Fair Exchange Protocols
|
|
- Pierce Powell
- 6 years ago
- Views:
Transcription
1 air Exchange Protocols Steve Kremer and Mark Ryan air Exchnage Protocols p.1
2 Examples of fair exchange protocols Electronic purchase of goods exchange of an electronic item against an electronic payment igital contract signing exchange of digital signatures on a given electronic document Non-repudiation protocols exchange of an electronic item and a non-repudiation of origin evidence against the corresponding non-repudiation of receipt evidence Certified exchange of an electronic message against a proof of receipt Barter an electronic item of a given value is exchanged against another item of a similar value... air Exchnage Protocols p.2
3 An example: digital contract signing Use digital signatures to sign a contract over a network What is the problem? Alice Signed contract Bob Signed contract Asymmetry: someone must be the first to sign airness A protocol is fair if at the end of the protocol, either all participants received the expected item, or none of them received the expected item. air Exchnage Protocols p.3
4 Evolution of fair exchange protocols protocols requiring a trusted third party (TTP... but create a bottleneck at the TTP act: no deterministic contract signing protocol exists without the participation of a TTP. [Even Yacobi 1980] protocols based on gradual release... but need to assume comparable computation power, do not achieve real fairness and require a high number of messages randomised protocols... but need to increase the number of messages to decrease the probability that someone may cheat optimistic protocols suppose that most entities are honest, TTP intervention only in case of problem... introduced only in 1997 independently by Asokan et al. and Micali air Exchnage Protocols p.4
5 A probabilistic contract signing protocol Alice chooses a random number, and then she chooses random keys. Bob doesn t know or the keys. Next, Alice and Bob exchange messages as follows. Each party will timeout and abandon the protocol if there is a delay of time units by the other party in sending the next message. ecryption time is assumed to be much greater than. ack( Alice ack( Bob ack(. ack( air Exchnage Protocols p.5
6 A first optimistic contract signing protocol Main protocol Alice Promise to sign contract Signed contract Bob Signed contract else recover with TTP air Exchnage Protocols p.6
7 A first optimistic contract signing protocol (2 Recovery protocol Bob Recovery request (including A s promise TTP Contract signed by TTP Alice Contract signed by TTP Note: communication channels between the TTP and participants are supposed to be resilient (all messages eventually arrive. air Exchnage Protocols p.7
8 A first optimistic contract signing protocol (3 This protocol is fair. But it still has a problem... After having sent the first message Alice can get stuck. Timeliness A protocol provides timeliness if and only if at each moment in the protocol each participant can reach, in a finite amount of time, a point where he can stop the protocol while preserving fairness. air Exchnage Protocols p.8
9 A second optimistic contract signing protocol Main protocol Alice Bob Promise to sign contract Promise to sign contract else stop else abort with TTP Signed contract Signed contract else recover with TTP else recover with TTP air Exchnage Protocols p.9
10 A second optimistic contract signing protocol (2 Abort Protocol Alice TTP Abort request Abort token signed by TTP Contract signed by TTP if protocol not yet recovered else Note: The abort token is not a proof that the protocol has been aborted. It is only a promise that the TTP will not allow this protocol to be recovered. Note: Each message of the protocol must contain a unique identifier for the protocol session. air Exchnage Protocols p.10
