TLS (TRANSPORT LAYER SECURITY) PROTOCOL

Size: px
Start display at page:

Download "TLS (TRANSPORT LAYER SECURITY) PROTOCOL"

Transcription

1 TLS ATTACKS CHRISTA PHILIPPOU PROFESOR: ELIAS AHANASOPOULOS UNIVERSITY OF CYPRUS EPL 682 ADVANCED SECURITY TOPICS Ø ON THE EFFECTIVE PREVENTION OF TLS MAN-IN-THE-MIDDLE ATTACKS IN WEB APPLICATIONS. USENIX SECURITY TLS supports several symmetric encryption (one secret key): A scheme based on the RC4 stream. This paper proves the weakness of TLS when RC4 is selected for the encryption process. Paper`s results are supported by an experimental evaluation of the feasibility of the attacks, that show the weakness, as mention above. More specific the goals of this pares are: To evaluate the RC4 vulnerability by an attack to a connection between two edges, above TLS Protocol with RC4 encryption. Recommends defenses/ countermeasures for data safety based on the above protocol and encryption method. Supports that RC4 should henceforth be avoided in TLS, and deprecated as soon as possible. TLS (TRANSPORT LAYER SECURITY) PROTOCOL HOW IT WORKS? It takes place when two parties client and server come across each other for the first time. A TLS session consists of two phases: Phase 1: TLS Handshake 1. The TLS Handshake (establish a secure session key). After the completion of the TCP threeway handshake and before exchange of application data over TLS, the encrypted tunnel must be negotiated, so the client and the server must: Agree on the version of the TLS protocol Choose the cipher-suite Verify certificates if necessary. (Startup latency)

2 Example 1: 1 Figure 1: TCP connection establishment example TLC handshake - the client and the server must agree on the version of the TLS protocol, choose the cipher-suite, and verify certificates if necessary. * * Example 2: Imagine this handshake process as a dialog between the two. Client: Hello there. I want to establish secure communication between the two of us. Here are my cipher suits and compatible TLS version. Server: Hello Client. I have checked your cipher suits and TLS version. I think we re good to go ahead. Here are my certificate file with my public key. Check them out. Client: Let me verify your certificate. (After a while) Okay, it seems fine, but I need to verify your private key. What I ll do is, I will generate and encrypt a pre-master (shared secret key) key using your public key. Decrypt it using your private key and we ll use a master key to encrypt and decrypt the information. Server: Done. [Now that both the parties know who they re talking to, the information transferred between them will be secured using the master-key. Keep in mind that once the verification part is over, the encryption takes place through the master-key only. This is symmetric encryption.] 2

3 Client: I m sending you this sample message to verify that our master-key works. Send me the decrypted version of this message (kind of authentication). If it works, our data is in safe hands. Server: Yeah, it works. I think we ve accomplished what we were looking for. Figure 2: The TLS handshake process simplified. * From now on, every bit of data transmitted back and forth between client and server will be encrypted. This is called the SSL/TLS handshake process. Phase 2: TLS Record Protocol 2. The TLS Record Protocol (uses symmetric key cryptography) is responsible for securing application data and verifying its integrity and origin. It manages the following: Dividing outgoing messages into manageable blocks, and reassembling incoming messages (Fragmentation see figure 3). Compressing outgoing blocks and decompressing incoming blocks (optional) (Compression see figure 3). Applying a Message Authentication Code (MAC) to outgoing messages, and verifying incoming messages using the MAC (HMAC function see figure 3). Encrypting outgoing messages and decrypting incoming messages (Encryption Decryption see figure 3). When the Record Protocol is complete, the outgoing encrypted data is passed down to the Transmission Control Protocol (TCP) layer for transport. 3

