Introduction to Cybersecurity Digital Signatures
|
|
- Marion Stewart
- 5 years ago
- Views:
Transcription
1 Introduction to Cybersecurity Digital Signatures
2 Lecture Summary Digital Signatures Basic Definitions RSA-based Signatures Attacks 1
3 Digital signatures Goal of digital signatures: Alice s private key Sign Plaintext with signature Alice s public key Verify Alice Plaintext Plaintext Only the secret key allows for creating signatures Everybody can verify the validity of signatures using the respective public key Signatures serve as undisputable evidence that the respective person signed the message Bob 2
4 Definition of digital signatures Definition: Digital Signatures A digital signature scheme is a triple of algorithms (K, S, V) such that: The randomized key generation algorithm K takes no input and returns a key (pk, sk). The (randomized or stateful) signing algorithm S takes a secret key sk and a message m and returns a tag t. The deterministic verification algorithm V takes a public key pk, a message m and a tag t and returns a bit b 0,1. The message space M pk for a public key pk is the set of all m such that S(sk, m) does not output a distinguished error symbol for all sk with pk, sk [K]. Correctness: The above algorithms have to satisfy the following property: For any key pair (pk, sk) [K], any message m M pk, and any tag t [S sk, m ], we have that V pk, m, t = 1. 3
5 Definition of Digital Signatures Technical difference to public-key encryption: Signature schemes often maintain state Differences to MACs and consequences: Key transmission has to be authentic but not necessarily secret Non-repudiation! (Can use signatures as evidence at a third party) 4
6 CMA Game (for digital signatures) Challenger(n) (pk, sk) K t i S(sk, m i ) CMA Exp In,A n pk m i M pk t i (m, t ) Adversary(n) Output 1 if V pk, m, t = 1 and m, t { m 1, t 1,, m q, t q } Definition: CMA-Security of digital signatures A sequence of signature schemes I = I n n N = K n, S n, V n n N is secure against existential forgery under chosen-message attack (CMA) if for all efficient adversaries A = A n n N, we have that Pr[Exp CMA In,A n = 1] is negligible. 5
7 Naïve RSA-based signatures Naïve use: Key Generation as for RSA encryption for primes p, q: Set N pq Pick random e, with 1 e φ N and gcd e, φ N = 1 } Can be publicly known Set d e 1 mod φ(n) Set pk (N, e) Set sk d Output (pk, sk) 6
8 Naïve RSA-based signatures Naïve use: Signing S(sk, m) Set t m d mod N Output t Correctness: t e m ed m mod N Verifying V pk, m, t Test if t e m mod N Output b {0,1} 7
9 Attacks on Naïve RSA-based Signatures Existential forgery under passive attacks: Given (N, e), adversary has to find (m, t) such that t e m mod N Idea: Pick arbitrary t, and output t e, t Forgery on the message t e mod N. 8
10 Attacks on Naïve RSA-based Signatures Selective forgery under active attacks, blinding attack: Adversary wants signature on m Pick random r Z N and compute m m r e mod N Ask signer to sign m. Result: m, t where t e m mod N Compute t t r Indeed we have t e t e r e mod N m m re re r e m mod N Originally attack against RSA signature schemes Now special primitive (blind signature), used in anonymous digital cash, election systems, etc. 9
11 Attacks on Naïve RSA-based Signatures Countermeasures: 1. Add redundancy to the message 2. Hash message before signing Hash-then-sign general concept, often even introduced as the only way to sign in books Advantage: Allows for signing arbitrarily long messages Required properties for hash to make the system secure? 10
12 Introduction to Cybersecurity Anonymity and Privacy
13 Lecture Summary Introduction to Privacy Motivation Example: Browser Cookies Basic Principles of Data Protection Network Anonymity Dining Cryptographers Mix-Networks Low Latency Anonymous Communication VPNs, Onion Routing and Tor Tor Vulnerabilities 12
14 Motivation What is privacy? Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. When something is private to a person, it usually means that something is inherently special or sensitive to them. The domain of privacy partially overlaps security, which can include the concepts of appropriate use, as well as protection of information. Wikipedia (2014) 13
15 Motivation Privacy in the internet Alice shares her opinion in an Online Social Network. As a consequence, her employer, who dislikes that opinion, fires Alice. Alice insults my dog! Time to get rid of her I like cats, but I hate dogs. 14
16 Examples of Privacy Breaches Online Advertisement Cookie Tracking What is a cookie? 15
