MSc in Cyber Security Tallinn University of Technology,
More informationLab 1: Cipher Fundamentals
Lab 1: Cipher Fundamentals Objective: The key objective of this lab is to be introduced to some of the fundamental principles involved in cryptography, including the usage of Base-64, hexadecimal, the
More informationCryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi
Cryptographic Primitives A brief introduction Ragesh Jaiswal CSE, IIT Delhi Cryptography: Introduction Throughout most of history: Cryptography = art of secret writing Secure communication M M = D K (C)
More informationLab 1: Cipher Fundamentals
Lab 1: Cipher Fundamentals Objective: The key objective of this lab is to be introduced to some of the fundamental principles involved in cryptography, including the usage of Base-64, hexadecimal, the
More informationAcronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector
Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National
More informationCryptography and Network Security Chapter 7. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Chapter 7 Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first
More informationComputer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University
Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two
More informationComparative Analysis of SLA-LFSR with Traditional Pseudo Random Number Generators
International Journal of Computational Intelligence Research ISSN 0973-1873 Volume 13, Number 6 (2017), pp. 1461-1470 Research India Publications http://www.ripublication.com Comparative Analysis of SLA-LFSR
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Introduction, Randomness, One-Time Pad, Stream Ciphers University of Tartu Spring 2015 1 / 33 Who am I? Arnis Paršovs MSc in Cyber Security Tallinn University of Technology,
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Introduction, Randomness, One-Time Pad, Stream Ciphers University of Tartu Spring 2017 1 / 34 Who am I? Arnis Paršovs MSc in Cyber Security Tallinn University of Technology,
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 2 information security cryptographic primitives unkeyed primitives NSA... one-way functions hash functions
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationUNIT 9A Randomness in Computation: Random Number Generators
UNIT 9A Randomness in Computation: Random Number Generators 1 Last Unit Computer organization: what s under the hood 3 This Unit Random number generation Using pseudorandom numbers 4 Overview The concept
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationThe Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array. By Paul Kohlbrenner November 20, 2003
The Design and Analysis of a True Random Number Generator in a Field Programmable Gate Array By Paul Kohlbrenner November 20, 2003 Presentation Organization 1. Thesis goal 2. The need for random bits in
More informationSide-Channel Attacks on RSA with CRT. Weakness of RSA Alexander Kozak Jared Vanderbeck
Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck What is RSA? As we all know, RSA (Rivest Shamir Adleman) is a really secure algorithm for public-key cryptography.
More informationKristjan Kelt. Survey of random number generators on various platforms
Kristjan Kelt Survey of random number generators on various platforms University of Luxembourg 2013 Objective Investigate random number generation in several open source libraries, frameworks and applications
More informationTopics. Number Theory Review. Public Key Cryptography
Public Key Cryptography Topics 1. Number Theory Review 2. Public Key Cryptography 3. One-Way Trapdoor Functions 4. Diffie-Helman Key Exchange 5. RSA Cipher 6. Modern Steganography Number Theory Review
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationAn Efficient Stream Cipher Using Variable Sizes of Key-Streams
An Efficient Stream Cipher Using Variable Sizes of Key-Streams Hui-Mei Chao, Chin-Ming Hsu Department of Electronic Engineering, Kao Yuan University, #1821 Jhongshan Rd., Lujhu Township, Kao-Hsiung County,
More informationCryptography for Software and Web Developers
Cryptography for Software and Web Developers Part 4: randomness, hashing, tokens Hanno Böck 2014-05-28 1 / 13 Bad random numbers Random fails Example: Factoring RSA keys Good / bad randomness In security
More informationCrypto: Passwords and RNGs. CS 642 Guest Lecturer: Adam Everspaugh
Crypto: Passwords and RNGs CS 642 Guest Lecturer: Adam Everspaugh http://pages.cs.wisc.edu/~ace Topics! Password-based Crypto!! Random Number Generators Symmetric Key Encryption key generation R k Gen
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationryptograi "ГС for Tom St Denis, Elliptic Semiconductor Inc. Simon Johnson and Author of the LibTom Project
for ryptograi "ГС V6 е Tom St Denis, Elliptic Semiconductor Inc. and Author of the LibTom Project Simon Johnson Contents Preface Chapter 1 Introduction 1 Introduction 2 Threat Models 3 What Is Cryptography?