11 A second optimistic contract signing protocol (3 Recovery Protocol Alice TTP Recovery request (including B s promise Abort token signed by TTP if protocol already aborted Contract signed by TTP else Bob Contract signed by TTP Note: The recovery protocol for Bob is obtained by inversing Alice s and Bob s role. air Exchnage Protocols p.11
12 TTP invisibility The previous protocol is fair and respects timeliness. However, it is possible to determine whether the TTP did intervene or not. TTP invisibility Bad publicity! A company could be believed to have cheated whereas in fact it was the network which delayed some messages. Having Alice s signature on the contract may be preferable to the TTP s signature. A TTP producing evidences which are indistinguishable from the ones Alice or Bob would have produced in a faultless scenario is said to be invisible or transparent. air Exchnage Protocols p.12
13 Verifiable Recoverable Encrypted Signatures A VRES is a cryptographic primitive, which implements a promise of a signature; makes it infeasible for anyone to extract the standard signature except for the TTP; is verifiable, i.e. a verifier will be convinced that the VRES can be converted to a standard signature by the TTP; is recoverable by the TTP, i.e. the TTP can convert the VRES to a standard signature. In a fair exchange protocol use a VRES as a promise to sign the contract (first 2 messages; the VRES can be converted to a standard signature by the TTP in case of a recovery. air Exchnage Protocols p.13
14 !! + ' ;7 9 7 : / / 7 6 ;7 : 6 - / RSA in a nutshell (1 Key generation and Choose two large primes = Compute and gcd, such that Choose ", such that Compute Signature generation for message * ( $( ' Signature verification, $( $( How it works: since *,.- - / <- - by ermat s little thm: 5 - / air Exchnage Protocols p.14
15 (, ( = ( RSA in a nutshell (2 Cross-decrytpion property and!, and compute, choose and and "! Given two relative prime RSA modula, such that "!! Given min : Encryption: the encryption of ( is: is ecryption: the decryption of *?@ = or *?> = How it works: * >, $( * >, ( air Exchnage Protocols p.15
16 B A C C, N K ML O A VRES based on RSA signatures Nenadić, Zhang, Barton 2004 Key generation (registration at the TTP generates an RSA modulus E and the correpsonding keys! E generates a second RSA modulus (relatively prime with correpsonding keys which she shares with TTP! and the VRES generation Choose a random prime G G H *J $( G I 3 2RQ P J S *J H G I air Exchnage Protocols p.16
17 + S + H A VRES based on RSA signatures (2 VRES verification, *J $( G I, ( H, *TJ H G, I H H VRES recovery S *J G $( ' * J ( I U G Note: there exist more efficient VRES scheme which do not require to share a key with the TTP. air Exchnage Protocols p.17
18 V An advantage to one party Imagine Alice starts a protocol to sell stock options to Bob. Alice starts the protocol with Bob and then shows Bob s offer to Charlie. Alice can convince Charlie that Bob started the protocol with a given offer; Alice can choose the outcome of the protocol. Influence Charlie to make a better offer. act: any protocol with an optimistic signer, the other signer can at some point choose the outcome of the protocol. [Chadha et al, 2003] The best we can hope is to avoid provable advantage. Abuse-freeness A protocol is said to be abuse-free if it is impossible for any participant to prove to an outsider that he has the power to decide the outcome of the protocol. air Exchnage Protocols p.18
19 B A W Private contract signatures Garay, Jakobsson, MacKenzie 1999 To achieve abuse-freeness use PCS instead of VRES. A PCS is a cryptographic primitive, which is recoverable by a TTP designated verifier: only a given designated verifier, Bob, is convinced that Alice is the signer. The designated verifier property is implemented by giving Bob the possibility to simulate or fake the PCS. Charlie will not be convinced that Alice really started the protocol, as Bob could show a simulation of Alice s message. air Exchnage Protocols p.19
