DTLS- based Mul/cast Security for Low- Power and Lossy Networks (LLNs) dra$- keoh- dice- mul/cast- security
|
|
- Mavis Carter
- 6 years ago
- Views:
Transcription
1 DTLS- based Mul/cast Security for Low- Power and Lossy Networks (LLNs) dra$- keoh- dice- mul/cast- security Sandeep S. Kumar, Sye Loong Keoh, Oscar Garcia- Morchon, Esko Dijk IETF88 Nov 4, 2013, Berlin sandeep.kumar AT philips.com
2 Group Communica/on Use Cases Light-1 Light-2 Light Switch LoWPAN- 1 LoWPAN- 2 Router-1 (6LoWPAN Border Router) Network Backbone (IPv6 Mul/cast enabled) Light-3 Router-2 (6LoWPAN Border Router) Room- A IP Multicast Group (Room-A-Lights) Source: Group CommunicaNon for CoAP (drar- ies- core- groupcomm) Use- cases Group light control Firmware updates Parameter distribu/on dral- keoh- dice- mul/cast- security 2
3 Mo/va/on & Requirements Group communica/on (in LLNs): also vulnerable to eavesdropping, tampering, message forgery, replay, etc. Limited resources and memory: reduce the number of cryptographic protocols on device. DTLS is chosen security solu/on for unicast CoAP: beneficial for constrained devices if it can be used also for COAP group communica/on. Requirements Goals of this drar Group level data integrity and authen/ca/on Data confiden/ality (op/onal) Replay protec/on Out- of- scope (possible future drar) Data source authen/ca/on: applicanon level, e.g., object security A Group Security Associa/on (GSA): distribute keying materials, specify the ciphersuite for encrypnon and authenncanon Mul/cast key management: update/renew group keys periodically. dral- keoh- dice- mul/cast- security 3
4 Reuse of DTLS Record Layer Assump/ons: Group Security Associa/on (group session key and cipher for authen/ca/on & encryp/on to use) are known to all group members out- of- band. Mul/ple senders and mul/ple listeners/receivers in the group communica/on. Proposal: Each sender gets a unique SenderID (2- byte) either chosen by a controller or randomly or derived from the IPv6 address Fallback mechanism if Sender- ID s are not unique In the DTLS Record Layer, split the 6- byte sequence number field into: 2 bytes Sender ID and 4 bytes truncated sequence number. Content Type Version Major Minor Epoch Sequence Number Encrypted (op/onal) Length DTLS Ciphertext MAC Encrypted (op/onal) Content Type Version Major Minor Sender Sequence Epoch Length DTLS Ciphertext MAC ID Number drar- keoh- dice- mulncast- security 4
5 Why split sequence number? Reuse of nonce breaks security of CCM and GCM modes of opera/on (AEAD ciphersuites in TLS) In (D)TLS struct { opaque salt[4]; opaque nonce_explicit[8]; } CCMNonce; In DTLS specifically struct { uint32 server_write_iv; // low order 32- bits uint64 seq_num; // TLS sequence number } CCMServerNonce. 64- bit sequence number = 16- bit epoch 48- bit seq_num If mul/ple senders send messages with the same key Either synchronize seq. number => hard in prac/ce Provide separate seq. number space for each sender => our approach drar- keoh- tls- mulncast- security 5
6 Protec/ng Group Messages (1) GSA is set out- of- band => DTLS SecurityParameters are set for all senders and listeners All devices derive (or provided out- of- band) the same six DTLS key material client write MAC key server write MAC key client write encrypnon key server write encrypbon key client write IV server write IV For Senders : SecurityParameters.ConnecNonEnd= server For Listeners : SecurityParameters.ConnecNonEnd= client dral- keoh- dice- mul/cast- security 6
7 Protec/ng Group Messages (2) Content Type Version Major Minor Epoch Sequence Number Encrypted (op/onal) Length DTLS Ciphertext MAC Senders Content Type Version Major Minor Encrypted (op/onal) Sender Sequence Epoch Length DTLS Ciphertext MAC ID Number write state is instan/ated with server write parameters. Each sender manages its own epoch and truncated sequence number no synchroniza/on is needed with other senders in the group. Ini/alized to 0. The sender include its Sender ID in the DTLS Record Layer header and increments the truncated sequence number when sending a group message. The epoch will be increased, and the trunc. sequence number will be reset once the group session key is renewed or updated (out- of- scope: to be defined as part of key management) dral- keoh- dice- mul/cast- security 7
