Cryptography for People
|
|
- Lionel Stone
- 5 years ago
- Views:
Transcription
1 CySeP2015 Winter School on Cyber Security & Privacy KTH Stockholm Cryptography for People Dr. Jan Camenisch Cryptography & Privacy Principal Research Staff Member Member, IBM Academy of ibm.biz/jancamenisch
2 Facts 33% of cyber crimes, including identity theft, take less time than making a cup of coffee. 2
3 Facts 10 Years ago your personal data on the black market was worth $150. Today. 3
4 We all increasing amount of data and many are personal 1$ for much more data 4
5 use them with different devices, store them anywhere 5
6 use and generate them in interaction with other entities leave collateral data while doing so to make things worse: it's en vogue to let users manage their data :-( 6
7 how can we protect all these data????? 7
8 Houston, we have a problem! ᄅ Information Security Summer School - Bilbao
9 Houston, we have a problem! ᄅ Buzz Aldrin's footprints are still up there (Robin Wilton) Information Security Summer School - Bilbao
10 Computers don't forget Data storage ever cheaper store by default also collateral collection, surveillance cameras, Google Street View with wireless traffic, Apple location history,... Data mining ever better self-training algorithms cleverer than their designers not just trend detection, even prediction, e.g., flu pandemics, ad clicks, purchases, what about health insurance, criminal behavior? The world as we know it Humans forget most things too quickly Paper collects dust in drawers We build apps with the paper-based world in mind :-( if it works it works security too often still an afterthought implementors too often have no crypto education Information Security Summer School - Bilbao
11 You have no privacy, get over it...?!? I have nothing to hide! The intelligence agencies have all my data anyway Huge security problem! Millions of hacked passwords (100'000 followers $ ) Stolen identities ($ , $ , $5 2013) Difficult to put figures down Credit card fraud Spam & marketing Manipulating stock ratings, etc.. (Industrial) espionage We know that 3 letter orgs can do it easily, but they are not the only ones however, this is not about homeland security and of course there are limits to the degree of protection that one can achieve Last but not least: data are the new money, so they need to be protected! 11
12 Privacy is not a lost cause! We need paradigm shift & build stuff for the moon rather than the sandy beach! 12
13 What does that mean? Apply Data Minimization Privacy & Security by Design Require (users to reveal) only the data that are really needed Do not design with the sandy beach beach in mind Encrypt every bit Data should never ever be in the clear process it in the encrypted domain still need to manage keys carefully Needs to support switching of cryptographic algorithms symmetric key crypto gets broken at times beware of quantum computers Attach usage & access control policy to every bit enforce need to know honest but curious probably good enough Information Security Summer School - Bilbao
14 What does it mean: the electronic gap Strong security requires strong cryptographic authentication Humans rarely can remember cryptographic keys let alone compute with them From Humans to Keys the electronic gap Smart cards, HW tokens: a nuisance! Passwords: are dead?! Biometrics: cannot change them, too easily fooled?? Information Security Summer School - Bilbao
15 The Privacy & Security Paradox We do have the technology/crypto, but it is hardly used Deemed too expensive Too hard to manage all the keys, fear of loosing keys Protecting data is considered futile Often required by law, but these are w/out teeth Debate about legality of encryption V2.0 On the positive side Importance of security and privacy increasingly recognized Laws are revised Information Security Summer School - Bilbao
16 Cryptography to the Aid Information Security Summer School - Bilbao
17 Today: two solutions Identity mixer: privacy protecting authentication Password-based security: from humans to cryptographic keys?? 17
18 Identity Mixer 18
19 Alice wants to watch a movie at Movie Streaming Service I wish to see Alice in Wonderland Alice Movie Streaming Service 19
20 Alice wants to watch a movie at Movie Streaming Service You need: - subscription - be older than 12 Alice Movie Streaming Service 20
