CryptokiX: a cryptographic software token with security fixes
|
|
- Tamsyn Hunter
- 5 years ago
- Views:
Transcription
1 Tookan tool for cryptoki analysis CryptokiX: a cryptographic software token with security fixes Riccardo Focardi Università Ca' Foscari, Venezia joint work with M. Bortolozzo, M. Centenaro and G. Steel 4th International Workshop on Analysis of Security APIs (ASA-4) July 21, 2010, Edinburgh Work partially supported by MIUR project SOFT Security Oriented Formal Techniques
2 PKCS#11 PIN should protect sensitive objects even on a compromised hosts (PIN can be easily intercepted )
3 PKCS#11 Objects Objects are referenced via handles sensitive: true encrypt: true decrypt: true Every object has attributes Encrypt some data under the orange key
4 PKCS#11 Key Management Create a new key inside the token Export a key encrypted under another key (WrapKey) { } sensitive: true encrypt: true decrypt: true { } Import a previously exported key (UnwrapKey)
5 A well known attack This class of attacks can be prevented by imposing policies on the attributes (no need of new crypto mechanisms!) sensitive: true wrap: true decrypt: true Wrap the green key with the red one { } { } sensitive: true Decrypt it with the orange key
6 Attribute Policies Sticky Tokens might implement the standard in different ways Which policies do they implement? How do they protect from key-separation attacks? Once an attribute is set (unset), it may not be unset (set). Read-only attributes can be thought as both sticky on and off. Conflicting Pairs of attributes that cannot be simultaneously set. (Not in the PKCS#11 documentation) Tied Attributes whose value is tied (changing one also changes the other)
7 Modeling Real Tokens Templates ::= generatetemplates(templatelist); create_templates(templatelist); unwrap_templates(templatelist); PKCS11_CONFIG::= TemplateList ::= nil (Template),TemplateList Template ::= nil (Attribute, BOOL), Template sticky_on(attributelist) sticky_off(attributelist) conflict(attributepairlist) tied(attributepairlist) sensitive_prevents_read(bool); unextractable_prev_read(bool); Attribute_Restrictions Templates Flags 3 4 SATMC Tookan Device 2 1
8 Analysing opencryptoki sticky_on_asymmetric('sensitive'); sticky_off_asymmetric('extract'); sticky_on_symmetric('sensitive', 'never_extract'); sticky_off_symmetric('extract', 'never_extract'); conflict_symmetric(); conflict_asymmetric(); There There are are no no conflicting conflicting attributes attributes No No clever clever sticky sticky policies policies tied_symmetric('sensitive,always_sensitive', 'extract,never_extract'); tied_asymmetric('sensitive,always_sensitive', 'extract,never_extract'); sensitive_prevents_read(true); unextractable_prevents_read(true);
9 Attacking opencryptoki (1/3) Wrap and Decrypt (conflict) h_mykey = GenerateKey({decrypt => true, wrap => true}); wrapped = WrapKey(h_myKey, h_sensitivekey); thesensitivekey = Decrypt(h_myKey, wrapped); print ("oops: " + thesensitivekey); $ wrap_and_decrypt_conflict Generating mykey {decrypt =>; true, wrap => true} Wrapping sensitivekey with mykey Decrypting the wrapped key using mykey oops: 50891f2f7a487bc3
10 Attacking opencryptoki (2/3) Wrap and Decrypt (sticky) h_mykey = GenerateKey(h_myKey, {decrypt => false, wrap => true}); wrapped = WrapKey(h_myKey, h_sensitivekey); SetAttributes(h_mykey, {wrap => false, decrypt => true}); sensitivekey = Decrypt(h_myKey, wrapped); print ("oops: " + sensitivekey); $ wrap_and_decrypt_sticky Generating mykey {decrypt => false, wrap => true} Wrapping sensitivekey with mykey Changing mykey to {wrap => false, decrypt => true} Decrypting the wrapped key using mykey oops: 50891f2f7a487bc3
11 Attacking opencryptoki (3/3) Wrap and Decrypt (key aliases ) wrapped=403aldb4f345fdc0 $ wrapping_format // whatever bytestream h_mykey = GenerateKey(h_myKey, {unwrap => true}); h_deckey=unwrapkey(h_mykey, wrapped, {decrypt => true, wrap => false}); h_wrapkey=unwrapkey(h_mykey, wrapped, {decrypt => false, wrap => true}); wrapped=wrapkey(h_wrapkey, h_sensitivekey); sensitivekey=decrypt(h_deckey, wrapped); print ("oops: " + sensitivekey); Generating unwrapkey {unwrap => true} Unwrap wrapped as deckey {decrypt => true, wrap => false} Unwrap wrapped as wrapkey {decrypt => false, wrap => true} Wrapping sensitivekey under wrapkey Decrypting the wrapped key using deckey oops: 50891f2f7a487bc3
