SPi Calculus: Outline. What is it? Basic SPi Calculus Notation Basic Example Example with Channel Establishment Example using Cryptography
|
|
- Patrick Terry
- 5 years ago
- Views:
Transcription
1 SPi Calculus: Outline What is it? Basic SPi Calculus Notation Basic Example Example with Channel Establishment Example using Cryptography
2 SPi Calculus: What is it? SPi Calculus is an executable model for the description and analysis of cryptographic protocols Spi Calculus is an extension to Pi Calculus
3 SPi Calculus: Processes Spi Calculus is made up of Processes. When all the processes are combined we have a program or protocol.
4 SPi Calculus: Processes Processes are defined as follows: P (some action our process does) Where P is our process
5 SPi Calculus: Processes Processes can do many things They can create other processes They can send messages They can receive messages They can run other processes You can think of a process as the set of actions a principal takes (Alice, Bob, Malory etc.)
6 SPi Calculus: Processes When processes send or receive messages they do this over channels
7 SPi Calculus: Basic Definitions Channels A channel is a named communications medium Channels can be restricted so that only certain processes can communicate on them
8 SPi Calculus: Basic Definitions Channel Example: A B c AB Process A communicates to Process B through Channel AB
9 SPi Calculus: Basic Definitions Unfortunately we can t just say: Process A Listen on Channel AB for a Message M We have to use SPi Calculus Notation
10 Pi Calc: Basic Notation (1) Process Grammar-Output Sequential Operator The above is how we state Output the message M on Channel C and then run process P
11 Pi Calc: Basic Notation (2) Process Grammar-Input C(x).P Input the message x on the channel C and then run process P (P will have access to x)
12 Pi Calc: Basic Notation (3) Process Grammar-Composition P Q A composition P Q behaves as processes P and Q running in parallel. Each may interact with the other on channels known to both, or with the outside world, independently of the other.
13 Pi Calc: Basic Notation (4) Process Grammar-Restriction (vn)p A restriction (vn)p is a process that makes a new, private name n, and then behaves as P. (Note that n is restricted to P)
14 Pi Calc: Restriction Example C AB is restricted to process A and B (vc AB )(A B) A c AB B D Process D cannot use c AB
15 Pi Calc: Basic Example A basic example of a Protocol using the notation we just learned
16 * Pi Calc: Basic Example Principal A uses the channel AB to send a single message M to Principal B Principal A Channel AB Principal B Mother, MI come bearing a gift. I'll give you a hint: it's in my diaper and it's not a toaster.
17 Pi Calc: Basic Example (2) Principal A Channel AB Principal B M Message 1 A B: M on c AB
18 * A Pi Calc: Basic Example (3) B c AB M Output M on Channel AB A(M) Output Process (Principal A) Is Defined As
19 * A Pi Calc: Basic Example (4) c AB B A(M) M B Input Process (Principal B) Input x from Channel AB Apply F to x
20 Pi Calc: Basic Example (5) A B c AB M A(M) B Inst(M) Create Channel AB Run Process A & B in parallel
21 Basic Example Protocol Final (6) A(M) B Inst(M)
22 Pi Calc: Basic Example Properties 1)Authenticity (Integrity) 2)Secrecy We will show why the basic protocol has these properties using informal and then formal syntax
23 * Pi Calc: Authenticity (2) A(M)= B = Always M Inst(M) = Process B always applies the function F to The message M, that A sends. Why is that?
24 * Pi Calc: Authenticity (3) The restriction operator restricts the channel AB to principal A(M) and B The Channel AB is Secure Inst(M) Restriction on Channel AB Scope of the Restriction
25 Pi Calc: Authenticity (4) A(M)= B = Always M Inst(M) = Since only process A and B communicate on c AB, and the only thing being sent on that channel is M, F(x) is really always F(M)
26 Pi Calc: Authenticity (5) An attacker cannot cause B to apply F to some message other than M.
27 Pi Calc: Secrecy A(M)= B = Inst(M) = The message M cannot be read in transit from Principal A to Principal B (Since c AB is secure)
28 Pi Calc: Secrecy (2) A(M)= B = Inst(M) = If F does not reveal M, then the whole protocol does not reveal M
29 Pi Calc: Indistinguishability P Q The behaviors of process P and Q are indistinguishable
30 Pi Calc: Indistinguishability (2) P Q Internally P and Q might be different. However, a third process R cannot tell the different between running P and running Q.
