TLS (TRANSPORT LAYER SECURITY) PROTOCOL
|
|
- Helen Pearson
- 5 years ago
- Views:
Transcription
1 TLS ATTACKS CHRISTA PHILIPPOU PROFESOR: ELIAS AHANASOPOULOS UNIVERSITY OF CYPRUS EPL 682 ADVANCED SECURITY TOPICS Ø ON THE EFFECTIVE PREVENTION OF TLS MAN-IN-THE-MIDDLE ATTACKS IN WEB APPLICATIONS. USENIX SECURITY TLS supports several symmetric encryption (one secret key): A scheme based on the RC4 stream. This paper proves the weakness of TLS when RC4 is selected for the encryption process. Paper`s results are supported by an experimental evaluation of the feasibility of the attacks, that show the weakness, as mention above. More specific the goals of this pares are: To evaluate the RC4 vulnerability by an attack to a connection between two edges, above TLS Protocol with RC4 encryption. Recommends defenses/ countermeasures for data safety based on the above protocol and encryption method. Supports that RC4 should henceforth be avoided in TLS, and deprecated as soon as possible. TLS (TRANSPORT LAYER SECURITY) PROTOCOL HOW IT WORKS? It takes place when two parties client and server come across each other for the first time. A TLS session consists of two phases: Phase 1: TLS Handshake 1. The TLS Handshake (establish a secure session key). After the completion of the TCP threeway handshake and before exchange of application data over TLS, the encrypted tunnel must be negotiated, so the client and the server must: Agree on the version of the TLS protocol Choose the cipher-suite Verify certificates if necessary. (Startup latency)
2 Example 1: 1 Figure 1: TCP connection establishment example TLC handshake - the client and the server must agree on the version of the TLS protocol, choose the cipher-suite, and verify certificates if necessary. * * Example 2: Imagine this handshake process as a dialog between the two. Client: Hello there. I want to establish secure communication between the two of us. Here are my cipher suits and compatible TLS version. Server: Hello Client. I have checked your cipher suits and TLS version. I think we re good to go ahead. Here are my certificate file with my public key. Check them out. Client: Let me verify your certificate. (After a while) Okay, it seems fine, but I need to verify your private key. What I ll do is, I will generate and encrypt a pre-master (shared secret key) key using your public key. Decrypt it using your private key and we ll use a master key to encrypt and decrypt the information. Server: Done. [Now that both the parties know who they re talking to, the information transferred between them will be secured using the master-key. Keep in mind that once the verification part is over, the encryption takes place through the master-key only. This is symmetric encryption.] 2
3 Client: I m sending you this sample message to verify that our master-key works. Send me the decrypted version of this message (kind of authentication). If it works, our data is in safe hands. Server: Yeah, it works. I think we ve accomplished what we were looking for. Figure 2: The TLS handshake process simplified. * From now on, every bit of data transmitted back and forth between client and server will be encrypted. This is called the SSL/TLS handshake process. Phase 2: TLS Record Protocol 2. The TLS Record Protocol (uses symmetric key cryptography) is responsible for securing application data and verifying its integrity and origin. It manages the following: Dividing outgoing messages into manageable blocks, and reassembling incoming messages (Fragmentation see figure 3). Compressing outgoing blocks and decompressing incoming blocks (optional) (Compression see figure 3). Applying a Message Authentication Code (MAC) to outgoing messages, and verifying incoming messages using the MAC (HMAC function see figure 3). Encrypting outgoing messages and decrypting incoming messages (Encryption Decryption see figure 3). When the Record Protocol is complete, the outgoing encrypted data is passed down to the Transmission Control Protocol (TCP) layer for transport. 3