12 CryptokiX CryptokiX is a fixed software token based on opencryptoki Its security is configurable by selectively enabling different patches Available at
13 CryptokiX Conflicts Users can specify conflicting attributes sticky_on_asymmetric('sensitive'); sticky_off_asymmetric('extract'); sticky_on_symmetric('sensitive', 'never_extract'); sticky_off_symmetric('extract', 'never_extract'); conflict_symmetric('wrap,decrypt', 'unwrap,encrypt'); conflict_asymmetric(); tied_symmetric('sensitive,always_sensitive', 'extract,never_extract'); tied_asymmetric('sensitive,always_sensitive', 'extract,never_extract'); sensitive_prevents_read(true); unextractable_prevents_read(true);
14 CryptokiX Conflicts Users can specify conflicting attributes sticky_on_asymmetric('sensitive'); $ wrap_and_decrypt_conflict sticky_off_asymmetric('extract'); sticky_on_symmetric('sensitive', Generating mykey {decrypt => true, 'never_extract'); wrap => true} sticky_off_symmetric('extract', ERROR swtok common/key.c:1308 Conflicting 'never_extract'); attributes detected ERROR swtok common/new_host.c:3922 Key Generation failed conflict_symmetric('wrap,decrypt', wrap_and_decrypt_conflict.c:70 C_GenerateKey 'unwrap,encrypt'); () exited with error conflict_asymmetric(); $ wrap_and_decrypt_sticky tied_symmetric('sensitive,always_sensitive', 'extract,never_extract'); tied_asymmetric('sensitive,always_sensitive', Generating mykey {decrypt => false, wrap => true} 'extract,never_extract'); Wrapping sensitivekey with mykey sensitive_prevents_read(true); Changing mykey to {wrap => false, decrypt => true} unextractable_prevents_read(true); Decrypting the wrapped key using mykey oops: 50891f2f7a487bc3
15 CryptokiX Sticky Users can specify sticky attributes sticky_on_asymmetric('sensitive'); sticky_off_asymmetric('extract'); sticky_on_symmetric('sensitive', 'never_extract', 'wrap', 'unwrap', 'encrypt', 'decrypt'); sticky_off_symmetric('extract', 'never_extract'); conflict_symmetric(); conflict_asymmetric(); tied_symmetric('sensitive,always_sensitive', 'extract,never_extract'); tied_asymmetric('sensitive,always_sensitive', 'extract,never_extract'); sensitive_prevents_read(true); unextractable_prevents_read(true);
16 CryptokiX Sticky $ wrap_and_decrypt_sticky Users can specify sticky attributes Generating mykey {decrypt => false, wrap => true} Wrapping sensitivekey with mykey sticky_on_asymmetric('sensitive'); Changing mykey to {wrap => false, decrypt => true} sticky_off_asymmetric('extract'); ERROR swtok common/key.c:1398 Attempt to modify a sticky attribute sticky_on_symmetric('sensitive', 'never_extract', 'wrap', 'unwrap', detected 'encrypt', 'decrypt'); ERROR swtok ommon/new_host.c:2083 Object Set Attribute Values Failed sticky_off_symmetric('extract', 'never_extract'); wrap_and_decrypt_sticky.c:80 C_SetAttributes () exited with error conflict_symmetric(); $ wrapping_format conflict_asymmetric(); Generating unwrapkey {unwrap => true} tied_symmetric('sensitive,always_sensitive', Unwrap wrapped as deckey {decrypt => true, wrap 'extract,never_extract'); => false} tied_asymmetric('sensitive,always_sensitive', Unwrap wrapped wrapkey {decrypt => false, wrap 'extract,never_extract'); => true} Wrapping sensitivekey under wrapkey sensitive_prevents_read(true); Decrypting the wrapped key using deckey unextractable_prevents_read(true); oops: 50891f2f7a487bc3
17 CryptokiX Wrapping format keep track of key template when wrapping it check that it corresponds when unwrapping Encode sensitive, always_sensitive, wrap, unwrap, encrypt and decrypt attributes in one byte Compute a CBC-MAC of the standard WrapKey result and the encoded attributes $ wrapping_format Generating unwrapkey {unwrap => true} Unwrap wrapped as deckey {decrypt => true,wrap => false} ERROR swtok common/key_mgr.c:1440 Template Inconsistent ERROR swtok common/new_host.c:4170 Unwrap Key Failed wrapping_format.c:72 C_UnwrapKey () exited with error
18 CryptokiX Secure templates NEW limit the set of admissible assignments for key attributes configurable for each PKCS#11 command generate, unwrap, create first secure configuration of PKCS#11 that does not require new cryptographic mechanisms
