Secure Internet Communication

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Secure Internet Communication"

Transcription

1 Secure Internet Communication Can we prevent the Cryptocalypse? Dr. Gregor Koenig Barracuda Networks AG

2 Overview Transport Layer Security History Orientation Basic Functionality Key Exchange Algorithms Perfect Forward Secrecy Elliptic Curve Cryptography Encrypted Data Exchange Attacks on Algorithms BEAST CRIME BREACH Padding Oracle Lucky 13 Resume 2

3 Transport Layer Security History Secure Socket Layer (SSL) Developed by Netscape SSL v3.0 published in RFC 6101 in 1996 still widely in use Transport Layer Security (TLS) Defined in RFC 2246 in 1999 as improvement of SSL v3.0 TLS 1.1 defined in RFC 4346 in 2006 TLS 1.2 defined in RFC 5246 in 2008 The backward-compatibility with SSL was defined in RFC 6176 in

4 TLS Orientation 7. Application Layer (HTTP, ) 6. Presentation Layer (MIME, ) 5. Session Layer (TLS/SSL, ) 4. Transport Layer (TCP, UDP, ) 3. Network Layer (IP,..) 2. Data Link Layer (IEEE Ethernet, ) 1. Physical Layer 4

5 TLS Basic Functionality TLS Handshake Negotiation of Cipher Authentication Negotiation of Keys Client TLS Record Authenticated and Encrypted Data Exchange Server 5

6 TLS Key Exchange Most commonly used in TLS RSA algorithm (public-key cryptography) Diffie-Hellman key exchange Problems Long-term confidentiality Prime factorization is not considered future-proof Specialized algorithms Availability of computing power 6

7 TLS Key Exchange II Perfect Forward Secrecy Ensures long-term confidentiality Key cannot be compromised even if private keys compromised in future Elliptic Curve Cryptography Provides better mathematical properties Equivalent protection with lower key lengths Ratio of equivalent key length about 32:1 7

8 TLS Ephemeral Diffie-Hellman A = g^a mod p Server Key Message (A, p, g) B = g^b mod p Prime Number p Primitive Root g Client Key Exchange (B) Secret a S = B^a mod p S = A^b mod p Secret b Ephemeral DH: Secret a and b chosen randomly for every connection 8

9 TLS Elliptic Curve DH A = ag Server Key Message (A, G,curve) B = bg Elliptic curve y^2=x^3 + alpha x + beta Base point G S = abg Secret a Client Key Exchange (B) S = abg Secret b Simplified Key Exchange Protocol 9

10 TLS Elliptic Curve DH Elliptic curve point multiplication A A=B A B=C A C=D A D=E Operation used in ECDH ag = G G G G Graph from 10

11 TLS Elliptic Curve Cryptography III Up to 20x faster than RSA Doubts 130 patents of EC uses owned by BlackBerry Implementations available thought not to infringe patents Dual Elliptic Curve Deterministic Random Bit NIST standardized EC-based random number generator may have backdoor 11

12 TLS Attacks on Encrypted Data Exchange BEAST - Browser Exploit Against SSL/TLS CRIME - Compression Ratio Info-leak Made Easy BREACH Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext Padding Oracle Lucky 13 12

13 TLS BEAST attack What is it? Browser Exploit Against SSL/TLS Adaptive chosen plaintext attack with predictable IV Thai and Rizzo showed exploitability in 2011 How does it work? Based on two mechanisms Cipher block chaining mode Initialization vector Passive network eavesdropping Figure from 13

14 TLS BEAST attack II Applicable to reveal the sessions cookie Session cookie transmitted at known offset Block boundaries (e.g. AES 16 bytes) can be controlled Adjusting URL parameters Block containing cookie secret can be moved Contains only 1 unknown byte 14

15 TLS BEAST attack III Original HTTP Client Request: POST / HTTP /1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko / Firefox/ Cookie: secretcookie=7xc89f94wa96fd7cb4cb0031ba249ca2 Accept-Language: en-us,en;q=0.8 (... body of the request...) Example from 15

16 TLS BEAST attack IV Steps of the attack Attacker forces browser to send HTTPS request E(key, request) C1, C2, C3,, Cn Attacker captures encrypted blocks Knows all plaintext bytes except one of e.g. C3 Attacker calculates Pi = guess C2 Cn and appends Pi to the original request Browser calculates E(key, Cn Pi) and attacker checks if Ci == C3 16