4 This paper mentioned that there are three encryption methods/ options: HMAC followed by CBC-mode encryption using a block cipher (is not a symmetric operation). HMAC followed by encryption using the RC4 stream cipher (is not a symmetric operation). (Widespread adopted) Authenticated encryption (πιστοποιημένη κρυπτογράφηση/ κρυπτογράφυση με πιστοποίηση) using GCM or CCM-mode of operation of a block cipher. àwhich one is selected for analysation and Why? However, they analysed only the second one. [They performed analysis of 16 billion TLS connections. Around of 50% of the traffic was protected HMAC followed by encryption using RC4 cipher-suits, so the first and the third method has very less than 50%, each.] TLS Record Protocol provides a secure connection based on reliability and privacy by using unique generated (symmetric) key encryption (per connection). Example 1: Figure 3: TLS Record Protocol - Cryptographic operation with RC4 encryption method. RC4 (RIVEST CHIPHER 4) 4 HOW IT WORKS? RC4 was designed in 1987 by Ron Rivest (the same person who designed the RSA). RC4 is used in TLS Report Protocol (second) phase to generate a pseudo-random stream of bits (a keystream). As with any stream cipher, these can be used for encryption by combining it with the plaintext using bit-wise exclusive-or (XOR). Decryption is performed the same way (since XOR is
5 a symmetric operation/ αμφίδρομη διαδικασία). To generate the key stream, RC4 generates a pseudorandom stream of bits (a keystream): 1. A permutation of all 256 possible bytes ("S" in example below). 2. Two 8-bit index-pointers ("i" and "j" in example below). The permutation is initialized with a variable length key/ seed (called K ) typically between 40 and 256 bits, using the key-scheduling algorithm (KSA). Then the stream of bits is generated by a pseudo-random generation algorithm (PRGA). Permutation: is initialized with a variable length key, typically between 40 and 256 bits, using the Key Scheduling Algorithm (KSA). Once this has been completed, the stream of bits is generated using the Pseudo-Random Generation Algorithm (PRGA). KSA KEY SCHEDULING ALGORITHM HOW IT WORKS? 1. Vector Initialization: i. State Vector S (with values 0 255). ii. Temporary Vector T (with values based on user selected key/ seed, K). Example of possible T, iff key/ seed K is [0,1,1,0]*: [0,1,1,0, 0,1,1,0, 0,1,1,0, ] *Key size K> 40. The above key length is used only for this example. 2. KSA: i. Initial permutation of S (based on T). ii. Key k and vector T are discarded. Example 1: key, key, key, è A random order of numbers in range [0-255]. Figure 4: KSA Initial and final state of vector S that is used as a key stream afterwards. 5
6 PSEUDO-RANDOM GENERATION ALGORITHM (PRGA). HOW IT WORKS? PRGA is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNGgenerated sequence is not truly random, because it is completely determined by an initial value, called the seed. Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom number generators are important in practice for their speed in number generation and their reproducibility. Stages: 1. Cycling through the S (see figure 4) from S[0] to S[255] to produce pseudorandom byte keystream. 2. Each key k is generated. 3. Vector S is subjected to another permutation. ATTACKS CHIPHER TEXT RECOVERY Basic Idea: SINGLE BYTE BIAS ATTACK It presents two plaintext recovery attacks on RC4 that are exploitable from the adversary when this cipher is used for encryption in TLS. Both attacks require a fixed plaintext to be RC4-encrypted and transmitted many times in succession (in the same, or in multiple independent RC4 keystreams). A statistical analysis of cipher-texts forms the core of their attacks. 1. Single Byte Bias Attack: Targets the initial 256 bytes of RC4 ciphertext. It is fixed-plaintext and multi-session à Requires a fixed sequence of plaintext bytes to be independently encrypted under a large number of (random) keys ( broadcast attack ). The first 36 bytes are used to encrypt TLS Handshake Finished, so the header is not fixed across TLS sessions. As a consequence, the methods can be applied only to recover up 220 byte of the plaintext. Actually, what helps reaserchers to find out that there is a way to recover the initial chipertext is the fact of patterns repetition between deferent encryptions of the same chipertext (εκμεταλλεύονται τα στατιστικά μοτίβα κωδικοποίησης). Attacks exploits statistical biases. Seemingly follows specific patterns! o Example 1: almost every character e encrypts with the character a. o Example 2: most of the bits are encrypted with the bit 0 à Not a uniform distribution. 6