19 CryptokiX Secure templates Key generation Key encrypting keys (wrap and unwrap set) Data key (encrypt and decrypt set) Imported keys unwrap,encrypt set and wrap,decrypt unset
20 CryptokiX Secure templates Unwrap: true Encrypt: true Encrypted communication Unwrap: true Encrypt: true { } { } Encrypt: true Decrypt: true Encrypt: true Decrypt: true
21 CryptokiX Secure templates Encrypted communication {this is a secret} {I'll tell no one}
22 CryptokiX A secure, fully fledge token can be realized in practice Useful for educational purposes Open-source Patches can be examined Fixes can be extended by anyone Future work Make it configurable at run-time Implement more fixes
23 References [1] CryptokiX. [2] opencryptoki. [3] M. Bortolozzo, M. Centenaro, R. Focardi, and G. Steel. Attacking and Fixing PKCS#11 Security Tokens. To appear at ACM CCS, October 2010 [4] J. Clulow. On the security of PKCS#11. In CHES 2003 [5] S. Delaune, S. Kremer, and G. Steel. Formal analysis of PKCS#11. In IEEE CSF 08 [6] RSA Security Inc., v2.20. PKCS #11: Cryptographic Token Interface Standard., June 2004.
24 Thank you! (contact me if you want to see a demo offline)
Formal Analysis of Key Management APIs
Formal Analysis of Key Management APIs Graham Steel with Matteo Bortolozzo, Matteo Centenaro, Riccardo Focardi INRIA & LSV, ENS de Cachan and Università Ca Foscari, Venezia Cryptographic key management
More informationAttacking and Fixing PKCS#11 Security Tokens
Attacking and Fixing PKCS#11 Security Tokens ABSTRACT Matteo Bortolozzo Università Ca Foscari Venezia, Italy mbortolo@dsi.unive.it Riccardo Focardi Università Ca Foscari Venezia, Italy focardi@dsi.unive.it
More informationSecure your PKCS#11 token against API attacks!
M. Bortolozzo, G. Marchetto, R. Focardi Università di Venezia, Italy focardi@dsi.unive.it G. Steel LSV, CNRS & ENS de Cachan, France graham.steel@lsv.ens-cachan.fr Abstract PKCS#11 defines a widely adopted
More informationAnalysing Cryptographic Hardware Interfaces with Tookan
Analysing Cryptographic Hardware Interfaces with Tookan Graham Steel joint work with R. Bardou, M. Bortolozzo, M. Centenaro, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay Graham Steel September 23,
More informationAnalysis of Cryptographic APIs
Analysis of Cryptographic APIs Graham Steel LSV, INRIA & CNRS & ENS-Cachan Cryptography in Practice v1 PM talks to client to understand security goals and threats 1/28 Cryptography in Practice v1 Engineer
More informationConcepts and Proofs for Configuring PKCS#11
Concepts and Proofs for Configuring PKCS#11 Sibylle Fröschle 1 Nils Sommer 2 1 University of Oldenburg Germany 2 MWR InfoSecurity UK September 15, 2011 1 / 31 Public Key Cryptographic Standard (PKCS) #11
More informationCryptographic Key Management APIs. Graham Steel
Cryptographic Key Management APIs Graham Steel Graham Steel 5 March 2013 In this Lecture What is a Cryptographic Security API? RSA PKCS#11 (Cryptoki) Vulnerabilities and mitigations Formal Analysis Other
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine Security Policy Abstract: This document specifies Security Policy enforced by the SecureDoc Cryptographic Engine compliant with the requirements of FIPS 140-2
More informationSecret-in.me. A pentester design of password secret manager
Secret-in.me A pentester design of password secret manager Who am I? Security engineer Working at SCRT France! Password manager Password A string Secret Information shared by very few people You have to
More informationAccess Control in KMIPv1.1
Robert Haas, Marko Vukolic (IBM) 7 April 2010 Access Control in KMIPv1.1 Summary of Changes Changes wrt. the last set of slides in red 2 additional role permissions related to creation/registration using
More informationRevisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj Somorovsky Ruhr University Bochum 3curity GmbH juraj.somorovsky@3curity.de About me Security Researcher at: Chair
More informationSecurity Requirements for Crypto Devices
Security Requirements for Crypto Devices Version 1.0 02 May 2018 Controller of Certifying Authorities Ministry of Electronics and Information Technology 1 Document Control Document Name Security Requirements