More informationPseudorandom Number Generation
Pseudorandom Number Generation Thanks once again to A. Joseph, D. Tygar, U. Vazirani, and D. Wagner at the University of California, Berkeley 1 What Can Go Wrong? An example: This generates a 16 byte (128
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationHOWTO: A Simple Random Number Generator for the ATmega1280 Microcontroller under C and TinyOS
HOWTO: A Simple Random Number Generator for the ATmega1280 Microcontroller under C and TinyOS Patrik Fimml Martin Perner Bernhard Petschina May 21, 2015 (v2.0) Contents 1 Introduction 1 1.1 True randomness
More informationCryptographic Engineering. Steven M. Bellovin October 16,
Cryptographic Engineering Steven M. Bellovin October 16, 2012 1 Cryptographic Engineering Issues Suppose we want to use crypto to protect files. Now what? What to encrypt? Where should keys be stored?
More informationSUMMARY OF INFORMATION ON EACH COURSE
1. Name of Course Applied Cryptography 2. Course Code TAC 3121 3. Status of Course Specialisation Core for B.IT Security Technology [Applies to (cohort) ] 4. MQF Level/Stage Note : Certificate MQF Level
More informationUNIT 9A Randomness in Computation: Random Number Generators Principles of Computing, Carnegie Mellon University - CORTINA
UNIT 9A Randomness in Computation: Random Number Generators 1 Course Announcements We are in the process of setting up the tutoring help system. PS7 is due Wednesday 3/20 in class Midterm 2 (written) is
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCryptography. Summer Term 2010
Cryptography Summer Term 2010 Harald Baier Chapter 3: Pseudo Random Bit Generators and Stream Ciphers Contents Random bits and pseudo random bits Stream ciphers Harald Baier Cryptography h_da, Summer Term
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 19th February 2009 Outline Basics Constructing signature schemes Security of
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationCyber Security Applied Cryptography. Dr Chris Willcocks
Cyber Security Applied Cryptography Dr Chris Willcocks Introduction 1. Content in this lecture will be examinable 2. This is a single lecture on applied cryptography for computer security. there is an
More informationAnalysis of Cryptography and Pseudorandom Numbers
ISSN: 2454-2377 Volume 2, Issue 2, June 2016 Analysis of Cryptography and Pseudorandom Numbers Richa Agarwal Student, M. Tech., Computer Science, Invertis University, Bareilly, India Abstract: With the
More informationCryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015
Cryptographic Hash Functions Rocky K. C. Chang, February 5, 2015 1 This set of slides addresses 2 Outline Cryptographic hash functions Unkeyed and keyed hash functions Security of cryptographic hash functions
More informationCS 179: GPU Computing. Lecture 16: Simulations and Randomness
CS 179: GPU Computing Lecture 16: Simulations and Randomness Simulations South Bay Simulations, http://www.panix.com/~brosen/graphics/iacc.400.jpg Exa Corporation, http://www.exa.com/images/f16.png Flysurfer
More informationRefresher: Applied Cryptography
Refresher: Applied Cryptography (emphasis on common tools for secure processors) Chris Fletcher Fall 2017, 598 CLF, UIUC Complementary reading Intel SGX Explained (ISE) Victor Costan, Srini Devadas https://eprint.iacr.org/2016/086.pdf
More informationCryptography. Dr. Michael Schneider October 10, 2017 h_da WS2017/18 Security Protocols Dr. Michael Schneider 1
Cryptography Dr. Michael Schneider michael.schneider@h-da.de October 10, 2017 h_da WS2017/18 Security Protocols Dr. Michael Schneider 1 1 Formalities 2 Contents, Time Table 3 Literature 4 Announcements
More informationImplementation of Modified Chaos- based Random Number Generator for Text Encryption
Proceedings of the 2 nd International Conference on Combinatorics, Cryptography and Computation (I4C2017) Implementation of Modified Chaos- based Random Number Generator for Text Encryption Rahim Asghari
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Problem 1 True or False (10 points) Circle True or False. Do not justify your answer. (a) True or False : It is safe (IND-CPA-secure) to encrypt
More informationCPS2323. Block Ciphers: The Data Encryption Standard (DES)
