Chip Authentication for E-Passports: PACE with Chip Authentication Mapping v2
|
|
- Lora Anissa Wood
- 6 years ago
- Views:
Transcription
1 v.2 Chip Authentication for s: with Chip Authentication Mapping v2 Lucjan Mirosław Wrocław University of Science and Technology, Poland ISC 2016, Honolulu
2 Electronic Passport v.2 e-passport and ebooth: 1 automatic travel document inspection 2 high security level 3 an advanced cryptographic scheme behind it
3 general data v.2 hardware a chip embedded into a travel document, wireless communication with a reader
4 general data v.2 hardware a chip embedded into a travel document, wireless communication with a reader passive EPassport functions electronic copy of the holder s data, in particular: biometry (high quality face image, fingerprints)
5 general data v.2 hardware a chip embedded into a travel document, wireless communication with a reader passive EPassport functions electronic copy of the holder s data, in particular: biometry (high quality face image, fingerprints) active functions a secure cryptographic suite for interaction with a Document Verifier
6 issues v.2 data quality passport holder s data confirmed by the passport Issuer in a strong cryptographic way: upside: data forgery infeasible (as long as crypto not broken) downside: high quality data might be transferred to a third party a digital signature for personal data authentication creates a security threat
7 issues v.2 data quality passport holder s data confirmed by the passport Issuer in a strong cryptographic way: upside: data forgery infeasible (as long as crypto not broken) downside: high quality data might be transferred to a third party a digital signature for personal data authentication creates a security threat epassport as a ticket no clones: infeasible to create a device mimicking the epassport, e.g. no replay attacks presence: the epassport must be physically present during inspection
8 issues v.2 data quality passport holder s data confirmed by the passport Issuer in a strong cryptographic way: upside: data forgery infeasible (as long as crypto not broken) downside: high quality data might be transferred to a third party a digital signature for personal data authentication creates a security threat epassport as a ticket no clones: infeasible to create a device mimicking the epassport, e.g. no replay attacks presence: the epassport must be physically present during inspection unauthorized use epassport must not be activated without the consent of its holder
9 Requirements for epassport v.2 The verifier must be sure that: 1 he is talking with a genuine epassport 2 the data received really come from this epassport The epassport: 1 must know that it is talking with an authorized reader 2 interacts only when presented by its holder In particular, epassport must be a secure device, working exactly according to specification and manipulation resistant.
10 ICAO standards International Civil Aviation Organization v.2 Role of ICAO ICAO creates the facto standards if a passport has to be recognized worldwide, then it necessary to adhere to the standard Problems pragmatic: minimalistic requirements, somewhat insecure... but improving step by step 1 10 years validity period for passports, backward compatibility 2 conflicting interests/approaches (e.g. regarding personal data protection) 3 system scale, number of authorities worldwide making final decisions
11 criteria v.2 hardware simple and inexpensive chip small memory, low computational complexity, low communication complexity protocols system long term stability of protocols future security extensions without major rebuilding minimalistic infrastructure standard components, solutions already checked in practice,...
