Practical Attacks on Implementations
|
|
|
- Alannah Richards
- 5 years ago
- Views:
Transcription
1 Practical Attacks on Implementations Juraj Somorovsky Ruhr University Bochum, HGI 1 1
2 Recent years revealed many crypto attacks ESORICS 2004, Bard: The Vulnerability of SSL to Chosen Plaintext Attack Eurocrypt 2002, Vaudenay: Security Flaws Induced by CBC Padding Applications to SSL, IPSEC, WTLS Crypto 1998, Bleichenbacher: Chosen Ciphertext Attacks Against Protocols based on the RSA Encryption Standard PKCS #1 2 2
3 Standards updated Countermeasures defined What could go wrong in RWC implementations? 3 3
4 Overview 1. Bleichenbacher s Attack XML Encryption TLS 2. Invalid Curve Attack TLS Hardware Security Modules 4
5 RSA-PKCS#1 v1.5 Used to encrypt symmetric keys Vulnerable to an adaptive chosen-ciphertext attack XML Encryption Ciphertext ciphertext C = Enc(M) C = Enc(M) C 1 valid/invalid Client C 2 valid/invalid Server M = Dec(C) (repeated several times) 5 5
6 RSA-PKCS#1 v1.5: Countermeasures 1. Use RSA-OAEP (PKCS#1 v2) 2. Apply specific countermeasure generate random decrypt ciphertext: m = dec(c) if ( padding correct ) proceed with m else proceed with random 6 6
7 Overview 1. Bleichenbacher s Attack XML Encryption TLS 2. Invalid Curve Attack TLS Hardware Security Modules 7
8 RSA PKCS#1 v1.5 in XML Encryption Hybrid encryption: k = Dec_pkcs(priv,C1) m = Dec_aes128(k,C2) 1 Dec_pkcs k 2 Dec_aes
9 Attack Countermeasure Hybrid encryption: k = Dec_pkcs(priv,C1) m = Dec_aes128(k,C2) 1 Dec_pkcs k Random: 128 b 2 Dec_aes
10 Case Apache WSS4J Hybrid encryption: k = Dec_pkcs(priv,C1) m = Dec_aes128(k,C2) 1 Dec_pkcs k Random: 128 B 2 Dec_aes
11 Case Apache WSS4J Hybrid encryption: k = Dec_pkcs(priv,C1) m = Dec_aes128(k,C2) 1 Dec_pkcs k Random: 128 B 2 Dec_aes
12 Case Apache WSS4J Original bug much more complicated CVE Dennis Kupser, Christian Mainka, Jörg Schwenk, Juraj Somorovsky: How to Break XML Encryption Automatically (WOOT 15) Found automatically using WS-Attacker
13 Overview 1. Bleichenbacher s Attack XML Encryption TLS 2. Invalid Curve Attack TLS Hardware Security Modules 18
14 How About TLS? Christopher Meyer, Juraj Somorovsky, Jörg Schwenk, Eugen Weiss, Sebastian Schinzel, Erik Tews: Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks. USENIX Security 2014 Practical attacks on JSSE, Bouncy Castle, Cavium Accelerator Bug in OpenSSL 19 19
15 Case JSSE No direct TLS error messages Uses PKCS#1 unpadding function: private byte [] unpadv15 (byte[] padded) { if (PKCS valid) { return unpadded text; } else { throw new BadPaddingException(); } } Caught, random generated what s wrong? 20 20
16 Case JSSE (CVE ) Exception consumes about 20 microseconds! PKCS#1 invalid, exception PKCS#1 valid, no exception Bleichenbacher s Attack over LAN! 21 21
17 Overview 1. Bleichenbacher s Attack XML Encryption TLS 2. Invalid Curve Attack TLS Hardware Security Modules 22
18 Elliptic Curve Set of points over a finite field Used e.g. for key exchange Client P Server Secret s P Key: sp 23 23
19 Invalid Curve Attack Crypto 2000: Biehl, Meyer, Müller Attacker sends an invalid point of small order (e.g. 5) Q Server Secret s Attacker computes: s 1 = s mod 5 Q 24 24
20 Invalid Curve Attack Choose points of small co-prime order (5, 7, 11, ) Send to the server Compute: s 1 = s mod 5 s 2 = s mod 7 s 3 = s mod 11 s 4 = s mod 13 Compute s with CRT 25 25
21 Overview 1. Bleichenbacher s Attack XML Encryption TLS 2. Invalid Curve Attack TLS Hardware Security Modules 26
22 Practical Attacks? Tibor Jager, Jörg Schwenk, Juraj Somorovsky: Practical Invalid Curve Attacks on TLS-ECDH. ESORICS 2015 Analyzed 8 libraries 2 vulnerable Bouncy Castle: 3300 TLS queries Oracle JSSE: TLS queries 27 27
23 Impact Attacks extract server private keys Java servers using EC certificates vulnerable For example Apache Tomcat Demo 28 28