7 àadvantage for frequency analysation (the frequency of occurrence of 1 and 0 are not approximately equal). àincrease of statistics because of lack full randomness. ànot really unpredictable encrypted chipertext. Exploits biases in the entire keystream (cipher text) byte by byte. [The first significant bias was observed: For a given byte position of the cipher, the probability to be equal to a specific value can be calculated.] Exploits biases in the entire keystream (cipher text) in consecutive pairs of bytes. Evaluation of the probability of the occurrence for each bytes pair (i, i+1) WHERE 256 MOD i= 0. In contrast to Single byte Bias attack, most of the identified multi-byte biases are long term : which appear periodically at regular intervals. (for every byte i, where 256 MOD i = 0, eg. 8, 16, 32, 64,..) The first and the last byte of plaintext was known. Automated mechanism for generating a large number of encryptions of the target cookie ( multi-session with fixed plaintext ) (eg. With malware JavaScript running in the victim s browser). 2. Double - byte bias attack: Exploits biases in the entire keystream (cipher text) in consecutive pairs of bytes. Evaluation of the probability of the occurrence for each bytes pair (i, i+1) WHERE 256 MOD i= 0. In contrast to Single byte Bias attack, most of the identified multi-byte biases are long term : which appear periodically at regular intervals (in every position byte i, where 256 MOD i = 0, eg. 8, 16, 32, 64,..). The first and the last byte of plaintext was known. NOTE THAT: Before the cookie large number of HTTP headers take place. [..known header bytes.. <cookie>..known header..] àso about the bytes before and after cookie we are not interested in.àcookie appears after the first 220 bytes! Based on results: With 13 * 2 "# encryptions of a fixed plaintext the success rate of 16 bytes recovering was 100% (see below figure 9, 10). RESULTS FOR SINGLE BYTE BIAS ATTACK MEASURE DISTRIBUTIONS OF RC4 KEYSTRAM 7
8 Analyse the 16 th byte of keystream (Z 16 ): Value 16 Value 240 Figure 5: The axis-x represents the byte position in the chiphertext. The axis-y represents the probability of appearance for each byte of the ciphertext. To make this graph this experiment took place by generating 2 )# keystreams to encrypt the same plaintext. Analyse the 32 th byte of keystream (Z 32 ): Figure 6: The axis-x represents the byte position in the chiphertext. The axis-y represents the probability of appearance for each byte of the ciphertext. To make this graph this experiment took place by generating 2 )# keystreams to encrypt the same plaintext. 8
9 Experimental Results: Recovery rate for 2 24 sessions for first 256 bytes of plaintext: Success rate of the recovery of initial bytes > Success rate of the recovery of last positions Figure 7: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. Recovery rate for 2 30 sessions for first 256 bytes of plaintext: 100% recovery! Figure 8: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. 9
10 Recovery rates for 2 26 sessions: Red: 4-bit block scheme (ανάλυση κωδικοποίηση με μπλοκ 4 ων bit) Blue: original single byte bias attack Plaintexts are encoded in 4-bit-per-byte scheme (PHP, HTTP cookies). Run 256 times for each one of 2,),..., 2 ", sessions/ encryptions. Figure 9: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. Recovery rates for 2 30 sessions: Figure 10: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. 10
11 Plaintexts are encoded in 4-bit-per-byte scheme (PHP, HTTP cookies). Run 256 times for each one of 2,),..., 2 ", sessions/ encryptions. RESULTS FOR DOUBLE BYTE BIAS ATTACK MEASURE DISTRIBUTIONS OF RC4 KEYSTRAM Average fraction of successfully recovered plaintext bytes (red dashed line), and success rate for recovering the full 16-byte plaintext (blue): Figure 11: The axis-x represents the byte position in the chiphertext. The axis-y represents the recovery rate for each byte of the keystream. Based on 128 experiments. Around 50% of the executions (Black dashed line) had full recovery (= 100%) of the plaintext. 13*2 "# encryptions of the same 256-byte plaintext. Attempt to recover 16 bytes located at fixed position in plaintext. Byte in position 0 and 17 are known. Interested only in bytes position 1-16 (=cookie). VALIDATION & CONCLUTION IMPORTANT NOTES 11 GENERAL COMMENTS The experimental focus switched to the Double-byte Bias attack. Why? o Single-byte Bias attack successfully recovered fixed plaintext bytes in the initial 256 bytes of the TLS ciphertexts. However, based on modern web browsers these bytes consisted mostly of less interesting HTTP headers rather than cookies. o Double byte bias does not need session re-sumption.