12 Basic Components v.2 Terminal Authentication the terminal proves its rights to access the data from the epassport Chip Authentication the epassport proves that it is a genuine one and has been issued by the passport authorities Password Authentication the epassport checks that the reader has got a password/card Access Number/PIN from the document holder Secure Channel a channel established between the reader and the epassport guarantees data confidentiality and integrity
13 Realization v.2 Optimization try to achieve combined goals with one protocol time and space complexity is critical strict bounds hardware acceleration for certain cryptographic operations no freedom to redesign the cryptographic coprocessor
14 main points v.2 Password Authenticated Connection Establishment 1 creates an authenticated encrypted channel iff correct password used by the reader 2 password guessing as hard as possible: a reader interacting with a chip may try one password per session no offline dictionary attacks 3 designed by German BSI authority, adopted by ICAO 4 in the future obligatory for biometric passports in the EU
15 versions v.2 -GM General Mapping: originally designed by BSI designed to avoid US patents -IM Integrated Mapping: redesigned in France simplifications, efficiency improvements (again patents)
16 -GM parameters v.2 Chip holds: π - password parameters Reader holds: π - password, input from owner
17 password dependent data v.2 Chip K π := H(0 π) choose s Z q z := ENC(K π, s) choose y A Z q Y A := g y A abort if Y B g \{1} h := Y y A, ĝ := h gs h B choose y A Z q Y A := ĝy A z Y B Y A Y B Reader K π := H(0 π) s := DEC(K π, z) choose y B Z q Y B := g y B abort if YA g \{1} := Y y B, ĝ := h gs A choose y B Z q Y B := ĝy B check Y B Y Y A B check Y A Y A K := Y B y A K := Y Ay B K... := H(... K ) K... := H(... K )
18 the first DH key exchange - base establishment v.2 Chip K π := H(0 π) choose s Z q z := ENC(K π, s) choose y A Z q Y A := g y A abort if Y B g \{1} h := Y y A, ĝ := h gs h B choose y A Z q Y A := ĝy A z Y B Y A Y B Reader K π := H(0 π) s := DEC(K π, z) choose y B Z q Y B := g y B abort if Y A g \{1} := Y y B, ĝ := h gs A choose y B Z q Y B := ĝy B check Y B Y Y A B check Y A Y A K := Y B y A K := Y Ay B K... := H(... K ) K... := H(... K )
19 the second Diffie-Hellman for key establishment v.2 Chip K π := H(0 π) choose s Z q z := ENC(K π, s) choose y A Z q Y A := g y A abort if Y B g \{1} h := Y y A, ĝ := h gs h B choose y A Z q Y A := ĝy A check Y B Y B z Y B Y A Y B Y A Reader K π := H(0 π) s := DEC(K π, z) choose y B Z q Y B := g y B abort if YA g \{1} := Y y B, ĝ := h gs A choose y B Z q Y B := ĝy B check Y A Y A K := Y B y A K := Y Ay B K... := H(... K ) K... := H(... K )
20 final phase - proof of possession and deriving keys v.2 Chip Reader K := Y B y A K := Y Ay B K ENC := H(1 K ) K ENC := H(1 K ) K MAC := H(2 K ) K MAC := H(2 K ) K MAC := H(3 K ) K MAC := H(3 K ) T A := T B := MAC(K MAC, (Y B, G)) T B MAC(K MAC, (Y A, G)) abort if T B invalid T A abort if T A invalid the chip interrupts if it discovers that the tag of the reader is wrong, until this moment all data sent to the reader by the chip have uniform probability distribution for every password and for every choice of the reader
21 Integrated mapping v.2 -GM epassport: choose y C R Z q Y C = g y C abort if... h = Y y C R ĝ = h g s Y R Y C Reader: choose y R R Z q Y R = g y R abort if... h = Y y R C ĝ = h g s -IM epassport: Reader: choose r R Z q r ĝ = Hash EC (s, r) ĝ = Hash EC (s, r)
22 password authentication, key establishment, chip authentication v.2 Goal make minimal changes in so that it provides chip authentication as well History reusing randomness for Schnorr Signature: -AA for Machine Readable Travel Document, and its, J.Bender, Ö.Dagdelen, M. Fischlin, D.Kügler, Financial Crypto 2012 the current trick from CAM: Simplified -AA, L. L.Krzywiecki, M., ISPEC 2013, May 2013 the same: The -CA for Machine Readable Travel Documents, J.Bender, M. Fischlin, D.Kügler, INTRUST 2013, 2013 adopted by ICAO under the name CAM: ISO/IEC JTC1 SC17 WG3/TF5 for ICAO. Supplemental Access Control for Machine Readable Travel Documents v1.1. April 2014.