24 Overview 1. Bleichenbacher s Attack XML Encryption TLS 2. Invalid Curve Attack TLS Hardware Security Modules 29
25 Attacker Model in HSM Scenarios Storage of crypto keys Keys never leave HSMs dec (C) m Keys (RSA, EC, AES ) 30 30
26 Attacker Model in HSM Scenarios Storage of crypto keys Keys never leave HSMs getkey Keys (RSA, EC, AES ) 31 31
27 How about Invalid Curve Attacks? CVE (with Dennis Felsch) Utimaco HSMs vulnerable < 100 queries to get a key Heartbleed effect Thanks to cooperation of Utimaco Provided sample code, fast fix Utimaco HSM is FIPS certified "Catastrophic" is the right word. On the scale of 1 to 10, this is an
28 Conclusions Old attacks relevant for RWC implementations Old algorithms in the newest standards RSA PKCS#1 v1.5 (attack: 1998) 2008: TLS : XML Encryption : JSON Web Encryption Positive example: TLS
29 Conclusions For standard designers: Remove old crypto For developers: Analyze possible side-channels, best practices Check point is on curve For pentesters: More tools / analyses of crypto applications needed 34 34
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks
Revisiting SSL/TLS Implementations: New Bleichenbacher Side Channels and Attacks Juraj Somorovsky Ruhr University Bochum 3curity GmbH juraj.somorovsky@3curity.de About me Security Researcher at: Chair
Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky
Systematic Fuzzing and Testing of TLS Libraries Juraj Somorovsky 1 1 Transport Layer Security The most important crypto protocol HTTP, SMTP, IMAP 2 2 Secure Sockets Layer (SSL), SSLv2 SSLv3 Trasnsport
On the (in-)security of JavaScript Object Signing and Encryption. Dennis Detering
On the (in-)security of JavaScript Object Signing and Encryption Dennis Detering 2 Introduction Dennis Detering IT Security Consultant dennis.detering@cspi.com dennis.detering@rub.de @Merenon Christian
Return Of Bleichenbacher s Oracle Threat (ROBOT)
Return Of Bleichenbacher s Oracle Threat (ROBOT) Hanno Böck, unaffiliated; Juraj Somorovsky, Ruhr University Bochum, Hackmanit GmbH; Craig Young, Tripwire VERT https://www.usenix.org/conference/usenixsecurity18/presentation/bock
DROWN - Breaking TLS using SSLv2
DROWN - Breaking TLS using SSLv2 Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper,
Relaxing IND-CCA: Indistinguishability Against Chosen. Chosen Ciphertext Verification Attack
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Indian Statistical Institute Kolkata January 14, 2012 Outline 1 Definitions Encryption Scheme IND-CPA IND-CCA IND-CCVA
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey, Santanu Sarkar and Mahavir Prasad Jhanwar CR Rao AIMSCS Hyderabad November 2, 2012 Outline 1 Definitions
Introduction to Public-Key Cryptography
Introduction to Public-Key Cryptography Nadia Heninger University of Pennsylvania June 11, 2018 We stand today on the brink of a revolution in cryptography. Diffie and Hellman, 1976 Symmetric cryptography
Advanced Security for Systems Engineering VO 09: Applied Cryptography
Advanced Security for Systems Engineering VO 09: Applied Cryptography Clemens Hlauschek Lukas Brandstetter Christian Schanes INSO Industrial Software Institute of Computer Aided Automation Faculty of Informatics
DROWN: Breaking TLS using SSLv2
DROWN: Breaking TLS using SSLv2 Nimrod Aviram, Tel Aviv University; Sebastian Schinzel, Münster University of Applied Sciences; Juraj Somorovsky, Ruhr University Bochum; Nadia Heninger, University of Pennsylvania;
THE DANGERS OF KEY REUSE: PRACTICAL ATTACKS ON IPSEC IKE
THE DANGERS OF KEY REUSE: PRACTICAL ATTACKS ON IPSEC IKE Dennis Felsch 1, Martin Grothe 1, Jörg Schwenk 1, Adam Czubak 2, Marcin Szymanek 2 1 : Ruhr University Bochum, Germany 2 : University of Opole,
Workshop Challenges Startup code in PyCharm Projects