17 Refresher: What is a Cookie? GET /index.html HTTP/1.1 Accept: image/gif, image/x-bitmap, image/jpeg, */* Accept-Language: en Connection: Keep-Alive User-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95) Host: Referer: HTTP Request HTTP Response HTTP/ OK Date: Sun, 21 Apr :20:42 GMT Server: Microsoft-Internet-Information-Server/5.0 Connection: keep-alive Content-Type: text/html Last-Modified: Thu, 18 Apr :39:05 GMT Set-Cookie: Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML> 16
18 Refresher: What is a Cookie? GET /index.html HTTP/1.1 Accept: image/gif, image/x-bitmap, image/jpeg, */* Accept-Language: en Connection: Keep-Alive User-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95) Host: Referer: Cookie: Always sent back to this server (during time to live). HTTP Request HTTP Response HTTP/ OK Date: Sun, 21 Apr :20:42 GMT Server: Microsoft-Internet-Information-Server/5.0 Connection: keep-alive Content-Type: text/html Last-Modified: Thu, 18 Apr :39:05 GMT Set-Cookie: Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML> 17
19 Examples of Privacy Breaches Online Advertisement Cookie Tracking Bob just visited economist.com pcworld.com HTTP request for ad images, passing cookies + referrer to doubleclick.net ad.doubleclick.net 18
20 Tradeoff Utility-Privacy The doctor needs private information about you in order to make a qualified diagnosis. If you hide relevant but private information, this may lead to a false diagnosis. My symptoms include fever and headache. Maybe you have the flu. 19
21 Tradeoff Utility-Privacy The doctor needs private information about you in order to make a qualified diagnosis. If you hide relevant but private information, this may lead to a false diagnosis. Last week, I was in a tropical region and now I suffer from fever and headache. To be sure, we need to test you for Malaria. 20
22 Differences to other Security goals A large part of privacy is about what other parties actually do with your data. Even, if you are sure that only your doctor knows about your private data, what does he do with this information? Does he use your data only for the intended purpose without further distributing it to other parties? 21
23 Basic Principles of Data Protection Law in Germany Prohibition of conditional permission: Collecting personal data is forbidden, unless - explicitly permitted by the law - or the person concerned gave explicit consent. Principle of immediacy: The personal data have to be collected directly from the person concerned. Principle of data avoidance and data economy. Data processing system should strive to use no (or as little as possible) personally identifiable data. 22
24 Basic Principles of Data Protection Law in Germany Principle of Transparency: A person whose data are collected has to be informed about the purposes of collection, processing and use. Principle of Earmarking (purpose bound): If data can collected for a particular purpose, processing it is strictly bound to this purpose. 23
25 Lecture Summary Introduction to Privacy Motivation Example: Browser Cookies Basic Principles of Data Protection Network Anonymity Dining Cryptographers Mix-Networks Low Latency Anonymous Communication VPNs, Onion Routing and Tor Tor Vulnerabilities 24
26 Anonymity It is a state of being not identifiable within a set of subjects/individuals Internet is designed to be public place - Routing information is public - IP packet headers identify source and destination Even a passive observer can easily figure out who is talking to whom Encryption does not and cannot hide identities - Encryption hides payload, but not routing information 25
27 Anonymity in the Digital Era Positive aspects - Avoiding from detection, retribution, and embarrassment - Freedom of expression - Whistle-blowing... Negative aspects (Illegal activity) - Anonymous bribery - Copyright infringement - Harassment and financial scams - Disclosure of trade secrets... 26
28 Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others Anonymity - The state of being not identifiable within a set of subjects/individuals - It is a property exclusively of individuals Privacy!= Anonymity - Anonymity is a way to maintain privacy, and sometimes it is not necessary 27
29 Anonymity vs. Privacy Privacy preserving protocols are not pervasively used - Reasons: Efficiency, Overhead, Law, Surveillance The Internet has become a mass surveillance system - NSA s Prism Program Global heat map of the Prism program (Credit: The Guardian) 28