12 o Double byte bias has easier implementation. Use three nodes: ü A legitimate web server (16-byte secure cookies over HTTP). ü A malicious web server (serving malicious JavaScript). ü Client running a web browser (=user). o Experimented various browsers in client (Firefox, Opera, Chrome). o Test of GET, POST, and HEAD requests. Steps for Double byte bias experiment: o Client visit o Client visit o The site contains a malware script with is transfer to the user through the response message. o User/ client run the malicious JavaScript served by the malicious web server. o The JavaScript will direct repeated HTTP requests to the legitimate server and attaches the cookie to each request. The number of encryptions required is important. Around 2 28 to 2 32 of encryptions for reliable recovery is large number. Countermeasures/ Defences: o Discarding the initial keystream bytes output by RC4. o Adding random padding to HTTP requests. o Limiting the lifetime of cookies /the number of times they can be sent. Ø ON THE EFFECTIVE PREVENTION OF TLS MAN-IN-THE-MIDDLE ATTACKS IN WEB APPLICATIONS. 12 USENIX SECURITY Attack methods are rising rapidly. TLS using RC4 encryption is used by every browser and we use it every day through the internet. With this kind of encryption weakness, our personal data ( s, ids, iban, accounts etc) can be compromised due to malicious acts. Consider TLS Man-In-The-Middle (MITM) attacks in the context of web applications. The attacker is able to: Successfully impersonate the legitimate server to the user. Successfully impersonate the user to the server. Goal: Compromise the user s online account and data. Goal: Spying on the user (MITM: Man-in-the-Middle attack). This paper explains the recently proposed client authentication protocols cannot fully prevent such attacks. The objectives of this paper are: Shows that strong client authentication, such as Channel ID-based authentication, can be combined with the concept of server invariance to protect against the attacks. Leverage Channel ID-based authentication combined with server invariance for a novel mechanism SISCA SISCA prevent user impersonation via TLS MITM attacks.
13 SERVER INVARIANCE WHAT IS IT AND HOW IT WORKS? What is it? o Is a security control which accepts that the attacker can successfully impersonate the server and tries to detect if he attacked the connection. o No priori trust is necessary. How it works? Consider a browser s first connection to a particular server: o Scenario 1: The first connection is not intercepted by the attacker. Then, server invariance implies that the attacker is allowed to intercept none of the subsequent connections to that server, because of attacker s lack of public and private keys. o Scenario 2: The first connection is intercepted by the attacker. Then, server invariance implies that the attacker has to intercept all subsequent future connections to that server. àin both scenarios, if the attacker violates server invariance, attacker will be detected. Server invariance protocol consists of two phases: Initialization: o Is executed in the first connection to the server. o Could be intercepted by the attacker. o The browser establishes a point of reference. Verification: o Is executed in subsequent connections to the same server. o The browser verifies that the point of reference remains unchanged, i.e., the browser keeps connecting to the same entity. o Basic SISCA Protocol (see Example) - Notations: ü SISCA Keys: k s1, k s2 ü Browser s and server s Random values: r b, r s respectively ü Browser s Channel Id: cid b 13 Initial phase with no interception from attacker Verification phase with no interception from attacker. Compares the initial reference point with the current.
14 ATTACKER MODELS AND GOALS WHAT IS IT AND HOW IT WORKS? Adversary s Goals: The attacker s goal in a MITM attack is: o Impersonates the user (victim) to the legitimate server to compromise the user s online account and data (spy on the user, abuse his account for malicious purposes). o Only impersonates the server to the user and serves to the user fake content. IMPORTANT: à Which of the above goal is more important to analyse in order to find a defence? Is more likely to analyse the second case of impersonate the server to the user. Is more often scenario. An attacker can hack more users and easier if he pretend that he is a legitimate server. MITM Attack on Channel ID-Based Authentication: Attacker Model: They adopt the attacker model considered by Channel IDs. The adversary is able to position herself suitably on the network and perform a TLS MITM attack between the user and the target web server. In other words, the attacker is able to successfully impersonate only the server to the user. The paper distinguish between two types of MI6TM attackers types. o The MITM + certificate attacker: 1. Holds a valid certificate for the domain of the target web server, binding the identity of the server to the public key, (holds the corresponding private key). The attacker has no access to the private key of the target web server. 2. Holds only an invalid (e.g., self-signed) certificate. The attacker will succeed in impersonating the server to the user if the user ignores the security warnings of the browser. o The MITM + key attacker(weaker attacker): 1. Holds the private key of the legitimate server. (Nothing we can do as a defence) MITM Attack Channel ID-Based Authentication - Initial Login: 14
