Network Security. Chapter 4 Symmetric Encryption. Cornelius Diekmann With contributions by Benjamin Hof. Technische Universität München
|
|
- Marjory James
- 5 years ago
- Views:
Transcription
1 Networ Security Chapter 4 Symmetric Encryption Cornelius Diemann With contributions by Benjamin Hof Lehrstuhl für Netzarchiteturen und Netzdienste Institut für Informati Version: October 29, 2015 IN2101, WS 15/16, Networ Security 1
2 Symmetric Encryption IN2101, WS 15/16, Networ Security 2
3 Symmetric Encryption Alice and Bob share a secret ey Implicit assumption: Only Alice and Bob now The ey is symmetric Alice and Bob share the same The ey is used to encrypt and decrypt Terminology Plaintext m The message itself Ciphertext c The encrypted plaintext Encryption: c = Enc (m) Decryption: m = Dec (c) Basic correctness requirement: Dec (Enc (m)) = m IN2101, WS 15/16, Networ Security 3
4 Example Alice nows m c m Bob Enc Dec nows m = This is networ security = 95 eb 50 0c f 88 8a f7 0b dd fb d7 64 c = ad 5c 66 d3 55 be c d2 75 3d 93 da fe d ac c1 2c e b4 82 2c b2 Enc = AES-128-ECB What security goals can we fulfill? Confidentiality? Yes. Integrity? No! An attacer could alter c. Authenticity? No. Who are Alice and Bob anyway? Maybe Rogue-Alice is claiming to be Alice? IN2101, WS 15/16, Networ Security 4
5 Example for Enc and Dec: One-Time-Pad IN2101, WS 15/16, Networ Security 5
6 One-Time-Pad: A Perfect Cipher Assumption: Alice and Bob share a perfectly random bitstream otp. = otp Enc otp (m) = m otp Dec otp (c) = c otp Chec: Dec otp (Enc otp (m)) = Dec otp (m otp) = (m otp) otp = m Requirements: Key must have same size as message. Key must only be used once. Note: denotes XOR IN2101, WS 15/16, Networ Security 6
7 Security of Ciphers IN2101, WS 15/16, Networ Security 7
8 Kerchoff s principle The cipher method must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience. In other words: The cipher (encryption algorithm) is public. Only the ey is secret. IN2101, WS 15/16, Networ Security 8
9 Examples of secure real-world ciphers AES 3DES ChaCha20 One-Time-Pad Why can we trust them? They have been publicly reviewed, analyzed by cryptographers, and standardized. Well-tested implementations are available in your library Using them securely: 1 RTFM 2 eep the ey secret (Kerchoff s principle) IN2101, WS 15/16, Networ Security 9
10 Repetition: Dos and Don ts Do Do use standardized ciphers from your library Be aware of the dangers Unliely: A well-established cipher is broen or bacdoored Liely: Wrong usage of the cipher compromises security (RTFM)! Don t Don t implement your own cipher. It will be broen, I guarantee! Don t claim it s encrypted, it is secure. Forgetting integrity and authenticity may be worse than any information leaage! Don t forget about ey management. IN2101, WS 15/16, Networ Security 10
11 Attacing Symmetric Ciphers IN2101, WS 15/16, Networ Security 11
12 Attacing Symmetric Ciphers Goal: given c, learn something about m Note: if something about can be learned, the attac is successful. Why? Attac Scenarios: Ciphertext-only-attac Attcer nows c Known-plaintext attac For a fixed, the attacer got a pair (m, c) and tries to learn something about other ciphertexts Chosen-plaintext and chosen-ciphertext attac. similar to previous attac, but attacer can chose m or c freely Examples in networs passively sniffing attacer: usually ciphertext-only attacing a server: chosen-plaintext replaying eavesdropped modified messages: chosen-ciphertext IN2101, WS 15/16, Networ Security 12
13 Security of Ciphers Disclaimer: hand-waving idea. This is not a cryptography course. A cipher is secure if the best nown attac is brute-forcing all eys. Brute-Force: exhaustively testing all eys Good eysize (symmetric cipher): 128 bit A 10 Ghz CPU with 1 encryption operation per cycle needs about years to brute-force the whole ey space. On average, only half of the possible eys must be tried,... only years necessary IN2101, WS 15/16, Networ Security 13
14 Example: Security of One-Time-Pad IN2101, WS 15/16, Networ Security 14