4 This paper mentioned that there are three encryption methods/ options: HMAC followed by CBC-mode encryption using a block cipher (is not a symmetric operation). HMAC followed by encryption using the RC4 stream cipher (is not a symmetric operation). (Widespread adopted) Authenticated encryption (πιστοποιημένη κρυπτογράφηση/ κρυπτογράφυση με πιστοποίηση) using GCM or CCM-mode of operation of a block cipher. àwhich one is selected for analysation and Why? However, they analysed only the second one. [They performed analysis of 16 billion TLS connections. Around of 50% of the traffic was protected HMAC followed by encryption using RC4 cipher-suits, so the first and the third method has very less than 50%, each.] TLS Record Protocol provides a secure connection based on reliability and privacy by using unique generated (symmetric) key encryption (per connection). Example 1: Figure 3: TLS Record Protocol - Cryptographic operation with RC4 encryption method. RC4 (RIVEST CHIPHER 4) 4 HOW IT WORKS? RC4 was designed in 1987 by Ron Rivest (the same person who designed the RSA). RC4 is used in TLS Report Protocol (second) phase to generate a pseudo-random stream of bits (a keystream). As with any stream cipher, these can be used for encryption by combining it with the plaintext using bit-wise exclusive-or (XOR). Decryption is performed the same way (since XOR is

5 a symmetric operation/ αμφίδρομη διαδικασία). To generate the key stream, RC4 generates a pseudorandom stream of bits (a keystream): 1. A permutation of all 256 possible bytes ("S" in example below). 2. Two 8-bit index-pointers ("i" and "j" in example below). The permutation is initialized with a variable length key/ seed (called K ) typically between 40 and 256 bits, using the key-scheduling algorithm (KSA). Then the stream of bits is generated by a pseudo-random generation algorithm (PRGA). Permutation: is initialized with a variable length key, typically between 40 and 256 bits, using the Key Scheduling Algorithm (KSA). Once this has been completed, the stream of bits is generated using the Pseudo-Random Generation Algorithm (PRGA). KSA KEY SCHEDULING ALGORITHM HOW IT WORKS? 1. Vector Initialization: i. State Vector S (with values 0 255). ii. Temporary Vector T (with values based on user selected key/ seed, K). Example of possible T, iff key/ seed K is [0,1,1,0]*: [0,1,1,0, 0,1,1,0, 0,1,1,0, ] *Key size K> 40. The above key length is used only for this example. 2. KSA: i. Initial permutation of S (based on T). ii. Key k and vector T are discarded. Example 1: key, key, key, è A random order of numbers in range [0-255]. Figure 4: KSA Initial and final state of vector S that is used as a key stream afterwards. 5

6 PSEUDO-RANDOM GENERATION ALGORITHM (PRGA). HOW IT WORKS? PRGA is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNGgenerated sequence is not truly random, because it is completely determined by an initial value, called the seed. Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom number generators are important in practice for their speed in number generation and their reproducibility. Stages: 1. Cycling through the S (see figure 4) from S[0] to S[255] to produce pseudorandom byte keystream. 2. Each key k is generated. 3. Vector S is subjected to another permutation. ATTACKS CHIPHER TEXT RECOVERY Basic Idea: SINGLE BYTE BIAS ATTACK It presents two plaintext recovery attacks on RC4 that are exploitable from the adversary when this cipher is used for encryption in TLS. Both attacks require a fixed plaintext to be RC4-encrypted and transmitted many times in succession (in the same, or in multiple independent RC4 keystreams). A statistical analysis of cipher-texts forms the core of their attacks. 1. Single Byte Bias Attack: Targets the initial 256 bytes of RC4 ciphertext. It is fixed-plaintext and multi-session à Requires a fixed sequence of plaintext bytes to be independently encrypted under a large number of (random) keys ( broadcast attack ). The first 36 bytes are used to encrypt TLS Handshake Finished, so the header is not fixed across TLS sessions. As a consequence, the methods can be applied only to recover up 220 byte of the plaintext. Actually, what helps reaserchers to find out that there is a way to recover the initial chipertext is the fact of patterns repetition between deferent encryptions of the same chipertext (εκμεταλλεύονται τα στατιστικά μοτίβα κωδικοποίησης). Attacks exploits statistical biases. Seemingly follows specific patterns! o Example 1: almost every character e encrypts with the character a. o Example 2: most of the bits are encrypted with the bit 0 à Not a uniform distribution. 6

