On the (in-)security of JavaScript Object Signing and Encryption. Dennis Detering
|
|
- Jade Daniels
- 6 years ago
- Views:
Transcription
1
2 On the (in-)security of JavaScript Object Signing and Encryption Dennis Detering 2
3 Introduction Dennis Detering IT Security Consultant @Merenon Christian Mainka Vladislav Mladenov Juraj Somorovsky 3
4 Table of Contents What is JOSE? Practical Attacks and Vulnerabilities Signature Exclusion Key Confusion Bleichenbacher MMA Timing Attack JOSEPH Our Burp Suite Extension What s Next? 4
5 WHAT IS JOSE? JavaScript Object Signing and Encryption 5
6 What is JOSE? Proposed Standard since May 2015 Simple, URL-safe, space-constrained environments (e.g. HTTP Authorization headers, URI query parameters), self-contained People from big companies working on it: Already implemented in widely deployed protocols / software: 6
7 JSON Web Algorithm JSON Web Key JSON Web Algorithm RFC 7518 This specification registers cryptographic algorithms and identifiers to be used with the JWS, JWE, JWK specifications. { "keys": [{ "kty":"ec", "crv":"p 256", "x":"mkbctnickusdii11yss3526idz8aito7tu6kpaqv7d4", "y":"4etl6srw2yilurn5vfvvhuhp7x8pxltmwwlbbm4ifym", "use":"enc", "kid":"1" }, { "kty":"rsa", "n":"0vx7agoebgcqsuupiljxzptn9nndrqmbxeps2aiafbwhm78lhwx 4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiF V4n3oknjhMstn64tZ_2W 5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf 0h4QyQ5v 65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7 d0zgdazhzu6qmqvrl5hajrn1n91cbopbisd08qnlyrdkt bftwhai 4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ G_xBniIqbw0Ls1jF44 csfcur kegu8awapjzknqdkgw", "e":"aqab", "alg":"rs256", "kid":" " }] JSON Web Key RFC 7517 A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. } 7
8 JSON Web Signature JSON Web Signature RFC 7515 JSON Web Signature (JWS) represents content secured with digital signatures or Message Authentication Codes (MACs) using JSON-based data structures eyjhbgcioijsuzi1nij9. eyjpc3mioijqb2uila0kicjlehaiojezmda4mtkzodasdqogimh0dha6ly9legft cgxllmnvbs9pc19yb290ijp0cnvlfq. cc4hiupoj9eetdgtv3hf80egrhub dzerat0xf9g2vtqgr9pjbu3xoizj5rzmh7 AAuHIm4Bh 0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4 BAynRFdiuB f_nzlgrnbytywzo75vrk5h6xbarliarnpvksjtqbmhlb1l07qe7k 0GarZRmB_eSN9383LcOLn6_dO xi12jzdwusc eokhwesqtfzesc6bfi7noopqv hj1phcnvwh6ieyi2w9qoyeuiputi8np6lbggy9fs98rqvt5axlihwkwywlvmtvrb p0igcn_ioypglupqge77rw Header Payload Signature 8
9 JSON Web Signature 9
10 JSON Web Signature 10
11 JSON Web Signature 11
12 JSON Web Signature 12
13 JSON Web Signature 13
14 JSON Web Encryption JSON Web Encryption RFC 7516 JSON Web Encryption (JWE) represents encrypted content using JSON-based data structures. eyjhbgcioijsu0exxzuilcjlbmmioijbmti4q0jdluhtmju2in0. UGhIOguC7IuEvf_NPVaXsGMoLOmwvc1GyqlIKOK1nN94nHPoltGRhWhw7Zx0 kfm 1NJn8LE9XShH59_i8J0PH5ZZyNfGy2xGdULU7sHNF6Gp2vPLgNZ delkxghz7pc HALUzoOegEI 8E66jX2E4zyJKx YxzZIItRzC5hlRirb6Y5Cl_p ko3yvkkyszif NPccxRU7qve1WYPxqbb2Yw8kZqa2rMWI5ng8OtvzlV7elprCbuPhcCdZ6XDP0_F8 rkxds2ve4x ncoim8hayhhi29nx0mckirad0 D ljqtp cfpgwcp6x nzzd9ohbv B3oWh2TbqmScqXMR4gp_A. AxY8DCtDaGlsbGljb3RoZQ. KDlTtXchhZTGufMYmOYGS4HffxPSUrfmqCHXaI9wOGY. 9hH0vgRfYgPnAHOd8stkvw Header Encrypted Key IV Ciphertext Auth Tag 14
15 JSON Web Encryption 15
16 JSON Web Encryption 16
17 JSON Web Encryption 17
18 JSON Web Encryption 18
19 JSON Web Encryption 19
20 JSON Web Encryption 20
21 JSON Web Encryption 21
22 JSON Web Token JSON Web Token RFC 7519 claims to be transferred between two parties [ ] used as the payload of a JWS structure or as the plaintext of a JWE structure... { "iss": rub.de", "iat": , "nbf": , "exp": , "username": "ddety", "is_admin": true } 22
23 ATTACKS Practical Attacks and Vulnerabilities 23
24 Signature Exclusion The none algorithm 24