17 TLS BEAST attack V Feasibility Eavesdrop traffic e.g. over wireless network Run malicious code in user s browser Bypass browser s same-origin-policy Counter Measures Mitigated in TLS 1.1 and 1.2 If back-compatibility with TLS 1.0 or SSL is required ensure that browser implements countermeasures e.g. 1/n-1 record splitting 17

18 TLS CRIME attack What is it? Compression Ratio Info-leak Made Easy Rizzo and Doung showed exploitability in 2012 How does it work? Brute force attack Exploits data compression properties DEFLATE is the most common used compression in TLS Removes redundancy of repeating symbols Applicable to reveal the sessions cookie 18

19 TLS CRIME attack II Exploits length of encrypted message length(encrypt(compress(header+body))) Original HTTP Client Request: POST / HTTP /1.1 Host: example.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv :14.0) Gecko / Firefox/ Cookie: secretcookie=7xc89f94wa96fd7cb4cb0031ba249ca2 Accept-Language: en-us,en;q=0.8 (... body of the request...) Example from 19

20 TLS CRIME attack III HTTP request modified by attacker POST / secretcookie=0 HTTP /1.1 Host: example.com User-Agent: Mozilla /5.0 (Windows NT 6.1; WOW64; rv:14.0) Gecko / Firefox / Cookie: secretcookie=7xc89f94wa96fd7cb4cb0031ba249ca2 Accept-Language: en-us,en;q=0.8 Example from 20

21 TLS CRIME attack IV Feasibility Affects all browsers and servers supporting TLS compression 42% of servers, 45% of browsers Needs way to execute code in user s browser Counter Measures Disable TLS compression! 21

22 TLS BREACH attack What is it? Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext Demonstrated by Gluck, Harris, Prado in 2013 Application of CRIME attack based on HTTP compression How does it work? Inject controlled information in HTTP requests Eavesdrop HTTP response 22

23 TLS BREACH attack II Modified HTTP request GET /product/?id =12345&user=CSRFtoken=<guess> HTTP /1.1 Host: example.com Server s response <form target=" & user=csrftoken=<guess >" >... <td nowrap id="tderrlgf"> <a href="logoff.aspx?csrftoken=4bd634cda846fd7cb4cb0031ba249ca2"> Log Off</a></td> Example from 23

24 TLS BREACH attack III Feasibility Monitor server responses ARP spoofing Run code in user s browser 3 Requirements Application supports HTTP compression Response reflects user s input Response has sensitive information embedded 24

25 TLS BREACH attack IV Countermeasures Disable HTTP compression Separating secrets from user input Masking secrets Request rate-limiting and monitoring Length hiding Add garbage to the response Proposal for TLS extension in development 25

26 TLS Padding oracle attack Padding oracle attack Chosen cipher text attack Side-channel attack Exploits leaked information about validity of format Server leaks information if padding format is correct Works for Cipher-block chaining (CBC) mode of operation Independent of encryption algorithm and key 26

27 TLS Padding oracle attack II Encryption (Normal operation) Plaintext is split in blocks Last block is padded to fill up block RC5-CBC-PAD algorithm proposes padding: Padded n bytes are filled with the value of n e.g. for n=5 the last bytes are,5,5,5,5,5 Padded plaintext is encrypted Decryption (Normal operation) Cipher text is decrypted Correct format of padding is checked 27

28 TLS Padding oracle attack III Figure from 28

29 TLS Lucky13 What is it? Padding oracle attack Man-in-the middle can recover plaintext from TLS connection When using CBC-mode Exploits timing bug of TLS data decryption How does it work? Message Authentication Code (MAC) is used to provide integrity TLS encrypts block: plaintext + MAC of plaintext + padding Decryption check padding, then checks correct MAC 29

30 TLS Lucky13 II Problem in TLS 1.0 Invalid padding Explicit error returned Made padding oracle attacks possible Fixed in TLS 1.1 Problem in TLS 1.1 Invalid padding Server kills the session to prevent attacks Server s reaction time measureable Padding oracle attacks also work across sessions 30

31 TLS Lucky13 III Current version TLS 1.2 If padding fails, whole message used to calculate MAC Should resolve previous problems But: takes slightly longer! Lucky 13 exploits this subtle time difference 31