21 Watching the movie with the traditional solution Using digital equivalent of paper world, e.g., with X.509 Certificates ok, here's - my eid - my subscription Alice Movie Streaming Service 21
22 Watching the movie with the traditional solution...with X.509 Certificates Aha, you are - Alice Doe - born on Dec 12, Waterdrive - CH 8003 Zurich - Married - Expires Aug 4, 2018 Mplex Customer - # Premium Subscription - Expires Jan 13, 2016 Alice Movie Streaming Service 22
23 Watching the movie with the traditional solution This is a privacy and security problem! - identity theft - discrimination - profiling, possibly in connection with other services Aha, you are - Alice Doe - born on Dec 12, Waterdrive - CH 8003 Zurich - Married - Expires Aug 4, 2018 Mplex Customer - # Premium Subscription - Expires Jan 13, 2016 Alice Movie Streaming Service 23
24 Watching the movie with the traditional solution With OpenID and similar solution, e.g., log-in with Facebook Alice Movie Streaming Service 24
25 Watching the movie with the traditional solution With OpenID and similar solution, e.g., log-in with Facebook Aha, Alice is watching a 12+ movie Alice Movie Streaming Service 25
26 Watching the movie with the traditional solution With OpenID and similar solution, e.g., log-in with Facebook Aha, Alice is watching a 12+ movie Aha, you are - Alice@facebook.com Mplex Customer - # Premium Subscription - Expires Jan 13, 2016 Alice Movie Streaming Service 26
27 Identity Mixer solves this. When Alice authenticates to the Movie Streaming Service with Identity Mixer, all the services learns is that Alice has a subscription is older than 12 and no more! 27
28 Privacy-protecting authentication with Privacy ABCs Like PKI, but better: One secret Identity (secret key) Many Public Pseudonyms (public keys) 28
29 Privacy-protecting authentication with Privacy ABCs Like PKI, but better: Issuing a credential Name = Alice Doe Birth date = April 3,
30 Privacy-protecting authentication with Privacy ABCs I wish to see Alice in Wonderland You need: - subscription - be older than 12 Alice Movie Streaming Service 30
31 Privacy-protecting authentication with Privacy ABCs Alice Movie Streaming Service 31
32 Privacy-protecting authentication with Privacy ABCs Alice Movie Streaming Service 32
33 Privacy-protecting authentication with Privacy ABCs I wish to see Alice in Wonderland You need: - subscription - be older than 12 Alice Movie Streaming Service Concept: presentation policy 33
34 Privacy-protecting authentication with Privacy ABCs Like PKI but does not send credential only minimal disclosure Alice - valid subscription - eid with age 12 Movie Streaming Service 34
35 Privacy-protecting authentication with Privacy ABCs Like PKI but does not send credential only minimal disclosure (Public Verification Key of issuer) Aha, you are - older than 12 - have a subscription Alice Movie Streaming Service 35
36 Minimal Disclosure 36 Alice Doe Age: 12+ Hauptstr 7, Zurich CH single Exp. Valid ve r ID ified ve r ID ified Alice Doe Dec 12, 1998 Hauptstr. 7, Zurich CH single Exp. Aug 4, 2018
37 So, let's watch a movie! idemixdemo.mybluemix.net idemixdemo.zurich.ibm.com 37 October 20, 2015
38 Identity Mixer status Scientific foundation laid 15 years ago, well studied & award winning Successful real-world pilots in series of EU projects You can have identity mixer, too! Open-source implementation: Idemix-as-a-Service on IBM Bluemix Web-based demo to try for everyone Coming soon: Idemix on mobile 38
39 A glimpse at the underlying cryptography 39 October 20, 2015
40 A Glimpse at the technical realization Signature scheme compatible with ZKP Commitment scheme compatible with ZKP & sig. scheme Zero knowledge proof of knowledge 40 October 20, 2015
41 Zero Knowledge Proofs of Knowledge of Discrete Logarithms Given group <g> and element y Є <g>. Prover wants to convince verifier that she knows x = log g y such that verifier only learns y and g. Prover: random r t := gr PK{(α): y = gα } t c s := r - cx Verifier : random c s t = gs yc 41 October 20, 2015
42 Zero Knowledge Proofs of Knowledge of Discrete Logarithms Many Exponents: PK{(α,β,γ,δ): y = gα hβzγkδuβ } Logical combinations: PK{(α,β): y = gα z = gβ u = gβhα } PK{(α,β): y = gα z = gβ } Intervals and groups of different order (under SRSA): PK{(α): y = gα α Є [A,B] } PK{(α): y = gα z = gα α Є [0,min{ord(g),ord(g)}] } Non-interactive (Fiat-Shamir heuristic, Schnorr Signatures): PK{(α): y = gα }(m) 42 October 20, 2015