25 Signature Exclusion The none algorithm eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyjzb21lijoicgf5bg9hzcj9. F0HwqXQV68cvLFzW8MFA42LxKpp_fawaCa9XSLzL2yM {"alg":"hs256","typ":"jwt"}. {"some":"payload"}. SIGNATURE 25
26 Signature Exclusion The none algorithm eyjhbgcioijiuzi1niisinr5cci6ikpxvcj9.eyjzb21lijoicgf5bg9hzcj9. F0HwqXQV68cvLFzW8MFA42LxKpp_fawaCa9XSLzL2yM {"alg":"hs256","typ":"jwt"}. {"some":"payload"}. SIGNATURE eyjhbgcioijub25liiwidhlwijoislduin0.eyjzb21lijoicgf5bg9hzcj9. {"alg":"none","typ":"jwt"}. {"some":"payload"}. 26
27 Signature Exclusion The none algorithm 27
28 Signature Exclusion The none algorithm 28
29 Signature Exclusion The none algorithm {"alg": none } {"alg": NONE } {"alg": none } {"alg": NoNe } {"alg": NonE }????? 29
30 Key Confusion RSA or HMAC? Verification function of many libraries: verify(string token, string verificationkey) In systems using symmetric HMAC signatures: verify(clienttoken, serverhmacsecretkey) In systems using asymmetric RSA signatures: verify(clienttoken, serverrsapublickey) 30
31 Key Confusion RSA or HMAC? Problem: How does system determine the algorithm? JOSE Header: User controlled {"alg":"hs256","typ":"jwt"} The attack: If system expects token signed with RSA, but receives token signed with HMAC, it will think the public key is actually an HMAC secret key! 31
32 Key Confusion RSA or HMAC? 32
33 Key Confusion RSA or HMAC? verify(clienttoken, serverrsapublickey) 33
34 Key Confusion RSA or HMAC? verify(clienttoken, serverrsapublickey) {"alg":"hs256","typ":"jwt"} 34
35 Bleichenbacher MMA PKCS#1 v1.5 Described in 1998 by Daniel Bleichenbacher Used to break: SSL (1998) XML Encryption (2012) PKCS#11 (2012) TLS (2016) Recommended algorithm in JSON Web Encryption 35
36 Bleichenbacher MMA PKCS#1 v1.5 Adaptive Chosen-Ciphertext Attack Differences in error messages or timing behavior 36
37 Bleichenbacher MMA PKCS#1 v1.5 Adaptive Chosen-Ciphertext Attack Differences in error messages or timing behavior Padding Oracle (PKCS#1 v1.5 validity) 37
38 Bleichenbacher MMA PKCS#1 v1.5 Adaptive Chosen-Ciphertext Attack Differences in error messages or timing behavior Padding Oracle (PKCS#1 v1.5 validity) Exploits malleability of RSA encryption scheme (binding) 38
39 Bleichenbacher MMA PKCS#1 v1.5 Source: Bleichenbacher D. (1998) Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk H. (eds) Advances in Cryptology CRYPTO '98. CRYPTO
40 Bleichenbacher MMA PKCS#1 v1.5 Error- and time-based padding oracle Attack scenario 40
41 Timing Attack HMAC Native String Comparison Vulnerability Underlying C implementation 41
42 Timing Attack HMAC Native String Comparison (Original) ca3cf26f97b69d6891bff8f93a06d0bcc a b c d e f
43 The Burp Suite Extension 43
44 DEMO TIME! Let s do some hands-on! 44
45 WHAT S NEXT? Conclusion and Future Work 45
46 Our Contribution Open Source Libraries All in all 6 libraries (PHP, Python, Ruby, C) were fixed CVE (PHP Timing Attack) CVE (PHP Bleichenbacher MMA) CVE (PHP Key Confusion) CVE (Python Bleichenbacher MMA) CVE (Python Timing Attack) CVE (PHP Timing Attack) + 2 additional libraries (Ruby & C, Bleichenbacher MMA) without CVE 46
47 What s next? Conclusion and Future Work Standard not perfect More problematic: implementations Use and improve JOSEPH e.g. Invalid Curve Attack 47
48 Dennis Detering THANK YOU! Any Questions? @Merenon
What is JOSE. Jim Schaad Co-chair JOSE August Cellars. Friday, March 15, 13
What is JOSE Jim Schaad Co-chair JOSE August Cellars 1 Overview Use JSON for data structure representations Try and meet the goal of easy to implement and use Allow for complex uses Allow for arbitrary
More informationPractical Attacks on Implementations
Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 3curity @jurajsomorovsky 1 1 Recent years revealed many crypto attacks ESORICS 2004, Bard: The Vulnerability of SSL to
More informationpython-jose Documentation