23 Slides from ISPEC 2013 v.2 Chip π x A, X A = g x A random s chosen choose y A Z q Y A := g y A abort if... h := Y y h A, ĝ := h gs B choose y A Z q Y A := ĝy A check... y A ) ENC(K π,s) Reader π retrieve s choose y B Z q Y B := g y B Y A abort if... := Y yb, ĝ := h gs A Y B choose y B Z q Y B := ĝy B Y A check... K... := H(... Y B K... := H(... Y A...tags checked......tags checked E K (w,cert A )) SC w := y A /x A decrypt with K SC check certificate cert A abort if XA w Y A y B )
24 v.2, more secure version (not adopted by ICAO) Slides from ISPEC 2013 Chip Reader π, x A, X A = g x A π random s chosen ENC(K π,s) retrieve s choose y A Z q Y A := X y A A abort if... h := (Y y A B )x A, ĝ := h g s choose y A Z q Y A := ĝy A check... y A ) choose y B Z q Y B := g y B Y B Y A abort if... h := Y yb, ĝ := h gs A Y B choose y B Z q Y B := ĝy B Y A check... K... := H(... Y B K... := H(... Y A...tags checked......tags checked E K (w,cert A )) SC w := y A decrypt with K SC check certificate cert A abort if XA w Y A y B )
25 versus IM v.2 Problems it does work for GM only but more efficient should we fall back to GM? No. Solution given in this paper Moreover, the security argument based on reduction to a standard crypto assumption (SDH-2).
26 with new version for the SAC standard v.2 epassport: Reader: password π password π secret key sk C public key pk C certificate cert C for pk C K π = Hash(π) K π = Hash(π) choose s Z q z z = Enc(K π, s) s = Dec(K π, z) Mapping Function derive gˆ 1 with IM or GM derive gˆ 1 with IM or GM choose y C Z q choose y R Z q Y C = gˆ 1 y C K = Y R y C derive other keys from K w = y C /sk C c = Enc(K Enc, (w, cert C )) Y R Y C c Y R = gˆ 1 y R K = Y C y R derive other keys from K (w, cert C ) = Dec(K Enc, c) check cert C and extract pk C abort if e(y C, g 2) e(ĝ, pk C ) w
27 with IM properties v.2 implementation issues pairings used, but only on the side of the reader the epassport needs to perform computations in the first group only computing pairings on the reader is not a problem (no resource limitations)
28 Main properties properties v.2 AKE easy, follows from the proof for Impersonation Resistance a draft to be in the paper: a reduction to 2-Strong DH Problem: Given (g 1, g x 1, g x2 1, g 2, g x 2 ) G 3 1 G 2 2, output (c, g 1/(x+c) 1 ) Z q G 1. the reduction construction is relatively short, but tedious to follow Other other nice properties inherited from : simultability, behavior during faulty sessions, resilience to ephemeral key leakage,... proofs analogous to the ideas from ISPEC 2013
29 v.2 Achieved security based on a standard assumption no pairings on the chip required minimal changes to the existing standard Challenges is it optimal? hard to imagine how to simplify it... it might be that we still have no ultimate solution for all epassport components (e.g. Terminal Authentication and its PKI)
30 v.2 Thanks for your attention! Contact data 1 Miroslaw.Kutylowski@pwr.edu.pl
2 Electronic Passports and Identity Cards
2 Picture source: www.bundesdruckerei.de Paper based Passport Radio Frequency (RF) Chip Electronic Passport (E Pass) Biographic data Human readable Partially machine readable (optically) Conventional
More informationSecurity of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada
Security of Biometric Passports ECE 646 Fall 2013 Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada CONTENTS Introduction to epassports Infrastructure required for epassports Generations
More informationMACHINE READABLE TRAVEL DOCUMENTS
MACHINE READABLE TRAVEL DOCUMENTS TECHNICAL REPORT Supplemental Access Control for Machine Readable Travel Documents Version 1.1 Date 15 April 2014 Published by authority of the Secretary General ISO/IEC
More informationAdvanced Security Mechanisms for Machine Readable Travel Documents and eidas Token
Technical Guideline TR-03110-1 Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token Part 1 emrtds with BAC/PACEv2 and EACv1 Version 2.20 26. February 2015 History Version
More informationThis paper focuses on the issue of increased biometric content. We have also published a paper on inspection systems.