20 Conclusion Crucial protocols to enable secure electronic commerce Currently still at an academic stage... Complex structure (in comparison to authentication protocols Some properties need non-standard cryptographic primitives Still a lot of ongoing research... or a survey and pointers: [KMZ02] Steve Kremer, Olivier Markowitch, and Jianying Zhou. An intensive survey of non-repudiation protocols. Computer Communications, 25(17: , November [PVG03] Henning Pagnia, Holger Vogt, and elix C. Gärtner. air exchange. The Computer Journal, 8(2:55 75, January air Exchnage Protocols p.20
Fair exchange and non-repudiation protocols
Fair exchange and non-repudiation protocols Levente Buttyán Laboratory of Cryptography and System Security (CrySyS) Budapest University of Technology and Economics buttyan@crysys.hu 2010 Levente Buttyán
More informationOPTIMISTIC NON-REPUDIABLE INFORMATION EXCHANGE
OPTIMISTIC NON-REPUDIABLE INFORMATION EXCHANGE Steve Kremer and Olivier Markowitch Université Libre de Bruxelles, Computer Science Dept. Bld du Triomphe C.P.212, 1050 Bruxelles, Belgium skremer@ulb.ac.be,
More informationExclusion-Freeness in Multi-party Exchange Protocols
Exclusion-Freeness in Multi-party Exchange Protocols Nicolás González-Deleito and Olivier Markowitch Université Libre de Bruxelles Bd. du Triomphe CP212 1050 Bruxelles Belgium {ngonzale,omarkow}@ulb.ac.be
More informationOPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL
OPTIMIZING ONE FAIR DOCUMENT EXCHANGE PROTOCOL Abdullah M. Alaraj Department of IT, Computer College, Qassim University, Saudi Arabia arj@qu.edu.sa ABSTRACT This paper presents an efficient fair document
More informationCHAPTER 4 VERIFIABLE ENCRYPTION OF AN ELLIPTIC CURVE DIGITAL SIGNATURE
68 CHAPTER 4 VERIFIABLE ENCRYPTION OF AN ELLIPTIC CURVE DIGITAL SIGNATURE 4.1 INTRODUCTION This chapter addresses the Verifiable Encryption of Elliptic Curve Digital Signature. The protocol presented is
More informationGame Analysis of Abuse-free Contract Signing
Game Analysis of Abuse-free Contract Signing Steve Kremer Jean-François Raskin Département d Informatique Faculté des Sciences Université Libre de Bruxelles, Belgium skremer@ulb.ac.be Jean-Francois.Raskin@ulb.ac.be
More informationOverview. Game-Based Verification of Fair Exchange Protocols. The Problem of Fair Exchange. Game-Theoretic Model. Protocol as a Game Tree
CS 259 Overview Game-ased Verification of Fair Exchange Protocols Vitaly Shmatikov Fair exchange protocols Protocols as games Security as presence or absence of certain strategies lternating transition
More informationGeneric Non-Repudiation Protocols Supporting Transparent Off-line TTP
Book Title Book Editors IOS Press, 2003 1 Generic Non-Repudiation Protocols Supporting Transparent Off-line TTP Guilin Wang 1 Institute for Infocomm Research (I 2 R) 21 Heng Mui Keng Terrace, Singapore
More informationA MULTI-PARTY NON-REPUDIATION PROTOCOL
A MULTI-PARTY NON-REPUDIATION PROTOCOL Steve Kremer and Olivier Markowitch Universite Libre de Bruxelles Dept of Computer Science, Ed du Triomphe, C.P.212, 1050 Bruxelles, Belgium skremer@ulb.ac.be, omarkow@ulb.ac.be
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationMulti-Party Non-Repudiation: A Survey
Multi-Party Non-Repudiation: A Survey JOSE A. ONIEVA Computer Science Department, University of Malaga, Spain and JIANYING ZHOU Institute for Infocomm Research, Singapore and JAVIER LOPEZ Computer Science
More informationGame Analysis of Abuse-free Contract Signing
Game Analysis of Abuse-free Contract Signing Steve Kremer Jean-François Raskin Département d Informatique Faculté des Sciences Université Libre de Bruxelles, Belgium SteveKremer@ulbacbe Jean-FrancoisRaskin@ulbacbe
More informationOptimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation
Optimally Efficient Multi-Party Fair Exchange and Fair Secure Multi-Party Computation Handan Kılınç 1 and Alptekin Küpçü 2 1 EPFL, Koç University 2 Koç University Abstract Multi-party fair exchange (MFE)
