Evaluating memory protection of smartcards and similar devices. Wolfgang Killmann, T-Systems GEI GmbH
|
|
- Oscar Charles
- 6 years ago
- Views:
Transcription
1 Evaluating memory protection of smartcards and similar devices Wolfgang Killmann, T-Systems GEI GmbH
2 Motivation of the talk Confidentiality of stored data is a core security feature but memory may be physically read. Combination and binding of data encryption, address scrambling and key protection is crucial. Memory encryption should be seen as security architectural feature. Evaluators shall analyse and assess the effectiveness of memory encryption if physical protection is not sufficiently strong. Conclusions for developers, evaluators, certifier, system designer and costumer.
3 Protection of stored data Layer of data encryption Application layer User data (application specific) Operating system layer used to protect confidentiality depends on Cryptographic key of application User data TSF data Hardware layer used to encrypt and to check integrity confidentiality depends on Cryptographic key of operating system Memory data (SW, user data,tsf data) used to encrypt confidentiality depends on Cryptographic key of memory encryption Secret sharing Physical protection
4 Protection of stored data Vulnerabilities CPU Dedicated and embedded software User data, TSF data ROM E²PROM/ Flash MMU logical address RAM Source of pictures: Ch. Tarnowski: Security Failure In Secure Devices, Black Hat Europe, Ch. Tarnovski, C. Nohl: Reviving smart card analysis, Black Hat Conference, C. De Nardial at al.: Direct Measurements of Charge in Floating Gate Transistor Channels of Flash Memories Using Scanning Capacitance Microscopy, Proceedings of the 32nd International Symposium for Testing and Failure Analysis November 12-16, 2006, Renaissance Austin Hotel, Austin, Texas, USA
5 Memory encryption Definition Memory encryption = cryptographic protection of confidentiality (and integrity) of stored or internally transferred data provided by the security IC comprises data encryption, address encryption, key management Bus encryption may additionally protect internally transferred data.
6 Memory encryption Peculiarities of memory encryption Cryptanalytic attacks on ciphertexts, keys and cryptographic module are parts of more complex attacks aiming on plaintexts of user data Limited resources for the cryptographic module and the time of cryptographic operations ( no limitation for keys or key components!) lightweight cryptographic algorithms no need for interoperability because of internal use only (sufficiently analysed?) proprietary algorithms
7 Memory encryption Principle CPU Physical attacks plaintext Known plaintext attack Chosen text attack Data Encryption (enc & dec) Physical attacks ciphertext Key storage Physical attacks Ciphertext only attack Encrypted Memory MMU Physical attacks map. log. address Address Encryption (enc only) physical address Physical attacks Known plaintext attack Chosen text attack Physical attacks Physical attacks
8 Memory encryption Data encryption an address scrambling plaintext ciphertext substitution transposition Data encryption Address encryption Physical layout of memory
9 Memory encryption Examples of address encryption XOR addr = addrlo gic key phys 1 plaintext-ciphertextpair breaks very easily affine mapping addrphys = Akey1 addrlo gic key 2 >2 plaintext-ciphertextpairs break easily SP network addr = Enc ( addr, key ) phys lo gic more expensive but difficult to predict
10 Memory encryption Key management Goal increase effort of physical attacks for compromising the keys Cryptographic methods split 1 key into n key components (e.g. by xoring n key components) Cryptanalytic methods all n key components must be known Physical protection remains crucial! separate keys and cipher text store key components in EEPROM key Picture: Wikipedia, PeterJohnBishop
11 Evaluation of memory encryption Security objective, SFR, security architecture Informative part of PP/ST and security objectives primary goal: protection of user data and providing security services secondary goal: protection of TSF data, stored and executed software Security functional requirements (SFR) no SFR requiring directly confidentiality protection of stored data FPT_PHP requires physical protection of the other SFR Security architecture non-bypassability: defence against physical reading of memory self-protection: protecting TSF and data against tampering of memory secure initialization: transition from power-off state (encrypted memory) into power-on state (transparent encryption)
12 Vulnerability assessment Memory encryption as part of memory protection Memory encryption is part of the more complex memory protection vulnerability analysis shall cover the full attack path cryptanalysis must consider the concrete preconditions of the attack amount of known ciphertexts information about plaintexts, keys or key components or their parts conditions for active attacks (e.g. chosen plaintext attack) Cryptanalytic assessment of memory encryption necessary if the other security measure are not sufficient to counter the attacks defines conditions for cryptanalytic attacks aiming at plaintexts or memory encryption keys (intermediate step of the complex attack!)