White Paper 1 INTRODUCTION As ICAO 1 -compliant epassports come into widespread use in Q4 of 2006, it is an appropriate moment to review some of the initiatives required for the next stage of development.
More informationHomework 3: Solution
Homework 3: Solution March 28, 2013 Thanks to Sachin Vasant and Xianrui Meng for contributing their solutions. Exercise 1 We construct an adversary A + that does the following to win the CPA game: 1. Select
More informationPast & Future Issues in Smartcard Industry
Past & Future Issues in Smartcard Industry Ecrypt 2 Summer School Guillaume Dabosville Oberthur Technologies Oberthur Technologies the group its divisions payment, mobile, transport and digital TV markets
More informationSecurity Mechanism of Electronic Passports. Petr ŠTURC Coesys Research and Development
Security Mechanism of Electronic Passports Petr ŠTURC Coesys Research and Development Smartcard CPU 16/32 bit 3.57MHz (20MHz) 1.8 / 3/ 5 V ROM 16-300 kb RAM 1-8 kb EEPROM 8-128kB Contactless communication
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationIntroduction to Electronic Identity Documents
Tutorial Introduction to Electronic Identity Documents Klaus Schmeh cryptovision I'm Klaus Schmeh, Chief Editor Marketing at cryptovision. I have published a number of books. Identity Documents Conventional
More informationCSCE 813 Internet Security Final Exam Preview
CSCE 813 Internet Security Final Exam Preview Professor Lisa Luo Fall 2017 Coverage All contents! Week1 ~ Week 15 The nature of the exam: 12 questions: 3 multiple choices questions 1 true or false question
More informationRoadmap for Implementation of New Specifications for MRTDs
for MRTDs For Publication on the ICAO Website Roadmap for Implementation of New Specifications for MRTDs DISCLAIMER: All reasonable precautions have been taken by the International Civil Aviation Organization
More informationHash-based Encryption Algorithm to Protect Biometric Data in e-passport
Hash-based Encryption Algorithm to Protect Biometric Data in e-passport 1 SungsooKim, 2 Hanna You, 3 Jungho Kang, 4 Moonseog Jun 1, First Author Soongsil University, Republic of Korea, indielazy@ssu.ac.kr
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationVerifying emrtd Security Controls
Blackhat Europe 2010 Verifying emrtd Security Controls Raoul D Costa 1 3M 2010. All Rights Reserved. Agenda Overview of ICAO / EU Specifications emrtds decomposed emrtd Infrastructure (PKI) Inspecting
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationCOMPGA12 1 TURN OVER
Applied Cryptography, COMPGA12, 2009-10 Answer ALL questions. 2 hours. Marks for each part of each question are indicated in square brackets Calculators are NOT permitted 1. Multiple Choice Questions.