INTRODUCTION TO CRYPTOGRAPHIC ATTACKS EXERCISE LOGISTICS Workshop Challenges Startup code in PyCharm Projects BLOCK CIPHERS Fixed sized input Random looking output for each message and key Block Cipher
Secure Internet Communication
Secure Internet Communication Can we prevent the Cryptocalypse? Dr. Gregor Koenig Barracuda Networks AG 09.04.2014 Overview Transport Layer Security History Orientation Basic Functionality Key Exchange
TLS 1.1 Security fixes and TLS extensions RFC4346
F5 Networks, Inc 2 SSL1 and SSL2 Created by Netscape and contained significant flaws SSL3 Created by Netscape to address SSL2 flaws TLS 1.0 Standardized SSL3 with almost no changes RFC2246 TLS 1.1 Security
Analysing Cryptographic Hardware Interfaces with Tookan
Analysing Cryptographic Hardware Interfaces with Tookan Graham Steel joint work with R. Bardou, M. Bortolozzo, M. Centenaro, R. Focardi, Y. Kawamoto, L. Simionato, J.-K. Tsay Graham Steel September 23,
There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has
1 There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has unpatched buffer-overflow vulnerabilities. New projects should
Efail: Breaking S/MIME and OpenPGP Encryption using Exfiltration Channels
Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak 1, Christian Dresen 1, Jens Müller 2, Fabian Ising 1, Sebastian Schinzel 1, Simon Friedberger 3, Juraj
TLS Security and Future
TLS Security and Future Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Fixing issues in practice Trust, Checking certificates and
DROWN: Breaking TLS using SSLv2
Proceedings of the 25th USENIX Security Symposium, August 2016 https://drownattack.com DROWN: Breaking TLS using SSLv2 Nimrod Aviram 1, Sebastian Schinzel 2, Juraj Somorovsky 3, Nadia Heninger 4, Maik
On Symmetric Encryption with Distinguishable Decryption Failures
On Symmetric Encryption with Distinguishable Decryption Failures Alexandra Boldyreva, Jean Paul Degabriele, Kenny Paterson, and Martijn Stam FSE - 12th Mar 2013 Outline Distinguishable Decryption Failures
Plaintext-Recovery Attacks Against Datagram TLS
Information Security Group Royal Holloway, University of London 6th Feb 2012 Contents 1 Results 2 3 4 Padding Oracle Realisation Against OpenSSL 5 Attacking the GnuTLS Implementation of DTLS 6 Results
EFAIL: Breaking S/MIME and OpenPGP Encryption using Exfiltration Channels
EFAIL: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels Damian Poddebniak 1, Christian Dresen 1, Jens Müller 2, Fabian Ising 1, Sebastian Schinzel 1, Simon Friedberger 3, Juraj
Randomness Extractors. Secure Communication in Practice. Lecture 17
Randomness Extractors. Secure Communication in Practice Lecture 17 11:00-12:30 What is MPC? Manoj Monday 2:00-3:00 Zero Knowledge Muthu 3:30-5:00 Garbled Circuits Arpita Yuval Ishai Technion & UCLA 9:00-10:30
SSL/TLS. Pehr Söderman Natsak08/DD2495
SSL/TLS Pehr Söderman Pehrs@kth.se Natsak08/DD2495 1 Historical problems No general purpose security wrapper Kerberos doesn't cut it! Each protocol has it's own security layer SNMP, Ktelnet Or none at
Time is NOT on Your Side: Mitigating Timing Side Channels on the Web
Web: http://seecurity.org/ Twitter: @seecurity Time is NOT on Your Side: Mitigating Timing Side Channels on the Web Sebastian Schinzel Friedrich-Alexander Universität Erlangen-Nürnberg Lehrstuhl für Informatik
: Practical Cryptographic Systems March 25, Midterm
650.445: Practical Cryptographic Systems March 25, 2010 Instructor: Matthew Green Midterm Name: As with any exam, please do not collaborate or otherwise share information with any other person. You are
ON THE SECURITY OF TLS RENEGOTIATION
ON THE SECURITY OF TLS RENEGOTIATION 2012/11/02 QUT Douglas Stebila European Network of Excellence in Cryptology II (ECRYPT II) Australian Technology Network German Academic Exchange Service (ATN-DAAD)