31 Pi Calc: Secrecy (Formally) We can state the secrecy property using The concept of indistinguishability.
32 * Pi Calc: Secrecy (Formally) (2) If F does not reveal M, then the whole protocol does not reveal M If F(M) F(M') for all M and M', then Inst(M) Inst(M') F(M) F(M') = F does not reveal M Inst(M) Inst(M') = Protocol does not reveal M
33 Pi Calc: Authenticity (Formally) To formally show authenticity for our basic protocol we are going to compare the basic protocol to a specification.
34 * Pi Calc: Authenticity: Specification A(M)= B spec = Inst spec (M) = We need to show that our protocol behaves the same as the above specification. Inst(M) Inst spec (M)
35 Pi Calc: Authenticity Formally (Remember Informally: An attacker cannot cause B to apply F to some other message. ) B spec = B = Always M Are these two indistinguishable? Yes, because x is always M since the c AB is secure and M is the only thing sent on it.
36 Pi Calc:Properties To sum up Authenticity: Inst(M) Inst spec (M), for all M Secrecy: Inst(M) Inst(M') if F(M) F(M'), for all M and M'.
37 * Pi Calc: Channel Establishment C AS and C SB already exist S 1. Send New channel 2. Send New channel A 3. Data on New Channel B Wide Mouth Frog Protocol (Simplified)
38 Pi Calc: Channel Establishment (2) A S B Note: The Message Can be a Channel Message 1 A S: c AB on c AS Message 2 S B: c AB on c SB Message 3 A B: M on c AB
39 Pi Calc: Channel Establishment (3) S c AS c SB AB A M c AB B A(M) =
40 Pi Calc: Channel Establishment (4) S x c AS c SB x A c AB B S = c AB
41 Pi Calc: Channel Establishment (5) S AB AB A c AS c AB c SB B M B = c AB M M
42 Pi Calc: Channel Establishment (6) A(M) = S = B = Inst(M) =
43 Pi Calc: Channel Establishment Spec A(M) = S = B spec = Inst spec (M) =
44 Pi Calc: Channel Establishment Spec In our channel establishment protocol All three channels are secure.
45 Pi Calc: Authenticity and Secrecy Channel Establishment Protocol Authenticity: Inst(M) Inst spec (M), for all M Secrecy: Inst(M) Inst(M') if F(M) F(M'), for all M and M'.
46 * Pi Calc: Limitation 1 S AB c AS c SB AB A c AB B Sending Channels?
47 Pi Calc: Limitation 2 S c AS c SB A B We require that we have secure channels already established which is almost never The case in the real world.
48 SPi Calc: Encryption {M} K N Message M encrypted under key K
49 SPi Calc: Decryption case c of {m} k in P Attempt to decrypt cipher text c with key k resulting in plaintext m used by process P
50 SPi Calc: Cryptographic Ex. (1) S 1. New key K AB under K AS 2. New key K AB under K SB A 3. Data under new key K AB B Cryptographic Wide Mouth Frog Protocol (Simplified) 1) Uses Keys 2) Does not require secure channels
51 SPi Calc: Cryptographic Ex. (2) S 1 2 A 3 B Message 1 A S: {K AB } KAS on c AS Message 2 S B: {K AB } KSB on c SB Message 3 A B: {M} KAB on c AB
52 SPi Calc: Cryptographic Ex. (3) S c AS c SB K AB A {M} KAB c AB B A(M)= ( )
53 SPi Calc: Cryptographic Ex. (4) S y c AS c SB x A c AB B S =
54 SPi Calc: Cryptographic Ex. (5) S K AB c AS c SB y K AB A c AB B M wz B =
55 SPi Calc: Cryptographic Ex. (6) A(M)= ( ) S = B = Inst(M) =
56 SPi Calc: Ideal Protocol A(M)= ( ) S = B spec = Inst spec (M) =
57 SPi Calc: Ideal Protocol Ideal protocol once again has authenticity (Remember Informally: An attacker cannot cause B to apply F to some message other than M. ) B spec =
58 SPi Calc: Authenticity A(M)= ( ) Key AB is restricted Since K AB is restricted only A,B and S know K AB (A created it and sent it to B through S) Remember: S is trusted so no problem there
59 B = SPi Calc: Authenticity K AB F is only called when the decryption works. The decryption only works when w is encrypted with K AB. Therefore, F is only called when w is encrypted with K AB.