43 RSA Signature Scheme Rivest, Shamir, and Adlemann 1978 Secret Key: two random primes p and q Public Key: n := pq, prime e, and collision-free hash function H: {0,1}* -> {0,1}ℓ Computing signature on a message m Є {0,1}* d := 1/e mod (p-1)(q-1) s := H(m) d mod n Verification of signature s on a message m Є {0,1}* se = H(m) Correctness: se = (H(m)d)e = H(m)d e = H(m) 43 October 20, 2015 (mod n) (mod n)
44 RSA Signature Scheme Verification signature on a message m Є {0,1}* se := H(m) (mod n) Wanna do proof of knowledge of signature on a message, e.g., PK{ (m,s): se = H(m) (mod n) } But this is not a valid proof expression!!!! :-( 44 October 20, 2015
45 CL-Signature Scheme Public key of signer: RSA modulus n and ai, b, d Є QRn, Secret key: factors of n To sign k messages m1,..., mk Є {0,1}ℓ : choose random prime 2ℓ+2 > e > 2ℓ+1 and integer s n compute c : c = (d / (a m1... a mk bs ))1/e mod n 1 45 k signature is (c,e,s) October 20, 2015
46 CL-Signature Scheme To verify a signature (c,e,s) on messages m1,..., mk: m1,..., mk Є {0,1}ℓ: e > 2ℓ+1 d = ce a 1 m1... a k mk bs mod n Theorem: Signature scheme is secure against adaptively chosen message attacks under Strong RSA assumption. 46 October 20, 2015
47 Proving Knowledge of a CL-signature Observe: d = ce am bs mod n Let c' = c btmod n with randomly chosen t then d = c'e a1m1a2m2 bs-et (mod n), i.e., (c',e, s* = s-et) is also signature on m1 and m2 To prove knowledge of signature (c',e, s*) on m2 and some m1 provide c' PK{(ε, µ1, σ) : d/a2m2 := c'ε a1µ1 b σ µ Є {0,1}ℓ ε > 2ℓ+1 } 47 October 20, 2015
48 Password-based Security 48
49 Password are insecure, aren't they? username-password the most prominent form of user authentication Passwords inherently insecure? No! We re just using them incorrectly 49
50 The problem with passwords password salted PW hash correct? correct? correct? correct? correct? correct!! Passwords are symmetric secrets need protection on server & user Password (hashes) useless against offline attacks Human-memorizable passwords are inherently weak NIST: 16-character passwords have 30 bits of entropy 1 billion possibilities Rig of 25 GPUs tests 350 billion possibilities / second, so 3ms for 16 chars 60% of LinkedIn passwords cracked within 24h More expensive hash functions provide very little help only increases verification time as well does not work for short passwords such as pins etc Single-server solutions inherently vulnerable to offline attacks Server / administrator / hacker can always guess & test Information Security Summer School - Bilbao
51 The solution: distributed password verification Setup: Open account w/ password p p1 p p= 51 p1 p2 p2
52 The solution: distributed password verification Login to account with password p' p1 p' p' no server alone can test password? = p1 p2 p2 passwords safe as long as not all servers are hacked off-line attacks no longer possible on-line attacks can be throttled pro-active re-sharing possible First server web-server replaces hash-data files user's computer secure against loss or theft of user device 52
53 How it works in a nutshell [CLN12,CEN15] Servers share encryption secret key x1 and x2 for PK X fpr homomorphic scheme At setup: user encrypts p under X: E= EncX(p) Password verification: check for encryption of 1 E= EncX(p) x1 E' p' = p? DecX(E') = 1? p' r E' = (EncX(1/p') E) r = EncX( (p/p') ) E' E=EncX(p) x2 Servers do not learn anything 1 if passwords match, random number otherwise User could even be talking to the wrong servers Information Security Summer School - Bilbao
54 From password to cryptographic keys [CLN12,CLLN14,CEN15] p1 k1 p2 k2 One of the servers could be your smart phone, laptop, Get key share from if password check succeeded Decrypt all your files on phone (or stored in the cloud, etc) 54
55 From password to cryptographic keys [CLN12,CLLN14,CEN15] p1 k1 p' p'? = p1 p2 k p2 k2 One of the servers could be your smart phone, laptop, Get key share from if password check succeeded Decrypt all your files on phone (or stored in the cloud, etc) 55