Overview of SSL/TLS. Luke Anderson. 12 th May University Of Sydney.
Overview of SSL/TLS Luke Anderson luke@lukeanderson.com.au 12 th May 2017 University Of Sydney Overview 1. Introduction 1.1 Raw HTTP 1.2 Introducing SSL/TLS 2. Certificates 3. Attacks Introduction Raw
Protect Yourself Against Security Challenges with Next-Generation Encryption
Protect Yourself Against Security Challenges with Next-Generation Encryption agrieco@cisco.com mcgrew@cisco.com How to detect attacks? Malware Broken encryption 2 How to detect attacks? Malware Host Process
Lecture 9: Public-Key Cryptography CS /05/2018
Lecture 9: Public-Key Cryptography CS 5430 3/05/2018 Crypto Thus Far Key pairs Instead of sharing a key between pairs of principals......every principal has a pair of keys public key: published for the
1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
Security Analysis of eidas The Cross-Country Authentication Scheme in Europe
Security Analysis of eidas The Cross-Country Authentication Scheme in Europe Nils Engelbertz, Nurullah Erinola, David Herring, Juraj Somorovsky, Vladislav Mladenov, Jörg Schwenk Ruhr University Bochum
Lecture 6: Symmetric Cryptography. CS 5430 February 21, 2018
Lecture 6: Symmetric Cryptography CS 5430 February 21, 2018 The Big Picture Thus Far Attacks are perpetrated by threats that inflict harm by exploiting vulnerabilities which are controlled by countermeasures.
Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7
Public-Key Encryption, Key Exchange, Digital Signatures CMSC 23200/33250, Autumn 2018, Lecture 7 David Cash University of Chicago Plan 1. Security of RSA 2. Key Exchange, Diffie-Hellman 3. Begin digital
Findings for
Findings for 198.51.100.23 Scan started: 2017-07-11 12:30 UTC Scan ended: 2017-07-11 12:39 UTC Overview Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 443/tcp - NEW Medium: Port 80/tcp
SSL/TLS: Still Alive? Pascal Junod // HEIG-VD
SSL/TLS: Still Alive? Pascal Junod // HEIG-VD 26-03-2015 Agenda SSL/TLS Protocol Attacks What s next? SSL/TLS Protocol SSL/TLS Protocol Family of cryptographic protocols offering following functionalities:
ECE 646 Fall 2015 Term Project. Overview, comparison of open crypto libraries for application development. By Ravi Kota
ECE 646 Fall 2015 Term Project Overview, comparison of open crypto libraries for application development. By Ravi Kota Goal How to determine which open source crypto library or libraries can be considered
10 Chosen Ciphertext Attacks
10 Chosen Ciphertext Attacks In this chapter we discuss the limitations of the CPA security definition. In short, the CPA security definition considers only the information leaked to the adversary by honestlygenerated
Dyadic Security Enterprise Key Management
Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system
Network Security Technology Project
Network Security Technology Project Shanghai Jiao Tong University Presented by Wei Zhang zhang-wei@sjtu.edu.cn!1 Part I Implement the textbook RSA algorithm. The textbook RSA is essentially RSA without
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
Course Map. COMP 7/8120 Cryptography and Data Security. Learning Objectives. How to use PRPs (Block Ciphers)? 2/14/18
Course Map Key Establishment Authenticated Encryption Key Management COMP 7/8120 Cryptography and Data Security Lecture 8: How to use Block Cipher - many time key Stream Ciphers Block Ciphers Secret Key
Dyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
Information Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
PASSWORDS & ENCRYPTION
PASSWORDS & ENCRYPTION Villanova University Department of Computing Sciences D. Justin Price Fall 2014 CRYPTOGRAPHY Hiding the meaning of a message from unintended recipients. Open source algorithms are
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION. Mihir Bellare UCSD 1