30 Anonymous Communication A simple Example Three cryptographers are having dinner. Either NSA is paying for the dinner, or One of them is paying, but wishes to remain anonymous. 1. Each diner flips a coin and shows it to his left neighbor. - Every diner will see two coins: his own and his right neighbor s 2. Each diner announces whether the two coins are the same. If he is the payer, he lies (says the opposite). 3. Odd number of same NSA is paying; even number of same one of them is paying - But a non-payer cannot tell which of the other two is paying! 29
31 Dining Cryptographers - Share secret coin with left diner - Can you infer who pays? different different? NSA pays 31
32 Dining Cryptographers - Share secret coin with left diner - Can you infer who pays? same different? payer payer Without knowing the coin toss between the other two, non-payer cannot tell which of them is lying 32
33 Anonymous Network Communication Entities (subjects and objects) and Actions Subjects execute actions on objects Senders Communication Network Recipients Messages Subjects called senders send objects called messages to subjects called recipients using a communication network 34
34 Network Adversary The attacker uses all information available to him to infer (probabilities of) his items of interest (IOIs) Attacker capabilities - He controls some communication lines and a few subjects - He is not able to get information on the sender or recipient from the message content Senders Communication Network Recipients Messages Attacker 35
35 Anonymity Notions various notions of anonymity: - Subject Anonymity Sender Anonymity Recipient Anonymity - Relationship Anonymity - Unlinkability =? 36
36 Anonymous Communication (AC) Protocols Various AC protocols with different goals: - Low Latency Overhead - Low Communication Overhead - High Traffic-Analysis Resistance Communication Complexity Latency Typically categorized by latency overhead: - low-latency AC protcols e.g. Tor, DC Nets, Crowds Traffic-Analysis Resistance - high-latency AC protocols e.g. Mix networks 37
37 Anonymous Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms -Chaum, 1981 Proposes solution to the cryptographic traffic analysis problem: keeping confidential who converses with whom, and when they converse Idea: Use Public-Key Crypto and special communication network Shuffle all messages before forwarding to recipients! Senders Shuffler Recipients? 38
38 Mix-Server: Basics N senders S 1,, S N with messages m 1,, m N senders want to publish messages anonymously S 1 E pk (m 1 ) publish public key pk S 2 E pk (m 2 ) MS m π(1) m π(2) E pk (m N ) m π(n) S N decrypt and output messages as permutation collect N messages 39
39 Definition: Mix Network But: What if mix server is compromised? Mix Network: A group of mix servers that operate sequentially Server 1 Server 2 Server 3??? Inputs Outputs distribute trust to protect against compromised mix servers 40
40 Mix Networks - Requirements Correctness: Output is a permutation of the inputs. Privacy: if at least one Mix-Server conceals his mixing the senders cannot be linked to their respective output. Public Verifiability: Honesty of Mix-Servers can be verified publicly Soundness: public verification guarantees correctness. Robustness: Mix Network still works correctly under restricted failure conditions 41
41 Mix Networks De-cryption Networks (Chaum Mixes) use layered encryption that is decrypted layer by layer m 1 Server 1 Server 2 Server 3 m π1 (1) m π2 (π 1 (1)) m π3 (π 2 (π 1 (1))) m 2 Decrypt Shuffle m π1 (2) Decrypt Shuffle m π2 (π 1 (2)) Decrypt Shuffle m π3 (π 2 (π 1 (2))) m N m π1 (N) m π2 (π 1 (N)) m π3 (π 2 (π 1 (N))) Requirements: - Correctness - Public Verifiability - Privacy - Soundness - Not Robustness Robust! Question: Are all mix network requirements fulfilled? 42
42 Mix Networks Re-encryption networks ElGamal allows for Re-encryption of ciphertexts! m 1 Server 1 Server 2 Server 3 m π1 (1) m π2 (π 1 (1)) m π3 (π 2 (π 1 (1))) m 2 Shuffle Re-encrypt m π1 (2) Shuffle Re-encrypt m π2 (π 1 (2)) Shuffle Re-encrypt m π3 (π 2 (π 1 (2))) m N m π1 (N) m π2 (π 1 (N)) m π3 (π 2 (π 1 (N))) Threshold Decryption that only relies on a fraction of the mix servers to work correctly 43
43 Lecture Summary Introduction to Privacy Motivation Example: Browser Cookies Basic Principles of Data Protection Network Anonymity Dining Cryptographers Mix-Networks Low Latency Anonymous Communication VPNs, Onion Routing and Tor Tor Vulnerabilities 44
44 High vs. Low Latency Mix servers need to wait for at least N messages Incur high latency overhead in real network communication Low Latency AC Protocols Aim: To keep latency/delay due to the AC protocol small such that its existence/usage is transparent to the user Useful for applications such as - web browsing - instant messaging, tele-conferencing - web services such as internet banking 45