More informationAn abuse-free fair contract-signing protocol based on the RSA signature
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2010 An abuse-free fair contract-signing protocol based on the RSA signature
More informationAbuse-Free Optimistic Contract Signing
Abuse-Free Optimistic Contract Signing Juan A. Garay, Markus Jakobsson, and Philip MacKenzie Information Sciences Research Center Bell Laboratories 600 Mountain Ave Murray Hill, NJ 07974 {garay,markusj,philmac}@research.bell-labs.com
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationVerifiably Encrypted Signature Scheme with Threshold Adjudication
Verifiably Encrypted Signature Scheme with Threshold Adjudication M. Choudary Gorantla and Ashutosh Saxena Institute for Development and Research in Banking Technology Road No. 1, Castle Hills, Masab Tank,
More informationZero Knowledge Protocol
Akash Patel (SJSU) Zero Knowledge Protocol Zero knowledge proof or protocol is method in which a party A can prove that given statement X is certainly true to party B without revealing any additional information
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 18: Key Distribution and Agreement Department of Computer Science and Engineering University at Buffalo 1 Key Distribution Mechanisms Secret-key encryption
More informationOutline More Security Protocols CS 239 Computer Security February 4, 2004
Outline More Security Protocols CS 239 Computer Security February 4, 2004 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationImprovement of Camenisch-Neven-Shelat Oblivious Transfer Scheme
Improvement of Camenisch-Neven-Shelat Oblivious Transfer Scheme Zhengjun Cao and Hanyue Cao Department of Mathematics, Shanghai University, Shanghai, China caozhj@shu.edu.cn Abstract. In 2007, Camenisch,
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationSecurity protocols and their verification. Mark Ryan University of Birmingham
Security protocols and their verification Mark Ryan University of Birmingham Contents 1. Authentication protocols (this lecture) 2. Electronic voting protocols 3. Fair exchange protocols 4. Digital cash
More informationA Synchronous Multi-Party Contract Signing Protocol Improving Lower Bound of Steps
A Synchronous Multi-Party Contract Signing Protocol Improving Lower Bound of Steps Jianying Zhoul, Jose A. 0nieva2, and Javier ~ o ~ e z ~ Institute for Infocomm Research 2 1 Heng Mui Keng Terrace, Singapore
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationElements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationImposing fairness in electronic commerce
www.ijcsi.org 139 Imposing fairness in electronic commerce Using Trusted Third Party for electronic delivery Fahad A. ALQAHTANI Software Technology Research Laboratory De Montfort University,Leicester,United
More informationEstimation of TTP Features in Non-repudiation Service *
Estimation of TTP Features in Non-repudiation Service * Mildrey Carbonell 1, José María Sierra 1, Jose A. Onieva 2, Javier Lopez 2, and Jianying Zhou 3 1 University of Carlos III Madrid {mcarbone,sierra}@inf.uc3m.es
More informationZero-Knowledge Proofs of Knowledge
Zero-Knowledge Proofs of Knowledge Stéphanie Delaune September 6, 2013 Stéphanie Delaune () Proofs of Knowledge September 6, 2013 1 / 16 Proofs of knowledge Proof of knowledge are often used to prove one
More informationIntroduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption
Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that
More informationNumber Theory and RSA Public-Key Encryption
Number Theory and RSA Public-Key Encryption Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu CIA Triad: Three Fundamental
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationTimeout Estimation Using a Simulation Model for Non-repudiation Protocols
Timeout Estimation Using a Simulation Model for Non-repudiation Protocols Mildrey Carbonell 1, Jose A. Onieva 1, Javier Lopez 1, Deborah Galpert 1, and Jianying Zhou 2 1 Computer Science Department, E.T.S.