56 Further Research Needed! Securing the infrastructure & IoT ad-hoc establishment of secure authentication and communication audit-ability & privacy (where is my information, crime traces) security services, e.g., better CA, oblivious TTPs, anon. routing, Usability HCI Infrastructure (setup, use, changes by end users) Provably secure protocols Properly modeling protocols (UC, realistic attacks models,...) Verifiable security proofs Retaining efficiency Information Security Summer School - Bilbao
57 Further Research Needed! Quantum Computers Lots of new crypto needed still Build apps algorithm agnostic Towards a secure information society Society gets shaped by quickly changing technology Consequences are hard to grasp yet We must inform and engage in a dialog Information Security Summer School - Bilbao
58 Conclusion Let engage in some rocket science! Much of the needed technology exists need to use them & build apps for the moon and make apps usable & secure for end users Thank you! Joint work w/ Maria Dubovitskaya, Anja Lehmann, Anna Lysyanskaya, Gregory Neven, and many many more Information Security Summer School - Bilbao ibm.biz/jancamenisch
Cryptography 4 Privacy
SuRI School of Computer and Communication Sciences EPFL Cryptography 4 Privacy Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch Facts
More informationPrivacy in an Electronic World A Lost Cause?
InfoSec 2015 Summer School on Information Security Bilbao Privacy in an Electronic World A Lost Cause? Dr. Jan Camenisch Cryptography & Privacy Principal Research Staff Member Member, IBM Academy of Technology
More informationIBM Identity Mixer. Introduction Deployment Use Cases Blockchain More Features
Introduction Deployment Use Cases Blockchain More Features IBM Identity Mixer Privacy-preserving identity management and authentication for Blockchain and beyond Dr. Maria Dubovitskaya IBM Research Zurich
More informationCryptographic dimensions of Privacy
PRIVACY SUMMIT 2016 The Alain Turing Institute Cryptographic dimensions of Privacy Dr. Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch
More informationIBM Identity Mixer. Authentication without identification. Introduction Demo Use Cases Features Overview Deployment
Introduction Demo Use Cases Features Overview Deployment IBM Identity Mixer Authentication without identification Jan Camenisch, Maria Dubovitskaya, Peter Kalambet, Anja Lehmann, Gregory Neven, Franz-Stefan
More informationForschungsrichtungen in der IT-Sicherheit
Forschungsrichtungen in der IT-Sicherheit Dr. Jan Camenisch Principle Researcher; Member, IBM Academy of Technology IBM Research Zurich jca@zurich.ibm.com @JanCamenisch ibm.biz/jancamenisch Facts 33% of
More informationDirections in Security Research
Directions in Security Research Jan Camenisch IBM Research Zurich jca@zurich.ibm.com @JanCamenisch ibm.biz/jancamenisch Facts 33% of cyber crimes, including identity theft, take less time than to make
More informationCryptography 4 People
International Workshop on Inference & Privacy in a Hyperconnected World 2016 Cryptography 4 People Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch
More informationCryptography 4 People
ZISC Lunch Seminar, ETH Zurich, March 15, 2017 Cryptography 4 People bases Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch Facts We
More informationPrivacy-Enhancing Technologies & Applications to ehealth. Dr. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies & Applications to ehealth Dr. Anja Lehmann IBM Research Zurich IBM Research Zurich IBM Research founded in 1945 employees: 3,000 12 research labs on six continents IBM Research
More informationDirect Anonymous Attestation
Direct Anonymous Attestation Revisited Jan Camenisch IBM Research Zurich Joint work with Ernie Brickell, Liqun Chen, Manu Drivers, Anja Lehmann. jca@zurich.ibm.com, @JanCamenisch, ibm.biz/jancamenisch
More informationPrivacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems. Anja Lehmann IBM Research Zurich
Privacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems Anja Lehmann IBM Research Zurich ROADMAP Anonymous Credentials privacy-preserving (user) authentication Pseudonym Systems privacy-preserving
More informationAuthentication without Identification. Jan Camenisch IBM Research - Zurich IBM Corporation
Authentication without Identification Jan Camenisch IBM Research - Zurich Facts We all increasingly conduct our daily tasks electronically...are becoming increasingly vulnerable to cybercrimes 2 Facts
More informationAnonymous Credentials and e-cash
