CSC574: Computer & Network Security
|
|
- Aileen Francis
- 6 years ago
- Views:
Transcription
1 CSC574: Computer & Network Security Lecture 4 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning)
2 Announcements Homework 2, assigned. Due Friday, January 29 th at 11:59pm 2
3 Modes of Operation Most ciphers work on blocks of fixed (small) size How to encrypt long messages? Modes of operation ECB (Electronic Code Book) CBC (Cipher Block Chaining) OFB (Output Feedback) CFB (Cipher Feedback) CTR (Counter) 3
4 Issues for Block Chaining Modes Information leakage: Does it reveal info about the plaintext blocks? Ciphertext manipulation: Can an attacker modify ciphertext block(s) in a way that will produce a predictable/desired change in the decrypted plaintext block(s)? Note: assume the structure of the plaintext is known, e.g., first block is employee #1 salary, second block is employee #2 salary, etc. Parallel/Sequential: Can blocks of plaintext (ciphertext) be encrypted (decrypted) in parallel? Error Propagation: If there is an error in a plaintext (ciphertext) block, will there be an encryption (decryption) error in more than one ciphertext (plaintext) block? 4
5 Electronic Code Book Plaintext (ECB) M 1 M 2 M 3 M padding Key E E E E Ciphertext C 1 C 2 C 3 C 4 The easiest mode of operation; each block is independently encrypted 5
6 ECB Decryption M 1 M 2 M 3 M padding Key D D D D C 1 C 2 C 3 C 4 Each block is independently decrypted 6
7 ECB Issues Information leaks: two ciphertext blocks that are the same Manipulation: switch ciphertext with predictable results on plaintext (e.g., shuffle). Parallel: yes Propagate: no Plaintext ECB Other modes 7
8 Cipher Block Chaining (CBC) M 1 M 2 M 3 M padding Initialization Vector Key E E E E C 1 C 2 C 3 C 4 Chaining dependency: each ciphertext block depends on all preceding plaintext blocks 8
9 Initialization Vectors Initialization Vector (IV) Used along with the key; not secret For a given plaintext, changing either the key, or the IV, will produce a different ciphertext Why is that useful? IV generation and sharing Random; may transmit with the ciphertext Incremental; predictable by receivers 9
10 CBC Decryption M 1 M 2 M 3 M padding Initialization Vector Key D D D D C 1 C 2 C 3 C 4 How many ciphertext blocks does each plaintext block depend on? 10
11 CBC Properties Does information leak? Identical plaintext blocks will produce different ciphertext blocks Can ciphertext be manipulated profitably???? Parallel processing possible? no (encryption), yes (decryption) Do ciphertext errors propagate? yes (encryption), a little (decryption) 11
12 Output Feedback Mode (OFB) Initialization Vector one-time pad Key E Pseudo-Random E Number Generator E E M 1 M 2 M 3 M padding C 1 C 2 C 3 C 4 12
13 OFB Decryption IV one-time pad Key E E E E M 1 M 2 M 3 M padding C 1 C 2 C 3 C 4 No block decryption required! 13
14 OFB Properties Does information leak? identical plaintext blocks produce different ciphertext blocks Can ciphertext be manipulated profitably???? Parallel processing possible? no (generating pad), yes (XORing with blocks) Do ciphertext errors propagate???? 14
15 OFB (Cont d) If you know one plaintext/ciphertext pair, can easily derive the one-time pad that was used i.e., should not reuse a one-time pad! Conclusion: IV must be different every time 15
16 Cipher Feedback Mode (CFB) IV Key E E E E M 1 M 2 M 3 M padding C 1 C 2 C 3 C 4 Ciphertext block C j depends on all preceding plaintext blocks 16
17 CFB Decryption IV Key E E E E M 1 M 2 M 3 M padding C 1 C 2 C 3 C 4 No block decryption required! 17
18 CFB Properties Does information leak? Identical plaintext blocks produce different ciphertext blocks Can ciphertext be manipulated profitably???? Parallel processing possible? no (encryption), yes (decryption) Do ciphertext errors propagate???? 18
19 Counter Mode (CTR) IV IV++ IV++ Key E E E M 1 M 2 M 3 C 1 C 2 C 3 19
20 CTR Mode Properties Does information leak? Identical plaintext block produce different ciphertext blocks Can ciphertext be manipulated profitably??? Parallel processing possible Yes (both generating pad and XORing) Do ciphertext errors propagate???? Allow decryption the ciphertext at any location Ideal for random access to ciphertext 20