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 4, 2017 CPSC 467, Lecture 11 1/39 ElGamal Cryptosystem Message Integrity and Authenticity Message authentication codes
More informationCSC 774 Advanced Network Security
CSC 774 Advanced Network Security Topic 3.1: NetBill Dr. Peng Ning CSC 774 Advanced Network Security 1 Outline Why is NetBill developed? NetBill Transaction Model NetBill Transaction Protocol Basic Protocol
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationCS 395T. Analyzing SET with Inductive Method
CS 395T Analyzing SET with Inductive Method Theorem Proving for Protocol Analysis Prove correctness instead of looking for bugs Use higher-order logic to reason about all possible protocol executions No
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationInter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing
Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing Tsai, Hong-Bin Chiu, Yun-Peng Lei, Chin-Laung Dept. of Electrical Engineering National Taiwan University July 10,
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationIntroduction to Cryptography in Blockchain Technology. December 23, 2018
Introduction to Cryptography in Blockchain Technology December 23, 2018 What is cryptography? The practice of developing protocols that prevent third parties from viewing private data. Modern cryptography
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor Identification (User Authentication) Fiat-Shamir Scheme Lecture 12 Tel-Aviv University 4 January 2010 Model and Major Issues Alice wishes to prove to Bob
More informationCPSC 467b: Cryptography and Computer Security
Outline ZKIP Other IP CPSC 467b: Cryptography and Computer Security Lecture 19 Michael J. Fischer Department of Computer Science Yale University March 31, 2010 Michael J. Fischer CPSC 467b, Lecture 19
More informationApplied Cryptography Protocol Building Blocks
Applied Cryptography Protocol Building Blocks Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Protocols An algorithm describes a series of steps carried out by a process
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationMath236 Discrete Maths with Applications
Math236 Discrete Maths with Applications P. Ittmann UKZN, Pietermaritzburg Semester 1, 2012 Ittmann (UKZN PMB) Math236 2012 1 / 33 Key size in RSA The security of the RSA system is dependent on the diculty
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 19th February 2009 Outline Basics Constructing signature schemes Security of
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationAutomatic Verification of Remote Electronic Voting Protocols
Automatic Verification of Remote Electronic Voting Protocols Cătălin Hrițcu Saarland University, Saarbrücken, Germany Joint work with: Michael Backes and Matteo Maffei Microsoft Research Cambridge, July
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationDigital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2
Digital Signatures KG November 3, 2017 Contents 1 Introduction 1 2 Digital Signatures 2 3 Hash Functions 3 3.1 Attacks.................................... 4 3.2 Compression Functions............................
More informationAmbiguous Optimistic Fair Exchange
Ambiguous Optimistic Fair Exchange Qiong Huang 1, Guomin Yang 1, Duncan S. Wong 1, and Willy Susilo 2 1 City University of Hong Kong, Hong Kong, China {csqhuang@student., csyanggm@cs., duncan@}cityu.edu.hk
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationTwo Fair Payment Protocols for E-Commerce Transaction
Two Fair Payment Protocols for E-Commerce Transaction Wei Fan, Huaying Shu, Qiang Yan and Xin Liu School of Economics and Management, Beijing University of Posts and Telecommunications, Beijing 100876,
More informationHOST Cryptography I ECE 525. Cryptography Handbook of Applied Cryptography &
Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect
More informationASYMMETRIC CRYPTOGRAPHY
ASYMMETRIC CRYPTOGRAPHY CONTENT: 1. Number Theory 2. One Way Function 3. Hash Function 4. Digital Signature 5. RSA (Rivest-Shamir Adleman) References: 1. Applied Cryptography, Bruce Schneier 2. Cryptography
More informationDigital Signatures. Luke Anderson. 7 th April University Of Sydney.
Digital Signatures Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Digital Signatures 1.1 Background 1.2 Basic Operation 1.3 Attack Models Replay Naïve RSA 2. PKCS#1
More informationSecure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)
Secure Multiparty Computation: Introduction Ran Cohen (Tel Aviv University) Scenario 1: Private Dating Alice and Bob meet at a pub If both of them want to date together they will find out If Alice doesn
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationAnalysis of Probabilistic Contract Signing
Analysis of Probabilistic Contract Signing Gethin Norman 1 and Vitaly Shmatikov 2 1 University of Birmingham, School of Computer Science, Birmingham B15 2TT U.K. email: G.Norman@cs.bham.ac.uk 2 Department
More informationAnalysis Techniques. Protocol Verification by the Inductive Method. Analysis using theorem proving. Recall: protocol state space.