8 Protec/ng Group Messages (3) Content Type Version Major Minor Epoch Sequence Number Encrypted (op/onal) Length DTLS Ciphertext MAC Listeners Content Type Version Major Minor Sender Sequence Epoch Length DTLS Ciphertext MAC ID Number Mul/ple read states are instan/ated with server write parameters for each sender linked by SenderID Keying material same but the epoch and the "truncated" sequence number of the last received packets needs to be kept different for different senders. Listeners use the mulncast desnnanon IP address of the packet to lookup the server write key. Message is decrypted and the MAC of the message is checked Using the Sender ID field, receivers retrieve the last used epoch and sequence number to detect replayed messages. If success: update last seen seq number from the SenderID in the read state dral- keoh- dice- mul/cast- security Encrypted (op/onal) 8
9 Other issues (1) Epoch update and change cipher spec security Sequence number wraps need to be handled as part of key management (out of scope) Late joiners (John Foley) Use technique similar to AERO (Authen/cated Encryp/on with Replay protec/on) First seen packet used to ini/alize the epoch&seq number but drop it. Check replay of next messages. What if a chain of packets are being replayed? drar- keoh- tls- mulncast- security 9
10 Other issues (2) SenderIDs are not unique Fallback: All senders are also listeners to the group If sender sees a message from a different device with the same SenderID then stop using SenderID Contact controller and inform about clash - > controller provides new SenderIDs to one or both Use specific ciphersuite suitable for mul/cast AERO (Authen/cated Encryp/on with Replay protec/on) (drar- mcgrew- aero) mode provides inbuilt mechanism to support mul/- senders Should it be mandated as the only ciphersuite for DTLS mul/cast or keep it flexible to support all exis/ng AEAD modes? drar- keoh- tls- mulncast- security 10
11 Summary Group communica/on is olen used in machine- to- machine (M2M) applica/ons. Group communica/on is equally vulnerable and requires security. Preferably re- use exis/ng security protocols on constrained devices in LLNs. Propose to reuse DTLS Record layer to support secure group communica/on, with key management out- of- scope. dral- keoh- dice- mul/cast- security 11
12 Next Steps Is this dral ready to be adopted as a WG document? drar- keoh- dice- mulncast- security 12
Crea:ng a pla>orm of trust Meter data transmission the secure way
Crea:ng a pla>orm of trust Meter data transmission the secure way Chris&an Giroux EUW 2014 Landis+Gyr November 4, 2014 Focus of this presenta&on n The informa:on flow between smart meters and head end
More informationLithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of Things S. Raza, H. Shafagh, etc. IEEE Sensors 2013, Volume 13 1 Mahmoud Kalash 28 March 2016 2 Summary: IEEE Sensors journal 2013. Security problem in
More informationCompression of IPsec AH and ESP Headers for Constrained Environments dra%-raza-6lo-ipsec-04
Compression of IPsec AH and ESP Headers for Constrained Environments dra%-raza-6lo-ipsec-04 {shahid.raza, simon.duquennoy}@sics.se goran.selandaer@ericsson.com 1 Status of the Document First submi
More informationOverview. Basic Components. Internet s Design: Insecure. Network security and defini1ons Brief introduc1on to cryptography
Overview Network and Communica1on Security Network security and defini1ons Brief introduc1on to cryptography Cryptographic hash func1ons Symmetric- key crypto Public- key crypto IP- Sec DNS- Sec 1! 2!