13 Vulnerability analysis Cryptanalysis with standard methods Standard cryptanalytic methods information gathering without key recovery brute force key guessing solving key equations (algebraic attacks) key1 key2 Adaption of standard cryptanalytic attacks more effective, limited amount of data, proprietary cryptographic algorithms meet-in-the-middle for iterated cipher rounds Linear cryptanalysis Differential cryptanalysis classical, trunked, impossible, key3 key n Example substitutionpermutation network
14 Vulnerability analysis Assessment of cryptographic attacks (Factors I) Factors for attack potential calculation more detailed definition for the factors knowledge of the TOE, expertise, equipment and open sample for elapsed time and access to TOE cf. CCDB no changes for the points (they address the whole attack!) Knowledge of the TOE public: algorithm if made public by developer or attacker (cf. DEGATE project) restricted or sensitive: proprietary algorithm as protected by developer critical: long term keys like substitution boxes, group keys Expertise layman: application of public known attacks with public available tools proficient: adaption of public known attacks to specific algorithms expert: development of specific attacks
15 Vulnerability analysis Assessment of cryptographic attacks (Factors II) Equipment none: applicable only if calculation can be performed by hand (e.g. xor) standard: public available software for PC (including GPU and cluster support) specialised: non-public available tools e.g. for proprietary algorithm bespoke: special devices with special software (non-standard key cruncher) Open samples Open samples should not provide access to memory encryption If open samples provide access to memory encryption the developer shall describe functions related to memory encryption available at external interfaces, e.g. key management, export of plaintext-ciphertext pairs,... operational memory encryption keys they contain, e.g. long term keys
16 Vulnerability assessment Conclusion Vulnerability assessment of memory protection may include analysis and assessment of memory encryption if the other security measure alone are not sufficient to counter the attack. Vulnerability analysis of memory encryption by evaluators assesses the cryptanalytic attack effort as part of a complex attack but neither requires nor claims being an comprehensive cryptanalysis The certification body shall review the vulnerability assessment of memory protection including vulnerability analysis of memory encryption as its part confirmation of the resistance against attacks on memory protection cannot be seen as general confirmation of cryptographic strength of their memory encryption
17 Summary of the talk Developer should pay more attention to memory encryption. They may use proprietary algorithms if sufficiently analysed. Evaluators shall analyse and access the effectiveness of memory protection. This should include cryptanalytic assessment of memory encryption if physical protection is not strong enough to counter the attack. Certifier shall support realistic vulnerability assessment by agreed guidance. System designer should reduce the value of successful attack on memory.
18 Thank you for your attention! Any question? Wolfgang Killmann T-Systems GEI GmbH Vorgebirgsstr. 49 D Bonn Germany
Examples for the Calculation of Attack Potential for Smartcards
Examples for the Calculation of Attack Potential for Smartcards Thomas Schröder, T-Systems GEI GmbH on behalf of the JHAS working group Introduction Basis for the examples The work is based on a collection
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More informationWeak Keys of the Full MISTY1 Block Cipher for Related-Key Cryptanalysis
3. 2 13.57 Weak eys for a Related-ey Differential Attack Weak eys of the Full MISTY1 Block Cipher for Related-ey Cryptanalysis Institute for Infocomm Research, Agency for Science, Technology and Research,
More informationApplying the CC V3 ADV Class to Hardware
Applying the CC V3 ADV Class to Hardware Wolfgang Killmann T-Systems GEI GmbH Motivation of the talk The assurance class Development ADV was changed significant from CC version 2.3 to CC version 3.0 to
More informationAttack on DES. Jing Li