15 One-Time-Pad: A Perfect Cipher c of length(c) can be decrypted to any m of length length(c) Only nowledge of reveals the right m OTP is a perfect cipher Attac scenarios in details Ciphertext-only: No attac possible; any possible plaintext can be generated with the ciphertext. Pairs of c and m don t help: The otp can be calculated, but this otp won t be reused! Any statistical attac: due to otp, the ciphertext is perfectly random! IN2101, WS 15/16, Networ Security 15
16 One-Time-Pad: Drawbacs Necessary ey length in bits: length() = length(m) must not be reused Wish list for practical ciphers length() length(m) Key of fixed length, e.g. 128 bit Key reusable for several messages Unavoidable implication (for length(m) length()): Brute-forcing: 2 length() instead of 2 length(c) for otp. Ciphertext-only attac succeeds w.h.p. when a is found which decrypts c to an intelligible m. If m is not perfectly random, c cannot be perfectly random Cipher is still secure IN2101, WS 15/16, Networ Security 16
17 Example: An Insecure Cipher IN2101, WS 15/16, Networ Security 17
18 Example: icry insecure cryptographic cipher B 4 ey of length 4 bit Split m into blocs of 4 bit each: m = m 1 m 2 m 3... Encrypt each bloc individually with Enc (m i ) = m = Dec (c i ) Example: encrypting L m = ord( L ) = 0x4c = 0100b 1100 b = 1010b c = 0xe6 (not an ASCII char) m 1 :0100 m 2 :1100 :1010 :1010 c 1 :1110 c 2 :0110 IN2101, WS 15/16, Networ Security 18
19 Example: Attacing icry Known-plaintext attac Attacer nows: (m, c) = (0100b 1100 b, 1110 b 0110 b ) Attacer can compute = 0100 b 1110 b = 1010 b or = 1100 b 0110 b = 1010 b Attacer can now read all future messages encrypted with this IN2101, WS 15/16, Networ Security 19
20 Example: Attacing icry Ciphertext-only attac: Attacer nows: c = 1110 b 0110 b m = Dec (c) ASCII value [not an ASCII char] [not an ASCII char] [not an ASCII char] [not an ASCII char] [not an ASCII char] [not an ASCII char] [not an ASCII char] [not an ASCII char] n [non-printable ASCII char] L ] * ; [non-printable ASCII char] [non-printable ASCII char] Attacer brute-forces the small ey space Intelligible decryptions: n and L Possible eys: 1000 b or 1010 b Attacer needs more ciphertext to improve the guess of the correct ey (because is reused) IN2101, WS 15/16, Networ Security 20
21 Bloc and Stream Ciphers IN2101, WS 15/16, Networ Security 21
22 Bloc and Stream Cipher Assumes: shared symmetric of fixed length Bloc cipher Encrypts and decrypts inputs of length n to outputs of length n Bloc length n Examples: AES, 3DES Stream cipher Generates a random bitstream, called eystream c = eystream m Examples: ChaCha20, RC4 (broen!) IN2101, WS 15/16, Networ Security 22
23 Example: Bloc Cipher AES-128 AES-128 blocs size: 128 bit (16 bytes) ey size: 128 bit m = This is networ. len(m) = 16 bytes = 128 truly random bits Enc (m) = 2d 3c ab 1b a ec e8 1d 56 0d 09 2b f6 77 IN2101, WS 15/16, Networ Security 23
24 Example: Some Stream Cipher m = HELLO = c 4c 4f = streamcipher.get eystream bytes(5) = 12 a7 f Enc (m) = m = 5a e2 b5 4b 1a IN2101, WS 15/16, Networ Security 24
25 Interlude: Which Crypto Cipher should I use? Probably AES Reasons to use AES Fast: 200 MBit/s in software and > 2 GB/s with Intel AES-NI Hardware implementations for embedded devices available A well-tested implementation is available in your library Secure (attacs exist, but AES is practically secure) AES seems to be the best we have, and it is among the most researched algorithms IN2101, WS 15/16, Networ Security 25
26 Modes of Encryption IN2101, WS 15/16, Networ Security 26
27 Modes of Encryption: Motivation Bloc ciphers handle messages of length x Problem: length(m) x Solution: Modes of Encryption We split m into blocs m i where length(m i ) = x m = m 1 m 2... m n if length(m) is not a multiple of x, the last bloc is filled up Technical Term: padding IN2101, WS 15/16, Networ Security 27
28 Electronic Code Boo Mode ECB c i = Enc (m i ) m 1 m 2... m n Enc Enc... Enc c 1 c 2... c n IN2101, WS 15/16, Networ Security 28
29 ECB Example m = This is networ.this is networ.security Enc = AES-128, mode = ECB c = 2d 3c ab 1b a ec e8 1d 56 0d 09 2b f6 77 2d 3c ab 1b a ec e8 1d 56 0d 09 2b f ea 2c e7 40 db 06 a c 37 0b Why are line 1 and line 2 identical? m 1 = This is networ. m 2 = This is networ. m 3 = Security + padding IN2101, WS 15/16, Networ Security 29