21 Basic truths of cryptography Cryptography is not frequently the source of security problems Algorithms are well known and widely studied Vetted through crypto community Avoid any proprietary encryption Claims of new technology or perfect security are almost assuredly snake oil 21
22 Building systems with cryptography Use quality libraries SSLeay, cryptolib, openssl Find out what cryptographers think of a package before using it Code review like crazy Educate yourself on how to use library Understand caveats by original designer and programmer 22
23 Common pitfalls Generating randomness Storage of secret keys Virtual memory (pages secrets onto disk) Protocol interactions Poor user interface Poor choice of parameters or modes 23
24 What encryption does and does not Does: confidentiality Doesn t do: data integrity source authentication Need: ensure that data is not altered and is from an authenticated source 24
25 Principals Src=Alice, Dest=Bob Msg = network security is fun! Alice Bob Eve 25
26 Man-in-the-Middle (MitM) attack Src=Alice, Dest=Bob Msg = network security is fun! Src=Alice, Dest=Bob Msg = network security is not fun! Alice Eve Bob 26
27 Man-in-the-Middle (MitM) attack Src=Alice, Dest=Bob Msg = E K1 ( network security is fun! ) Src=Alice, Dest=Bob Msg = E K2 ( network security is not fun! ) Alice Eve Bob 27
28 Message Authentication Codes (MACs) MACs provide message integrity and authenticity MACK(M) use symmetric encryption to produce short sequence of bits that depends on both the message (M) and the key (K) MACs should be resistant to existential forgery: Eve should not be able to produce a valid MAC for a message M' without knowing K To provide confidentiality, authenticity, and integrity of a message, Alice sends EK(M,MACK(M)) where EK(X) is the encryption of X using key K Proves that M was encrypted (confidentiality and integrity) by someone who knew K (authenticity) 28
29 Message Authenticity Src = Alice, Dest = Bob Msg = { network security is fun, MACk( network security is fun! )} Src = Alice, Dest = Bob Msg = { network security isn t fun!,???} Alice Eve Bob Without knowledge of k, Eve can t compute a valid MAC for her forged message! 29
30 Encryption and Message Authenticity Src = Alice, Dest = Bob Msg = Ek1{{ network security is fun, MACk2( network security is fun! )}} Alice Eve Without knowing k1, Eve can t read Alice s message. Bob Without knowing k2, Eve can t compute a valid MAC for her forged message! 30
31 Cryptographic Hash Functions Hash function h: deterministic one-way function that takes as input an arbitrary message M (sometimes called a preimage) and returns as output h(m), a small fixed length hash (sometimes called a digest) Hash functions should have the following two properties: compression: reduces arbitrary length string to fixed length hash ease of computation: given message M, h(m) is easy to compute 31
32 Hash functions are usually fairly inexpensive (i.e., compared with public key cryptography) % openssl speed sha Doing sha1 for 3s on 16 size blocks: sha1's in 3.00s Doing sha1 for 3s on 64 size blocks: sha1's in 2.99s Doing sha1 for 3s on 256 size blocks: sha1's in 3.00s Doing sha1 for 3s on 1024 size blocks: sha1's in 3.00s Doing sha1 for 3s on 8192 size blocks: sha1's in 3.00s... Doing sha512 for 3s on 16 size blocks: sha512's in 2.99s Doing sha512 for 3s on 64 size blocks: sha512's in 3.00s Doing sha512 for 3s on 256 size blocks: 1416 sha512's in 3.00s Doing sha512 for 3s on 1024 size blocks: sha512's in 3.00s Doing sha512 for 3s on 8192 size blocks: sha512's in 3.00s OpenSSL 1.0.0d 8 Feb 2011 built on: Tue Feb 15 16:03:54 EST 2011 options:bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) aes(partial) idea(int) blowfish(idx) compiler: /usr/bin/gcc-4.2 -fpic -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS - D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -DMD32_REG_T=int - Wall The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes sha k k k k k sha k k k k k sha k k k k k 32
33 Why might hashes be useful? Message authentication codes (MACs): e.g.: MACK(M) = h(k M) (but don't do this, use HMAC instead) Modification detection codes: detect modification of data any change in data will cause change in hash 33