More informationAc,ve a4acks on CPA- secure encryp,on
Online Cryptography Course Authen,cated Encryp,on Ac,ve a4acks on CPA- secure encryp,on Recap: the story so far Confiden'ality: seman,c security against a CPA a4ack Encryp,on secure against eavesdropping
More informationSecurity Embedded CoAP using DTLS for IoT
Security Embedded CoAP using DTLS for IoT Shravya AR 1, Reshma J 2 1 Department of Computer Science BNM Institute of Technology 2 Department of Computer Science BNM Institute of Technology Abstract - The
More informationNetwork and Communica1on Security
Network and Communica1on Security COS 461: Computer Networks Spring 2010 (MW 3:00 4:20 in COS 105) Mike Freedman hgp://www.cs.princeton.edu/courses/archive/spring10/cos461/ 1 Overview Network security
More informationJoining OSCORE groups in ACE
Joining OSCORE groups in ACE draft-tiloca-ace-oscoap-joining-03 Marco Tiloca, RISE SICS Jiye Park, Universität Duisburg-Essen IETF 101, ACE WG, London, March 19 th, 2018 Action points from IETF100 1. Define
More informationLithe: Lightweight Secure CoAP for the Internet of Things
Lithe: Lightweight Secure CoAP for the Internet of Things S. Raza, H. Shafagh, etc. IEEE Sensors 2013, Volume 13 Speaker: Renato Iida, Le Wang 2 Outline Introduction Background CoAP and DTLS 6LoWPAN DTLS
More informationApplica'on-level protocols, AAA, Management, Security
LP-WAN BOF Applica'on-level protocols, AAA, Management, Security Rafa Mar'n Lopez (rafa@um.es) Dan García Carrillo (dan.garcia@um.es) LP-WAN network access control Only authen'cated and authorized nodes
More informationBIER. Bit Indexed Explicit Replica0on. MBONED, IETF 92 Greg Shepherd
BIER Bit Indexed Explicit Replica0on MBONED, IETF 92 Greg Shepherd The BIER Epiphany Only encode the end- receivers in the packet header. Not the intermediate nodes. Assign end- receivers a Bit Posi0on
More informationZigBee IP update IETF 87 Berlin. Robert Cragie
ZigBee IP update IETF 87 Berlin Robert Cragie robert.cragie@gridmerge.com Introduction ZigBee IP is a super specification for an IPv6 stack Umbrella specification for a set of IETF RFCs Aimed at 802.15.4
More informationMul7cast protocols. IP Mul7cast and IGMP SRM (Scalable Reliable Mul7cast) PGM (Pragma7c General Mul7cast)
IP ANYCAST and MULTICAST; OVERLAYS and UNDERLAYS 1 IP Anycast Outline today Mul7cast protocols IP Mul7cast and IGMP SRM (Scalable Reliable Mul7cast) PGM (Pragma7c General Mul7cast) Overlay networks Tunnels
More informationLightweight DTLS Implementation in CoAP-based IoT
Lightweight Implementation in -based IoT Vishwas Lakkundi and Keval Singh Altiux Innovations Pvt. Ltd., Bangalore, India {vishwas.lakkundi, keval.singh}@altiux.com Abstract Security is emerging as a key
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationA Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (draft-jones-perc-private-media-framework-00)
A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (draft-jones-perc-private-media-framework-00) IETF 93 / July 2015 Paul E. Jones Nermeen Ismail David Benham Cisco Agenda Security
More informationRTP Taxonomy & Rela.onships
RTP Taxonomy & Rela.onships dra%- lennox- raiarea- rtp- grouping- taxonomy- 03 IETF 88 @Authors 1 Changes Since - 02 Major re- write Sec.on 2, Concepts, re- structured to a conceptual media chain with
More informationSensitive Information in a Wired World
Sensitive Information in a Wired World CPSC 457/557, Fall 2013 Lecture 11, October 3, 2013 1:00-2:15 pm; AKW 400 http://zoo.cs.yale.edu/classes/cs457/fall13/ Brian A. LaMacchia, used with permission 1