Anonymous Credentials and e-cash Jan Camenisch Principle Researcher; TL Cryptography & Privacy IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch Facts 33% of cyber crimes, including identity theft,
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationIdentity Mixer: From papers to pilots and beyond. Gregory Neven, IBM Research Zurich IBM Corporation
Identity Mixer: From papers to pilots and beyond Gregory Neven, IBM Research Zurich Motivation Online security & trust today: SSL/TLS for encryption and server authentication Username/password for client
More informationAnonymous Credentials: How to show credentials without compromising privacy. Melissa Chase Microsoft Research
Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research Credentials: Motivation ID cards Sometimes used for other uses E.g. prove you re over 21, or
More informationPrivacy Privacy Preserving Authentication Schemes: Theory and Applications
Privacy Privacy Preserving Authentication Schemes: Theory and Applications 18 th Infocom World, Athens, Greece, 2016 Yannis C. Stamatiou Computer Technology Institute & Press Diophantus and Business Administration
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCS3235 Seventh set of lecture slides
CS3235 Seventh set of lecture slides Hugh Anderson National University of Singapore School of Computing October, 2007 Hugh Anderson CS3235 Seventh set of lecture slides 1 Warp 9... Outline 1 Public Key
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis H2020 Clustering
More informationProf. Christos Xenakis
From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control Device-Centric Authentication for Future Internet Prof. Christos Xenakis SAINT Workshop
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationTechnologies to Protect eprivacy
Technologies to Protect eprivacy Lecture 1 Introduction Jan Camenisch IBM Research Zurich @jancamenisch www.camenisch.org/eprivacy We leave etraces, lots of etraces! and are observed by lots of sensors
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationA Decade of Direct Anonymous Attestation
A Decade of Direct Anonymous Attestation From Research to Standard and Back Jan Camenisch IBM Research Zurich Joint work with Ernie Brickell, Liqun Chen, Manu Drivers, Anja Lehmann. jca@zurich.ibm.com
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationMore crypto and security
More crypto and security CSE 199, Projects/Research Individual enrollment Projects / research, individual or small group Implementation or theoretical Weekly one-on-one meetings, no lectures Course grade
More informationStudy Guide for the Final Exam
YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE CPSC 467b: Cryptography and Computer Security Handout #22 Professor M. J. Fischer April 30, 2005 1 Exam Coverage Study Guide for the Final Exam The final
More informationBasic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationSecurity & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of
Contents Security & Privacy Contents Web Architecture and Information Management [./] Spring 2009 INFO 190-02 (CCN 42509) Erik Wilde, UC Berkeley School of Information Abstract 1 Security Concepts Identification
More informationAPPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1
APPLICATIONS AND PROTOCOLS Mihir Bellare UCSD 1 Some applications and protocols Internet Casino Commitment Shared coin flips Threshold cryptography Forward security Program obfuscation Zero-knowledge Certified
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationIdeal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012
Ideal Security Protocol Satisfies security requirements Requirements must be precise Efficient Small computational requirement Small bandwidth usage, network delays Not fragile Works when attacker tries
More informationZero Knowledge Protocol
Akash Patel (SJSU) Zero Knowledge Protocol Zero knowledge proof or protocol is method in which a party A can prove that given statement X is certainly true to party B without revealing any additional information
More informationKey Protection for Endpoint, Cloud and Data Center
Key Protection for Endpoint, Cloud and Data Center ENCRYPTION IS ONLY AS SECURE AS ITS LEAST SECURE KEY Encryption is undoubtedly one of the pillars of information security. It is used everywhere today:
More informationAuthentication Technology for a Smart eid Infrastructure.