32 TLS Lucky13 IV Feasibility Intercept client-server communication, Inject malware to the client Repetition to eliminate noise and network jitter in time measurement Slow attack needs lots of connections to succeed All TLS cipher suites including CBC-mode encryption vulnerable Countermeasures Implement uniform processing time Add random server-side delays 32

33 Resume Use Secure Key Exchange Algorithms in TLS 1.2 Ephemeral Diffie Hellman Ephemeral Elliptic Curve Diffie Hellman Security of Ciphers defined in TLS 1.2 HTTP compression makes any algorithm attackable Try to avoid HTTP compression or take counter measures against BREACH Don t use RC4 as alternative algorithm Full plaintext recovery attack shown by Bernstein et al. in 2013 Use AES Galois/Counter Mode (AES GCM) 33

34 Take-Home Message Yes, we can prevent the Cryptocalypse for the moment Update your Servers Use latest versions of libraries Enable secure algorithms Update your Browser Latest browser version support TLS 1.2 Chrome >= 30, Firefox >= 28, Internet Explorer >= 11 Opera >= 17, Safari >= 5 (ios), >= 7 (Mac OS X) 34

35 Thank You Dr. Gregor Koenig

36 Comic from 36

37 References General 1. P. Bright, Crypto experts issue a call to arms to avert the cryptopocalypse 2. Wikipedia, Transport Layer Security. Key Exchange 1. Wikipedia, Perfect Forward Secrecy 2. N. Sullivan, A primer on elliptic curve cryptography, Ciphers 1. P. Sarkar, S. Fitzgerald,. Attacks on SSL, A comprehensive Study of BEAST, CRIME, TIME, BREACH, LUCK13 & RC4 BIAS, S. Vaudenay, Security Flaws Induced by CBC padding, Applications to SSL, IPSEC, WTLS 3. S. Gueron, AES - GCM for Efficient Authenticated Encryption, D. Goodin, Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages 5. N. AlFardan et al., On the security of RC4 in TLS and WPA, Wikipedia, Galois/Counter Mode 37

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP

More information

Transport Layer Security

Transport Layer Security CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa

More information

TLS1.2 IS DEAD BE READY FOR TLS1.3

TLS1.2 IS DEAD BE READY FOR TLS1.3 TLS1.2 IS DEAD BE READY FOR TLS1.3 28 March 2017 Enterprise Architecture Technology & Operations Presenter Photo Motaz Alturayef Jubial Cyber Security Conference 70% Privacy and security concerns are

More information

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS Mathy Vanhoef and Frank Piessens, KU Leuven USENIX Security 2015 RC4 Intriguingly simple stream cipher WEP WPA-TKIP SSL / TLS PPP/MPPE And

More information

E-commerce security: SSL/TLS, SET and others. 4.1

E-commerce security: SSL/TLS, SET and others. 4.1 E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:

More information

SSL/TLS: Still Alive? Pascal Junod // HEIG-VD

SSL/TLS: Still Alive? Pascal Junod // HEIG-VD SSL/TLS: Still Alive? Pascal Junod // HEIG-VD 26-03-2015 Agenda SSL/TLS Protocol Attacks What s next? SSL/TLS Protocol SSL/TLS Protocol Family of cryptographic protocols offering following functionalities:

More information

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK

CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define

More information

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS

Understand the TLS handshake Understand client/server authentication in TLS. Understand session resumption Understand the limitations of TLS Last Updated: Oct 31, 2017 Understand the TLS handshake Understand client/server authentication in TLS RSA key exchange DHE key exchange Explain certificate ownership proofs in detail What cryptographic

More information

State of TLS usage current and future. Dave Thompson

State of TLS usage current and future. Dave Thompson State of TLS usage current and future Dave Thompson TLS Client/Server surveys Balancing backward compatibility with security. As new vulnerabilities are discovered, when can we shutdown less secure TLS

More information

Overview of TLS v1.3 What s new, what s removed and what s changed?

Overview of TLS v1.3 What s new, what s removed and what s changed? Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Solution Architect / Principal Design Engineer. On Worldpay ecommerce Payment Gateways. Based in Cambridge, UK.

More information

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent

More information

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d) Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key

More information

Chapter 4: Securing TCP connections

Chapter 4: Securing TCP connections Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010 Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange

More information

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography

Principles of Information Security, Fourth Edition. Chapter 8 Cryptography Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries

More information

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc.