More informationPlaintext-Recovery Attacks Against Datagram TLS
Information Security Group Royal Holloway, University of London 6th Feb 2012 Contents 1 Results 2 3 4 Padding Oracle Realisation Against OpenSSL 5 Attacking the GnuTLS Implementation of DTLS 6 Results
More informationEITF25 Internet- - Techniques and Applica8ons Stefan Höst. L6 Networking and IP
EITF25 Internet- - Techniques and Applica8ons Stefan Höst L6 Networking and IP Data communica8on In reality, the source and des8na8on hosts are very seldom on the same network, for example web surf. Internet
More informationInternet Engineering Task Force (IETF) Request for Comments: ISSN: January 2012
Internet Engineering Task Force (IETF) E. Rescorla Request for Comments: 6347 RTFM, Inc. Obsoletes: 4347 N. Modadugu Category: Standards Track Google, Inc. ISSN: 2070-1721 January 2012 Abstract Datagram
More informationEmbedded Web Services
Nov 1 st, 2011 Embedded Web Services Zach Shelby, Chief Nerd 1 Course Overview Powering M2M with the Internet of Things Industry examples What are Web Services? CoRE - Constrained RESTful Environments
More informationCSCI 1800 Cybersecurity and Interna4onal Rela4ons. Design and Opera-on of the Internet John E. Savage Brown University
CSCI 1800 Cybersecurity and Interna4onal Rela4ons Design and Opera-on of the Internet John E. Savage Brown University Outline Network security The link layer The network layer The transport layer Denial
More informationIoT Roadmap in the IETF. Ines Robles
IoT Roadmap in the IETF Ines Robles 2016 Agenda IETF and IoT Definitions IETF IoT WGs Internet Area: 6lo, 6tisch, lpwan, lwig Routing Area: ROLL Application and Real Time Area: core Security Area: ace
More informationPolitecnico di Milano Advanced Network Technologies Laboratory. Constrained Application Protocol (CoAP)
Politecnico di Milano Advanced Network Technologies Laboratory Constrained Application Protocol (CoAP) 1 Background o GOAL: to enable web- based services in constrained wireless networks n 8 bit micro-
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationDenial of Service prevention in the IoT
Lund, May 19 th, 2015 Marco Tiloca Denial of Service prevention in the IoT Denial of Service (DoS) Main goal Make a victim host unavailable Compromise service availability DoS criteria Consume non renewable
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationMisuse-resistant crypto for JOSE/JWT
Misuse-resistant crypto for JOSE/JWT Neil Madden OAuth Security Workshop, 2018 1 JOSE Content Encryption Methods Provide authenticated encryption AES-CBC with HMAC-SHA2 Requires random 128-bit IV Must
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationLesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 5 TCP/IP suite, TCP and UDP Protocols 1 TCP/IP Suite: Application layer protocols TCP/IP Suite set of protocols with layers for the Internet TCP/IP communication 5 layers: L7, L4, L3, L2 and L1
More informationPKCS #11 Message-Based Encryption and Decryption
PKCS #11 Message-Based Encryption and Decryption Wan-Teh Chang , 2014-03-11 Introduction Message-based encryption refers to the process of encrypting multiple messages using the same encryption
More informationPKCS11 - Message Processing - V1-16 Apr 2014
Message Based Processing Message based processing permits the processing of a single message through a single call to the API. Considering this from the existing API, a message consists of the data processed