30 ECB Drawbac Identical plaintext blocs are encrypted to identical ciphertext! IN2101, WS 15/16, Networ Security 30
31 Cipher Bloc Chaining Mode CBC m 1 m 2... m n IV c n 1 Enc Enc... Enc c 1 c 2... c n IN2101, WS 15/16, Networ Security 31
32 CBC Discussion CBC Encrypt: c i = Enc (c i 1 m i ) Why the with the previous bloc? Identical plaintext blocs are encrypted to non-identical ciphertext c 0 = IV What is the use of the IV (initialization vector)? Completely identical messages are encrypted to non-identical ciphertexts IV may be public IV must be fresh IN2101, WS 15/16, Networ Security 32
33 CBC Example Sending m encrypted over UDP, using CBC. m is split into blocs for the bloc cipher. m = m 1 m 2 m 3 m 4 m 5 m 6 m is split over two UDP pacets. A new and random IV is put in clear at the beginning of the payload of every pacet. IP header UDP header IV 1 c 1 c 2 c 3 IP header UDP header IV 2 c 4 c 5 c 6 IN2101, WS 15/16, Networ Security 33
34 CBC Decrypt CBC Encrypt: c i = Enc (c i 1 m i ) c 0 = IV Let s do the math: c i = Enc (c i 1 m i ) Dec (c i ) = Dec (Enc (c i 1 m i )) Dec (c i ) = c i 1 m i Dec (c i ) c i 1 = m i CBC-Decrypt: m i = c i 1 Dec (c i ) IN2101, WS 15/16, Networ Security 34
35 CBC Decrypt c 1 c 2... c n Dec Dec... Dec IV c n 1 m 1 m 2... m n IN2101, WS 15/16, Networ Security 35
36 Output Feedbac Mode OFB IV n 1 Enc Enc... Enc 1 2 n m 1 c 1 m 2 c 2... m n c n Transforms a bloc cipher into a stream cipher. IV may be public but must be fresh. IN2101, WS 15/16, Networ Security 36
37 OFB Decrypt IV n 1 Enc Enc... Enc 1 2 n c 1 m 1 c 2 m 2... c n m n IN2101, WS 15/16, Networ Security 37
38 Counter Mode CTR ctr i = IV i ctr 1 ctr 2 ctr n Enc Enc... Enc m 1 c 1 m 2 c 2... m n c n Transforms a bloc cipher into a stream cipher. IV may be public but must be fresh. IN2101, WS 15/16, Networ Security 38
39 CTR Decrypt ctr 1 ctr 2 ctr n Enc Enc... Enc c 1 m 1 c 2 m 2... c n m n IN2101, WS 15/16, Networ Security 39
40 Literature Jonathan Katz and Yehuda Lindell, Introduction to Modern Cryptography, 2nd edition, CRC Press, 2015 = recommended Filippo Valsorda, The ECB Penguin, PyTux Blog, 2013, Günter Schäfer, Security in Fixed and Wireless Networs: An Introduction to Securing Data Communications, Wiley, 2004 Günter Schäfer, Netzsicherheit, dpunt, 2003 IN2101, WS 15/16, Networ Security 40
Bob k. Alice. CS 558 Lecture Deck(c) = c k. Continuation of Encryption
CS 558 Lecture 1-26-2017 Continuation of Encryption Review: Schemes - how we do encryption and/or decryption Definition of what it means to be secure(sometimes use to analyze a system) Proof that the scheme
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography Is n n A tremendous tool The basis for many security mechanisms Is not n n n n The solution to all security problems Reliable unless implemented properly Reliable
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationCS 161 Computer Security. Week of September 11, 2017: Cryptography I
Weaver Fall 2017 CS 161 Computer Security Discussion 3 Week of September 11, 2017: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric key
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationChapter 3 Traditional Symmetric-Key Ciphers 3.1
Chapter 3 Traditional Symmetric-Key Ciphers 3.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Objectives To define the terms and the concepts of symmetric
More informationCryptography CS 555. Topic 8: Modes of Encryption, The Penguin and CCA security
Cryptography CS 555 Topic 8: Modes of Encryption, The Penguin and CCA security 1 Reminder: Homework 1 Due on Friday at the beginning of class Please typeset your solutions 2 Recap Pseudorandom Functions
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Lecture 6 Michael J. Fischer Department of Computer Science Yale University January 27, 2010 Michael J. Fischer CPSC 467b, Lecture 6 1/36 1 Using block ciphers
More informationScanned by CamScanner
Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Symmetric-Key Cryptography CS 161: Computer Security