More informationEncrypt Data (QC3ENCDT, Qc3EncryptData) API
Page 1 of 16 Encrypt Data (QC3ENCDT, Qc3EncryptData) API Required Parameter Group: 1 Clear data Input Char(*) 2 Length of clear data Input Binary(4) 3 Clear data format name Input Char(8) 4 Algorithm description
More informationA Linux kernel cryptographic framework: Decoupling cryptographic keys from applications [extended version]
A Linux kernel cryptographic framework: Decoupling cryptographic keys from applications [extended version] Nikos Mavrogiannopoulos Dept. of Electrical Engineering/COSIC Katholieke Universiteit Leuven Bart
More informationEfficient Padding Oracle Attacks on Cryptographic Hardware
Efficient Padding Oracle Attacks on Cryptographic Hardware Romain Bardou, Riccardo Focardi, Yusuke Kawamoto, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay To cite this version: Romain Bardou, Riccardo
More informationPKCS #11: Conformance Profile Specification
Table of Contents PKCS #11: Conformance Profile Specification RSA Laboratories October 1, 2000 1 INTRODUCTION... 2 1 REFERENCES AND RELATED DOCUMENTS... 2 2 DEFINITIONS... 3 3 SYMBOLS AND ABBREVIATIONS...
More informationMTAT Applied Cryptography
MTAT.07.017 Applied Cryptography Smart Cards 2 University of Tartu Spring 2014 1 / 20 Security Model Parties involved in smart card based system: Cardholder Data owner Terminal Card issuer Card manufacturer
More informationEntegrity PKCS#11 Workbench. Description
Entegrity PKCS#11 Workbench Description Version 1.4 9 Oct 2000 Overview The Entegrity PKCS#11 Workbench is a C/C++ program. Source is provided. The workbench has been used in both Wintel and Solaris environments.
More informationFIPS Security Policy UGS Teamcenter Cryptographic Module
FIPS 140-2 Security Policy UGS Teamcenter Cryptographic Module UGS Corp 5800 Granite Parkway, Suite 600 Plano, TX 75024 USA May 18, 2007 Version 1.3 containing OpenSSL library source code This product
More informationThe SafeNet Security System Version 3 Overview
The SafeNet Security System Version 3 Overview Version 3 Overview Abstract This document provides a description of Information Resource Engineering s SafeNet version 3 products. SafeNet version 3 products
More informationFast SQL blind injections in high latency networks
Fast SQL blind injections in high latency networks Riccardo Focardi DAIS, Università Ca Foscari Venezia, Italy Email: focardi@dsi.unive.it Flaminia L. Luccio DAIS, Università Ca Foscari Venezia, Italy
More informationNIST Cryptographic Toolkit
Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others
More informationRobbing the Bank with a Theorem Prover
Robbing the Bank with a Theorem Prover (Transcript of Discussion) Jolyon Clulow Cambridge University So it s a fairly provocative title, how did we get to that? Well automated tools have been successfully
More informationThis Security Policy describes how this module complies with the eleven sections of the Standard:
Vormetric, Inc Vormetric Data Security Server Module Firmware Version 4.4.1 Hardware Version 1.0 FIPS 140-2 Non-Proprietary Security Policy Level 2 Validation May 24 th, 2012 2011 Vormetric Inc. All rights
More informationServer-side web security (part 2 - attacks and defences)
Server-side web security (part 2 - attacks and defences) Security 1 2018-19 Università Ca Foscari Venezia www.dais.unive.it/~focardi secgroup.dais.unive.it Basic injections $query = "SELECT name, lastname,
More informationkeyon / PKCS#11 to MS-CAPI Bridge User Guide V2.4
/ PKCS#11 to MS-CAPI Bridge V2.4 April 2017 Table of Contents Copyright 2017 by AG All rights reserved. No part of the contents of this manual may be reproduced or transmitted in any form or by any means
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationICSF Update Session #7997
ICSF Update Session #7997 Greg Boyd boydg@us.ibm.com Permission is granted to SHARE to publish this presentation in the SHARE Proceedings. IBM retains its right to distribute copies of this presentation
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationSSL/TLS. How to send your credit card number securely over the internet
SSL/TLS How to send your credit card number securely over the internet The security provided by SSL SSL is implemented at level 4 The transport control layer In practice, SSL uses TCP sockets The underlying