34 Prof. Pedantic proposes the following hash function, arguing that it offers both compression and ease of computation. h(m) = 0 if the number of 0s in M is divisible by 3 h(m) = 1 otherwise Why is this a lousy crypto hash function? 34
35 Cryptographic Hash Functions Properties of good cryptographic hash functions: preimage resistance: given digest y, computationally infeasible to find preimage x' such that h(x')=y (also called one-way property ) 2nd-preimage resistance: given preimage x, computationally infeasible to find preimage x' such that h(x)=h(x') (also called weak collision resistance ) collision resistance: computationally infeasible to find preimages i,j such that h(i)=h(j) (also called strong collision resistance ) 35
36 Birthday Attack Birthday Paradox: chances that 2+ people share birthday in group of 23 is > 50%. General formulation function f() whose output is uniformly distributed over H possible outputs Number of experiments Q(H) until we find a collision is approximately: E.g., Why is this relevant to hash sizes? 36
37 Practical Implications Choosing two messages that have the same hash h(x) = h(x ) is more practical than you might think. Example attack: secretary is asked to write a bad letter, but wants to replace with a good letter. Boss signs the letter after reading Dear Anthony, # This letter is& " %! I am writing $ to introduce! "# you to to you $ %&! "# Mr. -- $ %& Alfred! "# P. -- $ %& Barton, the " # new! newly appointed $ %&! "# chief senior $ %& jewellery buyer for! "# our the $ %& Northern " # European! Europe $ %&! "# area division $ %&. He! "# will take has taken $ %& over! "# the -- $ %& responsibility for " # all! the whole of $ %& our interests in! "# watches and jewellery jewellery and watches $ %& in the " # area! region $ %&. Please! "# afford give $ %& him! "# every all the $ %& help he! "# may need needs $ %& to " # seek out! find $ %& the most " # modern! up to date $ %& lines for the! "# top high $ %& end of the market. He is " # empowered! authorized $ %& to receive on our behalf! "# samples specimens $ %& of the # latest& " %! newest $! "# watch and jewellery jewellery and watch $ %& products,! "# up subject $ %& to a! "# limit maximum $ %& of ten thousand dollars. He will " # carry! hold $ %& a signed copy of this! "# letter document $ %& as proof of identity. An order with his signature, which is " # appended! attached $ %& # authorizes& " %! allows you to charge the cost to this company at the " # above $! head office $ %& address. We " # fully! -- $ %& expect that our " # level! volume $ %& of orders will increase in the " # following! next $ %& year and " # trust! hope $ %& that the new appointment will! "# be prove $ %& # advantageous& " %! an advantage to both our companies. $ 37 Figure 11.7 A Letter in 2 37 Variations (from Stallings, Crypto and Net Security)
38 Some common cryptographic hash functions MD5 (-bit digest) [don t use this] SHA-1 (160-bit digest) [stop using this*] SHA-256 (256-bit digest) SHA-512 (512-bit digest) SHA-3 [recent competition winner] 38
39 General Structure of Hash Y 0 Y 1 Y L 1 b b b IV = CV 0 n f n CV1 f n n CV L 1 f n CV L IV = Initial value CV i = chaining variable Y i = ith input block f = compression algorithm L n b = number of input blocks = length of hash code = length of input block (from Stallings, Crypto and Net Security) 39
40 Comparison of SHA Parameters Message Digest Size SHA-1 SHA-224 SHA-256 SHA-384 SHA Message Size < 2 64 < 2 64 < 2 64 < 2 < 2 Block Size Word Size Number of Steps Note: All sizes are measured in bits. 40 (from Stallings, Crypto and Net Security)
41 SHA-512 L bits Message N 1024 bits bits L 1024 bits 1024 bits 1024 bits M 1 M 2 M N F F F IV = H 0 H 1 H 2 H N 512 bits 512 bits 512 bits hash code + = word-by-word addition mod 264 (from Stallings, Crypto and Net Security) 41
42 SHA-512 Function M i H i 1 message schedule 64 a b c d e f g h W 0 K 0 Round 0 W t a b c d e f g h Round t K t a b c d e f g h W 79 K 79 Round H i 42 (from Stallings, Crypto and Net Security)