Authentication Technology for a Smart eid Infrastructure. www.aducid.com One app to access all public and private sector online services. One registration allows users to access all their online accounts
More informationNotes for Lecture 24
U.C. Berkeley CS276: Cryptography Handout N24 Luca Trevisan April 21, 2009 Notes for Lecture 24 Scribed by Milosh Drezgich, posted May 11, 2009 Summary Today we introduce the notion of zero knowledge proof
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationOutline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
More informationPKI Credentialing Handbook
PKI Credentialing Handbook Contents Introduction...3 Dissecting PKI...4 Components of PKI...6 Digital certificates... 6 Public and private keys... 7 Smart cards... 8 Certificate Authority (CA)... 10 Key
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationPublic-Key Cryptography
Computer Security Spring 2008 Public-Key Cryptography Aggelos Kiayias University of Connecticut A paradox Classic cryptography (ciphers etc.) Alice and Bob share a short private key using a secure channel.
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationNigori: Storing Secrets in the Cloud. Ben Laurie
Nigori: Storing Secrets in the Cloud Ben Laurie (benl@google.com) April 23, 2013 1 Introduction Secure login is something we would clearly like, but achieving it practically for the majority users turns
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationOnline Banking Security
Online Banking Security Fabian Alenius Uwe Bauknecht May 17, 2009 Contents 1 Introduction 2 2 Secure Communication 2 2.1 Password authentication..................... 2 2.2 One-time Passwords.......................
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationSecuring Distributed Computation via Trusted Quorums. Yan Michalevsky, Valeria Nikolaenko, Dan Boneh
Securing Distributed Computation via Trusted Quorums Yan Michalevsky, Valeria Nikolaenko, Dan Boneh Setting Distributed computation over data contributed by users Communication through a central party
More informationPYTHIA SERVICE BY VIRGIL SECURITY WHITE PAPER
PYTHIA SERVICE WHITEPAPER BY VIRGIL SECURITY WHITE PAPER May 21, 2018 CONTENTS Introduction 2 How does Pythia solve these problems? 3 Are there any other solutions? 4 What is Pythia? 4 How does it work?
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationCryptography Today. Ali El Kaafarani. Mathematical Institute Oxford University. 1 of 44
Cryptography Today Ali El Kaafarani Mathematical Institute Oxford University 1 of 44 About the Course Regular classes with worksheets so you can work with some concrete examples (every Friday at 1pm).
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More informationDigital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2
Digital Signatures KG November 3, 2017 Contents 1 Introduction 1 2 Digital Signatures 2 3 Hash Functions 3 3.1 Attacks.................................... 4 3.2 Compression Functions............................