CS 259 Protocol Verification by the Inductive Method Analysis Techniques Crypto Protocol Analysis Formal Models Dolev-Yao (perfect cryptography) Computational Models John Mitchell Modal Logics Model Checking
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 13 Digital Signatures To guard against the baneful influence exerted by strangers is therefore an elementary dictate of savage
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationContract Signing, Optimism, and Advantage?
Contract Signing, Optimism, and Advantage? Rohit Chadha 1;4, John C. Mitchell 2, Andre Scedrov 1, and Vitaly Shmatikov 3 1 University of Pennsylvania 2 Stanford University 3 SRI International 4 University
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationICS 180 May 4th, Guest Lecturer: Einar Mykletun
ICS 180 May 4th, 2004 Guest Lecturer: Einar Mykletun 1 Symmetric Key Crypto 2 Symmetric Key Two users who wish to communicate share a secret key Properties High encryption speed Limited applications: encryption
More informationDigital Signature. Raj Jain
Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationDigital Cash Systems
Digital Cash Systems Xiang Yin Department of Computer Science McMaster University December 1, 2010 Outline 1 Digital Cash 2 3 4 5 Digital Cash Overview Properties Digital Cash Systems Digital Cash Digital
More informationNETWORK SECURITY & CRYPTOGRAPHY
Assignment for IT Applications in Management Project On NETWORK SECURITY & CRYPTOGRAPHY Course Instructor Submitted By: Mr. ANIL KUMAR ROHIT BARVE 2013240 Section E PGDM 2013-15 Table of Contents Chapter
More informationUNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 10 Digital Signatures Israel Koren ECE597/697 Koren Part.10.1 Content of this part
More informationA Certified Protocol Suitable for Mobile Environments
A ertified E-Mail Protocol Suitable for Mobile Environments Jung Min Park Indrajit Ray *, Edwin K P hong, Howard Jay Siegel * School of Electrical omputer Engineering Department of Electrical omputer Engineering
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationLecture 7 - Applied Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More informationAn Overview of Secure Multiparty Computation
An Overview of Secure Multiparty Computation T. E. Bjørstad The Selmer Center Department of Informatics University of Bergen Norway Prøveforelesning for PhD-graden 2010-02-11 Outline Background 1 Background
More informationTHIRD PARTY AUDITING FOR SECURE DATA STORAGE IN CLOUD THROUGH DIGITAL SIGNATURE USING RSA
THIRD PARTY AUDITING FOR SECURE DATA STORAGE IN CLOUD THROUGH DIGITAL SIGNATURE USING RSA ABSTRACT K.Govinda #1, V.Gurunathaprasad #2, H.Sathishkumar #3 Cloud computing is the way of providing computing
More informationDefining Encryption. Lecture 2. Simulation & Indistinguishability
Defining Encryption Lecture 2 Simulation & Indistinguishability Roadmap First, Symmetric Key Encryption Defining the problem We ll do it elaborately, so that it will be easy to see different levels of
More informationLecture 1: Perfect Security
CS 290G (Fall 2014) Introduction to Cryptography Oct 2nd, 2014 Instructor: Rachel Lin 1 Recap Lecture 1: Perfect Security Scribe: John Retterer-Moore Last class, we introduced modern cryptography and gave
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationA FAIR-EXCHANGE E-COMMERCE PROTOCOL WITH AUTOMATED DISPUTE RESOLUTION
Chapter 3 A FAIR-EXCHANGE E-COMMERCE PROTOCOL WITH AUTOMATED DISPUTE RESOLUTION Indrajit Ray Department of Computer and Information Science University of Michigan-Dearborn indrajit@umich.edu Indrakshi
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More information