More informationFIPS Non-Proprietary Security Policy
Quantum Corporation Scalar Key Manager Software Version 2.0.1 FIPS 140-2 Non-Proprietary Security Policy Document Version 1.4 Last Update: 2010-11-03 8:43:00 AM 2010 Quantum Corporation. May be freely
More informationIntegral Memory PLC. Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) FIPS Security Policy
Integral Memory PLC. Chassis) and Crypto Dual Plus (Underlying FIPS 140-2 Security Policy Table of Contents 1. INTRODUCTION... 1 1.1 Purpose....1 1.2 References... 1 1.3 Document History... 1 2. PRODUCT
More informationSmart card OMNIKEY 6121 Mobile USB Reader integration with Linux
Smart card OMNIKEY 6121 Mobile USB Reader integration with Linux Tested with Ubuntu 10.04 and Linux Mint 9 Isadora 32/64-bit A. Overview. HID Global's OMNIKEY product brand, one of the world's leading
More informationKerberos5 1. Kerberos V5
Kerberos5 1 Kerberos V5 Kerberos5 2 ASN.1 data representation language: data structure (ß definition C struct, union), but variable length-arrays, optional elements, labeling,... data representation on
More informationCoSign Hardware version 7.0 Firmware version 5.2
CoSign Hardware version 7.0 Firmware version 5.2 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation July 2010 Copyright 2009 AR This document may be freely reproduced and distributed whole and
More informationSymmetric Key Encryption. Symmetric Key Encryption. Advanced Encryption Standard ( AES ) DES DES DES 08/01/2015. DES and 3-DES.
Symmetric Key Encryption Symmetric Key Encryption and 3- Tom Chothia Computer Security: Lecture 2 Padding Block cipher modes Advanced Encryption Standard ( AES ) AES is a state-of-the-art block cipher.
More informationDROWN - Breaking TLS using SSLv2
DROWN - Breaking TLS using SSLv2 Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,
More informationSecurity Policy Document Version 3.3. Tropos Networks
Tropos Control Element Management System Security Policy Document Version 3.3 Tropos Networks October 1 st, 2009 Copyright 2009 Tropos Networks. This document may be freely reproduced whole and intact
More informationSeagate Secure TCG Enterprise and TCG Opal SSC Self-Encrypting Drive Common Criteria Configuration Guide
Seagate Secure TCG Enterprise and TCG Opal SSC Self-Encrypting Drive Common Criteria Configuration Guide Version 1.0 February 14, 2018 Contents Introduction 3 Operational Environment 3 Setup and Configuration
More information: Practical Cryptographic Systems March 25, Midterm
650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are
More informationARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1
ARX (Algorithmic Research) PrivateServer Hardware version 4.7 Firmware version 4.8.1 FIPS 140-2 Non-Proprietary Security Policy Level 3 Validation April 2012 Copyright 2012 Algorithmic Research This document
More informationMeru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009
Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2 Meru Networks Revision Date: June 24, 2009 Copyright Meru Networks 2008. May be reproduced only in its original entirety
More informationEncrypting and Decrypting using CTR and CBC Modes in C# with BouncyCastle
SE425: Communication and Information Security Recitation 5 Semester 2 5778 16 April 2018 Encrypting and Decrypting using CTR and CBC Modes in C# with BouncyCastle In this week s recitation we ll learn
More informationVerifying Real-World Security Protocols from finding attacks to proving security theorems
Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis
More information(Otherwise, I wouldn t be talking about our move in this newsletter.)
www.mainframecrypto.com gregboyd@mainframecrypto.com Tel: 240-772-1539 Missing Newsletter? For those of you that were wondering, there wasn t a July issue of the Mainframe Crypto Newsletter. While I had
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationPKI BLADE Applet and Protiva PIV DL Card Security Policy
PKI BLADE Applet and Protiva PIV DL Card Security Policy TITLE PKI BLADE Applet and Protiva PIV DL Card - Security Policy REF. TBD 0.9 DATE: 26 April, 2011 1 TABLE OF CONTENTS 1 Scope... 5 2 Introduction...