Attack on DES Jing Li Major cryptanalytic attacks against DES 1976: For a very small class of weak keys, DES can be broken with complexity 1 1977: Exhaustive search will become possible within 20 years,
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationInternational Journal for Research in Applied Science & Engineering Technology (IJRASET) Performance Comparison of Cryptanalysis Techniques over DES
Performance Comparison of Cryptanalysis Techniques over DES Anupam Kumar 1, Aman Kumar 2, Sahil Jain 3, P Kiranmai 4 1,2,3,4 Dept. of Computer Science, MAIT, GGSIP University, Delhi, INDIA Abstract--The
More informationOnce upon a time... A first-order chosen-plaintext DPA attack on the third round of DES
A first-order chosen-plaintext DPA attack on the third round of DES Oscar Reparaz, Benedikt Gierlichs KU Leuven, imec - COSIC CARDIS 2017 Once upon a time... 14 November 2017 Benedikt Gierlichs - DPA on
More informationHow microprobing can attack encrypted memory
How microprobing can attack encrypted memory Sergei Skorobogatov http://www.cl.cam.ac.uk/~sps32 email: sps32@cam.ac.uk Introduction Hardware Security research since 1995 testing microcontrollers and smartcards
More informationCryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles
Cryptography and Network Security Chapter 3 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working
More informationCSc 466/566. Computer Security. 6 : Cryptography Symmetric Key
1/56 CSc 466/566 Computer Security 6 : Cryptography Symmetric Key Version: 2012/02/22 16:14:16 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationSecret Key Algorithms (DES)
Secret Key Algorithms (DES) G. Bertoni L. Breveglieri Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used
More informationBlock Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan
Block Ciphers and the Data Encryption Standard (DES) Modified by: Dr. Ramzi Saifan Block ciphers Keyed, invertible Large key space, large block size A block of plaintext is treated as a whole and used
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationDataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.
Submitted by SPYRUS, Inc. Contents DT5000 and DT6000 Technology Overview...2 Why DT5000 and DT6000 Encryption Is Different...3 Why DT5000 and DT6000 Encryption Is Different - Summary...4 XTS-AES Sector-Based
More informationRating Attack Potential for Smartcards
Rating Attack Potential for Smartcards Alain MERLE, CEA-LETI Technical manager of CESTI LETI on behalf of ISCI (JHAS) group CESTI LETI 1 The ISCI group (International Security Certification Initiative)
More informationSyrvey on block ciphers
Syrvey on block ciphers Anna Rimoldi Department of Mathematics - University of Trento BunnyTn 2012 A. Rimoldi (Univ. Trento) Survey on block ciphers 12 March 2012 1 / 21 Symmetric Key Cryptosystem M-Source
More informationUpdate of German Guidance for RNG Evaluation. Wolfgang Killmann T-Systems
Update of German Guidance for RNG Evaluation Wolfgang Killmann T-Systems Motivation Why random number generators? Randomness The outcome of random experiments are unpredictable. Outcomes of ideal random
More informationCryptanalysis. Ed Crowley
Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,
More informationSecret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34
Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34 Definition a symmetric key cryptographic algorithm is characterized by having the same key used for both encryption and decryption.
More informationCryptography ThreeB. Ed Crowley. Fall 08
Cryptography ThreeB Ed Crowley Fall 08 Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types Cryptanalysis. Science of cracking ciphers and codes, decoding secrets,
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationComputer and Data Security. Lecture 3 Block cipher and DES
Computer and Data Security Lecture 3 Block cipher and DES Stream Ciphers l Encrypts a digital data stream one bit or one byte at a time l One time pad is example; but practical limitations l Typical approach
More informationCRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext
CRYPTOLOGY CRYPTOGRAPHY KEY MANAGEMENT CRYPTANALYSIS Cryptanalytic Brute-Force Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext 58 Types of Cryptographic Private key (Symmetric) Public