7 àadvantage for frequency analysation (the frequency of occurrence of 1 and 0 are not approximately equal). àincrease of statistics because of lack full randomness. ànot really unpredictable encrypted chipertext. Exploits biases in the entire keystream (cipher text) byte by byte. [The first significant bias was observed: For a given byte position of the cipher, the probability to be equal to a specific value can be calculated.] Exploits biases in the entire keystream (cipher text) in consecutive pairs of bytes. Evaluation of the probability of the occurrence for each bytes pair (i, i+1) WHERE 256 MOD i= 0. In contrast to Single byte Bias attack, most of the identified multi-byte biases are long term : which appear periodically at regular intervals. (for every byte i, where 256 MOD i = 0, eg. 8, 16, 32, 64,..) The first and the last byte of plaintext was known. Automated mechanism for generating a large number of encryptions of the target cookie ( multi-session with fixed plaintext ) (eg. With malware JavaScript running in the victim s browser). 2. Double - byte bias attack: Exploits biases in the entire keystream (cipher text) in consecutive pairs of bytes. Evaluation of the probability of the occurrence for each bytes pair (i, i+1) WHERE 256 MOD i= 0. In contrast to Single byte Bias attack, most of the identified multi-byte biases are long term : which appear periodically at regular intervals (in every position byte i, where 256 MOD i = 0, eg. 8, 16, 32, 64,..). The first and the last byte of plaintext was known. NOTE THAT: Before the cookie large number of HTTP headers take place. [..known header bytes.. <cookie>..known header..] àso about the bytes before and after cookie we are not interested in.àcookie appears after the first 220 bytes! Based on results: With 13 * 2 "# encryptions of a fixed plaintext the success rate of 16 bytes recovering was 100% (see below figure 9, 10). RESULTS FOR SINGLE BYTE BIAS ATTACK MEASURE DISTRIBUTIONS OF RC4 KEYSTRAM 7

8 Analyse the 16 th byte of keystream (Z 16 ): Value 16 Value 240 Figure 5: The axis-x represents the byte position in the chiphertext. The axis-y represents the probability of appearance for each byte of the ciphertext. To make this graph this experiment took place by generating 2 )# keystreams to encrypt the same plaintext. Analyse the 32 th byte of keystream (Z 32 ): Figure 6: The axis-x represents the byte position in the chiphertext. The axis-y represents the probability of appearance for each byte of the ciphertext. To make this graph this experiment took place by generating 2 )# keystreams to encrypt the same plaintext. 8

9 Experimental Results: Recovery rate for 2 24 sessions for first 256 bytes of plaintext: Success rate of the recovery of initial bytes > Success rate of the recovery of last positions Figure 7: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. Recovery rate for 2 30 sessions for first 256 bytes of plaintext: 100% recovery! Figure 8: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. 9

10 Recovery rates for 2 26 sessions: Red: 4-bit block scheme (ανάλυση κωδικοποίηση με μπλοκ 4 ων bit) Blue: original single byte bias attack Plaintexts are encoded in 4-bit-per-byte scheme (PHP, HTTP cookies). Run 256 times for each one of 2,),..., 2 ", sessions/ encryptions. Figure 9: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. Recovery rates for 2 30 sessions: Figure 10: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. 10

11 Plaintexts are encoded in 4-bit-per-byte scheme (PHP, HTTP cookies). Run 256 times for each one of 2,),..., 2 ", sessions/ encryptions. RESULTS FOR DOUBLE BYTE BIAS ATTACK MEASURE DISTRIBUTIONS OF RC4 KEYSTRAM Average fraction of successfully recovered plaintext bytes (red dashed line), and success rate for recovering the full 16-byte plaintext (blue): Figure 11: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. Based on 128 experiments. Around 50% of the executions (Black dashed line) had full recovery (= 100%) of the plaintext. 13*2 "# encryptions of the same 256-byte plaintext. Attempt to recover 16 bytes located at fixed position in plaintext. Byte in position 0 and 17 are known. Interested only in bytes position 1-16 (=cookie). VALIDATION & CONCLUTION IMPORTANT NOTES 11 GENERAL COMMENTS The experimental focus switched to the Double-byte Bias attack. Why? o Single-byte Bias attack successfully recovered fixed plaintext bytes in the initial 256 bytes of the TLS ciphertexts. However, based on modern web browsers these bytes consisted mostly of less interesting HTTP headers rather than cookies. o Double byte bias does not need session re-sumption.