More informationSymmetric-Key Cryptography
Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016 Announcements Project due Sept 20 Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationMore on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017
More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017 Page 1 Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of cryptography Symmetric
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationUnit 8 Review. Secure your network! CS144, Stanford University
Unit 8 Review Secure your network! 1 Basic Problem Internet To first approximation, attackers control the network Can snoop, replay, suppress, send How do we defend against this? Communicate securely despite
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 4 (and 5 and maybe 6) secret-key primitives symmetric-key encryption security notions and types of
More informationSymmetric Encryption. Thierry Sans
Symmetric Encryption Thierry Sans Design principles (reminder) 1. Kerkoff Principle The security of a cryptosystem must not rely on keeping the algorithm secret 2. Diffusion Mixing-up symbols 3. Confusion
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationBlock Cipher Operation. CS 6313 Fall ASU
Chapter 7 Block Cipher Operation 1 Outline q Multiple Encryption and Triple DES q Electronic Codebook q Cipher Block Chaining Mode q Cipher Feedback Mode q Output Feedback Mode q Counter Mode q XTS-AES
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationCryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1
Cryptography CS 555 Topic 11: Encryption Modes and CCA Security CS555 Spring 2012/Topic 11 1 Outline and Readings Outline Encryption modes CCA security Readings: Katz and Lindell: 3.6.4, 3.7 CS555 Spring
More informationENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel
(a) Introduction - recall symmetric key cipher: III. BLOCK CIPHERS k Symmetric Key Cryptography k x e k y yʹ d k xʹ insecure channel Symmetric Key Ciphers same key used for encryption and decryption two
More informationCRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext
CRYPTOLOGY CRYPTOGRAPHY KEY MANAGEMENT CRYPTANALYSIS Cryptanalytic Brute-Force Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext 58 Types of Cryptographic Private key (Symmetric) Public
More informationChapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationCryptography CS 555. Topic 1: Course Overview & What is Cryptography
Cryptography CS 555 Topic 1: Course Overview & What is Cryptography 1 Administrative Note Professor Blocki is traveling and will be back on Wednesday. E-mail: jblocki@purdue.edu Thanks to Professor Spafford
More informationIntroduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014
Introduction to Cryptography CS 136 Computer Security Peter Reiher October 9, 2014 Page 1 Outline What is data encryption? Cryptanalysis Basic encryption methods Substitution ciphers Permutation ciphers
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationIntroduction to Cryptography
Introduction to Cryptography 1 2 Definition process data into unintelligible form, reversibly, without data loss typically digitally usually one-to-one in size $ compression analog cryptography: voice
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationCourse Map. COMP 7/8120 Cryptography and Data Security. Learning Objectives. How to use PRPs (Block Ciphers)? 2/14/18
Course Map Key Establishment Authenticated Encryption Key Management COMP 7/8120 Cryptography and Data Security Lecture 8: How to use Block Cipher - many time key Stream Ciphers Block Ciphers Secret Key
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 23 rd March 2018 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More information05 - WLAN Encryption and Data Integrity Protocols
05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks
More informationn-bit Output Feedback
n-bit Output Feedback Cryptography IV Encrypt Encrypt Encrypt P 1 P 2 P 3 C 1 C 2 C 3 Steven M. Bellovin September 16, 2006 1 Properties of Output Feedback Mode No error propagation Active attacker can