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationLecture 4: Symmetric Key Encryption
Lecture 4: Symmetric ey Encryption CS6903: Modern Cryptography Spring 2009 Nitesh Saxena Let s use the board, please take notes 2/20/2009 Lecture 1 - Introduction 2 Data Encryption Standard Encrypts by
More informationLecture 3: Symmetric Key Encryption
Lecture 3: Symmetric Key Encryption CS996: Modern Cryptography Spring 2007 Nitesh Saxena Outline Symmetric Key Encryption Continued Discussion of Potential Project Topics Project proposal due 02/22/07
More informationCryptographic Modules, Security Level Moderate. Endorsed by the Bundesamt für Sicherheit in der Informationstechnik
Common Criteria Protection Profile Cryptographic Modules, Security Level Moderate BSI-PP-0042 Endorsed by the Foreword This Protection Profile - Cryptographic Modules, Security Level Moderate - is issued
More informationExternal Encodings Do not Prevent Transient Fault Analysis
External Encodings Do not Prevent Transient Fault Analysis Christophe Clavier Gemalto, Security Labs CHES 2007 Vienna - September 12, 2007 Christophe Clavier CHES 2007 Vienna September 12, 2007 1 / 20
More informationEnhancing the Well-Defined and Successful ETR for Composition Approach
Enhancing the Well-Defined and Successful ETR for Composition Approach Monique Bakker, Olaf Tettero 11 September 2013; commoncriteria@brightsight.com Goal of this presentation 1. What should be the content
More informationOn the Design of Secure Block Ciphers
On the Design of Secure Block Ciphers Howard M. Heys and Stafford E. Tavares Department of Electrical and Computer Engineering Queen s University Kingston, Ontario K7L 3N6 email: tavares@ee.queensu.ca
More informationRNGs for Resource-Constrained Devices
RNGs for Resource-Constrained Devices Werner Schindler Bundesamt für Sicherheit in der Informationstechnik (BSI), Bonn, Germany Bochum, November 6, 2017 Outline Crypto for IoT: some general thoughts RNGs
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationClassical Cryptography. Thierry Sans
Classical Cryptography Thierry Sans Example and definitions of a cryptosystem Caesar Cipher - the oldest cryptosystem A shift cipher attributed to Julius Caesar (100-44 BC) MEET ME AFTER THE TOGA PARTY
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationStream Ciphers An Overview
Stream Ciphers An Overview Palash Sarkar Indian Statistical Institute, Kolkata email: palash@isicalacin stream cipher overview, Palash Sarkar p1/51 Classical Encryption Adversary message ciphertext ciphertext
More information3 rd SKINNY Breaking Competition
3 rd SKINNY Breaking Competition C. Beierle, J. Jean, S. Kӧlbl, G. Leander, A. Moradi, T. Peyrin, Y. Sasaki, P. Sasdrich and S.M. Sim Eurocrypt 2018 Rump Session@ Tel Aviv 01/May/2018 SKINNY Overview Lightweight
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Secret Key Cryptography Block cipher DES 3DES
More informationMulti-Stage Fault Attacks
Multi-Stage Fault Attacks Applications to the Block Cipher PRINCE Philipp Jovanovic Department of Informatics and Mathematics University of Passau March 27, 2013 Outline 1. Motivation 2. The PRINCE Block
More informationApplied IT Security. Device Security. Dr. Stephan Spitz 10 Development Security. Applied IT Security, Dr.
Applied IT Security Device Security Dr. Stephan Spitz Stephan.Spitz@gi-de.com Overview & Basics System Security Network Protocols and the Internet Operating Systems and Applications Operating System Security
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationComposite Evaluation for Smart Cards and Similar Devices
Composite Evaluation for Smart Cards and Similar Devices ISCI-WG1 and T-Systems GEI GmbH Composite EAL Certificate 25th-27th September, 2007, page 1. What are we speaking about? Motivation Terminology
More informationDifferential Cryptanalysis
Differential Cryptanalysis See: Biham and Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer Verlag, 1993. c Eli Biham - March, 28 th, 2012 1 Differential Cryptanalysis The Data
More information6. Symmetric Block Cipher BLOWFISH Performance. Memory space. 3. Simplicity The length of the key. The length of the data block is 64.