15 When the user attempts to login to his online account for the first time from a browser, the web server requires that the user authenticates using a strong second factor authentication device (as in PhoneAuth and FIDO Universal 2nd Factor (U2F) protocols) These protocols leverage Channel IDs to secure the intial login process against MITM attacks. As part of the authentication protocol, the client s device compares the Channel ID of the browser to the Channel ID of the TLS connection that the server witnesses. If they are equal, then the browser is directly connected to the web server through TLS, and thus there is no MITM attack taking place. On the other hand, if the Channel IDs differ, then the server is not directly connected to the user s browser. Instead, as shown in Figure 1, there is an attacker in the middle, and the device aborts the authentication protocol, stopping the attack. MITM Attack Channel ID-Based Authentication - Subsequent Logins: Upon successful initial authentication the server sets a cookie to the user s browser, and binds it to the Channel ID of the browser. (A server may create a channel-bound cookie as follows: v, HMAC(k, v cid), where v is the original cookie value, cid is the browser Channel ID and k is a secret key only known to the server, used for computing a MAC over the concatenation of v and cid). The channelbound cookie is considered valid only if it is presented over that particular Channel ID. Therefore, subsequent interaction with the server from that particular browser is protected by the channel-bound cookie. An attacker that manages to steal a channel-bound cookie, cannot use it to impersonate the user to the web server, since he does not know the private key of the correct Channel ID. Figure 2 illustrates this concept. Note that, the client s device is not required for authenticating the user. Attack that a MITM + certificate or MITM + key attacker can perform, which bypasses the security offered by Channel IDs: Assume that the user tries to access the target web server ( ). The attacker proceeds as follows: 15
16 1. He intercepts a TLS connection attempt made by the browser to and by presenting a valid certificate (or invalid with the user ignoring the browser s warning), he successfully impersonates the legitimate server to the browser. 2. Through the established connection, the browser makes an HTTP request to the server. 3. The attacker replies with an HTTP response, which includes a malicious JavaScript code. This script will execute through the client s browser. 4. The attacker closes the intercepted TLS connection. This forces the browser to initiate a new TLS connection to transmit subsequent requests. 5. The attacker allows subsequent TLS connection attempts to pass through, without interfering with them. As a result, once the attacker closes that single intercepted connection, all other connections, existing and new, are directly established between the browser and the legitimate server. 6. The attacker gains full control over the user s session in that particular web application. His script has unrestricted access over the web documents belonging to and can monitor all the client-side activity of the web application. CHANNEL ID o Is a TLS extension. o Is an identification of the same browser across multiple TLS connections. HOW IT WORKS? Example: o A browser visits a TLS-enabled web server for the first time. o It creates a new private/public key pair. o This TLS connection is identified by the corresponding public key, which is linked with a value called Channel ID. o Upon subsequent TLS connections to the same the same web origin, the user s browser uses the same Channel ID. SERVER INVARIANCE WITH STRONG CLIENT AUTHENTICATION HOW IT WORKS? o Independent from rest protocols. o Is executed before any HTTP traffic influenced by the attacker. o They choose to implement it at the Application layer via HTTP header. o Transmitted with the first HTTP request/ response. o Combines Channel ID based client authentication and server invariance. o Prevent the attacker from impersonating the server in the first place. The attacker can neither steal weak user credentials (MITM attack) nor ship malicious JavaScript (MITM-SITB/ Man - In-The-Middle-Script-In-The-Browser). o Strong client authentication (e.g.channel ID based) is not necessary for preventing MITM attacks. o MITM attacker can perform user impersonation via two approaches: 16