More informationAn emrtd inspection system on Android. Design, implementation and evaluation
An emrtd inspection system on Android Design, implementation and evaluation Halvdan Hoem Grelland Master s Thesis Spring 2016 An emrtd inspection system on Android Halvdan Hoem Grelland 2nd May 2016 ii
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationBiometric Passport from a Security Perspective
Biometric Passport from a Security Perspective Gildas Avoine INSA Rennes/IRISA Institut Universitaire de France SUMMARY Passport Primer Memory Content Cryptographic Mechanisms defined by ICAO Additional
More informationCS 395T. Formal Model for Secure Key Exchange
CS 395T Formal Model for Secure Key Exchange Main Idea: Compositionality Protocols don t run in a vacuum Security protocols are typically used as building blocks in a larger secure system For example,
More informationSecurity Target Lite SK e-pass V1.0
Ref.: Security Target Lite SK e-pass V1.0 Table of Contents 1 INTRODUCTION... 6 1.1 ST AND ST-LITE IDENTIFICATION... 6 1.2 TOE IDENTIFICATION... 6 1.3 CC AND PP CONFORMANCE... 6 1.4 CONVENTIONS... 7 1.5
More informationCrypto Background & Concepts SGX Software Attestation
CSE 5095 & ECE 4451 & ECE 5451 Spring 2017 Lecture 4b Slide deck extracted from Kamran s tutorial on SGX, presented during ECE 6095 Spring 2017 on Secure Computation and Storage, a precursor to this course
More informationSecurity Mechanisms and Access Control Infrastructure for e-passports and General Purpose e-documents
Journal of Universal Computer Science, vol. 15, no. 5 (2009), 970-991 submitted: 1/8/08, accepted: 28/2/09, appeared: 1/3/09 J.UCS Security Mechanisms and Access Control Infrastructure for e-passports
More informationConformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek
Conformity and Interoperability Key Prerequisites for Security of eid documents Holger Funke, 27 th April 2017, ID4Africa Windhoek Agenda 1. About secunet Security Networks AG 2. Timeline of interoperability
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More informationLecture 8: Cryptography in the presence of local/public randomness
Randomness in Cryptography Febuary 25, 2013 Lecture 8: Cryptography in the presence of local/public randomness Lecturer: Yevgeniy Dodis Scribe: Hamidreza Jahanjou So far we have only considered weak randomness
More informationWhitepaper: GlobalTester Prove IS
Whitepaper: GlobalTester Prove IS Testing of EAC inspection systems By HJP Consulting GmbH Introduction There have been a lot of activities in standardization to define conformity tests for e-passports.
More informationSecurity Target Lite for CEITEC epassport Module CTC21001 with EAC
Security Target Lite for CEITEC epassport Module CTC21001 with EAC Version 2.0 12/Dec/2016 Document History 1.0 First version 2.0 Clarifications to section 7.1 CEITECSA 5.410.052 1 Table of contents 1
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More information1 Defining Message authentication
ISA 562: Information Security, Theory and Practice Lecture 3 1 Defining Message authentication 1.1 Defining MAC schemes In the last lecture we saw that, even if our data is encrypted, a clever adversary
More informationEU Passport Specification
Biometrics Deployment of EU-Passports EU Passport Specification (EN) 28/06/2006 (As the United Kingdom and Ireland have not taken part in the adoption of this measure, an authentic English version of the
More informationDeploying a New Hash Algorithm. Presented By Archana Viswanath
Deploying a New Hash Algorithm Presented By Archana Viswanath 1 function? Hash function - takes a message of any length as input - produces a fixed length string as output - termed as a message digest
More informationOffline dictionary attack on TCG TPM weak authorisation data, and solution
Offline dictionary attack on TCG TPM weak authorisation data, and solution Liqun Chen HP Labs, UK Mark Ryan HP Labs, UK, and University of Birmingham Abstract The Trusted Platform Module (TPM) is a hardware
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationIdeal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012
Ideal Security Protocol Satisfies security requirements Requirements must be precise Efficient Small computational requirement Small bandwidth usage, network delays Not fragile Works when attacker tries
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 18013-3 Second edition 2017-04 Information technology Personal identification ISO-compliant driving licence Part 3: Access control, authentication and integrity validation
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationKey Agreement Schemes
Key Agreement Schemes CSG 252 Lecture 9 November 25, 2008 Riccardo Pucella Key Establishment Problem PK cryptosystems have advantages over SK cryptosystems PKCs do not need a secure channel to establish
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationThe epassport: What s Next?