python-jose Documentation Release 0.2.0 Michael Davis May 21, 2018 Contents 1 Contents 3 1.1 JSON Web Signature........................................... 3 1.2 JSON Web Token............................................
More informationInternet Engineering Task Force (IETF) Request for Comments: ISSN: May 2015
Internet Engineering Task Force (IETF) Request for Comments: 7516 Category: Standards Track ISSN: 2070-1721 M. Jones Microsoft J. Hildebrand Cisco May 2015 JSON Web Encryption (JWE) Abstract JSON Web Encryption
More informationInternet Engineering Task Force (IETF) Category: Informational May 2015 ISSN:
Internet Engineering Task Force (IETF) M Miller Request for Comments: 7520 Cisco Systems, Inc Category: Informational May 2015 ISSN: 2070-1721 Abstract Examples of Protecting Content Using JSON Object
More informationPyJWT Documentation. Release José Padilla
PyJWT Documentation Release 1.6.1 José Padilla Apr 08, 2018 Contents 1 Sponsor 3 2 Installation 5 3 Example Usage 7 4 Command line 9 5 Index 11 5.1 Installation................................................
More informationIntended status: Standards Track January 13, 2015 Expires: July 17, 2015
JOSE Working Group M. Jones Internet-Draft Microsoft Intended status: Standards Track January 13, 2015 Expires: July 17, 2015 Abstract JSON Web Algorithms (JWA) draft-ietf-jose-json-web-algorithms-40 The
More informationDROWN - Breaking TLS using SSLv2
DROWN - Breaking TLS using SSLv2 Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,
More informationInternet Engineering Task Force (IETF) Request for Comments: 7518 Category: Standards Track May 2015 ISSN:
Internet Engineering Task Force (IETF) M. Jones Request for Comments: 7518 Microsoft Category: Standards Track May 2015 ISSN: 2070-1721 Abstract JSON Web Algorithms (JWA) This specification registers cryptographic
More informationDistributing Secrets. Securely? Simo Sorce. Presented by. Red Hat, Inc.
Distributing Secrets Securely? Presented by Simo Sorce Red Hat, Inc. Flock 2015 Historically Monolithic applications on single servers potentially hooked to a central authentication system. Idm Distributing
More informationSystematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky
Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 1 Transport Layer Security The most important crypto protocol HTTP, SMTP, IMAP 2 2 Secure Sockets Layer (SSL), SSLv2 SSLv3 Trasnsport
More informationInternet Engineering Task Force (IETF) Request for Comments: 7517 Category: Standards Track May 2015 ISSN:
Internet Engineering Task Force (IETF) M. Jones Request for Comments: 7517 Microsoft Category: Standards Track May 2015 ISSN: 2070-1721 Abstract JSON Web Key (JWK) A JSON Web Key (JWK) is a JavaScript
More information: Practical Cryptographic Systems March 25, Midterm
650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationJSON Web Algorithms (JWA) draft-ietf-jose-json-web-algorithms-01
JOSE Working Group M. Jones Internet-Draft Microsoft Intended status: Standards Track March 12, 2012 Expires: September 13, 2012 JSON Web Algorithms (JWA) draft-ietf-jose-json-web-s-01 Abstract The JSON
More informationRevisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj Somorovsky Ruhr University Bochum 3curity GmbH juraj.somorovsky@3curity.de About me Security Researcher at: Chair
More informationTHE DANGERS OF KEY REUSE: PRACTICAL ATTACKS ON IPSEC IKE
THE DANGERS OF KEY REUSE: PRACTICAL ATTACKS ON IPSEC IKE Dennis Felsch 1, Martin Grothe 1, Jörg Schwenk 1, Adam Czubak 2, Marcin Szymanek 2 1 : Ruhr University Bochum, Germany 2 : University of Opole,
More informationCS144: Sessions. Cookie : CS144: Web Applications
CS144: Sessions HTTP is a stateless protocol. The server s response is purely based on the single request, not anything else Q: How does a web site like Amazon can remember a user and customize its results?