belongs to the same class of conventional symmetric ciphers. The basic principles of have been published in 1994 by Bruce Schneier, as an alternative to the Data encryption standard (DES) to satisfy the
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationAN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT
AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT 1 MANIKANDAN.G, 2 MANIKANDAN.R, 3 RAJENDIRAN.P, 4 KRISHNAN.G, 5 SUNDARGANESH.G 1 Assistant Professor, School of Computing, SASTRA University,
More informationIntroduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014
Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014 Page 1 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers Permutation ciphers
More informationCOMMON CRITERIA CERTIFICATION REPORT
COMMON CRITERIA CERTIFICATION REPORT Dell Data Protection Encryption Personal Edition Version 8.14.0 383-4-416 2 October 2017 v1.1 Government of Canada. This document is the property of the Government
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationA Weight Based Attack on the CIKS-1 Block Cipher
A Weight Based Attack on the CIKS-1 Block Cipher Brian J. Kidney, Howard M. Heys, Theodore S. Norvell Electrical and Computer Engineering Memorial University of Newfoundland {bkidney, howard, theo}@engr.mun.ca
More informationP2_L6 Symmetric Encryption Page 1
P2_L6 Symmetric Encryption Page 1 Reference: Computer Security by Stallings and Brown, Chapter 20 Symmetric encryption algorithms are typically block ciphers that take thick size input. In this lesson,
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationSecurity Requirements
Message Authentication and Hash Functions CSCI 454/554 Security Requirements disclosure traffic analysis masquerade content modification sequence modification timing modification source repudiation destination
More information1-7 Attacks on Cryptosystems
1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from
More informationPARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE
PARAMETRIC TROJANS FOR FAULT-BASED ATTACKS ON CRYPTOGRAPHIC HARDWARE Raghavan Kumar, University of Massachusetts Amherst Contributions by: Philipp Jovanovic, University of Passau Wayne P. Burleson, University
More informationJoint Interpretation Library. Management of. Code Disclosure and Software IP Reuse
Management of Code Disclosure and Software IP Reuse CARRYING OUT IMPACT AND VULNERABILITY ANALYSIS IN CASE OF REUSE OF SOFTWARE IP DISCLOSURE OF SOFTWARE AND FIRMWARE Version 1.2 November 2017 Management
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationWenling Wu, Lei Zhang
LBlock: A Lightweight Block Cipher Wenling Wu, Lei Zhang Institute t of Software, Chinese Academy of Sciences 09-Jun-2011 Outline Background and Previous Works LBlock: Specification Design Rationale Security
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Next Topic in Cryptographic Tools Symmetric key encryption Asymmetric key encryption Hash functions and
More informationJournal of Global Research in Computer Science A UNIFIED BLOCK AND STREAM CIPHER BASED FILE ENCRYPTION
Volume 2, No. 7, July 2011 Journal of Global Research in Computer Science RESEARCH PAPER Available Online at www.jgrcs.info A UNIFIED BLOCK AND STREAM CIPHER BASED FILE ENCRYPTION Manikandan. G *1, Krishnan.G
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationA Modified Playfair Encryption Using Fibonacci Numbers
A Modified Playfair Encryption Using Fibonacci Numbers Mohd Vasim Ahamad 1, Maria Masroor 2, Urooj Fatima 3 Aligarh Muslim University (India) ABSTRACT With the technology advancements and easy availability
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationSymmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.
Symmetric Key Algorithms Definition A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting. 1 Block cipher and stream cipher There are two main families
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationCertification Report
Certification Report EAL 4+ Evaluation of WatchGuard and Fireware XTM Operating System v11.5.1 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationCryptanalysis. Andreas Klappenecker Texas A&M University
Cryptanalysis Andreas Klappenecker Texas A&M University How secure is a cipher? Typically, we don t know until it is too late Typical Attacks against Encryption Algorithms Ciphertext only attack: The attacker
More informationDeKaRT: A New Paradigm for Key-Dependent Reversible Circuits
DeKaRT: A New Paradigm for Key-Dependent Reversible Circuits Jovan D. Golić System on Chip, Telecom Italia Lab Telecom Italia Via Guglielmo Reiss Romoli 274, I-00148 Turin, Italy jovan.golic@tilab.com
More informationCryptography and Network Security. Sixth Edition by William Stallings
Cryptography and Network Security Sixth Edition by William Stallings Chapter 3 Block Ciphers and the Data Encryption Standard All the afternoon Mungo had been working on Stern's code, principally with
More informationA New Technique for Sub-Key Generation in Block Ciphers
World Applied Sciences Journal 19 (11): 1630-1639, 2012 ISSN 1818-4952 IDOSI Publications, 2012 DOI: 10.5829/idosi.wasj.2012.19.11.1871 A New Technique for Sub-Key Generation in Block Ciphers Jamal N.