More informationCryptography [Symmetric Encryption]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationBlock cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75
Block cipher modes Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 75 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 76 Block cipher modes Block ciphers (like
More informationCS155. Cryptography Overview
CS155 Cryptography Overview Cryptography! Is n A tremendous tool n The basis for many security mechanisms! Is not n The solution to all security problems n Reliable unless implemented properly n Reliable
More informationCryptography Lecture 4. Attacks against Block Ciphers Introduction to Public Key Cryptography. November 14, / 39
Cryptography 2017 Lecture 4 Attacks against Block Ciphers Introduction to Public Key Cryptography November 14, 2017 1 / 39 What have seen? What are we discussing today? What is coming later? Lecture 3
More informationCrypto: Symmetric-Key Cryptography
Computer Security Course. Song Crypto: Symmetric-Key Cryptography Slides credit: Dan Boneh, David Wagner, Doug Tygar Overview Cryptography: secure communication over insecure communication channels Three
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationUsing block ciphers 1
Using block ciphers 1 Using block ciphers DES is a type of block cipher, taking 64-bit plaintexts and returning 64-bit ciphetexts. We now discuss a number of ways in which block ciphers are employed in
More informationRefresher: Applied Cryptography
Refresher: Applied Cryptography (emphasis on common tools for secure processors) Chris Fletcher Fall 2017, 598 CLF, UIUC Complementary reading Intel SGX Explained (ISE) Victor Costan, Srini Devadas https://eprint.iacr.org/2016/086.pdf
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationCryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi
Cryptographic Primitives A brief introduction Ragesh Jaiswal CSE, IIT Delhi Cryptography: Introduction Throughout most of history: Cryptography = art of secret writing Secure communication M M = D K (C)
More information2 Secure Communication in Private Key Setting
CSA E0 235: Cryptography January 11, 2016 Instructor: Arpita Patra Scribe for Lecture 2 Submitted by: Jayam Modi 1 Discrete Probability Background Probability Distribution -A probability distribution over
More informationCryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security
Recall from last lecture Cryptography To a first approximation, attackers control network Next two lectures: How to defend against this 1. Communicate securely despite insecure networks cryptography 2.
More informationHomework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.
Homework 2: Symmetric Crypto February 17, 2015 Submission policy. information: This assignment MUST be submitted as a PDF via websubmit and MUST include the following 1. List of collaborators 2. List of
More informationBlock ciphers, stream ciphers
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 31, 2018 Announcements Project 1 is out, due Feb 14 midnight Recall: Block cipher A
More informationIntroduction to Symmetric Cryptography
Introduction to Symmetric Cryptography Tingting Chen Cal Poly Pomona 1 Some slides are from Dr. Cliff Zou. www.cs.ucf.edu/~czou/cis3360-12/ch08-cryptoconcepts.ppt Basic Cryptography Private Key Cryptography
More informationBlock Cipher Modes of Operation
Block Cipher Modes of Operation Luke Anderson luke@lukeanderson.com.au 24th March 2016 University Of Sydney Overview 1. Crypto-Bulletin 2. Modes Of Operation 2.1 Evaluating Modes 2.2 Electronic Code Book
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Discussion 3 Week of February 5, 2018: Cryptography I Question 1 Activity: Cryptographic security levels (20 min) Say Alice has a randomly-chosen symmetric
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationCSC 580 Cryptography and Computer Security
CSC 580 Cryptography and Computer Security Encryption Concepts, Classical Crypto, and Binary Operations January 30, 2018 Overview Today: Cryptography concepts and classical crypto Textbook sections 3.1,
More informationCryptography (cont.)