12 o Double byte bias has easier implementation. Use three nodes: ü A legitimate web server (16-byte secure cookies over HTTP). ü A malicious web server (serving malicious JavaScript). ü Client running a web browser (=user). o Experimented various browsers in client (Firefox, Opera, Chrome). o Test of GET, POST, and HEAD requests. Steps for Double byte bias experiment: o Client visit o Client visit o The site contains a malware script with is transfer to the user through the response message. o User/ client run the malicious JavaScript served by the malicious web server. o The JavaScript will direct repeated HTTP requests to the legitimate server and attaches the cookie to each request. The number of encryptions required is important. Around 2 28 to 2 32 of encryptions for reliable recovery is large number. Countermeasures/ Defences: o Discarding the initial keystream bytes output by RC4. o Adding random padding to HTTP requests. o Limiting the lifetime of cookies /the number of times they can be sent. Ø ON THE EFFECTIVE PREVENTION OF TLS MAN-IN-THE-MIDDLE ATTACKS IN WEB APPLICATIONS. 12 USENIX SECURITY Attack methods are rising rapidly. TLS using RC4 encryption is used by every browser and we use it every day through the internet. With this kind of encryption weakness, our personal data ( s, ids, iban, accounts etc) can be compromised due to malicious acts. Consider TLS Man-In-The-Middle (MITM) attacks in the context of web applications. The attacker is able to: Successfully impersonate the legitimate server to the user. Successfully impersonate the user to the server. Goal: Compromise the user s online account and data. Goal: Spying on the user (MITM: Man-in-the-Middle attack). This paper explains the recently proposed client authentication protocols cannot fully prevent such attacks. The objectives of this paper are: Shows that strong client authentication, such as Channel ID-based authentication, can be combined with the concept of server invariance to protect against the attacks. Leverage Channel ID-based authentication combined with server invariance for a novel mechanism SISCA SISCA prevent user impersonation via TLS MITM attacks.

13 SERVER INVARIANCE WHAT IS IT AND HOW IT WORKS? What is it? o Is a security control which accepts that the attacker can successfully impersonate the server and tries to detect if he attacked the connection. o No priori trust is necessary. How it works? Consider a browser s first connection to a particular server: o Scenario 1: The first connection is not intercepted by the attacker. Then, server invariance implies that the attacker is allowed to intercept none of the subsequent connections to that server, because of attacker s lack of public and private keys. o Scenario 2: The first connection is intercepted by the attacker. Then, server invariance implies that the attacker has to intercept all subsequent future connections to that server. àin both scenarios, if the attacker violates server invariance, attacker will be detected. Server invariance protocol consists of two phases: Initialization: o Is executed in the first connection to the server. o Could be intercepted by the attacker. o The browser establishes a point of reference. Verification: o Is executed in subsequent connections to the same server. o The browser verifies that the point of reference remains unchanged, i.e., the browser keeps connecting to the same entity. o Basic SISCA Protocol (see Example) - Notations: ü SISCA Keys: k s1, k s2 ü Browser s and server s Random values: r b, r s respectively ü Browser s Channel Id: cid b 13 Initial phase with no interception from attacker Verification phase with no interception from attacker. Compares the initial reference point with the current.

14 ATTACKER MODELS AND GOALS WHAT IS IT AND HOW IT WORKS? Adversary s Goals: The attacker s goal in a MITM attack is: o Impersonates the user (victim) to the legitimate server to compromise the user s online account and data (spy on the user, abuse his account for malicious purposes). o Only impersonates the server to the user and serves to the user fake content. IMPORTANT: à Which of the above goal is more important to analyse in order to find a defence? Is more likely to analyse the second case of impersonate the server to the user. Is more often scenario. An attacker can hack more users and easier if he pretend that he is a legitimate server. MITM Attack on Channel ID-Based Authentication: Attacker Model: They adopt the attacker model considered by Channel IDs. The adversary is able to position herself suitably on the network and perform a TLS MITM attack between the user and the target web server. In other words, the attacker is able to successfully impersonate only the server to the user. The paper distinguish between two types of MI6TM attackers types. o The MITM + certificate attacker: 1. Holds a valid certificate for the domain of the target web server, binding the identity of the server to the public key, (holds the corresponding private key). The attacker has no access to the private key of the target web server. 2. Holds only an invalid (e.g., self-signed) certificate. The attacker will succeed in impersonating the server to the user if the user ignores the security warnings of the browser. o The MITM + key attacker(weaker attacker): 1. Holds the private key of the legitimate server. (Nothing we can do as a defence) MITM Attack Channel ID-Based Authentication - Initial Login: 14