ASYMMETRIC (PUBLIC-KEY) ENCRYPTION Mihir Bellare UCSD 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters
Coming of Age: A Longitudinal Study of TLS Deployment
Coming of Age: A Longitudinal Study of TLS Deployment Accepted at ACM Internet Measurement Conference (IMC) 2018, Boston, MA, USA Platon Kotzias, Abbas Razaghpanah, Johanna Amann, Kenneth G. Paterson,
Cryptography and the Common Criteria (ISO/IEC 15408) by Kirill Sinitski
Cryptography and the Common Criteria (ISO/IEC 15408) by Kirill Sinitski About CygnaCom FIPS and Common Criteria Services Accredited testing laboratories NIAP, NIST, CSEC Professional Services PKI infrastructure
Crypto CS 485/ECE 440/CS 585 Fall 2017
Crypto CS 485/ECE 440/CS 585 Fall 2017 SSL/TLS Secure Sockets Layer, Transport Layer Security Web (HTTPS), email, any application based on sockets Key ideas Authentication Secure key exchange End-to-end
Public key encryption: definitions and security
Online Cryptography Course Public Key Encryption from trapdoor permutations Public key encryption: definitions and security Public key encryption Bob: generates (PK, SK) and gives PK to Alice Alice Bob
OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications.
1 OpenSSL is a project comprising (1) a core library and (2) a toolkit. The core library offers an API for developers of secure applications. The toolkit offers a series of command-line tools to perform
Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
EFAIL BREAKING S/MIME AND OPENPGP ENCRYPTION USING EXFILTRATION CHANNELS.
EFAIL BREAKING S/MIME AND OPENPGP EMAIL ENCRYPTION USING EXFILTRATION CHANNELS mail@efail.de https://www.efail.de Damian Poddebniak 1, Christian Dresen 1, Jens Müller 2, Fabian Ising 1, Sebastian Schinzel
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS. Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic
Nonce-Disrespecting Adversaries: Practical Forgery Attacks on GCM in TLS Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, Philipp Jovanovic 1 TLS Encryption 1. Asymmetric key exchange RSA, DHE,
Authenticated encryption
Authenticated encryption Mac forgery game M {} k R 0,1 s m t M M {m } t mac k (m ) Repeat as many times as the adversary wants (m, t) Wins if m M verify m, t = 1 Mac forgery game Allow the adversary to
32c3. December 28, Nick https://crypto.dance. goto fail;
32c3 December 28, 2015 Nick Sullivan @grittygrease nick@cloudflare.com https://crypto.dance goto fail; a compendium of transport security calamities Broken Key 2 Lock 3 Lock 4 5 6 HTTP HTTPS The S stands
Introduction to Cryptography and Security Mechanisms: Unit 5. Public-Key Encryption
Introduction to Cryptography and Security Mechanisms: Unit 5 Public-Key Encryption Learning Outcomes Explain the basic principles behind public-key cryptography Recognise the fundamental problems that
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015
Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015 What Could It Cost You? Average of $0.58 a record According to the Verizon
CS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
Summary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
Protecting TLS from Legacy Crypto
Protecting TLS from Legacy Crypto http://mitls.org Karthikeyan Bhargavan + many, many others. (INRIA, Microsoft Research, LORIA, IMDEA, Univ of Pennsylvania, Univ of Michigan, JHU) Popular cryptographic
Asymmetric Primitives. (public key encryptions and digital signatures)
Asymmetric Primitives (public key encryptions and digital signatures) An informal, yet instructive account of asymmetric primitives Timeline of the invention of public-key cryptography 1970-1974 British
In search of CurveSwap: Measuring elliptic curve implementations in the wild