More informationNetwork Working Group Request for Comments: Category: Standards Track August 2008
Network Working Group D. Black Request for Comments: 5282 EMC Updates: 4306 D. McGrew Category: Standards Track August 2008 Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet
More informationSecuring IoT applications with Mbed TLS Hannes Tschofenig Arm Limited
Securing IoT applications with Mbed TLS Hannes Tschofenig Agenda Theory Threats Security services Hands-on with Arm Keil MDK Pre-shared secret-based authentication (covered in webinar #1) TLS Protocol
More informationSecurity of Wireless Networks. Srdjan Čapkun Department of Computer Science ETH Zurich
Security of Wireless Networks Srdjan Čapkun Department of Computer Science ETH Zurich Broadcast Authen;ca;on Tesla and ICodes Broadcast Authen;ca;on Broadcast Message Authen;ca;on One sender, a number
More informationConstrained Application Protocol (CoAP) Vilen Looga, M.Sc. Doctoral
Constrained Application Protocol (CoAP) Vilen Looga, M.Sc. Doctoral Student @dcs.aalto Outline Introduction CoAP at a glance Messages Observe Hardware Demo MAMMOTH Conclusions References 50 billion connected
More informationSecure Socket Layer. Security Threat Classifications
Secure Socket Layer 1 Security Threat Classifications One way to classify Web security threats in terms of the type of the threat: Passive threats Active threats Another way to classify Web security threats
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationA Standard- Model Security Analysis of TLS- DHE
A Standard- Model Security Analysis of TLS- DHE Tibor Jager 1, Florian Kohlar 2, Sven Schäge 3, and Jörg Schwenk 2 1 Karlsruhe Ins-tute of Technology 2 Horst Görtz Ins-tute for IT Security, Bochum 3 University
More informationUnderstanding Cryptography and Audi?ng Public Key Infrastructures
Understanding Cryptography and Audi?ng Public Key Infrastructures Rami Elkinawy, Senior Audit Manager, ebay Professional Strategies S31 CRISC CGEIT CISM CISA THE HISTORY OF CRYPTOGRAPHY CRISC CGEIT CISM
More informationBasic elements of IP and its interac2on with Ethernet
Basic elements of IP and its interac2on with Ethernet IP addressing, Forwarding, ARP, ARP poisoning Marco Bonola, Lorenzo Bracciale Corso di Fondamen2 di Re2 e Segnali Prof. Giuseppe Bianchi A.A. 2010
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationMulG-Vendor Key Management with KMIP
MulG-Vendor Key Management with KMIP Tim Hudson CTO Cryptso2 tjh@cryptso2.com GS13A 19-May-2016 1:35pm Key Management 1000011010100100101100101010000010101000101001101001111010001100 Key Management Standards
More informationInternet Engineering Task Force. Intended status: Experimental. E. Harjula CWC, University of Oulu June 11, 2013
Internet Engineering Task Force Internet-Draft Intended status: Experimental Expires: December 13, 2013 P. Porambage P. Kumar A. Gurtov M. Ylianttila E. Harjula CWC, University of Oulu June 11, 2013 Certificate
More informationInternet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho
Internet Security - IPSec, SSL/TLS, SRTP - 29th. Oct. 2007 Lee, Choongho chlee@mmlab.snu.ac.kr Contents Introduction IPSec SSL / TLS SRTP Conclusion 2/27 Introduction (1/2) Security Goals Confidentiality
More informationDeep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3. Richard Wang and Ed Morris May 20, 2016 International Crypto Module Conference
Deep Tech Analysis to AES-GCM in TLS 1.2 and IPSec-v3 Richard Wang and Ed Morris May 20, 2016 International Crypto Module Conference Topics GCM Overview AES-GCM IV Generation FIPS Requirements (IG A.5)