15 When the user attempts to login to his online account for the first time from a browser, the web server requires that the user authenticates using a strong second factor authentication device (as in PhoneAuth and FIDO Universal 2nd Factor (U2F) protocols) These protocols leverage Channel IDs to secure the intial login process against MITM attacks. As part of the authentication protocol, the client s device compares the Channel ID of the browser to the Channel ID of the TLS connection that the server witnesses. If they are equal, then the browser is directly connected to the web server through TLS, and thus there is no MITM attack taking place. On the other hand, if the Channel IDs differ, then the server is not directly connected to the user s browser. Instead, as shown in Figure 1, there is an attacker in the middle, and the device aborts the authentication protocol, stopping the attack. MITM Attack Channel ID-Based Authentication - Subsequent Logins: Upon successful initial authentication the server sets a cookie to the user s browser, and binds it to the Channel ID of the browser. (A server may create a channel-bound cookie as follows: v, HMAC(k, v cid), where v is the original cookie value, cid is the browser Channel ID and k is a secret key only known to the server, used for computing a MAC over the concatenation of v and cid). The channelbound cookie is considered valid only if it is presented over that particular Channel ID. Therefore, subsequent interaction with the server from that particular browser is protected by the channel-bound cookie. An attacker that manages to steal a channel-bound cookie, cannot use it to impersonate the user to the web server, since he does not know the private key of the correct Channel ID. Figure 2 illustrates this concept. Note that, the client s device is not required for authenticating the user. Attack that a MITM + certificate or MITM + key attacker can perform, which bypasses the security offered by Channel IDs: Assume that the user tries to access the target web server ( ). The attacker proceeds as follows: 15

16 1. He intercepts a TLS connection attempt made by the browser to and by presenting a valid certificate (or invalid with the user ignoring the browser s warning), he successfully impersonates the legitimate server to the browser. 2. Through the established connection, the browser makes an HTTP request to the server. 3. The attacker replies with an HTTP response, which includes a malicious JavaScript code. This script will execute through the client s browser. 4. The attacker closes the intercepted TLS connection. This forces the browser to initiate a new TLS connection to transmit subsequent requests. 5. The attacker allows subsequent TLS connection attempts to pass through, without interfering with them. As a result, once the attacker closes that single intercepted connection, all other connections, existing and new, are directly established between the browser and the legitimate server. 6. The attacker gains full control over the user s session in that particular web application. His script has unrestricted access over the web documents belonging to and can monitor all the client-side activity of the web application. CHANNEL ID o Is a TLS extension. o Is an identification of the same browser across multiple TLS connections. HOW IT WORKS? Example: o A browser visits a TLS-enabled web server for the first time. o It creates a new private/public key pair. o This TLS connection is identified by the corresponding public key, which is linked with a value called Channel ID. o Upon subsequent TLS connections to the same the same web origin, the user s browser uses the same Channel ID. SERVER INVARIANCE WITH STRONG CLIENT AUTHENTICATION HOW IT WORKS? o Independent from rest protocols. o Is executed before any HTTP traffic influenced by the attacker. o They choose to implement it at the Application layer via HTTP header. o Transmitted with the first HTTP request/ response. o Combines Channel ID based client authentication and server invariance. o Prevent the attacker from impersonating the server in the first place. The attacker can neither steal weak user credentials (MITM attack) nor ship malicious JavaScript (MITM-SITB/ Man - In-The-Middle-Script-In-The-Browser). o Strong client authentication (e.g.channel ID based) is not necessary for preventing MITM attacks. o MITM attacker can perform user impersonation via two approaches: 16

17 1. The conventional/ classic MITM attack à the attacker compromises (εκθέτει σε κίνδυνο) the user s credentials and uses them for impersonation. è This attack can be effectively prevented by strong client authentication. 2. The MITM-SITB attack à inject user s browser with malicious script. è Client authentication alone cannot prevent this attack. Resilience of SISCA to MITM-SITB: (conventional MITM is prevented by Channel-ID based authentication). Scenario 1: Explained in a Section above. Scenario 2: IMPORTANT (MENTIONED IN CLASS): Initial phase with interception from attacker. Even if the attacker can do any malware at initial phase (with only SI) action will detect, but the point is to avoid as a user any vulnerability. Combination of SI with Client Authentication the attack at initial phase is avoided by certificate check. 17