More informationSecuring Your Crypto Infrastructure
Unscrambling the Complexity of Crypto! Securing Your Crypto Infrastructure Greg Boyd (gregboyd@mainframecrypto.com) June 2018 Copyrights and Trademarks Copyright 2018 Greg Boyd, Mainframe Crypto, LLC.
More informationSecurity Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets
Security Policy for Schlumberger Cyberflex Access 32K Smart Card with ActivCard Applets TABLE OF CONTENTS 1 SCOPE OF DOCUMENT... 1 2 INTRODUCTION... 1 3 SECURITY LEVELS... 1 3.1 CRYPTOGRAPHIC MODULE SPECIFICATION...
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationFIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
More informationOracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Userland Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.3 2014-01-08 Copyright 2014 Oracle Corporation Table
More informationLecture 18 - Chosen Ciphertext Security
Lecture 18 - Chosen Ciphertext Security Boaz Barak November 21, 2005 Public key encryption We now go back to public key encryption. As we saw in the case of private key encryption, CPA security is not
More informationHow to use NCryptoki Author: Ugo Chirico Data:
How to use NCryptoki Author: Ugo Chirico http://www.ugochirico.com Data: 2010-09-20 Introduction PKCS#11 (Public Key Cryptography Standards No. 11) specifications, developed by RSA Data Security labs,
More informationEnterprise Key Management Infrastructure: Understanding them before auditing them. Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EKMI-TC
Enterprise Key Management Infrastructure: Understanding them before auditing them Arshad Noor CTO, StrongAuth, Inc. Chair, OASIS EI-TC Agenda What is an EI? Components of an EI Auditing an EI ISACA members
More informationCAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC Security Policy. Version 3 June 30, 2010
CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC Security Policy Version 3 June 30, 2010 Dolby Laboratories Licensing Corporation Corporate Headquarters Dolby Laboratories, Inc. Dolby Laboratories Licensing
More informationDolphin Board. FIPS Level 3 Validation. Security Policy. Version a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.
Dolphin Board FIPS 140-2 Level 3 Validation Security Policy Version 1.3 14a - Dolphin_SecPolicy_000193_v1_3.doc Page 1 of 19 Version 1.3 Table of Contents 1 INTRODUCTION...3 1.1 PURPOSE...3 1.2 REFERENCES...3
More informationCard Specification Amendment A March 2004
Card Specification 2.1.1 March 2004 Use of this information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly prohibited. 2 GlobalPlatform Card
More informationWorkshop Challenges Startup code in PyCharm Projects
INTRODUCTION TO CRYPTOGRAPHIC ATTACKS EXERCISE LOGISTICS Workshop Challenges Startup code in PyCharm Projects BLOCK CIPHERS Fixed sized input Random looking output for each message and key Block Cipher
More informationKerberos V5. Raj Jain. Washington University in St. Louis
Kerberos V5 Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/ 11-1
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationActivity Guide - Public Key Cryptography
Unit 2 Lesson 19 Name(s) Period Date Activity Guide - Public Key Cryptography Introduction This activity is similar to the cups and beans encryption we did in a previous lesson. However, instead of using
More informationPKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore
PKI Standards Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore Under the Aegis of Controller of Certifying Authorities (CCA) Government of India 1 PKCS Why PKCS? Even
More informationDolphin DCI 1.2. FIPS Level 3 Validation. Non-Proprietary Security Policy. Version 1.0. DOL.TD DRM Page 1 Version 1.0 Doremi Cinema LLC
Dolphin DCI 1.2 FIPS 140-2 Level 3 Validation Non-Proprietary Security Policy Version 1.0 DOL.TD.000921.DRM Page 1 Version 1.0 Table of Contents 1 Introduction... 3 1.1 PURPOSE... 3 1.2 REFERENCES... 3
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationWith the edition of this document, all previous editions become void. Indications made in this document may be changed without previous notice.