More information[MS-SSRTP]: Scale Secure Real-time Transport Protocol (SSRTP) Extensions
[MS-SSRTP]: Scale Secure Real-time Transport Protocol (SSRTP) Extensions Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications
More informationName-Based Content Routing in Information Centric Networks Using Distance Information
Name-Based Content Routing in Information Centric Networks Using Distance Information J.J. Garcia-Luna-Aceves Palo Alto Research Center UC Santa Cruz jj@soe.ucsc.edu Origins of Routing for Packet Switching
More informationHACKING & INFORMATION SECURITY Presents: - With TechNext
HACKING & INFORMATION SECURITY Presents: - With TechNext We Are The Speakers Sudarshan Pawar Cer.fied Security Expert(C.S.E.) Cer.fied Informa.on Security Specialist (C.I.S.S.) Security Xplained (TechNext
More informationComputer Security 3e. Dieter Gollmann. Security.di.unimi.it/sicurezza1415/ Chapter 16: 1
Computer Security 3e Dieter Gollmann Security.di.unimi.it/sicurezza1415/ Chapter 16: 1 Chapter 16: Communications Security Chapter 16: 2 Agenda Threat model Secure tunnels Protocol design principles IPsec
More informationSecurity Protocols and Infrastructures. Winter Term 2010/2011
Winter Term 2010/2011 Chapter 4: Transport Layer Security Protocol Contents Overview Record Protocol Cipher Suites in TLS 1.2 Handshaking Protocols Final Discussion 2 Contents Overview Record Protocol
More informationNonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic 1 TLS Encryption 1. Asymmetric key exchange RSA, DHE,
More informationSecurity Protocols and Infrastructures
Security Protocols and Infrastructures Dr. Michael Schneider michael.schneider@h-da.de Chapter 8: The Transport Layer Security Protocol (TLS) December 4, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Overview
More informationECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:
C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,
More informationTransport layer and UDP www.cnn.com? 12.3.4.15 CSCI 466: Networks Keith Vertanen Fall 2011 Overview Principles underlying transport layer Mul:plexing/demul:plexing Detec:ng errors Reliable delivery Flow
More informationPKCS #11 Message-Based Encryption and Decryption
PKCS #11 Message-Based Encryption and Decryption Wan-Teh Chang , 2014-05-02 Introduction Message-based encryption refers to the process of encrypting multiple messages using the same encryption
More informationSecuring Your Wireless LAN
Securing Your Wireless LAN Pejman Roshan Product Manager Cisco Aironet Wireless Networking Session Number 1 Agenda Requirements for secure wireless LANs Overview of 802.1X and TKIP Determining which EAP
More informationPKCS11 Message Processing V1.1 5 May 2014
Message Based Processing Message based processing permits the processing of a single message through a single call to the API. Considering this from the existing API, a message consists of the data processed
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationCategory: Standards Track March Extensible Provisioning Protocol (EPP) Transport Over TCP
Network Working Group S. Hollenbeck Request for Comments: 3734 VeriSign, Inc. Category: Standards Track March 2004 Extensible Provisioning Protocol (EPP) Transport Over TCP Status of this Memo This document
More informationKey Nego(a(on Protocol & Trust Router
Key Nego(a(on Protocol & Trust Router dra6- howle:- radsec- knp ABFAB, IETF 80 31 March, Prague. Introduc(on The ABFAB architecture does not require any par(cular AAA strategy for connec(ng RPs to IdPs.