17 1. The conventional/ classic MITM attack à the attacker compromises (εκθέτει σε κίνδυνο) the user s credentials and uses them for impersonation. è This attack can be effectively prevented by strong client authentication. 2. The MITM-SITB attack à inject user s browser with malicious script. è Client authentication alone cannot prevent this attack. Resilience of SISCA to MITM-SITB: (conventional MITM is prevented by Channel-ID based authentication). Scenario 1: Explained in a Section above. Scenario 2: IMPORTANT (MENTIONED IN CLASS): Initial phase with interception from attacker. Even if the attacker can do any malware at initial phase (with only SI) action will detect, but the point is to avoid as a user any vulnerability. Combination of SI with Client Authentication the attack at initial phase is avoided by certificate check. 17
18 SISCA BENEFITS AND DRAWBACKS COMMENTS Advantages: o Incremental deployment à SISCA is scalable. à A structural approach, meaning that the started with a basic version of our protocol then they incrementally added features. o MITM + certificate attack prevention. o Autonomous protocol. o No user decision is necessary whenever server invariance violation is detected. o Resists MITM + key attack. Disadvantages: o It only protects against MITM attackers whose goal is to impersonate the user to the server. o It focus on impersonation of the server to the user and not the reverse. Comments: o SISCA can act as an additional, strong protection layer. o SISCA is a combination of existing protocols. o SISCA focuses on amending today s server authentication issues, towards the effective prevention of TLS MITM attacks. IMPORTANT: è Why they didn t focus also to find defences to prevent the impersonation of the user to the server? It is more likely for an attacker to impersonate a legitimate server to a number of users in order to hack and steal personal data of many clients than the reverse case. è Why only the server authentication (by sending a certificate) is optional? Consisted a website e.g. Amazon. If the Amazon would ask for a certificate from each user that wants to connect with it the traffic and the delay would be increase exponentially. Also because, as I mention above, it s more likely for an attacker to impersonates a legitimate server to a user, it is more efficient to verify that the server is the targeted one and legitimate than to verify that the client is not an attacker. 18
On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications
Πανεπιστήμιο Κύπρου Τμήμα Πληροφορικής [ΕΠΛ682 Advanced Security Topics] On the Effective Prevention of TLS Man-in-the-Middle Attacks in Web Applications Όνομα: Φιλίππου Χρίστα Καθηγητής : Δρ. Ηλίας Αθανασόπουλος
More informationOn the Effective Prevention of TLS Man-in-the- Middle Attacks in Web Applications
On the Effective Prevention of Man-in-the- Middle Attacks in Web Applications Nikolaos Karapanos and Srdjan Capkun, ETH Zürich https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/karapanos
More informationOverview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
More informationThe World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to
1 The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to compromises of various sorts, with a range of threats
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationWAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
More informationCryptography. Summer Term 2010
Cryptography Summer Term 2010 Harald Baier Chapter 3: Pseudo Random Bit Generators and Stream Ciphers Contents Random bits and pseudo random bits Stream ciphers Harald Baier Cryptography h_da, Summer Term
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationTransport Level Security
2 Transport Level Security : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 28 October 2013 css322y13s2l12, Steve/Courses/2013/s2/css322/lectures/transport.tex,
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationCryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers
Cryptography Dr. Michael Schneider michael.schneider@h-da.de Chapter 10: Pseudorandom Bit Generators and Stream Ciphers December 12, 2017 h_da WS2017/18 Dr. Michael Schneider 1 1 Random and Pseudorandom
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationTLS Security Where Do We Stand? Kenny Paterson
TLS Security Where Do We Stand? Kenny Paterson (based on joint work with Nadhem AlFardan, Dan Bernstein, Bertram Poettering, Jacob Schuldt) Information Security Group Outline TLS and the TLS Record Protocol
More informationSecure Internet Communication
Secure Internet Communication Can we prevent the Cryptocalypse? Dr. Gregor Koenig Barracuda Networks AG 09.04.2014 Overview Transport Layer Security History Orientation Basic Functionality Key Exchange
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationChapter 6: Contemporary Symmetric Ciphers
CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 6: Contemporary Symmetric Ciphers Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Why Triple-DES?