45 VPNs (e.g. anonymizer.com) Idea: use intermediate server to serve as proxy for user s actions -> Proxy Server Sender Proxies Recipient Problem: - Requires trust in proxy server Question: What happens if proxy is compromised? 46
46 Towards Onion Routing Similar to mix networks, distribute trust across various servers Sender Proxies Recipient Problem: - Single compromised proxy sufficient to break anonymity! Question: What happens if a proxy is compromised? 47
47 Onion Routing Circuit Construction Establish symmetric keys between the sender and proxy nodes such that - only the sender and a proxy node knows the key, and - a proxy node does not know entities other than its neighbors on the path (or circuit) Onion Routers Recipient Sender 48
48 Onion Routing Onion Transfer The sender creates a layered encryption of message (onion) and send it to the first node in her circuit Each proxy decrypts one layer of the onion and forwards to next proxy Sender 3 Onion Routers m Recipient m m 1 m 2 49
49 Intermezzo: Diffie-Hellman key exchange Alice g, p x R G g xy mod p g x mod p g y mod p shared secret Bob g, p y R G g xy mod p Publicly known: p large prime number, g generator for group of order p Computational Diffie-Hellman Assumption: Given the triple (g, g a, g b ), it is computationally infeasible to determine the value of g ab. 50
50 Second Generation Onion Routing Idea: use telescope construction together with Diffie-Hellmann key exchange to generate ephemeral, symmetric session keys! Onion Routers Sender 3 Recipient
51 Second Generation Onion Routing Example: 2 hop circuit construction to surf a webpage Browsing Key Exchange Webpage 52
52 Tor Tor ( - Intended to provide anonymity over the Internet - Running since October Implements 2 nd Generation OR Tremendously successful! - > 2,000,000 users all over the world - > 7000 OR (volunteers) nodes/proxies/router metrics.torproject.org The second most employed privacy enhancing technology after the TLS protocol 53
53 Tor Vulnerabilities Traffic Analysis adversary can observe traffic at different locations in the network If traffic looks similar it likely belongs to the same user! 54
54 Tor Vulnerabilities Traffic Analysis low communication overhead results in low traffic analysis resistance alternatives with high traffic-analysis resistance - e.g. Crowds, DC nets etc. - cause high communication overhead Communication Complexity Latency low traffic analysis resistance one of the biggest problem of today s AC networks! Traffic-Analysis Resistance 55
55 Tor Vulnerabilities DNS Leaks DNS requests not sent through Tor network by default Attacker could see what websites are being visited by examining DNS requests external software such as Foxyproxy and Privoxy can be used to route DNS requests through tor network, but this is _not_ default behavior 56
56 Lecture Summary Introduction to Privacy Motivation Example: Browser Cookies Basic Principles of Data Protection Network Anonymity Dining Cryptographers Mix-Networks Low Latency Anonymous Communication VPNs, Onion Routing and Tor Tor Vulnerabilities 57
Protocols for Anonymous Communication
18734: Foundations of Privacy Protocols for Anonymous Communication Anupam Datta CMU Fall 2016 Privacy on Public Networks } Internet is designed as a public network } Machines on your LAN may see your
More informationENEE 459-C Computer Security. Security protocols (continued)
ENEE 459-C Computer Security Security protocols (continued) Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationCS 134 Winter Privacy and Anonymity
CS 134 Winter 2016 Privacy and Anonymity 1 Privacy Privacy and Society Basic individual right & desire Relevant to corporations & government agencies Recently increased awareness However, general public
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: Anonymity Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationAnonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012
Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hübner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28(10), October 1985 Who paid for the
More informationAnonymity and Privacy
Computer Security Spring 2008 Anonymity and Privacy Aggelos Kiayias University of Connecticut Anonymity in networks Anonymous Credentials Anonymous Payments Anonymous E-mail and Routing E-voting Group,
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationContext. Protocols for anonymity. Routing information can reveal who you are! Routing information can reveal who you are!