The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0. Xirrus, Inc. The Xirrus Wi Fi Array XS4, XS8 Security Policy Document Version 1.0 Xirrus, Inc. March 8, 2011 Copyright Xirrus, Inc. 2011. May be reproduced only in its original entirety [without revision]. Page 1 TABLE

More information

Findings for

Findings for Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp

More information

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2014 Network Security: TLS/SSL Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2014 Outline 1. Diffie-Hellman key exchange (recall from earlier) 2. Key exchange using public-key encryption

More information

White Paper for Wacom: Cryptography in the STU-541 Tablet

White Paper for Wacom: Cryptography in the STU-541 Tablet Issue 0.2 Commercial In Confidence 1 White Paper for Wacom: Cryptography in the STU-541 Tablet Matthew Dodd matthew@cryptocraft.co.uk Cryptocraft Ltd. Chapel Cottage Broadchalke Salisbury Wiltshire SP5

More information

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer

SharkFest 17 Europe. SSL/TLS Decryption. uncovering secrets. Wednesday November 8th, Peter Wu Wireshark Core Developer SharkFest 17 Europe SSL/TLS Decryption uncovering secrets Wednesday November 8th, 2017 Peter Wu Wireshark Core Developer peter@lekensteyn.nl 1 About me Wireshark contributor since 2013, core developer

More information

n-bit Output Feedback

n-bit Output Feedback n-bit Output Feedback Cryptography IV Encrypt Encrypt Encrypt P 1 P 2 P 3 C 1 C 2 C 3 Steven M. Bellovin September 16, 2006 1 Properties of Output Feedback Mode No error propagation Active attacker can

More information

Key Establishment and Authentication Protocols EECE 412

Key Establishment and Authentication Protocols EECE 412 Key Establishment and Authentication Protocols EECE 412 1 where we are Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography

More information

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky

Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 1 Transport Layer Security The most important crypto protocol HTTP, SMTP, IMAP 2 2 Secure Sockets Layer (SSL), SSLv2 SSLv3 Trasnsport

More information

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography Key Management The first key in a new connection or association is always delivered via a courier Once you have a key, you

More information

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2

Universität Hamburg. SSL & Company. Fachbereich Informatik SVS Sicherheit in Verteilten Systemen. Security in TCP/IP. UH, FB Inf, SVS, 18-Okt-04 2 Universität Hamburg SSL & Company Fachbereich Informatik SVS Sicherheit in Verteilten Systemen Security in TCP/IP UH, FB Inf, SVS, 18-Okt-04 2 SSL/TLS Overview SSL/TLS provides security at TCP layer. Uses

More information

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel

Security Protocols. Professor Patrick McDaniel CSE545 - Advanced Network Security Spring CSE545 - Advanced Network Security - Professor McDaniel Security Protocols Professor Patrick McDaniel CSE545 - Advanced Network Security Spring 2011 CSE545 - Advanced Network Security - Professor McDaniel 1 Case Study: Host Access The first systems used telnet

More information

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015 Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography

More information

CS 332 Computer Networks Security

CS 332 Computer Networks Security CS 332 Computer Networks Security Professor Szajda Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms in the same building? As your

More information

Public Key Algorithms

Public Key Algorithms CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and

More information

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh 18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange Online Cryptography Course Basic key exchange Trusted 3 rd parties Key management Problem: n users. Storing mutual secret keys is difficult

More information

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Intro to Public Key Cryptography Diffie & Hellman Key Exchange Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary Introduction Stream & Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message Authentication

More information

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator

Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator CMSC 414 F08 Exam 1 Page 1 of 10 Name: Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator 1. [14 points] a. Are n=221 and e=3 valid numbers for RSA. Explain.

More information

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms

More information

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 16. Fourth Edition by William Stallings Cryptography and Network Security Chapter 16 Fourth Edition by William Stallings Chapter 16 IP Security If a secret piece of news is divulged by a spy before the time is ripe, he must be put to death,

More information

Installation and usage of SSL certificates: Your guide to getting it right

Installation and usage of SSL certificates: Your guide to getting it right Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.