The epassport: What s Next? Justin Ikura LDS2 Policy Sub-Group Co-chair Tom Kinneging Convenor of ISO/IEC JTC1 SC17 WG3 International Organization for Standardization (ISO) Strengthening Aviation Security
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationKey management. Pretty Good Privacy
ECE 646 - Lecture 4 Key management Pretty Good Privacy Using the same key for multiple messages M 1 M 2 M 3 M 4 M 5 time E K time C 1 C 2 C 3 C 4 C 5 1 Using Session Keys & Key Encryption Keys K 1 K 2
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationE-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS
E-PASSPORT SCHEME USING AUTHENTICATION PROTOCOLS ALONG WITH FACE, FINGERPRINT, PALMPRINT AND IRIS BIOMETRICS 1 V.K. Narendira Kumar and 2 B. Srinivasan 1 Assistant Professor, Department of Information
More informationElectronic passports
Electronic passports Zdeněk Říha, Václav Matyáš, Petr Švenda Faculty of Informatics, Masaryk University, Brno, Czech Republic {zriha,matyas,svenda}@fi.muni.cz February 2008 A number of countries have been
More informationAn Overview of Electronic Passport Security Features
An Overview of Electronic Passport Security Features Zdeněk Říha Faculty of Informatics, Masaryk University, Botanická 68A, 602 00 Brno, Czech Republic zriha@fi.muni.cz Abstract. Electronic passports include
More informationHY-457 Information Systems Security
HY-457 Information Systems Security Recitation 1 Panagiotis Papadopoulos(panpap@csd.uoc.gr) Kostas Solomos (solomos@csd.uoc.gr) 1 Question 1 List and briefly define categories of passive and active network
More informationLecture 18 Message Integrity. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422
Lecture 18 Message Integrity Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller & Bailey s ECE 422 Cryptography is the study/practice of techniques for secure communication,
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationCan eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010
Can eid card make life easier and more secure? Michal Ševčík Industry Solution Consultant Hewlett-Packard, Slovakia ITAPA, November 9 th, 2010 Content eid Primary Functions eid Privacy Features and Security
More informationAuthenticating People and Machines over Insecure Networks
Authenticating People and Machines over Insecure Networks EECE 571B Computer Security Konstantin Beznosov authenticating people objective Alice The Internet Bob Password= sesame Password= sesame! authenticate
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationCSC 5930/9010 Modern Cryptography: Public Key Cryptography
CSC 5930/9010 Modern Cryptography: Public Key Cryptography Professor Henry Carter Fall 2018 Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationBiometrics. Overview of Authentication
May 2001 Biometrics The process of verifying that the person with whom a system is communicating or conducting a transaction is, in fact, that specific individual is called authentication. Authentication
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationExercises with solutions, Set 3
Exercises with solutions, Set 3 EDA625 Security, 2017 Dept. of Electrical and Information Technology, Lund University, Sweden Instructions These exercises are for self-assessment so you can check your
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Security Handshake Pitfalls Login only Mutual
More informationKey management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution 1 Using the same key for multiple
More informationAn Overview of Electronic Passport Security Features
An Overview of Electronic Passport Security Features Zdeněk Říha Faculty of Informatics, Masaryk University, Botanická 68A, 602 00 Brno, Czech Republic zriha@fi.muni.cz Abstract. Electronic passports include
More informationIMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP
IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP North America Latin America Europe 877.224.8077 info@coalfire.com coalfire.com Coalfire sm and CoalfireOne sm are registered service
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationECEN 5022 Cryptography
Introduction University of Colorado Spring 2008 Historically, cryptography is the science and study of secret writing (Greek: kryptos = hidden, graphein = to write). Modern cryptography also includes such
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationfor Compound Authentication
Verified Contributive Channel Bindings for Compound Authentication Antoine Delignat-Lavaud, Inria Paris Joint work with Karthikeyan Bhargavan and Alfredo Pironti Motivation: Authentication Composition
More informationECE 646 Lecture 3. Key management
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationThe Match On Card Technology
Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationSecurity Handshake Pitfalls
Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationNetwork Security and Cryptography. December Sample Exam Marking Scheme
Network Security and Cryptography December 2015 Sample Exam Marking Scheme This marking scheme has been prepared as a guide only to markers. This is not a set of model answers, or the exclusive answers
More informationHow To Secure Electronic Passports. Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201
How To Secure Electronic Passports Marc Witteman & Harko Robroch Riscure 02/07/07 - Session Code: IAM-201 Other personal info on chip Other less common data fields that may be in your passport Custody
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationNon Person Identities After all, who cares about me? Gilles Lisimaque & Dave Auman Identification technology Partners, Inc.