Context Protocols for anonymity The nternet is a public network: Myrto Arapinis School of nformatics University of Edinburgh Routing information is public: P packet headers contain source and destination
More informationAnonymity. Assumption: If we know IP address, we know identity
03--4 Anonymity Some degree of anonymity from using pseudonyms However, anonymity is always limited by address TCP will reveal your address address together with ISP cooperation Anonymity is broken We
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Instructor: Michael Fischer Lecture by Ewa Syta Lecture 25 April 18, 2012 CPSC 467b, Lecture 25 1/44 Anonymous Communication DISSENT- Accountable Anonymous
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2012 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationThe Tor Network. Cryptography 2, Part 2, Lecture 6. Ruben Niederhagen. June 16th, / department of mathematics and computer science
The Tor Network Cryptography 2, Part 2, Lecture 6 Ruben Niederhagen June 16th, 2014 Tor Network Introduction 2/33 Classic goals of cryptography: confidentiality, data integrity, authentication, and non-repudiation.
More informationcommunication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.
Introduction to anonymous communication Claudia Díaz Katholieke Universiteit Leuven Dept. Electrical Engineering g ESAT/COSIC October 9, 2007 Claudia Diaz (K.U.Leuven) 1 a few words on the scope of the
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationSolution of Exercise Sheet 10
Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Solution of Exercise Sheet 10 1 Diffie-Hellman Key Exchange Alice and
More informationSecurity and Anonymity
Security and Anonymity Distributed Systems need a network to send messages. Any message you send in a network can be looked at by any router or machine it goes through. Further if your machine is on the
More informationanonymous routing and mix nets (Tor) Yongdae Kim
anonymous routing and mix nets (Tor) Yongdae Kim Significant fraction of these slides are borrowed from CS155 at Stanford 1 q Why? Anonymous web browsing 1. Discuss health issues or financial matters anonymously
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationOnion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring
Onion Routing Varun Pandey Dept. of Computer Science, Virginia Tech 1 What is Onion Routing? a distributed overlay network to anonymize TCP based routing Circuit based (clients choose the circuit) Each
More informationNetwork Security: Anonymity. Tuomas Aura T Network security Aalto University, autumn 2015
Network Security: Anonymity Tuomas Aura T-110.5241 Network security Aalto University, autumn 2015 Outline 1. Anonymity and privacy 2. High-latency anonymous routing 3. Low-latency anonymous routing Tor
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationAnonymity on the Internet. Cunsheng Ding HKUST Hong Kong
Anonymity on the Internet Cunsheng Ding HKUST Hong Kong Part I: Introduc
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 19th February 2009 Outline Basics Constructing signature schemes Security of
More informationBlind Signatures and Their Applications
Department of Computer Science, National Chiao Tung University 1 / 15 Cryptanalysis Lab Outline 1 Digital Signature 2 Blind signature 3 Partially blind signature 2 / 15 Cryptanalysis Lab Digital Signature
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 4, 2017 CPSC 467, Lecture 11 1/39 ElGamal Cryptosystem Message Integrity and Authenticity Message authentication codes
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationCS Paul Krzyzanowski
Computer Security 17. Tor & Anonymous Connectivity Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2018 1 2 Anonymity on the Internet Often considered bad Only criminals need to hide
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 Public-Key Encryption: El-Gamal, RSA Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationCSE484 Final Study Guide
CSE484 Final Study Guide Winter 2013 NOTE: This study guide presents a list of ideas and topics that the TAs find useful to know, and may not represent all the topics that could appear on the final exam.