60 SPi Calc: Authenticity B = Always M K AB F is only called when w is encrypted with K AB. Since only A can send a message encrypted with K AB the only time F gets called is when A sends B a message.
61 SPi Calc: Authenticity So we can say an attacker cannot cause B to apply F to some message other than M Authenticity: Inst(M) Inst spec (M), for all M
62 SPi Calc: Secrecy Since the message is encrypted with the restricted K AB we know that as long as F does not reveal M then the whole protocol does not reveal M. Secrecy: Inst(M) Inst(M') if F(M) F(M'), for all M and M'.
63 SPi Calc: Problem In the previous cryptographic protocol we have a problem when the attacker is an active attacker. Why is that?
64 SPi Calc: Protocol Limitation Inst(M) = There is a problem here that has to do with the security of channel AB There is no restriction on Channel AB
65 SPi Calc: Protocol Limitation S A c AS c AB c SB B??? Q Not encrypted with K AB
66 SPi Calc: Protocol Limitation Next week we will present a better protocol written in Spi Calculus that can stand up to an active attacker.
67 SPi Calc: The End?
Security protocols and their verification. Mark Ryan University of Birmingham
Security protocols and their verification Mark Ryan University of Birmingham Contents 1. Authentication protocols (this lecture) 2. Electronic voting protocols 3. Fair exchange protocols 4. Digital cash
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationApplied Cryptography Basic Protocols
Applied Cryptography Basic Protocols Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Session keys It is prudent practice to use a different key for each session. This
More informationCryptography. Andreas Hülsing. 6 September 2016
Cryptography Andreas Hülsing 6 September 2016 1 / 21 Announcements Homepage: http: //www.hyperelliptic.org/tanja/teaching/crypto16/ Lecture is recorded First row might be on recordings. Anything organizational:
More informationICT 6541 Applied Cryptography. Hossen Asiful Mustafa
ICT 6541 Applied Cryptography Hossen Asiful Mustafa Basic Communication Alice talking to Bob Alice Bob 2 Eavesdropping Eve listening the conversation Alice Bob 3 Secure Communication Eve listening the
More information1 extrema notebook. November 25, 2012
Do now as a warm up: Suppose this graph is a function f, defined on [a,b]. What would you say about the value of f at each of these x values: a, x 1, x 2, x 3, x 4, x 5, x 6, and b? What would you say
More informationTest 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationCRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext
CRYPTOLOGY CRYPTOGRAPHY KEY MANAGEMENT CRYPTANALYSIS Cryptanalytic Brute-Force Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext 58 Types of Cryptographic Private key (Symmetric) Public
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationFirst Semester Examinations 2013/14 (Model Solution) INTERNET PRINCIPLES
PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2013/14 (Model Solution) INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS
More informationCryptography CS 555. Topic 1: Course Overview & What is Cryptography
Cryptography CS 555 Topic 1: Course Overview & What is Cryptography 1 Administrative Note Professor Blocki is traveling and will be back on Wednesday. E-mail: jblocki@purdue.edu Thanks to Professor Spafford
More informationECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #9 Authentication Using Shared Secrets Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we introduce the concept of authentication and
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationShared Secret = Trust
Trust The fabric of life! Holds civilizations together Develops by a natural process Advancement of technology results in faster evolution of societies Weakening the natural bonds of trust From time to
More informationSecurity issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.