43 Prof. Pedantic decides to use SHA256 to authenticate messages Protocol: Sender: Input: message M Output: M SHA256(M) Receiver: Input: M SHA256(M) (from the Sender) Computes hash over M and checks that it matches value from sender why is this terrible?...and how can it be improved? 43
44 Message Extension Attack Why is MAC k (M) = H(k M) bad? How can Eve append M to M? Goal: compute H(k M M ) without knowing k Solution: Use H(k M) as IV for next f iteration in H() 44
45 A Better MAC Objectives Use available hash functions without modification Easily replace embedded hash function as more secure ones are found Preserve original performance of hash function Easy to use 45
46 HMAC K + ipad = 0x b bits b bits b bits S i Y 0 Y 1 Y L 1 HMAC(k,M) = H(k opad H(k ipad M)) Attacker cannot extend MAC as before Prove it to yourself K + IV opad n bits = 0x5C5C5C Hash n bits H(S i M) b bits pad to b bits S o IV n bits Hash n bits HMAC(K, M) (from Stallings, Crypto and Net Security) 46
47 Using hashes as authenticators Consider the following scenario Prof. Smart E. Pants has not decided if she will cancel the next lecture. When she does decide, she communicates to Bob the student through Mallory, her evil TA. She does not care if Bob shows up to a cancelled class, but she does not want students to not show up if the class hasn t been cancelled Prof. Pants does not trust Mallory to deliver the message. Prof. Smart E. Pants and Bob use the following protocol: Prof. Pants invents a secret t Prof. Pants gives Bob h(t), where h() is a crypto hash function If she cancels class, she gives t to Mallory to give to Bob If does not cancel class, she does nothing If Bob receives the token t, he knows that Prof. Pants sent it 47
48 Hash Authenticators Why is this protocol secure? t acts as an authenticated value (authenticator) because Mallory could not have produced t without inverting h() Note: Mallory can convince Bob that class is occurring when it is not by simply not delivering t (but we assume Bob is smart enough to come to that conclusion when the room is empty) Note that it is important that Bob gets the original value h(t) from Alice directly (was provably authentic) 48
49 Hash chain Now, consider the case where Alice wants to do the same protocol, only for all 26 classes (the semester) Alice and Bob use the following protocol: 1. Alice invents a secret t 2. Alice gives Bob H 26 (t), where H 26 () is 26 repeated uses of H(). 3. If she cancels class on day d, she gives H (26-D) (t) to Mallory, e.g., If cancels on day 1, she gives Mallory H 25 (t) If cancels on day 2, she gives Mallory H 24 (t). If cancels on day 25, she gives Mallory H 1 (t) If cancels on day 26, she gives Mallory t 4. If Alice does not cancel class, she does nothing If Bob receives the token t, he knows that Alice sent it 49
50 Hash Chain (cont.) Why is this protocol secure? On day d, H (26-d) (t) acts as an authenticated value (authenticator) because Mallory could not create t without inverting H() because for any H k (t) she has k>(26-d) That is, Mallory potentially has access to the hash values for all days prior to today, but that provides no information on today s value, as they are all post-images of today s value Note: Mallory can again convince Bob that class is occurring by not delivering H (26-d) (t) Chain of hash values are ordered authenticators Important that Bob got the original value H 26 (t) from Alice directly (was provably authentic) 50
51 PRNG using Hashes V +1 Hash functions can also be used to build pseudorandom number generator (PRNGs) for generating a stream of pseudo random bits Two uses: Create random values: Seed should only be known to the user Stream encryption: Seed known to sender and receiver K Cryptographic hash function (a) PRNG using cryptographic hash function V HMAC Pseudorandom output Pseudorandom output 51 (b) PRNG using HMAC (from Stallings, Crypto and Net Security)
CSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationCSCI 454/554 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation
CSCI 454/554 Computer and Network Security Topic 3.2 Secret Key Cryptography Modes of Operation Processing with Block Ciphers Most ciphers work on blocks of fixed (small) size How to encrypt long messages?