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationIntroduction to Cryptography Lecture 7
Introduction to Cryptography Lecture 7 El Gamal Encryption RSA Encryption Benny Pinkas page 1 1 Public key encryption Alice publishes a public key PK Alice. Alice has a secret key SK Alice. Anyone knowing
More informationComputer Security. 15. Tor & Anonymous Connectivity. Paul Krzyzanowski. Rutgers University. Spring 2017
Computer Security 15. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 April 24, 2017 CS 419 2017 Paul Krzyzanowski 1 Private Browsing Browsers offer a "private" browsing modes
More informationPart VI. Public-key cryptography
Part VI Public-key cryptography Drawbacks with symmetric-key cryptography Symmetric-key cryptography: Communicating parties a priori share some secret information. Secure Channel Alice Unsecured Channel
More informationCNT Computer and Network Security: Privacy/Anonymity
CNT 5410 - Computer and Network Security: Privacy/Anonymity Professor Kevin Butler Fall 2015 When Confidentiality is Insufficient 2 Privacy!= Confidentiality Confidentiality refers to the property of the
More informationPrivate Browsing. Computer Security. Is private browsing private? Goal. Tor & The Tor Browser. History. Browsers offer a "private" browsing modes
Private Browsing Computer Security 16. Tor & Anonymous Connectivity Paul Krzyzanowski Rutgers University Spring 2017 Browsers offer a "private" browsing modes Apple Private Browsing, Mozilla Private Browsing,
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationLecture 8: Privacy and Anonymity Using Anonymizing Networks. CS 336/536: Computer Network Security Fall Nitesh Saxena
Lecture 8: Privacy and Anonymity Using Anonymizing Networks CS 336/536: Computer Network Security Fall 2015 Nitesh Saxena Some slides borrowed from Philippe Golle, Markus Jacobson Course Admin HW/Lab 3
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationAnonymous communications: Crowds and Tor
Anonymous communications: Crowds and Tor Basic concepts What do we want to hide? sender anonymity attacker cannot determine who the sender of a particular message is receiver anonymity attacker cannot
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationHOST Cryptography I ECE 525. Cryptography Handbook of Applied Cryptography &
Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect
More informationChapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you see the animations; and can add,
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationApplied Cryptography and Computer Security CSE 664 Spring 2018
Applied Cryptography and Computer Security Lecture 13: Public-Key Cryptography and RSA Department of Computer Science and Engineering University at Buffalo 1 Public-Key Cryptography What we already know
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationAnonymous Connections and Onion Routing
Anonymous Connections and Onion Routing David Goldschlag, Michael Reed, and Paul Syverson Center for High Assurance Computer Systems Naval Research Laboratory Washington, D.C. 1 Who is Talking to Whom?
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationCS232. Lecture 21: Anonymous Communications
CS232 Lecture 21: Anonymous Communications November 21, 2018 2 You Are Not Anonymous 3 Your IP address can be linked directly to you ISPs store communications records Usually for several years (Data Retention
More informationPrivacy Enhancing Technologies CSE 701 Fall 2017
Privacy Enhancing Technologies Lecture 2: Anonymity Applications Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Anonymous communication mixes, anonymizing proxies,
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationUntraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. EJ Jung
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms EJ Jung Goals 1. Hide what you wrote encryption of any kind symmetric/asymmetric/stream 2. Hide to whom you sent and when pseudonym?