Identities Non Person Identities After all, who cares about me? Gilles Lisimaque & Dave Auman Identification technology Partners, Inc. Device Identifiers Most devices we are using everyday have (at least)
More informationBreaking and Fixing Public-Key Kerberos
Breaking and Fixing Public-Key Kerberos Iliano Cervesato Carnegie Mellon University - Qatar iliano@cmu.edu Joint work with Andre Scedrov, Aaron Jaggard, Joe-Kai Tsay, Christopher Walstad ASIAN 06 December
More informationWhat is RFID, where is it being used and why? Security implications of RFID Why is it being used to secure passports? The methodology used to asses
Matthew Sirotich What is RFID, where is it being used and why? Security implications of RFID Why is it being used to secure passports? The methodology used to asses epassports and create its successor
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationKey Establishment and Authentication Protocols EECE 412
Key Establishment and Authentication Protocols EECE 412 1 where we are Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationRemote E-Voting System
Remote E-Voting System Crypto2-Spring 2013 Benjamin Kaiser Jacob Shedd Jeremy White Phases Initialization Registration Voting Verifying Activities Trusted Authority (TA) distributes 4 keys to Registrar,
More informationLDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance
LDS2 Concept and Overview: Exploring Possibilities in Travel Border Clearance Overview Current generation of epassports Benefits and Limits of an epassport Overview of the next generation epassport Applications
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationPassword Authenticated Key Exchange by Juggling
A key exchange protocol without PKI Feng Hao Centre for Computational Science University College London Security Protocols Workshop 08 Outline 1 Introduction 2 Related work 3 Our Solution 4 Evaluation
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationTechnological foundation
Technological foundation Carte à puce et Java Card 2010-2011 Jean-Louis Lanet Jean-louis.lanet@unilim.fr Cryptology Authentication Secure upload Agenda Cryptology Cryptography / Cryptanalysis, Smart Cards
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationCIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols
CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate
More informationSecuring Transactions with the eidas Protocols
A preliminary version appears in WISTP 2016, Lecture Notes in Computer Science, Springer-Verlag, 2016. This version is dated July 7, 2016. Securing Transactions with the eidas Protocols Frank Morgner 1
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationRefining Computationally Sound Mech. Proofs for Kerberos
Refining Computationally Sound Mechanized Proofs for Kerberos Bruno Blanchet Aaron D. Jaggard Jesse Rao Andre Scedrov Joe-Kai Tsay 07 October 2009 Protocol exchange Meeting Partially supported by ANR,
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationBreaking and Fixing Public-Key Kerberos
Breaking and Fixing Public-Key Kerberos Iliano Cervesato Carnegie Mellon University - Qatar iliano@cmu.edu Joint work with Andre Scedrov, Aaron Jaggard, Joe-Kai Tsay, Christopher Walstad Qatar University
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationPROVING WHO YOU ARE TLS & THE PKI
PROVING WHO YOU ARE TLS & THE PKI CMSC 414 MAR 29 2018 RECALL OUR PROBLEM WITH DIFFIE-HELLMAN The two communicating parties thought, but did not confirm, that they were talking to one another. Therefore,
More information