Block Ciphers: The Data Encryption Standard (DES) Content Block Ciphers: Constructing Pseudo Random Permutations using confusion/diffusion A call for an industry standard... and the NSA Lucifer and Feistel
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationKey Separation in Twofish
Twofish Technical Report #7 Key Separation in Twofish John Kelsey April 7, 2000 Abstract In [Mur00], Murphy raises questions about key separation in Twofish. We discuss this property of the Twofish key
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationOn the Practical Exploitability of Dual EC in TLS Implementations
On the Practical Exploitability of Dual EC in TLS Implementations Stephen Checkoway 1, Matt Fredrikson 2, Ruben Niederhagen 3, Adam Everspaugh 2 Matt Green 1, Tanja Lange 3, Tom Ristenpart 2, Dan Bernstein
More informationDawn Song
1 Secret-Sharing & Zero-knowledge Proof Dawn Song dawnsong@cs.berkeley.edu Review DH key exchange protocol Password authentication protocol Random number generation 2 Lessons Learned Seeds must be unpredictable
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Hash functions and HMAC University of Tartu Spring 2017 1 / 23 Cryptographic hash function A hash function is a function that takes an arbitrary block of data and returns
More informationCSC 482/582: Computer Security. Security Protocols
Security Protocols Topics 1. Basic Concepts of Cryptography 2. Security Protocols 3. Authentication Protocols 4. Key Exchange Protocols 5. Kerberos 6. Public Key Infrastructure Encryption and Decryption
More informationBlum-Blum-Shub cryptosystem and generator. Blum-Blum-Shub cryptosystem and generator
BBS encryption scheme A prime p is called a Blum prime if p mod 4 = 3. ALGORITHM Alice, the recipient, makes her BBS key as follows: BBS encryption scheme A prime p is called a Blum prime if p mod 4 =
More informationFall 2005 Joseph/Tygar/Vazirani/Wagner Notes 21
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 21 Anyone who uses software to produce random numbers is in a state of sin. John von Neumann The generation of random numbers is too
More informationn-bit Output Feedback
n-bit Output Feedback Cryptography IV Encrypt Encrypt Encrypt P 1 P 2 P 3 C 1 C 2 C 3 Steven M. Bellovin September 16, 2006 1 Properties of Output Feedback Mode No error propagation Active attacker can
More informationOpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.
1 2 OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications. The toolkit offers a series of command-line tools to perform
More informationMidterm Exam 2B Answer key
Midterm Exam 2B Answer key 15110 Principles of Computing Fall 2015 April 6, 2015 Name: Andrew ID: Lab section: Instructions Answer each question neatly in the space provided. There are 6 questions totaling
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationPrime Field over Elliptic Curve Cryptography for Secured Message Transaction
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 5.258 IJCSMC,
More informationBlack-Box Assessment of Pseudorandom Algorithms
Black-Box Assessment of Pseudorandom Algorithms Derek Soeder Christopher Abad Gabriel Acevedo dsoeder@cylance.com cabad@cylance.com gacevedo@cylance.com Agenda About PRNGs PRNGs by Example Attack Methodology
More informationIntroduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More informationCS 161 Computer Security. Week of September 11, 2017: Cryptography I
Weaver Fall 2017 CS 161 Computer Security Discussion 3 Week of September 11, 2017: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric key
More informationCS 241 Honors Nothing is Ever Random
CS 241 Honors Nothing is Ever Random Kevin Hong University of Illinois Urbana-Champaign Feburary 13, 2018 Kevin Hong (UIUC) Randomness and Entropy Feburary 13, 2018 1 / 11 Kevin Hong (UIUC) Randomness
More informationStream Ciphers. Koç ( ucsb ccs 130h explore crypto fall / 13
Stream Ciphers Çetin Kaya Koç http://cs.ucsb.edu/~koc koc@cs.ucsb.edu Koç (http://cs.ucsb.edu/~koc) ucsb ccs 130h explore crypto fall 2014 1 / 13 Block Ciphers Plaintext: M i with M i = n, where n is the
More informationCryptography [Symmetric Encryption]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationAuthentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
More informationInformation Security CS526
Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days
More information