18 SISCA BENEFITS AND DRAWBACKS COMMENTS Advantages: o Incremental deployment à SISCA is scalable. à A structural approach, meaning that the started with a basic version of our protocol then they incrementally added features. o MITM + certificate attack prevention. o Autonomous protocol. o No user decision is necessary whenever server invariance violation is detected. o Resists MITM + key attack. Disadvantages: o It only protects against MITM attackers whose goal is to impersonate the user to the server. o It focus on impersonation of the server to the user and not the reverse. Comments: o SISCA can act as an additional, strong protection layer. o SISCA is a combination of existing protocols. o SISCA focuses on amending today s server authentication issues, towards the effective prevention of TLS MITM attacks. IMPORTANT: è Why they didn t focus also to find defences to prevent the impersonation of the user to the server? It is more likely for an attacker to impersonate a legitimate server to a number of users in order to hack and steal personal data of many clients than the reverse case. è Why only the server authentication (by sending a certificate) is optional? Consisted a website e.g. Amazon. If the Amazon would ask for a certificate from each user that wants to connect with it the traffic and the delay would be increase exponentially. Also because, as I mention above, it s more likely for an attacker to impersonates a legitimate server to a user, it is more efficient to verify that the server is the targeted one and legitimate than to verify that the client is not an attacker. 18

On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications

On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications Πανεπιστήμιο Κύπρου Τμήμα Πληροφορικής [ΕΠΛ682 Advanced Security Topics] On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications Όνομα: Φιλίππου Χρίστα Καθηγητής : Δρ. Ηλίας Αθανασόπουλος

More information

On the Effective Prevention of TLS Man-in-the- Middle Attacks in Web Applications

On the Effective Prevention of TLS Man-in-the- Middle Attacks in Web Applications On the Effective Prevention of Man-in-the- Middle Attacks in Web Applications Nikolaos Karapanos and Srdjan Capkun, ETH Zürich https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/karapanos

More information

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.

Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney. Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw

More information

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to 1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats

More information

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic. 15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS

More information

Cryptography (Overview)

Cryptography (Overview) Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography

More information

(2½ hours) Total Marks: 75

(2½ hours) Total Marks: 75 (2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.

More information

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect

More information

WAP Security. Helsinki University of Technology S Security of Communication Protocols

WAP Security. Helsinki University of Technology S Security of Communication Protocols WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP

More information

Cryptography. Summer Term 2010

Cryptography. Summer Term 2010 Cryptography Summer Term 2010 Harald Baier Chapter 3: Pseudo Random Bit Generators and Stream Ciphers Contents Random bits and pseudo random bits Stream ciphers Harald Baier Cryptography h_da, Summer Term

More information

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any

More information

Transport Level Security

Transport Level Security 2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,

More information

Encryption. INST 346, Section 0201 April 3, 2018

Encryption. INST 346, Section 0201 April 3, 2018 Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:

More information

Cryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers

Cryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers Cryptography Dr. Michael Schneider michael.schneider@h-da.de Chapter 10: Pseudorandom Bit Generators and Stream Ciphers December 12, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Random and Pseudorandom

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management

More information

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Data Security and Privacy. Topic 14: Authentication and Key Establishment Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt

More information

Information Security CS526

Information Security CS526 Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for

More information

TLS Security Where Do We Stand? Kenny Paterson

TLS Security Where Do We Stand? Kenny Paterson TLS Security Where Do We Stand? Kenny Paterson (based on joint work with Nadhem AlFardan, Dan Bernstein, Bertram Poettering, Jacob Schuldt) Information Security Group Outline TLS and the TLS Record Protocol

More information

Secure Internet Communication

Secure Internet Communication Secure Internet Communication Can we prevent the Cryptocalypse? Dr. Gregor Koenig Barracuda Networks AG 09.04.2014 Overview Transport Layer Security History Orientation Basic Functionality Key Exchange

More information

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously

More information

Defeating All Man-in-the-Middle Attacks

Defeating All Man-in-the-Middle Attacks Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type

More information

CSE 127: Computer Security Cryptography. Kirill Levchenko

CSE 127: Computer Security Cryptography. Kirill Levchenko CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified

More information

L13. Reviews. Rocky K. C. Chang, April 10, 2015

L13. Reviews. Rocky K. C. Chang, April 10, 2015 L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing

More information

Chapter 6: Contemporary Symmetric Ciphers

Chapter 6: Contemporary Symmetric Ciphers CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?