More informationEncrypted Object Extension
Encrypted Object Extension ABSTRACT: "Publication of this Working Draft for review and comment has been approved by the Cloud Storage Technical Working Group. This draft represents a "best effort" attempt
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics
Introduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationAdvanced Security for Systems Engineering VO 09: Applied Cryptography
Advanced Security for Systems Engineering VO 09: Applied Cryptography Clemens Hlauschek Lukas Brandstetter Christian Schanes INSO Industrial Software Institute of Computer Aided Automation Faculty of Informatics
More informationSecurity Analysis of eidas The Cross-Country Authentication Scheme in Europe
Security Analysis of eidas The Cross-Country Authentication Scheme in Europe Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk Ruhr University Bochum
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationConnect. explained. Vladimir Dzhuvinov. :
Connect explained Vladimir Dzhuvinov Email: vladimir@dzhuvinov.com : Twitter: @dzhivinov Married for 15 years to Java C Python JavaScript JavaScript on a bad day So what is OpenID Connect? OpenID Connect
More informationInternet Engineering Task Force (IETF) Request for Comments: 8292 Category: Standards Track ISSN: November 2017
Internet Engineering Task Force (IETF) Request for Comments: 8292 Category: Standards Track ISSN: 2070-1721 M. Thomson Mozilla P. Beverloo Google November 2017 Voluntary Application Server Identification
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationNordea e-identification Service description
Nordea e-identification Service description October 2018 1 Change log Version Description/ Changes 1.0 Initial version 1.1 Minor updates to examples & service hours October 2018 2 Contents Change log...
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationPlaintext-Recovery Attacks Against Datagram TLS
Information Security Group Royal Holloway, University of London 6th Feb 2012 Contents 1 Results 2 3 4 Padding Oracle Realisation Against OpenSSL 5 Attacking the GnuTLS Implementation of DTLS 6 Results
More informationInternet Engineering Task Force (IETF) Request for Comments: ISSN: S. Erdtman Spotify AB H. Tschofenig ARM Ltd.
Internet Engineering Task Force (IETF) Request for Comments: 8392 Category: Standards Track ISSN: 2070-1721 M. Jones Microsoft E. Wahlstroem S. Erdtman Spotify AB H. Tschofenig ARM Ltd. May 2018 CBOR Web
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationDelegated Access Control Extension
Delegated Access Control Extension Version 1.1f "Publication of this Working Draft for review and comment has been approved by the Cloud Storage Technical Working Group. This draft represents a "best effort"
More informationWorkshop Challenges Startup code in PyCharm Projects
INTRODUCTION TO CRYPTOGRAPHIC ATTACKS EXERCISE LOGISTICS Workshop Challenges Startup code in PyCharm Projects BLOCK CIPHERS Fixed sized input Random looking output for each message and key Block Cipher
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationSlides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013 Digital Signatures Diagram illustrating how to sign a message Why do we use a one-way hash? How does a collision
More informationopenid connect all the things
openid connect all the things @pquerna CTO, ScaleFT CoreOS Fest 2017-2017-07-01 Problem - More Client Devices per-human - Many Cloud Accounts - More Apps: yay k8s - More Distributed Teams - VPNs aren
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationThere are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has
1 There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has unpatched buffer-overflow vulnerabilities. New projects should
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationAPI Security. PHP Tek Rob Richards
API Security PHP Tek 2012 Rob Richards rrichards@mashery.com Who am I? Rob Richards Mashery Email: rrichards@mashery.com Twitter: @mashery Slides: www.cdatazone.org WWW Danger! Danger! Traditional Web
More informationPAS for OpenEdge Support for JWT and OAuth Samples -
PAS for OpenEdge Support for JWT and OAuth 2.0 - Samples - Version 1.0 November 21, 2017 Copyright 2017 and/or its subsidiaries or affiliates. All Rights Reserved. 2 TABLE OF CONTENTS INTRODUCTION... 3
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationMessage authentication codes
Message authentication codes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction security of MAC Constructions block cipher
More informationAuthorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin
Master s Thesis Authorization Aspects of the Distributed Dataflow-oriented IoT Framework Calvin Tomas Nilsson Department of Electrical and Information Technology, Faculty of Engineering, LTH, Lund University,
More informationAnalysing Cryptographic Hardware Interfaces with Tookan
Analysing Cryptographic Hardware Interfaces with Tookan Graham Steel joint work with R. Bardou, M. Bortolozzo, M. Centenaro, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay Graham Steel September 23,
More informationFeedback Week 4 - Problem Set
4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1
More informationBut where'd that extra "s" come from, and what does it mean?