More information

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some 3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption

More information

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic. 15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS

More information

A Perfect CRIME? TIME Will Tell. Tal Be ery, Imperva

A Perfect CRIME? TIME Will Tell. Tal Be ery, Imperva A Perfect CRIME? TIME Will Tell Tal Be ery, Imperva Presenter: Tal Be ery, CISSP Web Security Research Team Leader at Imperva Holds MSc & BSc degree in CS/EE from TAU 10+ years of experience in IS domain

More information

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.). Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the

More information

Implementing Cryptography: Good Theory vs. Bad Practice

Implementing Cryptography: Good Theory vs. Bad Practice Implementing Cryptography: Good Theory vs. Bad Practice Viet Pham Information Security Group, Department of Mathematics Royal Holloway, University of London Outline News report What is cryptography? Why

More information

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector Acronyms 3DES AES AH ANSI CBC CESG CFB CMAC CRT DoS DEA DES DoS DSA DSS ECB ECC ECDSA ESP FIPS IAB IETF IP IPsec ISO ITU ITU-T Triple DES Advanced Encryption Standard Authentication Header American National

More information

Security: Cryptography

Security: Cryptography Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity

More information

Securing Internet Communication: TLS

Securing Internet Communication: TLS Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.

More information

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang

INF3510 Information Security University of Oslo Spring Lecture 9 Communication Security. Audun Jøsang INF3510 Information Security University of Oslo Spring 2011 Lecture 9 Communication Security Audun Jøsang Outline Network security concepts Communication security Perimeter security Protocol architecture

More information

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422 Lecture 20 Public key Crypto Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422 Review: Integrity Problem: Sending a message over an untrusted

More information

SSL Report: sharplesgroup.com ( )

SSL Report: sharplesgroup.com ( ) 1 of 5 26/06/2015 14:28 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > sharplesgroup.com SSL Report: sharplesgroup.com (176.58.116.26) Assessed on: Fri, 26 Jun 2015

More information

Chapter 8 Web Security

Chapter 8 Web Security Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client

More information

Computer Security. 12. Firewalls & VPNs. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 12. Firewalls & VPNs. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 12. Firewalls & VPNs Paul Krzyzanowski Rutgers University Spring 2018 April 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Conversation Isolation: Network Layer Virtual Private Networks (VPNs)

More information

Authenticated Encryption

Authenticated Encryption 18733: Applied Cryptography Anupam Datta (CMU) Authenticated Encryption Online Cryptography Course Authenticated Encryption Active attacks on CPA-secure encryption Recap: the story so far Confidentiality:

More information

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security

IPsec (AH, ESP), IKE. Guevara Noubir CSG254: Network Security IPsec (AH, ESP), IKE Guevara Noubir noubir@ccs.neu.edu Securing Networks Control/Management (configuration) Applications Layer telnet/ftp: ssh, http: https, mail: PGP (SSL/TLS) Transport Layer (TCP) (IPSec,

More information

Network Attacks Distributed Denial of Service Survey by Arbor Network: 38% op security ppl say they deal with at least 21 DDoS attacks per month Some

Network Attacks Distributed Denial of Service Survey by Arbor Network: 38% op security ppl say they deal with at least 21 DDoS attacks per month Some Denial of Service and Distributed Denial of Service Volumetric UDP/ICMP floods Application Layer Brute Force Attacks password cracking Browser Attacks man-in-the-browser Backdoor Attacks who puts them

More information

: Practical Cryptographic Systems March 25, Midterm

: Practical Cryptographic Systems March 25, Midterm 650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are

More information

CIS 6930/4930 Computer and Network Security. Topic 8.2 Internet Key Management

CIS 6930/4930 Computer and Network Security. Topic 8.2 Internet Key Management CIS 6930/4930 Computer and Network Security Topic 8.2 Internet Key Management 1 Key Management Why do we need Internet key management AH and ESP require encryption and authentication keys Process to negotiate

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

Uniform Resource Locators (URL)

Uniform Resource Locators (URL) The World Wide Web Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web

More information

Protect Yourself Against Security Challenges with Next-Generation Encryption

Protect Yourself Against Security Challenges with Next-Generation Encryption Protect Yourself Against Security Challenges with Next-Generation Encryption agrieco@cisco.com mcgrew@cisco.com How to detect attacks? Malware Broken encryption 2 How to detect attacks? Malware Host Process

More information

KALASALINGAM UNIVERSITY

KALASALINGAM UNIVERSITY KALASALINGAM UNIVERSITY (Kalasalingam Academy of Research and Education) DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING CLASS NOTES CRYPTOGRAPHY AND NETWOTK SECURITY (CSE 405) Prepared by M.RAJA AP/CSE

More information

Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.

Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2. Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.0 May 2012 Document Changes Date Version Author Description April 2009

More information

Understanding Traffic Decryption

Understanding Traffic Decryption The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake

More information

Diffie-Hellman. Part 1 Cryptography 136

Diffie-Hellman. Part 1 Cryptography 136 Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for

More information

Session key establishment protocols

Session key establishment protocols our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session

More information

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005

Lecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005 Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks

More information

Chapter 5: Network Layer Security

Chapter 5: Network Layer Security Managing and Securing Computer Networks Guy Leduc Mainly based on Network Security - PRIVATE Communication in a PUBLIC World C. Kaufman, R. Pearlman, M. Speciner Pearson Education, 2002. (chapters 17 and

More information

Secure Socket Layer. Security Threat Classifications

Secure Socket Layer. Security Threat Classifications Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats

More information

Threat Pragmatics & Cryptography Basics. PacNOG July, 2017 Suva, Fiji

Threat Pragmatics & Cryptography Basics. PacNOG July, 2017 Suva, Fiji Threat Pragmatics & Cryptography Basics PacNOG20 3-7 July, 2017 Suva, Fiji Issue Date: [31-12-2015] Revision: [V.1] Why Security? The Internet was initially designed for connectivity Trust is assumed,

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

Connecting Securely to the Cloud

Connecting Securely to the Cloud Connecting Securely to the Cloud Security Primer Presented by Enrico Gregoratto Andrew Marsh Agenda 2 Presentation Speaker Trusting The Connection Transport Layer Security Connecting to the Cloud Enrico

More information

RSA BSAFE Crypto-C Micro Edition Security Policy

RSA BSAFE Crypto-C Micro Edition Security Policy Security Policy 15.11.12 RSA BSAFE Crypto-C Micro Edition 3.0.0.16 Security Policy This document is a non-proprietary security policy for RSA BSAFE Crypto-C Micro Edition 3.0.0.16 (Crypto-C ME) security

More information

Cryptographic Concepts

Cryptographic Concepts Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general

More information

BCA III Network security and Cryptography Examination-2016 Model Paper 1

BCA III Network security and Cryptography Examination-2016 Model Paper 1 Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct

More information

Symmetric key cryptography

Symmetric key cryptography The best system is to use a simple, well understood algorithm which relies on the security of a key rather than the algorithm itself. This means if anybody steals a key, you could just roll another and

More information

WhatsApp Encryption Overview. Technical white paper

WhatsApp Encryption Overview. Technical white paper WhatsApp Encryption Overview Technical white paper July 6, 2017 Originally published April 5, 2016 Contents Introduction................................... 3 Terms......................................

More information

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS

COSC 301 Network Management. Lecture 15: SSL/TLS and HTTPS COSC 301 Network Management Lecture 15: SSL/TLS and HTTPS Zhiyi Huang Computer Science, University of Otago COSC301 Lecture 15: SSL/TLS and HTTPS 1 Today s Focus WWW WWW How to secure web applications?

More information

Block Cipher Modes of Operation

Block Cipher Modes of Operation Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book

More information

CSC 574 Computer and Network Security. TCP/IP Security

CSC 574 Computer and Network Security. TCP/IP Security CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network

More information

Encryption 2. Tom Chothia Computer Security: Lecture 3

Encryption 2. Tom Chothia Computer Security: Lecture 3 Encryption 2 Tom Chothia Computer Security: Lecture 3 This Lecture Counter Mode (CTR) enryption Diffie Helleman key exchange Public Key Encryption RSA Signing Combining public and symmetric key encryption

More information

Lecture 9: Network Level Security IPSec

Lecture 9: Network Level Security IPSec Lecture 9: Network Level Security IPSec CS 336/536: Computer Network Security Fall 2015 Nitesh Saxena Adopted from previous lecture by Keith Ross, and Tony Barnard HW3 being graded Course Admin HW4 will

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 6 Week of February 26, 2018 Question 1 TLS threats (10 min) An attacker is trying to attack the company Boogle and its users. Assume that

More information

TLSkex: Harnessing virtual machine introspection for decrypting TLS communication