In search of CurveSwap: Measuring elliptic curve implementations in the wild Luke Valenta, Nick Sullivan, Antonio Sanso, Nadia Heninger University of Pennsylvania, Cloudflare, Adobe April 26th, 2018 1
Information Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
WAP Security. Helsinki University of Technology S Security of Communication Protocols
WAP Security Helsinki University of Technology S-38.153 Security of Communication Protocols Mikko.Kerava@iki.fi 15.4.2003 Contents 1. Introduction to WAP 2. Wireless Transport Layer Security 3. Other WAP
Implementing Cryptography: Good Theory vs. Bad Practice
Implementing Cryptography: Good Theory vs. Bad Practice Viet Pham Information Security Group, Department of Mathematics Royal Holloway, University of London Outline News report What is cryptography? Why
An Attack on CFB Mode Encryption as Used by OpenPGP
An Attack on CFB Mode Encryption as Used by OpenPGP Serge Mister and Robert Zuccherato Entrust, Inc., 1000 Innovation Drive, Ottawa, Ontario, Canada K2K 3E7 {serge.mister, robert.zuccherato}@entrust.com
David Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
A Guide to the ECCelerate Library 5.0
A Guide to the ECCelerate Library 5.0 3 y 2 1 1 1 2 x 1 2 3 Elliptic Curve Cryptography by IAIK July 12, 2018 ECCelerate Tutorial IAIK, Graz University of Technology Contents 1 Introduction 1 2 Features
Encryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
Encryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018
Encryption, Certificates and SSL DAVID COCHRANE PRESENTATION TO BELFAST OWASP CHAPTER OCTOBER 2018 Agenda Basic Theory: encryption and hashing Digital Certificates Tools for Digital Certificates Design
FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2
Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and T5 Software Version: 1.0 and 1.1; Hardware Version: SPARC T4 (527-1437-01) and T5 (7043165) FIPS 140-2 Non-Proprietary Security Policy Level
The encryption of the message is the block sequence y 1 ;:::;y N. Although decryption is not clearly defined in RFC2040 [2], it makes sense to assume
![The encryption of the message is the block sequence y 1 ;:::;y N. Although decryption is not clearly defined in RFC2040 [2], it makes sense to assume](/thumbs/81/84224963.jpg "The encryption of the message is the block sequence y 1 ;:::;y N. Although decryption is not clearly defined in RFC2040 [2], it makes sense to assume")
CBC Padding: Security Flaws in SSL, IPSEC, WTLS,... Serge Vaudenay Swiss Federal Institute of Technology (EPFL) Serge.Vaudenay@epfl.ch Abstract In many standards, e.g. SSL/TLS, IPSEC, WTLS, messages are
L13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
Introduction to Cryptography. Vasil Slavov William Jewell College
Introduction to Cryptography Vasil Slavov William Jewell College Crypto definitions Cryptography studies how to keep messages secure Cryptanalysis studies how to break ciphertext Cryptology branch of mathematics,
NIST Cryptographic Toolkit
Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others
Public Key Encryption
Public Key Encryption A case study THE RSA CRYPTOSYSTEM Public 31/05/14 Key Encryption 2 Rivest Shamir Adleman (1978) Key generation 1. Generate two large, distinct primes p, q (100 200 decimal digits)
Norbert Muehr (Siemens PLM GTAC EMEA)
Presentation date: 2018 10 31 Presenter name: Room name: Presentation title: Norbert Muehr (Siemens PLM GTAC EMEA) Room Paris Hardening SSL Configuring a Teamcenter-System for Perfect Forward Secrecy PLM
Attacks on SSL/TLS. Applied Cryptography. Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016
Attacks on SSL/TLS Applied Cryptography Andreas Hülsing (Slides mostly by Ruben Niederhagen) Dez. 6th, 2016 Timeline of attacks on SSL/TLS 2/41 SSLstrip 2010 2011 2012 2013 2014 2015 2016 BEAST POODLE
On the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