SECURITY POLICY Contactless Payment and Ticketing Module Copyright 2015 2016 by ELECTRONIC GmbH Lange Strasse 4 D-35781 Weilburg-Waldhausen Tel.: +49 6471 3109-0 http://www.feig.de With the edition of
More informationPKCS #15: Conformance Profile Specification
Table of Contents PKCS #15: Conformance Profile Specification RSA Laboratories August 1, 2000 1 INTRODUCTION... 2 1 REFERENCES AND RELATED DOCUMENTS... 2 2 DEFINITIONS... 2 3 SYMBOLS AND ABBREVIATIONS...
More informationCracking bank PINs by playing Mastermind
Cracking bank PINs by playing Mastermind Riccardo Focardi and Flaminia L. Luccio Università Ca Foscari Venezia, {focardi,luccio}@dsi.unive.it Abstract. The bank director was pretty upset noticing Joe,
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationPayment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.
Payment Card Industry (PCI) PIN Transaction Security (PTS) Hardware Security Module (HSM) Evaluation Vendor Questionnaire Version 2.0 May 2012 Document Changes Date Version Author Description April 2009
More informationModelling Downgrading in Information Flow Security. A. Bossi, C. Piazza, and S. Rossi. Dipartimento di Informatica Università Ca Foscari di Venezia
Modelling Downgrading in Information Flow Security A. Bossi, C. Piazza, and S. Rossi Dipartimento di Informatica Università Ca Foscari di Venezia bossi, piazza, srossi @dsi.unive.it Joint Meeting MYTHS/MIKADO/DART,
More informationAuthenticated encryption
Authenticated encryption Mac forgery game M {} k R 0,1 s m t M M {m } t mac k (m ) Repeat as many times as the adversary wants (m, t) Wins if m M verify m, t = 1 Mac forgery game Allow the adversary to
More informationSecurity Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol. John Jersin Jonathan Wheeler. CS259 Stanford University.
Security Analysis of Bluetooth v2.1 + EDR Pairing Authentication Protocol John Jersin Jonathan Wheeler CS259 Stanford University March 20, 2008 Version 1 Security Analysis of Bluetooth v2.1 + EDR Pairing
More informationOracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1
Oracle Solaris Kernel Cryptographic Framework Software Version 1.0 and 1.1 FIPS 140-2 Non-Proprietary Security Policy Level 1 Validation Version 1.2 12/12/2013 Copyright 2013 Oracle Corporation Table of
More informationCategory: Informational June 2018 ISSN: The PKCS #8 EncryptedPrivateKeyInfo Media Type
Independent Submission S. Leonard Request for Comments: 8351 Penango, Inc. Category: Informational June 2018 ISSN: 2070-1721 Abstract The PKCS #8 EncryptedPrivateKeyInfo Media Type This document registers
More informationFPGA Implementation of Optimized DES Encryption Algorithm on Spartan 3E
FPGA Implementation of Optimized DES Encryption Algorithm on Spartan 3E Amandeep Singh, Manu Bansal Abstract - Data Security is an important parameter for the industries. It can be achieved by Encryption
More informationContents. Configuring SSH 1
Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list
More informationWatchKey ProX USB Token Cryptographic Module Hardware Version: K023314A Firmware Version:
Watchdata Technologies Pte Ltd. 7F Qiming International Mansion, No.101, Wangjing Lize Middle Park, Chaoyang District, Beijing, P.R.China, 100102 Phone : (8610)6472 2288 (8610)8047 8166 Email : marketing@watchdata.com
More informationAuthenticated Encryption in TLS
Authenticated Encryption in TLS Same modelling & verification approach concrete security: each lossy step documented by a game and a reduction (or an assumption) on paper Standardized complications - multiple
More informationExternal Encodings Do not Prevent Transient Fault Analysis
External Encodings Do not Prevent Transient Fault Analysis Christophe Clavier Gemalto, Security Labs CHES 2007 Vienna - September 12, 2007 Christophe Clavier CHES 2007 Vienna September 12, 2007 1 / 20
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationPhoenix: Rebirth of a Cryptographic Password-Hardening Service
Phoenix: Rebirth of a Cryptographic Password-Hardening Service Russell W.F. Lai 1,2 Christoph Egger 1 Dominique Schro der 1 Sherman S.M. Chow 2 1 Friedrich-Alexander-Universita t Erlangen-Nu rnberg University