More informationNetwork Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011
Network Security: Broadcast and Multicast Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2011 Outline 1. Broadcast and multicast 2. Receiver access control (i.e. data confidentiality)
More informationPersistent key, value storage
Persistent key, value storage In programs, often use hash tables - E.g., Buckets are an array of pointers, collision chaining For persistant data, minimize # disk accesses - Traversing linked lists is
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationConstrained Application Protocol (CoAP) Vilen Looga, M.Sc. Doctoral
Constrained Application Protocol (CoAP) Vilen Looga, M.Sc. Doctoral Student @dcs.aalto Outline Introduction CoAP at a glance Messages Observe Hardware Demo MAMMOTH Conclusions References 50 billion connected
More informationHAI Network Communication Protocol Description
Home Automation, Inc. HAI Network Communication Protocol Description This document contains the intellectual property of Home Automation, Inc. (HAI). HAI authorizes the use of this information for the
More informationEnabling Multicast IPsec for Internet of Things
Enabling Multicast IPsec for Internet of Things Master s Thesis in Communication Engineering ARGYRO LAMPROUDI SICS, Swedish ICT AB Department of Signals & Systems Chalmers University of Technology Gothenburg,
More informationInternet based IoT connectivity Technologies
Internet based IoT connectivity Technologies ETRI Protocol Engineering Center Yong-Geun Hong(yghong@etri.re.kr) August 20, 2015 Contents Overview IoT Technologies IoT in the viewpoint of Internet IoT connectivity
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationThe ElGamal Public- key System
Online Cryptography Course Dan Boneh Public key encryp3on from Diffie- Hellman The ElGamal Public- key System Recap: public key encryp3on: (Gen, E, D) Gen pk sk m c c m E D Recap: public- key encryp3on
More informationMul$media Networking. #5 Real- Time Transport Protocol Semester Ganjil 2012 PTIIK Universitas Brawijaya
Mul$media Networking #5 Real- Time Transport Protocol Semester Ganjil 2012 PTIIK Universitas Brawijaya Schedule of Class Mee$ng 1. Introduc$on 2. Applica$ons of MN 3. Requirements of MN 4. Coding and Compression
More informationPerformance and overhead evaluation of OSCOAP and DTLS
Performance and overhead evaluation of OSCOAP and DTLS Martin Gunnarsson 1, Tobias Andersson 1, Ludwig Seitz 1 1 RISE SICS AB Box 1263, Kista 16429, Sweden {martin.gunnarsson, tobias.andersson, ludwig.seitz}@ri.se
More informationRevision History Revision 0 (T10/06-225r0): Posted to the T10 web site on 4 May 2006.
To: INCITS T10 Committee From: Matt Ball, Quantum Corporation Date: March 13, 2007 Subject: SSC-3: Key Entry using Encapsulating Security Payload (ESP) Revision History Revision 0 (T10/06-225r0): Posted
More informationRouteBricks: Exploi2ng Parallelism to Scale So9ware Routers
RouteBricks: Exploi2ng Parallelism to Scale So9ware Routers Mihai Dobrescu and etc. SOSP 2009 Presented by Shuyi Chen Mo2va2on Router design Performance Extensibility They are compe2ng goals Hardware approach
More informationSirindhorn International Institute of Technology Thammasat University
1 Name...ID....Section. Seat No.. Sirindhorn International Institute of Technology Thammasat University Midterm Examination: Semester 2/2007 Course Title : CSS 322 Security and Cryptography Instructor
More informationComputer Security Sec4on Week 4: Cryptography
CSE 484 / CSE M 584 Computer Security Sec4on Week 4: Cryptography TA: Thomas Crosley tcrosley@cs Thanks to Franzi Roesner and Adrian Sham for previous slides [Examples/Images thanks to Wikipedia.] Administrivia
More informationSSL/TLS. How to send your credit card number securely over the internet
SSL/TLS How to send your credit card number securely over the internet The security provided by SSL SSL is implemented at level 4 The transport control layer In practice, SSL uses TCP sockets The underlying
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationSecure RTP Library API Documentation. David A. McGrew Cisco Systems, Inc.
Secure RTP Library API Documentation David A. McGrew Cisco Systems, Inc. Contents 1 Overview 1 2 Secure RTP Functions 3 srtp protect().................................... 3 srtp unprotect()..................................