More informationTrusted Computing: Introduction & Applications
Trusted Computing: Introduction & Applications Lecture 5: Remote Attestation, Direct Anonymous Attestation Dr. Andreas U. Schmidt Fraunhofer Institute for Secure Information Technology SIT, Darmstadt,
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationPrivacy with attribute-based credentials ABC4Trust Project. Fatbardh Veseli
Privacy with attribute-based credentials ABC4Trust Project Fatbardh Veseli Deutsche Telekom Chair for Mobile Business and Multilateral Security Goethe University Frankfurt, Germany fatbardh.veseli@m-chair.de
More informationReminder: Homework 4. Due: Friday at the beginning of class
Reminder: Homework 4 Due: Friday at the beginning of class 1 Cryptography CS 555 Topic 33: Digital Signatures Part 2 2 Recap El-Gamal/RSA-OAEP Digital Signatures Similarities and differences with MACs
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationLecture 3 - Passwords and Authentication
Lecture 3 - Passwords and Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 What is authentication? Reliably verifying
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationPrivacy Enhancing Technologies CSE 701 Fall 2017
Privacy Enhancing Technologies Lecture 2: Anonymity Applications Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Anonymous communication mixes, anonymizing proxies,
More informationTest 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationMeeting FFIEC Meeting Regulations for Online and Mobile Banking
Meeting FFIEC Meeting Regulations for Online and Mobile Banking The benefits of a smart card based authentication that utilizes Public Key Infrastructure and additional mechanisms for authentication and
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationCryptographic Primitives and Protocols for MANETs. Jonathan Katz University of Maryland
Cryptographic Primitives and Protocols for MANETs Jonathan Katz University of Maryland Fundamental problem(s) How to achieve secure message authentication / transmission in MANETs, when: Severe resource
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationCryptographic Hash Functions
ECE458 Winter 2013 Cryptographic Hash Functions Dan Boneh (Mods by Vijay Ganesh) Previous Lectures: What we have covered so far in cryptography! One-time Pad! Definition of perfect security! Block and
More informationCryptographic protocols
Cryptographic protocols Lecture 3: Zero-knowledge protocols for identification 6/16/03 (c) Jussipekka Leiwo www.ialan.com Overview of ZK Asymmetric identification techniques that do not rely on digital
More informationIRMA: I Reveal My Attributes
IRMA: I Reveal My Attributes Roland van Rijswijk - Deij roland.vanrijswijk@surfnet.nl rijswijk@cs.ru.nl Project partners 2 What is an attribute? An attribute is a property of a person: Full name Date of
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationPublic-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7
Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7 David Cash University of Chicago Plan 1. Security of RSA 2. Key Exchange, Diffie-Hellman 3. Begin digital
More informationPhoenix: Rebirth of a Cryptographic Password-Hardening Service
Phoenix: Rebirth of a Cryptographic Password-Hardening Service Russell W.F. Lai 1,2 Christoph Egger 1 Dominique Schro der 1 Sherman S.M. Chow 2 1 Friedrich-Alexander-Universita t Erlangen-Nu rnberg University
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationPrivacy-Preserving & User-Auditable Pseudonym Systems. Jan Camenisch, Anja Lehmann IBM Research Zurich
Privacy-Preserving & User-Auditable Pseudonym Systems Jan Camenisch, Anja Lehmann IBM Research Zurich Motivation: How to maintain related yet distributed data? examples: social security system, ehealth
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationCS 161 Computer Security
Popa & Weaver Fall 2016 CS 161 Computer Security 10/4 Passwords 1 Passwords are widely used for authentication, especially on the web. What practices should be used to make passwords as secure as possible?
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationCSCE 548 Building Secure Software Entity Authentication. Professor Lisa Luo Spring 2018
CSCE 548 Building Secure Software Entity Authentication Professor Lisa Luo Spring 2018 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know
More informationDigital Signatures. Luke Anderson. 7 th April University Of Sydney.
Digital Signatures Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Digital Signatures 1.1 Background 1.2 Basic Operation 1.3 Attack Models Replay Naïve RSA 2. PKCS#1
More informationENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
More informationHashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5
Hashes, MACs & Passwords Tom Chothia Computer Security Lecture 5 Today s Lecture Hashes and Message Authentication Codes Properties of Hashes and MACs CBC-MAC, MAC -> HASH (slow), SHA1, SHA2, SHA3 HASH
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationMTAT Cryptology II. Entity Authentication. Sven Laur University of Tartu
MTAT.07.003 Cryptology II Entity Authentication Sven Laur University of Tartu Formal Syntax Entity authentication pk (sk, pk) Gen α 1 β 1 β i V pk (α 1,...,α i 1 ) α i P sk (β 1,...,β i 1 ) Is it Charlie?
More information