Security issues: Threats Methods of attack Encryption algorithms Secret-key Public-key Hybrid protocols Lecture 15 Page 2 1965-75 1975-89 1990-99 Current Platforms Multi-user timesharing computers Distributed
More informationA Protocol for Secure Public Instant Messaging
Financial Cryptography - Feb 27, 2006 A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital Security Group Carleton University, Canada Mohammad Mannan Feb 27,
More informationCS 332 Computer Networks Security
CS 332 Computer Networks Security Professor Szajda Last Time We talked about mobility as a matter of context: How is mobility handled as you move around a room? Between rooms in the same building? As your
More informationIntroduction to Symmetric Cryptography
Introduction to Symmetric Cryptography Tingting Chen Cal Poly Pomona 1 Some slides are from Dr. Cliff Zou. www.cs.ucf.edu/~czou/cis3360-12/ch08-cryptoconcepts.ppt Basic Cryptography Private Key Cryptography
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationHello World in HLPSL. Turning ASCII protocol specifications into HLPSL
Hello World in HLPSL Turning ASCII protocol specifications into HLPSL Modeling with HLPSL HLPSL is a higher-level protocol specification language we can transform ASCII protocol specifications into HLPSL
More informationEncrypted Data Deduplication in Cloud Storage
Encrypted Data Deduplication in Cloud Storage Chun- I Fan, Shi- Yuan Huang, Wen- Che Hsu Department of Computer Science and Engineering Na>onal Sun Yat- sen University Kaohsiung, Taiwan AsiaJCIS 2015 Outline
More informationBanking Service Example
Banking Service Example Preliminaries Principals: {Alice, Bob} Web services: w = http://bob.com/bankingservice owner(w) = Bob class(w) = BankingServiceClass proxy(w) = BankingServiceProxy Source Program
More informationPROTECTING CONVERSATIONS
PROTECTING CONVERSATIONS Basics of Encrypted Network Communications Naïve Conversations Captured messages could be read by anyone Cannot be sure who sent the message you are reading Basic Definitions Authentication
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationLecture 7.1: Private-key Encryption. Lecture 7.1: Private-key Encryption
Private-key Encryption Alice and Bob share a secret s {0, 1} n Private-key Encryption Alice and Bob share a secret s {0, 1} n Encryption and Decryption algorithms are efficient Private-key Encryption Alice
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationCS573 Data Privacy and Security. Cryptographic Primitives and Secure Multiparty Computation. Li Xiong
CS573 Data Privacy and Security Cryptographic Primitives and Secure Multiparty Computation Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationComputer Networks & Security 2016/2017
Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems
More informationBAN Logic. Logic of Authentication 1. BAN Logic. Source. The language of BAN. The language of BAN. Protocol 1 (Needham-Schroeder Shared-Key) [NS78]
Logic of Authentication 1. BAN Logic Ravi Sandhu BAN Logic BAN is a logic of belief. In an analysis, the protocol is first idealized into messages containing assertions, then assumptions are stated, and
More informationIntroduction to Cryptography. Ramki Thurimella
Introduction to Cryptography Ramki Thurimella Encryption & Decryption 2 Generic Setting 3 Kerckhoff s Principle Security of the encryption scheme must depend only on The secret key NOT on the secrecy of
More informationSecure Multiparty Computation
Secure Multiparty Computation Li Xiong CS573 Data Privacy and Security Outline Secure multiparty computation Problem and security definitions Basic cryptographic tools and general constructions Yao s Millionnare
More informationSecurity protocols. Correctness of protocols. Correctness of protocols. II. Logical representation and analysis of protocols.i
Security protocols Logical representation and analysis of protocols.i A security protocol is a set of rules, adhered to by the communication parties in order to ensure achieving various security or privacy
More informationLecture 7 - Applied Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
More informationCS Protocols. Prof. Clarkson Spring 2016
CS 5430 Protocols Prof. Clarkson Spring 2016 Review: Secure channel When we last left off, we were building a secure channel The channel does not reveal anything about messages except for their timing
More informationInformation Security
SE 4472b Information Security Week 2-2 Some Formal Security Notions Aleksander Essex Fall 2015 Formalizing Security As we saw, classical ciphers leak information: Caeser/Vigenere leaks letter frequency
More informationModelling and Analysing of Security Protocol: Lecture 1. Introductions to Modelling Protocols. Tom Chothia CWI
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI This Course This course will primarily teaching you: How to design your own secure communication