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationE-commerce security: SSL/TLS, SET and others. 4.1
E-commerce security: SSL/TLS, SET and others. 4.1 1 Electronic payment systems Purpose: facilitate the safe and secure transfer of monetary value electronically between multiple parties Participating parties:
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More information1-7 Attacks on Cryptosystems
1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationChapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationSecuring Internet Communication: TLS
Securing Internet Communication: TLS CS 161: Computer Security Prof. David Wagner March 11, 2016 Today s Lecture Applying crypto technology in practice Two simple abstractions cover 80% of the use cases
More informationChapter 8 Web Security
Chapter 8 Web Security Web security includes three parts: security of server, security of client, and network traffic security between a browser and a server. Security of server and security of client
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationFull Plaintext Recovery Attack on Broadcast RC4
11 March, 2013 FSE 2013 @ Singapore Full Plaintext Recovery Attack on Broadcast RC4 Takanori Isobe () Toshihiro Ohigashi (Hiroshima University) Yuhei Watanabe () Masakatu Morii () Target Broadcast setting
More informationDouble-DES, Triple-DES & Modes of Operation
Double-DES, Triple-DES & Modes of Operation Prepared by: Dr. Mohamed Abd-Eldayem Ref.: Cryptography and Network Security by William Stallings & Lecture slides by Lawrie Brown Multiple Encryption & DES
More informationTransport Layer Security
Transport Layer Security TRANSPORT LAYER SECURITY PERFORMANCE TESTING OVERVIEW Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL), are the most popular cryptographic protocols
More informationINSE Lucky 13 attack - continued from previous lecture. Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014)
INSE 6150 Scribe Notes for Lecture 3 by Prof. Jeremy Clark (January 20th, 2014) Lucky 13 attack - continued from previous lecture The lucky 13 attack on SSL/TLS involves an active attacker who intercepts
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More informationInformation Security CS526
Information Security CS 526 Topic 3 Cryptography: One-time Pad, Information Theoretic Security, and Stream CIphers 1 Announcements HW1 is out, due on Sept 11 Start early, late policy is 3 total late days
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationCS 393 Network Security. Nasir Memon Polytechnic University Module 12 SSL
CS 393 Network Security Nasir Memon Polytechnic University Module 12 SSL Course Logistics HW 4 due today. HW 5 will be posted later today. Due in a week. Group homework. DoD Scholarships? NSF Scholarships?
More informationCSCE 715: Network Systems Security
CSCE 715: Network Systems Security Chin-Tser Huang huangct@cse.sc.edu University of South Carolina Web Security Web is now widely used by business, government, and individuals But Internet and Web are
More informationCryptography and Network Security Chapter 7
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 7 Stream Ciphers and Random Number Generation The comparatively
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationTransport Layer Security
CEN585 Computer and Network Security Transport Layer Security Dr. Mostafa Dahshan Department of Computer Engineering College of Computer and Information Sciences King Saud University mdahshan@ksu.edu.sa
More informationSankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank
Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional
More informationAll Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS
All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS Mathy Vanhoef and Frank Piessens, KU Leuven USENIX Security 2015 RC4 Intriguingly simple stream cipher WEP WPA-TKIP SSL / TLS PPP/MPPE And
More information: Practical Cryptographic Systems March 25, Midterm
650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are
More informationChapter 4: Securing TCP connections
Managing and Securing Computer Networks Guy Leduc Chapter 5: Securing TCP connections Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross Addison-Wesley, March 2012. (section
More informationOpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.
1 OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications. The toolkit offers a series of command-line tools to perform
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationCOSC4377. Chapter 8 roadmap
Lecture 28 Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7
More informationNetwork Security: TLS/SSL. Tuomas Aura T Network security Aalto University, Nov-Dec 2010
Network Security: TLS/SSL Tuomas Aura T-110.5240 Network security Aalto University, Nov-Dec 2010 Outline 1. Diffie-Hellman 2. Key exchange using public-key encryption 3. Goals of authenticated key exchange
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationFindings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationLecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationTLSnotary - a mechanism for independently audited https sessions
TLSnotary - a mechanism for independently audited https sessions September 10, 2014 1 Abstract TLSnotary allows a client to provide evidence to a third party auditor that certain web traffic occurred between
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationInternet security and privacy
Internet security and privacy SSL/TLS 1 Application layer App. TCP/UDP IP L2 L1 2 Application layer App. SSL/TLS TCP/UDP IP L2 L1 3 History of SSL/TLS Originally, SSL Secure Socket Layer, was developed