More informationCSC/ECE 574 Computer and Network Security. Processing with Block Ciphers. Issues for Block Chaining Modes
CSC/C 574 Computer and Network Security Topic 3.2 Secret Cryptography Modes of Operation CSC/C 574 r. eng Ning 1 rocessing with Block Ciphers Most ciphers work on blocks of fixed (small) size How to encrypt
More informationProcessing with Block Ciphers
AIT 682: Network and Systems Security Topic 3.2 Secret Cryptography Modes of Operation Instructor: r. Kun Sun rocessing with Block Ciphers Most ciphers work on blocks of fixed (small) size How to encrypt
More informationData Integrity. Modified by: Dr. Ramzi Saifan
Data Integrity Modified by: Dr. Ramzi Saifan Encryption/Decryption Provides message confidentiality. Does it provide message authentication? 2 Message Authentication Bob receives a message m from Alice,
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More informationIntroduction to Cryptography. Lecture 6
Introduction to Cryptography Lecture 6 Benny Pinkas page 1 1 Data Integrity, Message Authentication Risk: an active adversary might change messages exchanged between Alice and Bob M Alice M M M Bob Eve
More informationModule: Cryptography. Professor Patrick McDaniel Fall CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Cryptography Professor Patrick McDaniel Fall 2008 1 A historical moment Mary Queen of Scots is being held by Queen Elizabeth and accused of
More informationLecture 7 - Applied Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
More informationLecture 4: Authentication and Hashing
Lecture 4: Authentication and Hashing Introduction to Modern Cryptography 1 Benny Applebaum Tel-Aviv University Fall Semester, 2011 12 1 These slides are based on Benny Chor s slides. Some Changes in Grading
More informationA hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 5 5.1 A hash function is an efficient function mapping binary strings of arbitrary length to binary strings of fixed length (e.g. 128 bits), called the hash-value
More informationCryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015
Cryptographic Hash Functions Rocky K. C. Chang, February 5, 2015 1 This set of slides addresses 2 Outline Cryptographic hash functions Unkeyed and keyed hash functions Security of cryptographic hash functions
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (reciever) Fran
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 Question Setup: Assume you and I donʼt know anything about
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (receiver) Fran
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationCryptographic Hash Functions
ECE458 Winter 2013 Cryptographic Hash Functions Dan Boneh (Mods by Vijay Ganesh) Previous Lectures: What we have covered so far in cryptography! One-time Pad! Definition of perfect security! Block and
More informationCryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 12 Message Authentication Codes At cats' green on the Sunday he took the message from
More informationMessage Authentication Codes and Cryptographic Hash Functions
Message Authentication Codes and Cryptographic Hash Functions Readings Sections 2.6, 4.3, 5.1, 5.2, 5.4, 5.6, 5.7 1 Secret Key Cryptography: Insecure Channels and Media Confidentiality Using a secret key
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationUnit 8 Review. Secure your network! CS144, Stanford University
Unit 8 Review Secure your network! 1 Basic Problem Internet To first approximation, attackers control the network Can snoop, replay, suppress, send How do we defend against this? Communicate securely despite
More informationCIS 6930/4930 Computer and Network Security. Topic 3.2 Secret Key Cryptography Modes of Operation
CIS 6930/4930 Computer and Network Security Topic 3.2 Secret Key Cryptography Modes of Operation 1 Cipher Feedback Mode (CFB) IV Key 64 64 64 64 64 M 1 M 2 M 3 M 4 64 64 64 46 + padding 64 64 64 64 C 1
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationIntegrity of messages
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2016. Slide: 106 Integrity of messages Goal: Ensure change of message by attacker can be detected Key tool: Cryptographic hash function Definition
More informationLecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security CHF-s are used for many authentication, integrity, digital
More informationCryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationP2_L8 - Hashes Page 1
P2_L8 - Hashes Page 1 Reference: Computer Security by Stallings and Brown, Chapter 21 In this lesson, we will first introduce the birthday paradox and apply it to decide the length of hash, in order to
More informationHow many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?