More informationSome Aspects of Block Ciphers
Some Aspects of Block Ciphers Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in CU-ISI Tutorial Workshop on Cryptology, 17 th July 2011 Palash Sarkar
More informationIntroduction to Cryptology Dr. Sugata Gangopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Roorkee
Introduction to Cryptology Dr. Sugata Gangopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Roorkee Lecture 09 Cryptanalysis and its variants, linear attack Welcome
More informationCHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY. Badran Awad Computer Department Palestine Technical college
CHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY Badran Awad Computer Department Palestine Technical college CHAPTER 1 Introduction Historical ciphers Information theoretic security Computational security Cryptanalysis
More informationData Encryption Standard
ECE 646 Lecture 7 Data Encryption Standard Required Reading W. Stallings, "Cryptography and Network-Security," 5th Edition, Chapter 3: Block Ciphers and the Data Encryption Standard Chapter 6.1: Multiple
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Encryption & Decryption Key (K) Plaintext (P) Encrypt (E) Ciphertext (C) C = E K (P) Same Key (K) Ciphertext (C) Decrypt (D) Plaintext (P) P = D K (C)
More informationCIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)
CIS 6930/4930 Computer and Network Security Topic 3.1 Secret Key Cryptography (Cont d) 1 Principles for S-Box Design S-box is the only non-linear part of DES Each row in the S-Box table should be a permutation
More information3GPP TS V4.0.0 ( )
TS 35.205 V4.0.0 (2001-04) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the MILENAGE Algorithm Set:
More informationCertification Report
Certification Report EMC NetWorker v8.0.1.4 Issued by: Communications Security Establishment Canada Certification Body Canadian Common Criteria Evaluation and Certification Scheme Government of Canada,
More informationA Methodology for Differential-Linear Cryptanalysis and Its Applications
A Methodology for Differential-Linear Cryptanalysis and Its Applications Jiqiang Lu Presenter: Jian Guo Institute for Infocomm Research, Agency for Science, Technology and Research, 1 Fusionopolis Way,
More informationCSC 580 Cryptography and Computer Security
CSC 580 Cryptography and Computer Security Encryption Concepts, Classical Crypto, and Binary Operations January 30, 2018 Overview Today: Cryptography concepts and classical crypto Textbook sections 3.1,
More informationBlock Ciphers and Data Encryption Standard. CSS Security and Cryptography
Block Ciphers and Data Encryption Standard CSS 322 - Security and Cryptography Contents Block Cipher Principles Feistel Structure for Block Ciphers DES Simplified DES Real DES DES Design Issues CSS 322
More informationCryptography and Network Security Block Ciphers + DES. Lectured by Nguyễn Đức Thái
Cryptography and Network Security Block Ciphers + DES Lectured by Nguyễn Đức Thái Outline Block Cipher Principles Feistel Ciphers The Data Encryption Standard (DES) (Contents can be found in Chapter 3,
More informationBlock Ciphers Tutorial. c Eli Biham - May 3, Block Ciphers Tutorial (5)
Block Ciphers Tutorial c Eli Biham - May 3, 2005 146 Block Ciphers Tutorial (5) A Known Plaintext Attack on 1-Round DES After removing the permutations IP and FP we get: L R 48 K=? F L R c Eli Biham -
More information7. Symmetric encryption. symmetric cryptography 1
CIS 5371 Cryptography 7. Symmetric encryption symmetric cryptography 1 Cryptographic systems Cryptosystem: t (MCKK GED) (M,C,K,K,G,E,D) M, plaintext message space C, ciphertext message space K, K, encryption
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More information2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography
CS 472 Network and System Security Mohammad Almalag malmalag@cs.odu.edu Lecture 2 January 22, 2013 Introduction To Cryptography 1 Definitions Cryptography = the science (art) of encryption Cryptanalysis
More informationRelated-key Attacks on Triple-DES and DESX Variants
Related-key Attacks on Triple-DES and DESX Variants Raphael C.-W. han Department of Engineering, Swinburne Sarawak Institute of Technology, 1st Floor, State Complex, 93576 Kuching, Malaysia rphan@swinburne.edu.my
More informationA New Approach for Improving Data Security using Iterative Blowfish Algorithm
Research Journal of Applied Sciences, Engineering And Technology 4(6): 603-607, 2012 ISSN: 2040-7467 Maxwell Scientific Organization, 2012 Submitted: September 29, 2011 Accepted: November 15, 2011 Published:
More informationCanon MFP Security Chip. ISO/IEC Security Policy
Canon MFP Security Chip ISO/IEC 19790 Security Policy Version 1.07 2016/12/26 Canon Inc. 1 Table of Contents 2 List of Figures Date of Issue: 2016/12/26 Figure 1 Exterior of Canon MFP Security Chip (FK4-1731A)...
More information