More informationCryptography and secure channel. May 17, Networks and Security. Thibault Debatty. Outline. Cryptography. Public-key encryption
and secure channel May 17, 2018 1 / 45 1 2 3 4 5 2 / 45 Introduction Simplified model for and decryption key decryption key plain text X KE algorithm KD Y = E(KE, X ) decryption ciphertext algorithm X
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis
CS-435 spring semester 2016 Network Technology & Programming Laboratory University of Crete Computer Science Department Stefanos Papadakis & Manolis Spanakis CS-435 Lecture preview 802.11 Security IEEE
More informationDO NOT OPEN UNTIL INSTRUCTED
CS 378 - Network Security and Privacy Spring 2017 FINAL May 3, 2017 DO NOT OPEN UNTIL INSTRUCTED YOUR NAME: Collaboration policy No collaboration is permitted on this exam. Any cheating (e.g., submitting
More informationCryptanalysis. Ed Crowley
Cryptanalysis Ed Crowley 1 Topics Cryptanalysis History Modern Cryptanalysis Characterization of Cryptanalysis Attacks Attack Types 2 Cryptanalysis Science of cracking ciphers and codes, decoding secrets,
More informationComputers and Security
The contents of this Supporting Material document have been prepared from the Eight units of study texts for the course M150: Date, Computing and Information, produced by The Open University, UK. Copyright
More informationStop sweating the password and learn to love public key cryptography. Chris Streeks Solutions Engineer, Yubico
1 Stop sweating the password and learn to love public key cryptography Chris Streeks Solutions Engineer, Yubico Stop Sweating the Password! 2 Agenda Introduction The modern state of Phishing How to become
More informationAttacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016
Attacks on SSL/TLS Applied Cryptography Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016 Timeline of attacks on SSL/TLS 2/41 SSLstrip 2010 2011 2012 2013 2014 2015 2016 BEAST POODLE
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationAttacks on re-keying and renegotiation in Key Exchange Protocols
Eidgenössische Technische Hochschule Zürich Ecole polytechnique fédérale de Zurich Politecnico federale di Zurigo Federal Institute of Technology at Zurich Attacks on re-keying and renegotiation in Key
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More information05 - WLAN Encryption and Data Integrity Protocols
05 - WLAN Encryption and Data Integrity Protocols Introduction 802.11i adds new encryption and data integrity methods. includes encryption algorithms to protect the data, cryptographic integrity checks
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationSecuring Network Communications
Securing Network Communications Demonstration: Securing network access with Whitenoise Labs identity management, one-time-pad dynamic authentication, and onetime-pad authenticated encryption. Use of Whitenoise
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationCryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography SSL/TLS Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 History Secure Sockets Layer was developed by Netscape in 1994 as a protocol which permitted persistent
More informationWireless LAN Security. Gabriel Clothier
Wireless LAN Security Gabriel Clothier Timeline 1997: 802.11 standard released 1999: 802.11b released, WEP proposed [1] 2003: WiFi alliance certifies for WPA 2004: 802.11i released 2005: 802.11w task group
More informationA Surfeit of SSH Cipher Suites
A Surfeit of SSH Cipher Suites Jean Paul Degabriele Information Security Group www.isg.rhul.ac.uk/~psai074 Based in part on slides by Kenny Paterson Outline of this talk Overview of SSH and related work
More informationNetwork Security Essentials
Network Security Essentials Applications and Standards Third Edition William Stallings Chapter 2 Symmetric Encryption and Message Confidentiality Dr. BHARGAVI H. GOSWAMI Department of Computer Science
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationUnderstanding Traffic Decryption
The following topics provide an overview of SSL inspection, describe the prerequisites for SSL inspection configuration, and detail deployment scenarios. Traffic Decryption Overview, page 1 SSL Handshake
More informationRelease note Tornaborate
Release note 1.2.6 Tornaborate 2015-09-10 Contents 1 Summary 4 2 Additional important information about this release 5 3 Upgrade 6 3.1 Prerequisites................................... 6 3.2 How to apply
More informationInstallation and usage of SSL certificates: Your guide to getting it right
Installation and usage of SSL certificates: Your guide to getting it right So, you ve bought your SSL Certificate(s). Buying your certificate is only the first of many steps involved in securing your website.
More informationCS61A Lecture #39: Cryptography
Announcements: CS61A Lecture #39: Cryptography Homework 13 is up: due Monday. Homework 14 will be judging the contest. HKN surveys on Friday: 7.5 bonus points for filling out their survey on Friday (yes,
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationDROWN - Breaking TLS using SSLv2
DROWN - Breaking TLS using SSLv2 Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 11 Basic Cryptography Objectives Define cryptography Describe hashing List the basic symmetric cryptographic algorithms 2 Objectives
More information1 Defining Message authentication
ISA 562: Information Security, Theory and Practice Lecture 3 1 Defining Message authentication 1.1 Defining MAC schemes In the last lecture we saw that, even if our data is encrypted, a clever adversary
More information