CSE 484 / CSE M 584 (Autumn 2011) Cryptography (cont.) Daniel Halperin Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationRSA Cryptography in the Textbook and in the Field. Gregory Quenell
RSA Cryptography in the Textbook and in the Field Gregory Quenell 1 In the beginning... 2 In the beginning... Diffie and Hellman 1976: A one-way function can be used to pass secret information over an insecure
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationOutline Basics of Data Encryption CS 239 Computer Security January 24, 2005
Outline Basics of Data Encryption CS 239 Computer Security January 24, 2005 What is data encryption? Basic encryption mechanisms Stream and block ciphers Characteristics of good ciphers Page 1 Page 2 Data
More informationPaper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage
1 Announcements Paper presentation sign up sheet is up. Please sign up for papers by next class. Lecture summaries and notes now up on course webpage 2 Recap and Overview Previous lecture: Symmetric key
More informationCryptography 2017 Lecture 3
Cryptography 2017 Lecture 3 Block Ciphers - AES, DES Modes of Operation - ECB, CBC, CTR November 7, 2017 1 / 1 What have seen? What are we discussing today? What is coming later? Lecture 2 One Time Pad
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationSecret Key Cryptography
Secret Key Cryptography General Block Encryption: The general way of encrypting a 64-bit block is to take each of the: 2 64 input values and map it to a unique one of the 2 64 output values. This would
More informationStream Ciphers. Stream Ciphers 1
Stream Ciphers Stream Ciphers 1 Stream Ciphers Generate a pseudo-random key stream & xor to the plaintext. Key: The seed of the PRNG Traditional PRNGs (e.g. those used for simulations) are not secure.
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationCryptology complementary. Symmetric modes of operation
Cryptology complementary Symmetric modes of operation Pierre Karpman pierre.karpman@univ-grenoble-alpes.fr https://www-ljk.imag.fr/membres/pierre.karpman/tea.html 2018 05 03 Symmetric modes 2018 05 03
More informationAutomated Analysis and Synthesis of Modes of Operation and Authenticated Encryption Schemes
Automated Analysis and Synthesis of Modes of Operation and Authenticated Encryption Schemes Alex J. Malozemoff University of Maryland Joint work with Matthew Green, Viet Tung Hoang, and Jonathan Katz Presented
More informationAutomated Analysis and Synthesis of Block-Cipher Modes of Operation
Automated Analysis and Synthesis of Block-Cipher Modes of Operation Alex J. Malozemoff 1 Jonathan Katz 1 Matthew D. Green 2 1 University of Maryland 2 Johns Hopkins University Presented at the IEEE Computer
More informationCryptography: Symmetric Encryption [continued]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption [continued] Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann,
More informationCSC574: Computer & Network Security
CSC574: Computer & Network Security Lecture 3 Prof. William Enck Spring 2016 (Derived from slides by Micah Sherr, Patrick McDaniel, and Peng Ning) Modern Cryptography 2 Kerckhoffs Principles Modern cryptosystems
More informationEncryption and Forensics/Data Hiding
Encryption and Forensics/Data Hiding 1 Cryptography Background See: http://www.cacr.math.uwaterloo.ca/hac/ For more information 2 Security Objectives Confidentiality (Secrecy): Prevent/Detect/Deter improper
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationCryptography Introduction
Cryptography Introduction Last Updated: Aug 20, 2013 Terminology Access Control o Authentication Assurance that entities are who they claim to be o Authorization Assurance that entities have permission
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationBlock Ciphers. Advanced Encryption Standard (AES)
Network Security - ISA 656 Angelos Stavrou September 28, 2008 Codes vs. K = {0, 1} l P = {0, 1} m C = {0, 1} n, C C E : P K C D : C K P p P, k K : D(E(p, k), k) = p It is infeasible to find F : P C K Let
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationSECRET SHARING SECRET SPLITTING
Clemens H. Cap Universität Rostock clemens.cap (at) uni-rostock (dot) de SECRET SHARING SECRET SPLITTING BaSoTI 2012, Tartu Anecdotal Problem Trent wants to give Alice and Bob access to the safe Trent
More informationChapter 8. Encipherment Using Modern Symmetric-Key Ciphers
Chapter 8 Encipherment Using Modern Symmetric-Key Ciphers Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 8.1 Chapter 18 Objectives To show how modern standard
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 6 January 25, 2012 CPSC 467b, Lecture 6 1/46 Byte padding Chaining modes Stream ciphers Symmetric cryptosystem families Stream ciphers
More informationData Encryption Standard (DES)
Data Encryption Standard (DES) Best-known symmetric cryptography method: DES 1973: Call for a public cryptographic algorithm standard for commercial purposes by the National Bureau of Standards Goals:
More information