Homework 1. Come up with as efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. 2. Token cards display a number that
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lecture 18: Cryptographic hash functions, Message authentication codes Functions Definition Given two sets, X and Y, a function f : X Y (from set X to set Y), is
More informationCryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationProcessing with Block Ciphers
rocessing with Block iphers AIT 682: Network and Systems Security Topic 3.2 Secret ryptography Modes of Operation Instructor: r. un Sun Most ciphers work on blocks of fixed (small) size How to encrypt
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 34 Cryptographic Hash Functions A hash function provides message integrity and authentication
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationAppendix A: Introduction to cryptographic algorithms and protocols
Security and Cooperation in Wireless Networks http://secowinet.epfl.ch/ Appendix A: Introduction to cryptographic algorithms and protocols 2007 Levente Buttyán and Jean-Pierre Hubaux symmetric and asymmetric
More informationCryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security
Recall from last lecture Cryptography To a first approximation, attackers control network Next two lectures: How to defend against this 1. Communicate securely despite insecure networks cryptography 2.
More informationLecture 5. Cryptographic Hash Functions. Read: Chapter 5 in KPS
Lecture 5 Cryptographic Hash Functions Read: Chapter 5 in KPS 1 Purpose CHF one of the most important tools in modern cryptography and security In crypto, CHF instantiates a Random Oracle paradigm In security,
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationCryptographic hash functions and MACs
Cryptographic hash functions and MACs Myrto Arapinis School of Informatics University of Edinburgh October 05, 2017 1 / 21 Introduction Encryption confidentiality against eavesdropping 2 / 21 Introduction
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationCS 161 Computer Security. Week of September 11, 2017: Cryptography I
Weaver Fall 2017 CS 161 Computer Security Discussion 3 Week of September 11, 2017: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric key
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n n A tremendous tool The basis for many security mechanisms Is not n n n n The solution to all security problems Reliable unless implemented properly Reliable
More informationLecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422
Lecture 18 Message Integrity Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422 Cryptography is the study/practice of techniques for secure communication,
More informationCS 645 : Lecture 6 Hashes, HMAC, and Authentication. Rachel Greenstadt May 16, 2012
CS 645 : Lecture 6 Hashes, HMAC, and Authentication Rachel Greenstadt May 16, 2012 Reminders Graded midterm, available on bbvista Project 3 out (crypto) Hash Functions MAC HMAC Authenticating SSL Man-in-the-middle
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationECE 646 Lecture 11. Hash functions & MACs. Digital Signature. message. hash. function. Alice. Bob. Alice s public key. Alice s private key
ECE 646 Lecture 11 Hash functions & MACs Digital Signature Alice Message Signature Message Signature Bob Hash function Hash function Hash value Public key algorithm yes Hash value 1 Hash value 2 no Public
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationSecurity Requirements
Message Authentication and Hash Functions CSCI 454/554 Security Requirements disclosure traffic analysis masquerade content modification sequence modification timing modification source repudiation destination
More information1 Defining Message authentication
ISA 562: Information Security, Theory and Practice Lecture 3 1 Defining Message authentication 1.1 Defining MAC schemes In the last lecture we saw that, even if our data is encrypted, a clever adversary
More informationA hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 8 Hash Functions 8.1 Hash Functions Hash Functions A hash function is an efficient function mapping binary strings of arbitrary length to binary strings of fixed
More informationCSCI 454/554 Computer and Network Security. Topic 4. Cryptographic Hash Functions
CSCI 454/554 Computer and Network Security Topic 4. Cryptographic Hash Functions Hash function lengths Outline Hash function applications MD5 standard SHA-1 standard Hashed Message Authentication Code
More informationCryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi
Cryptographic Primitives A brief introduction Ragesh Jaiswal CSE, IIT Delhi Cryptography: Introduction Throughout most of history: Cryptography = art of secret writing Secure communication M M = D K (C)
More informationOutline. Hash Function. Length of Hash Image. AIT 682: Network and Systems Security. Hash Function Properties. Question
Hash function lengths Outline AIT 682: Network and Systems Security Topic 4. Cryptographic Hash Functions Instructor: Dr. Kun Sun Hash function applications MD5 standard SHA-1 standard Hashed Message Authentication
More informationOutline. AIT 682: Network and Systems Security. Hash Function Properties. Topic 4. Cryptographic Hash Functions. Instructor: Dr.