SSL/TLS While browsing Internet, some URLs start with "http://" while others start with "https://"? Perhaps the extra "s" when browsing websites that require giving over sensitive information, like paying
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationMisuse-resistant crypto for JOSE/JWT
Misuse-resistant crypto for JOSE/JWT Neil Madden OAuth Security Workshop, 2018 1 JOSE Content Encryption Methods Provide authenticated encryption AES-CBC with HMAC-SHA2 Requires random 128-bit IV Must
More informationInitial connection setup. Adding subflow setup. Three-way handshake with MP_CAPABLE Exchange 64 bit key(key-a, Key-B)
- 2 - Despite the short history, Multipath TCP(MPTCP) prevails drastically As MPTCP was deployed, security concerns increase There have been multiple attempts at verifications to security of MPTCP Initial
More informationLecture for February 10, 2016
Lecture for February 10, 2016 ECS 235A UC Davis Matt Bishop February 10, 2016 ECS 235A, Matt Bishop Slide #1 Supporting Crypto All parts of SSL use them Initial phase: public key system exchanges keys
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationRelaxing IND-CCA: Indistinguishability Against Chosen. Chosen Ciphertext Verification Attack
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Indian Statistical Institute Kolkata January 14, 2012 Outline 1 Definitions Encryption Scheme IND-CPA IND-CCA IND-CCVA
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationUniform Resource Locators (URL)
The World Wide Web Web Web site consists of simply of pages of text and images A web pages are render by a web browser Retrieving a webpage online: Client open a web browser on the local machine The web
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationTechnological foundation
Technological foundation Carte à puce et Java Card 2010-2011 Jean-Louis Lanet Jean-louis.lanet@unilim.fr Cryptology Authentication Secure upload Agenda Cryptology Cryptography / Cryptanalysis, Smart Cards
More informationSankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank
Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationIntroduction to Public-Key Cryptography
Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More information4.2. Authenticating to REST Services. Q u i c k R e f e r e n c e G u i d e. 1. IdentityX 4.2 Updates
4.2 Authenticating to REST Services Q u i c k R e f e r e n c e G u i d e In IdentityX 4.1, REST services have an authentication and signing requirement that is handled by the IdentityX REST SDKs. In order
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationConcrete cryptographic security in F*
Concrete cryptographic security in F* crypto hash (SHA3) INT-CMA encrypt then-mac Auth. encryption Secure RPC some some some adversary attack attack symmetric encryption (AES). IND-CMA, CCA2 secure channels
More informationOn Symmetric Encryption with Distinguishable Decryption Failures
On Symmetric Encryption with Distinguishable Decryption Failures Alexandra Boldyreva, Jean Paul Degabriele, Kenny Paterson, and Martijn Stam FSE - 12th Mar 2013 Outline Distinguishable Decryption Failures
More informationSymmetric Crypto MAC. Pierre-Alain Fouque
Symmetric Crypto MAC Pierre-Alain Fouque Message Authentication Code (MAC) Warning: Encryption does not provide integrity Eg: CTR mode ensures confidentiality if the blockcipher used is secure. However,
More informationAuthentication and Authorization of End User in Microservice Architecture
Journal of Physics: Conference Series PAPER OPEN ACCESS Authentication and Authorization of End User in Microservice Architecture To cite this article: Xiuyu He and Xudong Yang 2017 J. Phys.: Conf. Ser.