More informationProtect Yourself Against Security Challenges with Next-Generation Encryption
Protect Yourself Against Security Challenges with Next-Generation Encryption agrieco@cisco.com mcgrew@cisco.com How to detect attacks? Malware Broken encryption 2 How to detect attacks? Malware Host Process
More informationInterface. Circuit. CryptoMate
A C O S 5 - C T M C r y p t o M a t e U S B T o k e n Version 1.5 03-2007, Email: info@acs.com.hk Website: www.acs.com.hk CryptoMate USB Token 1.0 Introduction Frustrated by network breaches like Trojan
More informationSolutions to exam in Cryptography December 17, 2013
CHALMERS TEKNISKA HÖGSKOLA Datavetenskap Daniel Hedin DIT250/TDA351 Solutions to exam in Cryptography December 17, 2013 Hash functions 1. A cryptographic hash function is a deterministic function that
More informationComparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance. By Akshay Thorat
Comparison of SSL/TLS libraries based on Algorithms/languages supported, Platform, Protocols and Performance By Akshay Thorat Table of Contents TLS - Why is it needed? Introduction- SSL/TLS evolution Libraries
More informationStorageTek Crypto Key Management System Version 2.x
StorageTek Crypto Key Management System Version 2.x Security and Authentication White Paper Part Number: 316198602 April 2010 Revision B Crypto Key Management System, Security and Authentication White
More informationIBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S)
IBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S) 1 Copyright IBM Corporation 1994, 2015. IBM Corporation Marketing Communications, Server Group Route 100 Somers, NY
More informationHow many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?
Homework 1. Come up with as efficient an encoding as you can to specify a completely general one-to-one mapping between 64-bit input values and 64-bit output values. 2. Token cards display a number that
More informationEncrypted Local, NAS iscsi/fcoe Storage with ZFS
Encrypted Local, NAS iscsi/fcoe Storage with ZFS OpenSolaris ZFS Crypto Project Darren Moffat James Hughes Anthony Scarpino Sun Microsystems Inc. ZFS Elevator Pitch To create a reliable storage system
More informationThe inverse of a matrix
The inverse of a matrix A matrix that has an inverse is called invertible. A matrix that does not have an inverse is called singular. Most matrices don't have an inverse. The only kind of matrix that has
More informationDesigning Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationVersion 2.0. FIPS Non-Proprietary Security Policy. Certicom Corp. September 27, 2005
Security Builder R FIPS Java Module Version 2.0 FIPS 140-2 Non-Proprietary Security Policy Certicom Corp. September 27, 2005 c Copyright 2005 Certicom Corp. This document may be freely reproduced and distributed
More informationConcrete cryptographic security in F*
Concrete cryptographic security in F* crypto hash (SHA3) INT-CMA encrypt then-mac Auth. encryption Secure RPC some some some adversary attack attack symmetric encryption (AES). IND-CMA, CCA2 secure channels
More informationBarco ICMP FIPS Non-Proprietary Security Policy
Barco FIPS 140-2 Non-Proprietary Security Policy 1 Page 1 of 26 Table of Content Table of Content... 2 1 Introduction... 3 1.1 Security Level... 3 1.2 Cryptographic Boundary... 4 1.3 FIPS 140-2 Approved
More informationApache Commons Crypto: Another wheel of Apache Commons. Dapeng Sun/ Xianda Ke
Apache Commons Crypto: Another wheel of Apache Commons Dapeng Sun/ Xianda Ke About us Dapeng Sun @Intel Apache Commons Committer Apache Sentry PMC Xianda Ke @Intel Apache Commons Crypto Apache Pig(Pig
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationPADDING ORACLE FOR THE MASSES
PADDING ORACLE FOR THE MASSES 1 What is this presentation about? This presentation is a scrap book from our experience developing a reliable exploit against ASP.Net It tooks 2 people working full time
More informationAnonymous Instant Messaging via P2P Onion Routing. Kyle Thompson
Anonymous Instant Messaging via P2P Onion Routing Kyle Thompson April 21, 2017 1 Kyle Thompson Honours Project - Page 2 Contents 1 Introduction 3 1.1 Context.................................... 3 1.2 Problem
More information