AIT 682: Network and Systems Security Topic 4. Cryptographic Hash Functions Instructor: Dr. Kun Sun Hash function lengths Outline Hash function applications MD5 standard SHA-1 standard Hashed Message Authentication
More informationIntroduction to Software Security Hash Functions (Chapter 5)
Introduction to Software Security Hash Functions (Chapter 5) Seong-je Cho Spring 2018 Computer Security & Operating Systems Lab, DKU Sources / References Textbook, Chapter 5. An Illustrated Guide to Cryptographic
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationCHAPTER 6. SYMMETRIC CIPHERS C = E(K2, E(K1, P))
CHAPTER 6. SYMMETRIC CIPHERS Multiple encryption is a technique in which an encryption algorithm is used multiple times. In the first instance, plaintext is converted to ciphertext using the encryption
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationn-bit Output Feedback
n-bit Output Feedback Cryptography IV Encrypt Encrypt Encrypt P 1 P 2 P 3 C 1 C 2 C 3 Steven M. Bellovin September 16, 2006 1 Properties of Output Feedback Mode No error propagation Active attacker can
More informationENEE 459-C Computer Security. Message authentication
ENEE 459-C Computer Security Message authentication Data Integrity and Source Authentication Encryption does not protect data from modification by another party. Why? Need a way to ensure that data arrives
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationS. Erfani, ECE Dept., University of Windsor Network Security
4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationLecture 4: Hashes and Message Digests,
T-79.159 Cryptography and Data Security Lecture 4: Hashes and Message Digests Helsinki University of Technology mjos@tcs.hut.fi 1 Cryptographic hash functions Maps a message M (a bit string of arbitrary
More informationsymmetric cryptography s642 computer security adam everspaugh
symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcements Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)
More informationHashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5
Hashes, MACs & Passwords Tom Chothia Computer Security Lecture 5 Today s Lecture Hashes and Message Authentication Codes Properties of Hashes and MACs CBC-MAC, MAC -> HASH (slow), SHA1, SHA2, SHA3 HASH
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 8 (and maybe 9) secret-key primitives Message Authentication Codes Pseudorandom number generators 2
More informationH must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls)
What is a hash function? mapping of: {0, 1} {0, 1} n H must be collision (2n/2 function calls), 2nd-preimage (2n function calls) and preimage resistant (2n function calls) The Merkle-Damgård algorithm
More informationSymmetric Crypto MAC. Pierre-Alain Fouque
Symmetric Crypto MAC Pierre-Alain Fouque Message Authentication Code (MAC) Warning: Encryption does not provide integrity Eg: CTR mode ensures confidentiality if the blockcipher used is secure. However,
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Lecture 6 Michael J. Fischer Department of Computer Science Yale University January 27, 2010 Michael J. Fischer CPSC 467b, Lecture 6 1/36 1 Using block ciphers
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationChapter 11 Message Integrity and Message Authentication
Chapter 11 Message Integrity and Message Authentication Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 11.1 Chapter 11 Objectives To define message integrity
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationFeedback Week 4 - Problem Set
4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Ciphers 2005-15 Portions copyright by Matt Bishop and Wikipedia. Used with permission Overview m 3 m 2 m 1 cipher c i Bob Alice cipher -1 m 1 m 2
More informationUsing block ciphers 1
Using block ciphers 1 Using block ciphers DES is a type of block cipher, taking 64-bit plaintexts and returning 64-bit ciphetexts. We now discuss a number of ways in which block ciphers are employed in
More informationSolutions to exam in Cryptography December 17, 2013
CHALMERS TEKNISKA HÖGSKOLA Datavetenskap Daniel Hedin DIT250/TDA351 Solutions to exam in Cryptography December 17, 2013 Hash functions 1. A cryptographic hash function is a deterministic function that
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationCryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption (finish), Hash Functions, Message Authentication Codes Fall 2016 Adam (Ada) Lerner lerner@cs.washington.edu Thanks
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationScanned by CamScanner
Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Symmetric-Key Cryptography CS 161: Computer Security
More information