More informationTest 2 Review. (b) Give one significant advantage of a nonce over a timestamp.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationChapter 3 Traditional Symmetric-Key Ciphers 3.1
Chapter 3 Traditional Symmetric-Key Ciphers 3.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 3 Objectives To define the terms and the concepts of symmetric
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationComputational Security, Stream and Block Cipher Functions
Computational Security, Stream and Block Cipher Functions 18 March 2019 Lecture 3 Most Slides Credits: Steve Zdancewic (UPenn) 18 March 2019 SE 425: Communication and Information Security 1 Topics for
More informationCryptography Math/CprE/InfAs 533
Unit 1 January 10, 2011 1 Cryptography Math/CprE/InfAs 533 Unit 1 January 10, 2011 2 Instructor: Clifford Bergman, Professor of Mathematics Office: 424 Carver Hall Voice: 515 294 8137 fax: 515 294 5454
More informationCS 395T. JFK Protocol in Applied Pi Calculus
CS 395T JFK Protocol in Applied Pi Calculus Proving Security Real protocol Process-calculus specification of the actual protocol Ideal protocol Achieves the same goal as the real protocol, but is secure
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationLecture 1: Perfect Security
CS 290G (Fall 2014) Introduction to Cryptography Oct 2nd, 2014 Instructor: Rachel Lin 1 Recap Lecture 1: Perfect Security Scribe: John Retterer-Moore Last class, we introduced modern cryptography and gave
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationVerfying the SSH TLP with ProVerif
A Demo Alfredo Pironti Riccardo Sisto Politecnico di Torino, Italy {alfredo.pironti,riccardo.sisto}@polito.it CryptoForma Bristol, 7-8 April, 2010 Outline Introduction 1 Introduction 2 3 4 Introduction
More informationKey Establishment and Authentication Protocols EECE 412
Key Establishment and Authentication Protocols EECE 412 1 where we are Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationSecurity and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models
CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationAuthentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi
Authentication Overview of Authentication systems 1 Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based
More informationAssignment 3: Block Ciphers
Assignment 3: Block Ciphers CSCI3381-Cryptography Due October 3, 2014 1 Solutions to the Written Problems 1. Block Cipher Modes of Operation 6 points per part, 30 total. Parts (a)-(d) refer to the cipherblock
More informationPassword Authenticated Key Exchange by Juggling
A key exchange protocol without PKI Feng Hao Centre for Computational Science University College London Security Protocols Workshop 08 Outline 1 Introduction 2 Related work 3 Our Solution 4 Evaluation
More informationCHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY. Badran Awad Computer Department Palestine Technical college
CHAPTER 1 INTRODUCTION TO CRYPTOGRAPHY Badran Awad Computer Department Palestine Technical college CHAPTER 1 Introduction Historical ciphers Information theoretic security Computational security Cryptanalysis
More informationECEN 5022 Cryptography
Introduction University of Colorado Spring 2008 Historically, cryptography is the science and study of secret writing (Greek: kryptos = hidden, graphein = to write). Modern cryptography also includes such
More informationOverview of Cryptography
18739A: Foundations of Security and Privacy Overview of Cryptography Anupam Datta CMU Fall 2007-08 Is Cryptography A tremendous tool The basis for many security mechanisms Is not The solution to all security
More informationSymmetric-Key Cryptography
Symmetric-Key Cryptography CS 161: Computer Security Prof. Raluca Ada Popa Sept 13, 2016 Announcements Project due Sept 20 Special guests Alice Bob The attacker (Eve - eavesdropper, Malice) Sometimes Chris
More informationCENTRAL UNIVERSITY OF RAJASTHAN
CLASS : M.TECH SEMESTER: II BRANCH : CSE SESSION: 2011-12 SUBJECT CODE & NAME : CSIS-304 TOPICS IN OPERATING SYSTEM 1. The question paper contains five questions. 4.Before attempting the question paper,
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationScanned by CamScanner
Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Symmetric-Key Cryptography CS 161: Computer Security
More informationFirst Semester Examinations 2015/16 (Model Solution) INTERNET PRINCIPLES
PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2015/16 (Model Solution) INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS
More informationPractical Aspects of Modern Cryptography
Practical Aspects of Modern Cryptography Lecture 3: Symmetric s and Hash Functions Josh Benaloh & Brian LaMacchia Meet Alice and Bob Alice Bob Message Modern Symmetric s Setup: Alice wants to send a private