More informationPOST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG
POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK 2018 02.02.2018 DR. DANIEL SLAMANIG WHAT IS POST-QUANTUM CRYPTOGRAPHY? Also called quantum safe/resistant cryptography NOT quantum cryptography (= quantum
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationPrinciples of Information Security, Fourth Edition. Chapter 8 Cryptography
Principles of Information Security, Fourth Edition Chapter 8 Cryptography Learning Objectives Upon completion of this material, you should be able to: Chronicle the most significant events and discoveries
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationLecture 8 - Message Authentication Codes
Lecture 8 - Message Authentication Codes Benny Applebaum, Boaz Barak October 12, 2007 Data integrity Until now we ve only been interested in protecting secrecy of data. However, in many cases what we care
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationWhen providing a native mobile app ruins the security of your existing web solution. CyberSec Conference /11/2015 Jérémy MATOS
When providing a native mobile app ruins the security of your existing web solution CyberSec Conference 2015 05/11/2015 Jérémy MATOS whois securingapps Developer background Spent last 10 years working
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationfredag 7 september 12 OpenID Connect
OpenID Connect OpenID Connect Necessity for communication - information about the other part Trust management not solved! (1) OP discovery The user provides an identifier (for instance an email address)
More informationNIST Cryptographic Toolkit
Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others
More informationChapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010
Cryptography Chapter 8 Network Security Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security An Introduction
More informationStateless Microservice Security via JWT, TomEE and MicroProfile
Stateless Microservice Security via JWT, TomEE and MicroProfile Jean-Louis Monteiro Tomitribe Why am I here today? Microservices architecture case Security opeons OAuth2 with JWT HTTP Signatures Demo with
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (reciever) Fran
More informationflask-jwt Documentation
flask-jwt Documentation Release 0.3.2 Dan Jacob Nov 16, 2017 Contents 1 Links 3 2 Installation 5 3 Quickstart 7 4 Configuration Options 9 5 API 11 6 Changelog 13 6.1 Flask-JWT Changelog..........................................
More informationSHAKEN - Secure Handling of Asserted information using tokens. August 2015
SHAKEN - Secure Handling of Asserted information using tokens August 2015 1 Current Status The current STIR IETF working group is focused on 4474bis which defines a signing mechanism for validating a calling
More informationRelaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey, Santanu Sarkar and Mahavir Prasad Jhanwar CR Rao AIMSCS Hyderabad November 2, 2012 Outline 1 Definitions
More informationCryptography Introduction
Cryptography Introduction Last Updated: Aug 20, 2013 Terminology Access Control o Authentication Assurance that entities are who they claim to be o Authorization Assurance that entities have permission
More informationeconet smart grid gateways: econet SL and econet MSA FIPS Security Policy
econet smart grid gateways: econet SL and econet MSA FIPS 140 2 Security Policy Level 2 Validation Document Version 0.5 Hardware Versions: ENSL2, ENSL5 and ENMSA2 Firmware Version: 3.2.1 FIPS Nexgrid,
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationSMPTE Standards Transition Issues for NIST/FIPS Requirements
SMPTE Standards Transition Issues for NIST/FIPS Requirements Contents 2010.5.20 DRM inside Taehyun Kim 1 Introduction NIST (National Institute of Standards and Technology) published a draft special document
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationflask-jwt-simple Documentation
flask-jwt-simple Documentation Release 0.0.3 vimalloc rlam3 Nov 17, 2018 Contents 1 Installation 3 2 Basic Usage 5 3 Changing JWT Claims 7 4 Changing Default Behaviors 9 5 Configuration Options 11 6 API
More informationNonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic 1 TLS Encryption 1. Asymmetric key exchange RSA, DHE,
More informationThe encryption of the message is the block sequence y 1 ;:::;y N. Although decryption is not clearly defined in RFC2040 [2], it makes sense to assume
CBC Padding: Security Flaws in SSL, IPSEC, WTLS,... Serge Vaudenay Swiss Federal Institute of Technology (EPFL) Serge.Vaudenay@epfl.ch Abstract In many standards, e.g. SSL/TLS, IPSEC, WTLS, messages are
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationOpenID Connect Update
OpenID Connect Update May 14, 2013 Dr. Michael B. Jones Identity Standards Architect Microsoft Working Together OpenID Connect Working Group Members Key working group participants: Nat Sakimura Nomura
More information