More information

Information Security CS 526

Information Security CS 526 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric

More information

E-commerce security: SSL/TLS, SET and others. 4.1

E-commerce security: SSL/TLS, SET and others. 4.1 E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:

More information

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

Computer Security 3e. Dieter Gollmann.  Chapter 18: 1 Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter

More information

1-7 Attacks on Cryptosystems

1-7 Attacks on Cryptosystems 1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from

More information

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by

More information

Chapter 6 Contemporary Symmetric Ciphers

Chapter 6 Contemporary Symmetric Ciphers Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on

More information

CPSC 467: Cryptography and Computer Security

CPSC 467: Cryptography and Computer Security CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted

More information

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS

More information

Securing Internet Communication: TLS

Securing Internet Communication: TLS Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases

More information

Chapter 8 Web Security

Chapter 8 Web Security Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client

More information

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/

More information

Public-key Cryptography: Theory and Practice

Public-key Cryptography: Theory and Practice Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of

More information

Full Plaintext Recovery Attack on Broadcast RC4

Full Plaintext Recovery Attack on Broadcast RC4 11 March, 2013 FSE 2013 @ Singapore Full Plaintext Recovery Attack on Broadcast RC4 Takanori Isobe () Toshihiro Ohigashi (Hiroshima University) Yuhei Watanabe () Masakatu Morii () Target Broadcast setting

More information

Double-DES, Triple-DES & Modes of Operation

Double-DES, Triple-DES & Modes of Operation Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES

More information

Transport Layer Security

Transport Layer Security Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols

More information

INSE Lucky 13 attack - continued from previous lecture. Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014)

INSE Lucky 13 attack - continued from previous lecture. Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014) INSE 6150 Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014) Lucky 13 attack - continued from previous lecture The lucky 13 attack on SSL/TLS involves an active attacker who intercepts

More information

1 Achieving IND-CPA security

1 Achieving IND-CPA security ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces

More information

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital

More information

Information Security CS526

Information Security CS526 Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days

More information

CIS 4360 Secure Computer Systems Symmetric Cryptography

CIS 4360 Secure Computer Systems Symmetric Cryptography CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

More information

Summary on Crypto Primitives and Protocols

Summary on Crypto Primitives and Protocols Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance

More information

CSC 774 Network Security

CSC 774 Network Security CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution

More information

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL

CS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?

More information

CSCE 715: Network Systems Security

CSCE 715: Network Systems Security CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are

More information

Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7 Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 7 Stream Ciphers and Random Number Generation The comparatively

More information

Lecture 1 Applied Cryptography (Part 1)

Lecture 1 Applied Cryptography (Part 1) Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication

More information

Transport Layer Security

Transport Layer Security CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa

More information

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional

More information

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS

All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS Mathy Vanhoef and Frank Piessens, KU Leuven USENIX Security 2015 RC4 Intriguingly simple stream cipher WEP WPA-TKIP SSL / TLS PPP/MPPE And

More information

: Practical Cryptographic Systems March 25, Midterm

: Practical Cryptographic Systems March 25, Midterm 650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are

More information

Chapter 4: Securing TCP connections

Chapter 4: Securing TCP connections Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section

More information

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.

OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications. 1 OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications. The toolkit offers a series of command-line tools to perform

More information

Overview. SSL Cryptography Overview CHAPTER 1

Overview. SSL Cryptography Overview CHAPTER 1 CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through

More information

COSC4377. Chapter 8 roadmap

COSC4377. Chapter 8 roadmap Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7

More information

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010 Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange

More information

Network Security Essentials Chapter 2

Network Security Essentials Chapter 2 Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need

More information

Findings for

Findings for Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp

More information

David Wetherall, with some slides from Radia Perlman s security lectures.

David Wetherall, with some slides from Radia Perlman s security lectures. David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive

More information

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018

Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018 Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.