More informationIntroduction to Computer Security
Introduction to Computer Security Instructor: Mahadevan Gomathisankaran mgomathi@unt.edu CSCE 4550/5550, Fall 2009 Lecture 10 1 Announcements Project Group Due today Attendance Mandatory Ave. 85% ( 4 absentees
More informationOverview. Public Key Algorithms I
Public Key Algorithms I Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.lsu.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601-04/ Louisiana State
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationPrivacy defense on the Internet. Csaba Kiraly
Advanced Networking Privacy defense on the Internet Csaba Kiraly 1 Topics Anonymity on the Internet Chaum Mix Mix network & Onion Routing Low-latency anonymous routing 2 Anonymity: Chaum mix David L. Chaum
More informationHow Alice and Bob meet if they don t like onions
How Alice and Bob meet if they don t like onions Survey of Network Anonymisation Techniques Erik Sy 34th Chaos Communication Congress, Leipzig Agenda 1. Introduction to Anonymity Networks Anonymity Strategies
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationFeedback Week 4 - Problem Set
4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1
More informationAnalysing Onion Routing Bachelor-Thesis
Analysing Onion Routing Bachelor-Thesis Steffen Michels June 22, 2009 Abstract Although methods for reaching security goals such as secrecy, integrity and authentication are widely used in the Internet,
More informationLecture 10, Zero Knowledge Proofs, Secure Computation
CS 4501-6501 Topics in Cryptography 30 Mar 2018 Lecture 10, Zero Knowledge Proofs, Secure Computation Lecturer: Mahmoody Scribe: Bella Vice-Van Heyde, Derrick Blakely, Bobby Andris 1 Introduction Last
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationCryptography: More Primitives
Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationDefinition. Quantifying Anonymity. Anonymous Communication. How can we calculate how anonymous we are? Who you are from the communicating party
Definition Anonymous Communication Hiding identities of parties involved in communications from each other, or from third-parties Who you are from the communicating party Who you are talking to from everyone
More informationAnonymity With material from: Dave Levin
Anonymity With material from: Dave Levin http://www.sogosurvey.com/static/sogo_resp_images/tat_resp_images/designimg/guaranteed-anonymous-survey.png What is anonymity? Dining cryptographers Mixnets and
More informationCS526: Information security
Cristina Nita-Rotaru CS526: Information security Anonymity systems. Based on slides by Chi Bun Chan 1: Terminology. Anonymity Anonymity (``without name ) means that a person is not identifiable within
More informationCS 356 Internet Security Protocols. Fall 2013
CS 356 Internet Security Protocols Fall 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists Chapter 5
More informationOther Topics in Cryptography. Truong Tuan Anh
Other Topics in Cryptography Truong Tuan Anh 2 Outline Public-key cryptosystem Cryptographic hash functions Signature schemes Public-Key Cryptography Truong Tuan Anh CSE-HCMUT 4 Outline Public-key cryptosystem
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationLecture 3.4: Public Key Cryptography IV
Lecture 3.4: Public Key Cryptography IV CS 436/636/736 Spring 2012 Nitesh Saxena Course Administration HW1 submitted Trouble with BB Trying to check with BB support HW1 solution will be posted very soon
More informationTor: An Anonymizing Overlay Network for TCP
Tor: An Anonymizing Overlay Network for TCP Roger Dingledine The Free Haven Project http://tor.freehaven.net/ http://tor.eff.org/ December 28, 21C3 2004 Talk Outline Motivation: Why anonymous communication?
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 23
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 23 Announcements Project 4 is Due Friday May 2nd at 11:59 PM Final exam: Friday, May 12th. Noon - 2:00pm DRLB A6 Today: Last details
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationAnonymity. With material from: Dave Levin and Michelle Mazurek
http://www.sogosurvey.com/static/sogo_resp_images/tat_resp_images/designimg/guaranteed-anonymous-survey.png Anonymity With material from: Dave Levin and Michelle Mazurek What is anonymity? Dining cryptographers
More informationAnonymity C S A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L
Anonymity C S 6 8 2 A D VA N C E D S E C U R I T Y TO P I C S P R E S E N TAT I O N BY: PA N AY I OTO U M A R KO S 4 T H O F A P R I L 2 0 1 9 Tor: The Second- Generation Onion Router R. DINGLEDINE N.
More information