More informationElastic Multicast. Brian Adamson NRL Claudiu Danilov Boeing Joe Macker NRL. dra;- adamson- elas=cmcast November 2013 IETF 88 - Vancouver
Elastic Multicast Brian Adamson NRL Claudiu Danilov Boeing Joe Macker NRL dra;- adamson- elas=cmcast- 00 7 November 2013 IETF 88 - Vancouver Outline Background and Main Concept Protocol Descrip6on Some
More informationLesson 4 RPL and 6LoWPAN Protocols. Chapter-4 L04: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education
Lesson 4 RPL and 6LoWPAN Protocols 1 RPL [Ipv6 Routing Protocol For Low Power Lossy Networks (LLNs)] 2 LLN A constrained nodes network Low data transfer rate Low packet delivery rate in comparison to IP
More informationCCMP Advanced Encryption Standard Cipher For Wireless Local Area Network (IEEE i): A Comparison with DES and RSA
Journal of Computer Science Original Research Paper CCMP Advanced Encryption Standard Cipher For Wireless Local Area Network (IEEE 802.11i): A Comparison with DES and RSA 1 Velayutham, R. and 2 D. Manimegalai
More informationIPv6 Backbone Router draft-thubert-6lo-backbonerouter-02
IPv6 Backbone Router draft-thubert-6lo-backbonerouter-02 Pascal Thubert IETF 94 Yokohama, October 2015 1 General Problem: flooding hinders wireless operations Wireless or IoT device moves: RA RS MLD NS
More informationBasic Internetworking (IP)
Basic Internetworking (IP) CSCI 466: Networks Keith Vertanen Fall 2011 Internetworking Service model Internet protocol (IP) History Packet format Fragmenta?on Global addressing Overview Discovering link-
More informationInternet Engineering Task Force (IETF) October Group Communication for the Constrained Application Protocol (CoAP)
Internet Engineering Task Force (IETF) Request for Comments: 7390 Category: Experimental ISSN: 2070-1721 A. Rahman, Ed. InterDigital Communications, LLC E. Dijk, Ed. Philips Research October 2014 Group
More informationIPv6 Next generation IP
Seminar Presentation IPv6 Next generation IP N Ranjith Kumar 11/5/2004 IPv6 : Next generation IP 1 Network Problems Communication Problem Identification Problem Identification of Networks Logical Addressing
More information1/10/16. RPC and Clocks. Tom Anderson. Last Time. Synchroniza>on RPC. Lab 1 RPC
RPC and Clocks Tom Anderson Go Synchroniza>on RPC Lab 1 RPC Last Time 1 Topics MapReduce Fault tolerance Discussion RPC At least once At most once Exactly once Lamport Clocks Mo>va>on MapReduce Fault Tolerance
More informationChapter 24 Wireless Network Security
Chapter 24 Wireless Network Security Wireless Security Key factors contributing to higher security risk of wireless networks compared to wired networks include: o Channel Wireless networking typically
More informationIntroduc)on to IPv6. Administra)on de Réseaux Dino Lopez h<p://www.i3s.unice.fr/~lopezpac/
Introduc)on to IPv6 Administra)on de Réseaux Dino Lopez h
More informationA MAC protocol for Reliable Broadcast Communica7ons in Wireless Network- on- Chip
A MAC protocol for Reliable Broadcast Communica7ons in Wireless Network- on- Chip Sergi Abadal (abadal@ac.upc.edu) Albert Mestres, Josep Torrellas, Eduard Alarcón, and Albert Cabellos- Aparicio UPC and
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationCIS 6930/4930 Computer and Network Security. Topic 8.1 IPsec
CIS 6930/4930 Computer and Network Security Topic 8.1 IPsec 1 IPsec Objectives Why do we need IPsec? IP V4 has no authentication IP spoofing Payload could be changed without detection. IP V4 has no confidentiality
More information05 - WLAN Encryption and Data Integrity Protocols
05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks
More informationFeedback Week 4 - Problem Set
4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1
More informationSecurity Protocols and Infrastructures. Winter Term 2015/2016
Winter Term 2015/2016 Nicolas Buchmann (Harald Baier) Chapter 8: Transport Layer Security Protocol Key Questions Application context of TLS? Which security goals shall be achieved? Approaches? 2 Contents
More informationNetwork Encryption 3 4/20/17
The Network Layer Network Encryption 3 CSC362, Information Security most of the security mechanisms we have surveyed were developed for application- specific needs electronic mail: PGP, S/MIME client/server
More information6 Cryptographic Operations API
118/202 TEE Internal API Specification Public Release v1.0 6 Cryptographic Operations API This part of the Cryptographic API defines how to actually perform cryptographic operations: Cryptographic operations
More information