More information

Security: Cryptography

Security: Cryptography Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity

More information

TLSnotary - a mechanism for independently audited https sessions

TLSnotary - a mechanism for independently audited https sessions TLSnotary - a mechanism for independently audited https sessions September 10, 2014 1 Abstract TLSnotary allows a client to provide evidence to a third party auditor that certain web traffic occurred between

More information

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system

More information

Internet security and privacy

Internet security and privacy Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed

More information

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption

Cryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X

More information

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a

More information

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE

More information

DO NOT OPEN UNTIL INSTRUCTED

DO NOT OPEN UNTIL INSTRUCTED CS 378 - Network Security and Privacy Spring 2017 FINAL May 3, 2017 DO NOT OPEN UNTIL INSTRUCTED YOUR NAME: Collaboration policy No collaboration is permitted on this exam. Any cheating (e.g., submitting

More information

Cryptanalysis. Ed Crowley

Cryptanalysis. Ed Crowley Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,

More information

Computers and Security

Computers and Security The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright

More information

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico

Stop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico 1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become

More information

Attacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016

Attacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016 Attacks on SSL/TLS Applied Cryptography Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016 Timeline of attacks on SSL/TLS 2/41 SSLstrip 2010 2011 2012 2013 2014 2015 2016 BEAST POODLE

More information

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message

More information

Password. authentication through passwords

Password. authentication through passwords Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse

More information

Attacks on re-keying and renegotiation in Key Exchange Protocols

Attacks on re-keying and renegotiation in Key Exchange Protocols Eidgenössische Technische Hochschule Zürich Ecole polytechnique fédérale de Zurich Politecnico federale di Zurigo Federal Institute of Technology at Zurich Attacks on re-keying and renegotiation in Key

More information

Evaluating the Security Risks of Static vs. Dynamic Websites

Evaluating the Security Risks of Static vs. Dynamic Websites Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline

More information

05 - WLAN Encryption and Data Integrity Protocols

05 - WLAN Encryption and Data Integrity Protocols 05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks

More information

CSC/ECE 774 Advanced Network Security

CSC/ECE 774 Advanced Network Security Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;

More information

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some 3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption

More information

Securing Network Communications

Securing Network Communications Securing Network Communications Demonstration: Securing network access with Whitenoise Labs identity management, one-time-pad dynamic authentication, and onetime-pad authenticated encryption. Use of Whitenoise

More information

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the

More information

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent

More information

Wireless LAN Security. Gabriel Clothier

Wireless LAN Security. Gabriel Clothier Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group

More information

A Surfeit of SSH Cipher Suites

A Surfeit of SSH Cipher Suites A Surfeit of SSH Cipher Suites Jean Paul Degabriele Information Security Group www.isg.rhul.ac.uk/~psai074 Based in part on slides by Kenny Paterson Outline of this talk Overview of SSH and related work

More information

Network Security Essentials

Network Security Essentials Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science

More information

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL)) Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote

More information

Robust Defenses for Cross-Site Request Forgery

Robust Defenses for Cross-Site Request Forgery University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.

More information

Understanding Traffic Decryption

Understanding Traffic Decryption The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake

More information

Release note Tornaborate

Release note Tornaborate Release note 1.2.6 Tornaborate 2015-09-10 Contents 1 Summary 4 2 Additional important information about this release 5 3 Upgrade 6 3.1 Prerequisites................................... 6 3.2 How to apply

More information

Installation and usage of SSL certificates: Your guide to getting it right

Installation and usage of SSL certificates: Your guide to getting it right Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.

More information

CS61A Lecture #39: Cryptography

CS61A Lecture #39: Cryptography Announcements: CS61A Lecture #39: Cryptography Homework 13 is up: due Monday. Homework 14 will be judging the contest. HKN surveys on Friday: 7.5 bonus points for filling out their survey on Friday (yes,

More information

Computer Security 3/23/18

Computer Security 3/23/18 s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks

More information

DROWN - Breaking TLS using SSLv2

DROWN - Breaking TLS using SSLv2 DROWN - Breaking TLS using SSLv2 Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives

More information

1 Defining Message authentication

1 Defining Message authentication ISA 562: Information Security, Theory and Practice Lecture 3 1 Defining Message authentication 1.1 Defining MAC schemes In the last lecture we saw that, even if our data is encrypted, a clever adversary

More information