More informationUses of Cryptography
Uses of Cryptography What can we use cryptography for? Lots of things Secrecy Authentication Prevention of alteration Page 1 Cryptography and Secrecy Pretty obvious Only those knowing the proper keys can
More informationAuthenticating People and Machines over Insecure Networks
Authenticating People and Machines over Insecure Networks EECE 571B Computer Security Konstantin Beznosov authenticating people objective Alice The Internet Bob Password= sesame Password= sesame! authenticate
More informationWorksheet - Reading Guide for Keys and Passwords
Unit 2 Lesson 15 Name(s) Period Date Worksheet - Reading Guide for Keys and Passwords Background Algorithms vs. Keys. An algorithm is how to execute the encryption and decryption and key is the secret
More informationCryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography
Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography Key Management The first key in a new connection or association is always delivered via a courier Once you have a key, you
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationSecure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)
Secure Multiparty Computation: Introduction Ran Cohen (Tel Aviv University) Scenario 1: Private Dating Alice and Bob meet at a pub If both of them want to date together they will find out If Alice doesn
More informationFormal Methods for Security Protocols
Role of Temur.Kutsia@risc.uni-linz.ac.at Formal Methods Seminar January 26, 2005 Role of Outline 1 Role of 2 Security Properties Attacker Models Keys Symmetric and Asymmetric Systems 3 Notation and Examples
More informationIntroduction to Cryptography
Introduction to Cryptography 1 2 Definition process data into unintelligible form, reversibly, without data loss typically digitally usually one-to-one in size $ compression analog cryptography: voice
More informationIntroduction to Security
Introduction to Security Avinanta Tarigan Universitas Gunadarma 1 Avinanta Tarigan Introduction to Security Layout Problems General Security Cryptography & Protocol reviewed 2 Avinanta Tarigan Introduction
More informationCryptography Worksheet
Cryptography Worksheet People have always been interested in writing secret messages. In ancient times, people had to write secret messages to keep messengers and interceptors from reading their private
More informationLecture 4: Authentication Protocols
Graduate Course on Computer Security Lecture 4: Authentication Protocols Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, Inc @ NRL Washington DC http://www.cs.stanford.edu/~iliano/ DIMI, Universita
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary Introduction Stream & Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message Authentication
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 19th February 2009 Outline Basics Constructing signature schemes Security of
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationAuthentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
More informationS. Erfani, ECE Dept., University of Windsor Network Security
4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationCryptography Introduction
Cryptography Introduction Last Updated: Aug 20, 2013 Terminology Access Control o Authentication Assurance that entities are who they claim to be o Authorization Assurance that entities have permission
More informationAuthentication and Key Distribution
1 Alice and Bob share a key How do they determine that they do? Challenge-response protocols 2 How do they establish the shared secret in the first place? Key distribution PKI, Kerberos, Other key distribution
More informationCSC 5930/9010 Modern Cryptography: Public-Key Infrastructure
CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure Professor Henry Carter Fall 2018 Recap Digital signatures provide message authenticity and integrity in the public-key setting As well as public
More informationASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
More informationCryptography. Lecture 03
Cryptography Lecture 03 Recap Consider the following Encryption Schemes: 1. Shift Cipher: Crackable. Keyspace has only 26 elements. 2. Affine Cipher: Crackable. Keyspace has only 312 elements. 3. Vig Cipher:
More informationSEMINAR REPORT ON BAN LOGIC
SEMINAR REPORT ON BAN LOGIC Submitted by Name : Abhijeet Chatarjee Roll No.: 14IT60R11 SCHOOL OF INFORMATION TECHNOLOGY INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR-721302 (INDIA) Abstract: Authentication
More informationOther Topics in Cryptography. Truong Tuan Anh
Other Topics in Cryptography Truong Tuan Anh 2 Outline Public-key cryptosystem Cryptographic hash functions Signature schemes Public-Key Cryptography Truong Tuan Anh CSE-HCMUT 4 Outline Public-key cryptosystem
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More information