TLSkex: Harnessing virtual machine introspection for decrypting TLS communication 12 TLSkex: Harnessing virtual machine introspection for decrypting TLS communication Benjamin Taubmann, Dominik Dusold, Christoph Frädrich, Hans P. Reiser Juniorprofessur für Sicherheit in Informationssystemen

More information

Scan Report Executive Summary

Scan Report Executive Summary Scan Report Executive Summary Part 1. Scan Information Scan Customer Company: Date scan was completed: Vin65 ASV Company: Comodo CA Limited 08/28/2017 Scan expiration date: 11/26/2017 Part 2. Component

More information

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc. Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based

More information

Symmetric Encryption 2: Integrity

Symmetric Encryption 2: Integrity http://wwmsite.wpengine.com/wp-content/uploads/2011/12/integrity-lion-300x222.jpg Symmetric Encryption 2: Integrity With material from Dave Levin, Jon Katz, David Brumley 1 Summing up (so far) Computational

More information

A Technology Brief on SSL/TLS Traffic

A Technology Brief on SSL/TLS Traffic A Technology Brief on SSL/TLS Traffic This document provides an overview of SSL/TLS technology and offers examples of how Symantec solutions can help manage the increasing SSL traffic within enterprise

More information

Overview. Public Key Algorithms I

Overview. Public Key Algorithms I Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State

More information

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Chapter 10 Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture out of the

More information

Symmetric-Key Cryptography

Symmetric-Key Cryptography Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016 Announcements Project due Sept 20 Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris

More information

Cryptography 2017 Lecture 3

Cryptography 2017 Lecture 3 Cryptography 2017 Lecture 3 Block Ciphers - AES, DES Modes of Operation - ECB, CBC, CTR November 7, 2017 1 / 1 What have seen? What are we discussing today? What is coming later? Lecture 2 One Time Pad

More information

CS669 Network Security

CS669 Network Security UNIT II PUBLIC KEY ENCRYPTION Uniqueness Number Theory concepts Primality Modular Arithmetic Fermet & Euler Theorem Euclid Algorithm RSA Elliptic Curve Cryptography Diffie Hellman Key Exchange Uniqueness

More information

The Secure Shell (SSH) Protocol

The Secure Shell (SSH) Protocol The Secure Shell (SSH) Protocol Mario Čagalj University of Split, FESB Introduction What is SSH? SSH is a protocol for secure remote login and other secure network services over an insecure network (RFC

More information

Cisco VPN Internal Service Module for Cisco ISR G2

Cisco VPN Internal Service Module for Cisco ISR G2 Data Sheet Cisco VPN Internal Service Module for Cisco ISR G2 Compact Versatile High-Performance VPN Module The Cisco VPN Internal Service Module (VPN ISM) is a module for the Cisco Integrated Services

More information

SSL Report: printware.co.uk ( )

SSL Report: printware.co.uk ( ) 1 of 5 26/06/2015 14:27 Home Projects Qualys.com Contact You are here: Home > Projects > SSL Server Test > printware.co.uk SSL Report: printware.co.uk (194.143.166.5) Assessed on: Fri, 26 Jun 2015 12:53:08

More information

Cryptography Introduction

Cryptography Introduction Cryptography Introduction Last Updated: Aug 20, 2013 Terminology Access Control o Authentication Assurance that entities are who they claim to be o Authorization Assurance that entities have permission

More information

Symmetric, Asymmetric, and One Way Technologies

Symmetric, Asymmetric, and One Way Technologies Symmetric, Asymmetric, and One Way Technologies Crypto Basics Ed Crowley Fall 2010 1 Topics: Symmetric & Asymmetric Technologies Kerckhoff s Principle Symmetric Crypto Overview Key management problem Attributes

More information

Formal Verification of the WireGuard Protocol

Formal Verification of the WireGuard Protocol Formal Verification of the WireGuard Protocol www.wireguard.com Jason A. Donenfeld jason@zx2c4.com Kevin Milner Oxford University kevin.milner@cs.ox.ac.uk Draft Revision Abstract WireGuard, the secure

More information

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously

More information

Networks and Communications MS216 - Course Outline -

Networks and Communications MS216 - Course Outline - Networks and Communications MS216 - Course Outline - Objective Lecturer Times Overall Learning Outcomes Format Programme(s) The objective of this course is to develop in students an understanding of the

More information