Outline. From last time. Feistel cipher. Some DES history DES. Block ciphers and modes of operation
Outline CSci 5271 Introduction to Computer Security Day 15: Cryptography part 2: public-key Stephen McCamant University of Minnesota, Computer Science & Engineering From last time Goal: bootstrap from
Message authentication codes
Message authentication codes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Introduction security of MAC Constructions block cipher
Modified Parameter Attacks: Practical Attacks Against CCA2 Secure Cryptosystems, and Countermeasures
Modified Parameter Attacks: Practical Attacks Against CCA2 Secure Cryptosystems, and Countermeasures Nick Howgrave-Graham, Joe Silverman, Ari Singer, William Whyte NTRU Cryptosystems Abstract. We introduce
Recover a RSA private key from a TLS session with Perfect Forward Secrecy. Marco Ortisi
Recover a RSA private key from a TLS session with Perfect Forward Secrecy Marco Ortisi About me Netizen and IT Security enthusiast since 1996 Penetration Tester since 1999 In love with buffer overflow
IBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S)
IBM z13 Performance of Cryptographic Operations (Cryptographic Hardware: CPACF, CEX5S) 1 Copyright IBM Corporation 1994, 2015. IBM Corporation Marketing Communications, Server Group Route 100 Somers, NY
BraindumpsVCE. Best vce braindumps-exam vce pdf free download
BraindumpsVCE http://www.braindumpsvce.com Best vce braindumps-exam vce pdf free download Exam : 642-511 Title : VPN and Security Cisco Secure Virtual Private Networks (CSVPN) Vendors : Cisco Version :
Preventing POODLE Attacks on ecopy ShareScan
Preventing POODLE Attacks on ecopy ShareScan Topics Overview What Products are Affected? Steps to Protect Against POODLE Attacks Disabling SSL in Window s Registry Disabling SSL in Apache Tomcat 1 Overview
Chapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
Overview of TLS v1.3 What s new, what s removed and what s changed?
Overview of TLS v1.3 What s new, what s removed and what s changed? About Me Andy Brodie Solution Architect / Principal Design Engineer. On Worldpay ecommerce Payment Gateways. Based in Cambridge, UK.
Trojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
APNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
Code-Based Cryptography McEliece Cryptosystem
Code-Based Cryptography McEliece Cryptosystem I. Márquez-Corbella 0 2. McEliece Cryptosystem 1. Formal Definition 2. Security-Reduction Proof 3. McEliece Assumptions 4. Notions of Security 5. Critical
DFA on AES. Christophe Giraud. Oberthur Card Systems, 25, rue Auguste Blanche, Puteaux, France.
DFA on AES Christophe Giraud Oberthur Card Systems, 25, rue Auguste Blanche, 92800 Puteaux, France. c.giraud@oberthurcs.com Abstract. In this paper we describe two different DFA attacks on the AES. The
Analysis of Cryptographic APIs
Analysis of Cryptographic APIs Graham Steel LSV, INRIA & CNRS & ENS-Cachan Cryptography in Practice v1 PM talks to client to understand security goals and threats 1/28 Cryptography in Practice v1 Engineer
Meru Networks. Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2. Revision Date: June 24, 2009
Security Gateway SG1000 Cryptographic Module Security Policy Document Version 1.2 Meru Networks Revision Date: June 24, 2009 Copyright Meru Networks 2008. May be reproduced only in its original entirety
Chapter 6 Contemporary Symmetric Ciphers
Chapter 6 Contemporary Symmetric Ciphers "I am fairly familiar with all the forms of secret writings, and am myself the author of a trifling monograph upon the subject, in which I analyze one hundred and
Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013 Digital Signatures Diagram illustrating how to sign a message Why do we use a one-way hash? How does a collision
Secret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block: