Key Escrow. Desirable Properties
|
|
- Shawn Carpenter
- 5 years ago
- Views:
Transcription
1 Key Escrow Key escrow system allows authorized third party to recover key Useful when keys belong to roles, such as system operator, rather than individuals Business: recovery of backup keys Law enforcement: recovery of keys that authorized parties require access to Goal: provide this without weakening cryptosystem Very controversial May 18, 2004 ECS 235 Slide #1 Desirable Properties Escrow system should not depend on encipherment algorithm Privacy protection mechanisms must work from end to end and be part of user interface Requirements must map to key exchange protocol System supporting key escrow must require all parties to authenticate themselves If message to be observable for limited time, key escrow system must ensure keys valid for that period of time only May 18, 2004 ECS 235 Slide #2 1
2 Components User security component Does the encipherment, decipherment Supports the key escrow component Key escrow component Manages storage, use of data recovery keys Data recovery component Does key recovery May 18, 2004 ECS 235 Slide #3 Example: EES, Clipper Chip Escrow Encryption Standard Set of interlocking components Designed to balance need for law enforcement access to enciphered traffic with citizens right to privacy Clipper chip prepares per-message escrow information Each chip numbered uniquely by UID Special facility programs chip Key Escrow Decrypt Processor (KEDP) Available to agencies authorized to read messages May 18, 2004 ECS 235 Slide #4 2
3 User Security Component Unique device key k unique Nonunique family key k family Cipher is Skipjack Classical cipher: 80 bit key, 64 bit input, output blocks Generates Law Enforcement Access Field (LEAF) of 128 bits: { UID { k session } k unique hash } k family hash: 16 bit authenticator from session key and initialization vector May 18, 2004 ECS 235 Slide #5 Programming User Components Done in a secure facility Two escrow agencies needed Agents from each present Each supplies a random seed and key number Family key components combined to get k family Key numbers combined to make key component enciphering key k comp Random seeds mixed with other data to produce sequence of unique keys k unique Each chip imprinted with UID, k unique, k family May 18, 2004 ECS 235 Slide #6 3
4 The Escrow Components During initialization of user security component, process creates k u1 and k u2 where k unique = k u1 k u2 First escrow agency gets { k u1 } k comp Second escrow agency gets { k u2 } k comp May 18, 2004 ECS 235 Slide #7 Obtaining Access Alice obtains legal authorization to read message She runs message LEAF through KEDP LEAF is { UID { k session } k unique hash } k family KEDP uses (known) k family to validate LEAF, obtain sending device s UID Authorization, LEAF taken to escrow agencies May 18, 2004 ECS 235 Slide #8 4
5 Agencies Role Each validates authorization Each supplies { k ui } k comp, corresponding key number KEDP takes these and LEAF: Key numbers produce k comp k comp produces k u1 and k u2 k u1 and k u2 produce k unique k unique and LEAF produce k session May 18, 2004 ECS 235 Slide #9 Problems hash too short LEAF 128 bits, so given a hash: LEAFs show this as a valid hash 1 has actual session key, UID Takes about 42 minutes to generate a LEAF with a valid hash but meaningless session key and UID; in fact, deployed devices would prevent this attack Scheme does not meet temporal requirement As k unique fixed for each unit, once message is read, any future messages can be read May 18, 2004 ECS 235 Slide #10 5
6 Yaksha Security System Key escrow system meeting all 5 criteria Based on RSA, central server Central server (Yaksha server) generates session key Each user has 2 private keys Alice s modulus n A, public key e A First private key d AA known only to Alice Second private key d AY known only to Yaksha central server d AA d AY = d A mod n A May 18, 2004 ECS 235 Slide #11 Alice and Bob Alice wants to send message to Bob Alice asks Yaksha server for session key Yaksha server generates k session Yaksha server sends Alice the key as: C A = (k session ) dayea mod n A Alice computes (C A ) daa mod n A = k session May 18, 2004 ECS 235 Slide #12 6
7 Analysis Authority can read only one message per escrowed key Meets requirement 5 (temporal one), because time interpreted as session Independent of message enciphering key Meets requirement 1 Interchange algorithm, keys fixed Others met by supporting infrastructure May 18, 2004 ECS 235 Slide #13 Alternate Approaches Tie to time Session key not given as escrow key, but related key is To derive session key, must solve instance of discrete log problem Tie to probability Oblivious transfer: message received with specified probability Idea: translucent cryptography allows fraction f of messages to be read by third party Not key escrow, but similar in spirit May 18, 2004 ECS 235 Slide #14 7
8 Key Revocation Certificates invalidated before expiration Usually due to compromised key May be due to change in circumstance (e.g., someone leaving company) Problems Entity revoking certificate authorized to do so Revocation information circulates to everyone fast enough Network delays, infrastructure problems may delay information May 18, 2004 ECS 235 Slide #15 CRLs Certificate revocation list lists certificates that are revoked X.509: only certificate issuer can revoke certificate Added to CRL PGP: signers can revoke signatures; owners can revoke certificates, or allow others to do so Revocation message placed in PGP packet and signed Flag marks it as revocation message May 18, 2004 ECS 235 Slide #16 8
9 Digital Signature Construct that authenticated origin, contents of message in a manner provable to a disinterested third party ( judge ) Sender cannot deny having sent message (service is nonrepudiation ) Limited to technical proofs Inability to deny one s cryptographic key was used to sign One could claim the cryptographic key was stolen or compromised Legal proofs, etc., probably required; not dealt with here May 18, 2004 ECS 235 Slide #17 Common Error Classical: Alice, Bob share key k Alice sends m { m }k to Bob This is a digital signature WRONG This is not a digital signature Why? Third party cannot determine whether Alice or Bob generated message May 18, 2004 ECS 235 Slide #18 9
10 Classical Digital Signatures Require trusted third party Alice, Bob each share keys with trusted party Cathy To resolve dispute, judge gets { m }k Alice, { m }k Bob, and has Cathy decipher them; if messages matched, contract was signed Alice Bob Cathy { m }k Alice { m }k Alice { m }k Bob Bob Cathy Bob May 18, 2004 ECS 235 Slide #19 Public Key Digital Signatures Alice s keys are d Alice, e Alice Alice sends Bob m { m }d Alice In case of dispute, judge computes { { m }d Alice }e Alice and if it is m, Alice signed message She s the only one who knows d Alice! May 18, 2004 ECS 235 Slide #20 10
11 RSA Digital Signatures Use private key to encipher message Protocol for use is critical Key points: Never sign random documents, and when signing, always sign hash and never document Mathematical properties can be turned against signer Sign message first, then encipher Changing public keys causes forgery May 18, 2004 ECS 235 Slide #21 Attack #1 Example: Alice, Bob communicating n A = 95, e A = 59, d A = 11 n B = 77, e B = 53, d B = contracts, numbered 00 to 25 Alice has Bob sign 05 and 17: c = m db mod n B = mod 77 = 3 c = m db mod n B = mod 77 = 19 Alice computes mod 77 = 08; corresponding signature is mod 77 = 57; claims Bob signed 08 Judge computes c eb mod n B = mod 77 = 08 Signature validated; Bob is toast May 18, 2004 ECS 235 Slide #22 11
12 Attack #2: Bob s Revenge Bob, Alice agree to sign contract 06 Alice enciphers, then signs: (m eb mod 77) da mod n A = (06 53 mod 77) 11 mod 95 = 63 Bob now changes his public key so he can make it appear that Alice signed contract 13: Computes r such that 13 r mod 77 = 06; say, r = 59 Computes re B mod φ(n B ) = mod 60 = 7 Replace public key e B with 7; corresponding private key d B = 43 Bob claims contract was 13. Judge computes: (63 59 mod 95) 43 mod 77 = 13 Verified; now Alice is toast May 18, 2004 ECS 235 Slide #23 El Gamal Digital Signature Relies on discrete log problem Choose p prime, g, d < p; compute y = g d mod p Public key: (y, g, p); private key: d To sign contract m: Choose k relatively prime to p 1, and not yet used Compute a = g k mod p Find b such that m = (da + kb) mod p 1 Signature is (a, b) To validate, check that y a a b mod p = g m mod p May 18, 2004 ECS 235 Slide #24 12
13 Example Alice chooses p = 29, g = 3, d = 6 y = 3 6 mod 29 = 4 Alice wants to send Bob signed contract 23 Chooses k = 5 (relatively prime to 28) This gives a = g k mod p = 3 5 mod 29 = 11 Then solving 23 = ( b) mod 28 gives b = 25 Alice sends message 23 and signature (11, 25) Bob verifies signature: g m mod p = 3 23 mod 29 = 8 and y a a b mod p = mod 29 = 8 They match, so Alice signed May 18, 2004 ECS 235 Slide #25 Attack Eve learns k, corresponding message m, and signature (a, b) Extended Euclidean Algorithm gives d, the private key Example from above: Eve learned Alice signed last message with k = 5 m = (da + kb) mod p 1 = (11d ) mod 28 so Alice s private key is d = 6 May 18, 2004 ECS 235 Slide #26 13
14 Key Points Key management critical to effective use of cryptosystems Different levels of keys (session vs. interchange) Keys need infrastructure to identify holders, allow revoking Key escrowing complicates infrastructure Digital signatures provide integrity of origin and content Much easier with public key cryptosystems than with classical cryptosystems May 18, 2004 ECS 235 Slide #27 Overview Basics Passwords Storage Selection Breaking them Other methods Multiple methods May 18, 2004 ECS 235 Slide #28 14
15 Basics Authentication: binding of identity to subject Identity is that of external entity (my identity, Matt, etc.) Subject is computer entity (process, etc.) May 18, 2004 ECS 235 Slide #29 Establishing Identity One or more of the following What entity knows (eg. password) What entity has (eg. badge, smart card) What entity is (eg. fingerprints, retinal characteristics) Where entity is (eg. In front of a particular terminal) May 18, 2004 ECS 235 Slide #30 15
16 Authentication System (A, C, F, L, S) A information that proves identity C information stored on computer and used to validate authentication information F complementation function; f : A C L functions that prove identity S functions enabling entity to create, alter information in A or C May 18, 2004 ECS 235 Slide #31 Example Password system, with passwords stored on line in clear text A set of strings making up passwords C = A F singleton set of identity function { I } L single equality test function { eq } S function to set/change password May 18, 2004 ECS 235 Slide #32 16
17 Passwords Sequence of characters Examples: 10 digits, a string of letters, etc. Generated randomly, by user, by computer with user input Sequence of words Examples: pass-phrases Algorithms Examples: challenge-response, one-time passwords May 18, 2004 ECS 235 Slide #33 Storage Store as cleartext If password file compromised, all passwords revealed Encipher file Need to have decipherment, encipherment keys in memory Reduces to previous problem Store one-way hash of password If file read, attacker must still guess passwords or invert the hash May 18, 2004 ECS 235 Slide #34 17
18 Example UNIX system standard hash function Hashes password into 11 char string using one of 4096 hash functions As authentication system: A = { strings of 8 chars or less } C = { 2 char hash id 11 char hash } F = { 4096 versions of modified DES } L = { login, su, } S = { passwd, nispasswd, passwd+, } May 18, 2004 ECS 235 Slide #35 Anatomy of Attacking Goal: find a A such that: For some f F, f(a) = c C c is associated with entity Two ways to determine whether a meets these requirements: Direct approach: as above Indirect approach: as l(a) succeeds iff f(a) = c C for some c associated with an entity, compute l(a) May 18, 2004 ECS 235 Slide #36 18
19 Preventing Attacks How to prevent this: Hide one of a, f, or c Prevents obvious attack from above Example: UNIX/Linux shadow password files Hides c s Block access to all l L or result of l(a) Prevents attacker from knowing if guess succeeded Example: preventing any logins to an account from a network Prevents knowing results of l (or accessing l) May 18, 2004 ECS 235 Slide #37 Dictionary Attacks Trial-and-error from a list of potential passwords Off-line: know f and c s, and repeatedly try different guesses g A until the list is done or passwords guessed Examples: crack, john-the-ripper On-line: have access to functions in L and try guesses g until some l(g) succeeds Examples: trying to log in by guessing a password May 18, 2004 ECS 235 Slide #38 19
20 Using Time Anderson s formula: P probability of guessing a password in specified period of time G number of guesses tested in 1 time unit T number of time units N number of possible passwords ( A ) Then P TG/N May 18, 2004 ECS 235 Slide #39 Example Goal Passwords drawn from a 96-char alphabet Can test 10 4 guesses per second Probability of a success to be 0.5 over a 365 day period What is minimum password length? Solution N TG/P = ( ) 10 4 /0.5 = Choose s such that Σ s j=0 96 j N So s 6, meaning passwords must be at least 6 chars long May 18, 2004 ECS 235 Slide #40 20
21 Approaches: Password Selection Random selection All elements of A equally likely to be selected ICBS: maximizes time to guessing password Be careful it may not be really random Remembering these is hard Write down transformed password, apply transformation to recover Example: Capitalize 3rd letter, append digit 2 ; written down is Swqgle3 so password is SwQgle32 May 18, 2004 ECS 235 Slide #41 Pronounceable Passwords Generate phonemes randomly Phoneme is unit of sound, eg. cv, vc, cvc, vcv Examples: helgoret, juttelon are; przbqxdfl, zxrptglfn are not Problem: too few Solution: key crunching Run long key through hash function and convert to printable sequence Use this sequence as password May 18, 2004 ECS 235 Slide #42 21
22 User Selection Problem: people pick easy to guess passwords Based on account names, user names, computer names, place names Dictionary words (also reversed, odd capitalizations, control characters, elite-speak, conjugations or declensions, swear words, Torah/Bible/Koran/ words) Too short, digits only, letters only License plates, acronyms, social security numbers Personal characteristics or foibles (pet names, nicknames, job characteristics, etc. May 18, 2004 ECS 235 Slide #43 Picking Good Passwords LlMm*2^Ap Names of members of 2 families OoHeO/FSK Second letter of each word of length 4 or more in third line of third verse of Star-Spangled Banner, followed by /, followed by author s initials What s good here may be bad there DMC/MHmh bad at Dartmouth ( Dartmouth Medical Center/Mary Hitchcock memorial hospital ), ok here Why are these now bad passwords? May 18, 2004 ECS 235 Slide #44 22
23 Proactive Password Checking Analyze proposed password for goodness Always invoked Can detect, reject bad passwords for an appropriate definition of bad Discriminate on per-user, per-site basis Needs to do pattern matching on words Needs to execute subprograms and use results Spell checker, for example Easy to set up and integrate into password selection system May 18, 2004 ECS 235 Slide #45 23
CSE509: (Intro to) Systems Security
CSE509: (Intro to) Systems Security Fall 2012 Radu Sion Passwords 2005-12 portions Matt Bishop Authentication Basics Passwords Storage Selection Breaking them Other methods Multiple methods Systems Security
More informationChapter 10: Key Management
Chapter 10: Key Management Session and Interchange Keys Key Exchange Key Generation Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #10-1 Overview Key exchange Session
More informationAuthentication. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Authentication Murat Kantarcioglu Authentication Overview Basics Passwords Challenge-Response Biometrics Location Multiple Methods Basics
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationTopics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols
Cryptographic Protocols Topics 1. Dramatis Personae and Notation 2. Session and Interchange Keys 3. Key Exchange 4. Key Generation 5. Cryptographic Key Infrastructure 6. Storing and Revoking Keys 7. Digital
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationL7: Authentication. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L7: Authentication Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 10/7/2016 CSCI 451 -Fall 2016 1 Acknowledgement Revised based on slides are from
More informationINFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2
Digital Signature Introduction to Computer Security Lecture 7 Digital Signature October 9, 2003 Construct that authenticates origin, contents of message in a manner provable to a disinterested third party
More informationKey Management CS461/ECE422
Key Management CS461/ECE422 1 Reading Chapter 10 in Computer Security: Art and Science Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/ Section 11.3.2 attack on RSA signature Section
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationCSC 482/582: Computer Security. Security Protocols
Security Protocols Topics 1. Basic Concepts of Cryptography 2. Security Protocols 3. Authentication Protocols 4. Key Exchange Protocols 5. Kerberos 6. Public Key Infrastructure Encryption and Decryption
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 2 Sept 4, 2013 Key Management Network Security 1 Objectives Understand/explain the issues related to, and
More informationInformation Security & Privacy
IS 2150 / TEL 2810 Information Security & Privacy James Joshi Associate Professor, SIS Lecture 8 Feb 24, 2015 Authentication, Identity 1 Objectives Understand/explain the issues related to, and utilize
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationT H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication EECE 412. Copyright Konstantin Beznosov
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Authentication EECE 412 Copyright 2004-2007 Konstantin Beznosov What is Authentication? Real-world and computer world examples? What is a result
More informationT H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Authentication What is Authentication? Real-world and computer world examples? What is a result of authentication? What are the means for in
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationFair Cryptography. Cryptography CS 507 Erkay Savas Sabanci University
Fair Cryptography Cryptography CS 507 Erkay Savas Sabanci University erkays@sabanciuniv.edu Conflicting Interests Private Industry wants to secure communications Citizens want privacy Law enforcement wants
More informationL7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L7: Key Distributions Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/16/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from or are
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationThe most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who
1 The most important development from the work on public-key cryptography is the digital signature. Message authentication protects two parties who exchange messages from any third party. However, it does
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationFun with Crypto keys and protocols. some Bishop, some Jim, some RA
Fun with Crypto keys and protocols some Bishop, some Jim, some RA Keys and protocols Keys, notation, session keys certs and digital signatures Key infrastructure, storage protocols how we use keys Needham-Schroder/Kerberos
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationCryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL
Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL Transpositional Ciphers-A Review Decryption 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 Encryption 1 2 3 4 5 6 7 8 A G O O D F R I E N D I S A T R E
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationCrypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))
Introduction (Mihir Bellare Text/Notes: http://cseweb.ucsd.edu/users/mihir/cse207/) Cryptography provides: Data Privacy Data Integrity and Authenticity Crypto-systems all around us ATM machines Remote
More informationAuthentication. Amit Konar Math and Computer Sc., UMSL
Authentication Amit Konar Math and Computer Sc., UMSL What is Authentication? Authentication is the binding of an identity to a subject. Subjects act on behalf of some other, external entity. The identity
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationCryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III
Cryptography III Public-Key Cryptography Digital Signatures 2/1/18 Cryptography III 1 Public Key Cryptography 2/1/18 Cryptography III 2 Key pair Public key: shared with everyone Secret key: kept secret,
More informationECEN 5022 Cryptography
Introduction University of Colorado Spring 2008 Historically, cryptography is the science and study of secret writing (Greek: kryptos = hidden, graphein = to write). Modern cryptography also includes such
More informationChapter 10: Cipher Techniques
Chapter 10: Cipher Techniques Some Problems Types of Ciphers Networks Examples Slide #10-1 Overview Problems What can go wrong if you naively use ciphers Cipher types Stream or block ciphers? Networks
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationIntroduction to Cryptography Lecture 10
Introduction to Cryptography Lecture 10 Digital signatures, Public Key Infrastructure (PKI) Benny Pinkas January 1, 2012 page 1 Non Repudiation Prevent signer from denying that it signed the message I.e.,
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More informationCS61A Lecture #39: Cryptography
Announcements: CS61A Lecture #39: Cryptography Homework 13 is up: due Monday. Homework 14 will be judging the contest. HKN surveys on Friday: 7.5 bonus points for filling out their survey on Friday (yes,
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationAuthentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi
Authentication Overview of Authentication systems 1 Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based
More informationAPPLICATIONS AND PROTOCOLS. Mihir Bellare UCSD 1
APPLICATIONS AND PROTOCOLS Mihir Bellare UCSD 1 Some applications and protocols Internet Casino Commitment Shared coin flips Threshold cryptography Forward security Program obfuscation Zero-knowledge Certified
More informationDigital Signatures. Luke Anderson. 7 th April University Of Sydney.
Digital Signatures Luke Anderson luke@lukeanderson.com.au 7 th April 2017 University Of Sydney Overview 1. Digital Signatures 1.1 Background 1.2 Basic Operation 1.3 Attack Models Replay Naïve RSA 2. PKCS#1
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationProtecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures MIS5206 Week 11 Identity and Access Control Week 10 continued Cryptography, Public Key Encryption and
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationIBM i Version 7.2. Security Digital Certificate Manager IBM
IBM i Version 7.2 Security Digital Certificate Manager IBM IBM i Version 7.2 Security Digital Certificate Manager IBM Note Before using this information and the product it supports, read the information
More informationLecture Notes 14 : Public-Key Infrastructure
6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 19th February 2009 Outline Basics Constructing signature schemes Security of
More informationCS3235 Seventh set of lecture slides
CS3235 Seventh set of lecture slides Hugh Anderson National University of Singapore School of Computing October, 2007 Hugh Anderson CS3235 Seventh set of lecture slides 1 Warp 9... Outline 1 Public Key
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationIBM. Security Digital Certificate Manager. IBM i 7.1
IBM IBM i Security Digital Certificate Manager 7.1 IBM IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 11: Public Key Infrastructure Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Public key infrastructure Certificates Trust
More informationDigital Signatures. KG November 3, Introduction 1. 2 Digital Signatures 2
Digital Signatures KG November 3, 2017 Contents 1 Introduction 1 2 Digital Signatures 2 3 Hash Functions 3 3.1 Attacks.................................... 4 3.2 Compression Functions............................
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationAccess Control. Tom Chothia Computer Security, Lecture 5
Access Control Tom Chothia Computer Security, Lecture 5 The Crypto Wars 1993-1996: Clipper chip considered in US congress and rejected. Due partly to Matt Blaze s analysis and strongly attack by John Kerry
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationAssignment 9 / Cryptography
Assignment 9 / Cryptography Michael Hauser March 2002 Tutor: Mr. Schmidt Course: M.Sc Distributed Systems Engineering Lecturer: Mr. Owens CONTENTS Contents 1 Introduction 3 2 Simple Ciphers 3 2.1 Vignère
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet. SSL ensures the secure transmission of data between a client and a server through
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationSSL Certificates Certificate Policy (CP)
SSL Certificates Last Revision Date: February 26, 2015 Version 1.0 Revisions Version Date Description of changes Author s Name Draft 17 Jan 2011 Initial Release (Draft) Ivo Vitorino 1.0 26 Feb 2015 Full
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 9 March 30, 2011 Question 1 Another Use for Hash Functions (8 min) The traditional Unix system for password authentication works more or less like
More informationCryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building
Cryptographic Techniques Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building Outline Data security Cryptography basics Cryptographic systems DES RSA C. H. HUANG IN CML 2 Cryptography
More informationLecture 3 - Passwords and Authentication
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 3 - Passwords and Authentication CSE497b - Spring 2007 Introduction Computer and Network Security Professor
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Secured Communications: Key exchange Schneier, Applied Cryptography:
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More informationOther Topics in Cryptography. Truong Tuan Anh
Other Topics in Cryptography Truong Tuan Anh 2 Outline Public-key cryptosystem Cryptographic hash functions Signature schemes Public-Key Cryptography Truong Tuan Anh CSE-HCMUT 4 Outline Public-key cryptosystem
More informationSecurity Handshake Pitfalls
Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone
More informationKey Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings
Key Exchange References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings Outlines Primitives Root Discrete Logarithm Diffie-Hellman ElGamal Shamir s Three Pass
More informationRSA. Public Key CryptoSystem
RSA Public Key CryptoSystem DIFFIE AND HELLMAN (76) NEW DIRECTIONS IN CRYPTOGRAPHY Split the Bob s secret key K to two parts: K E, to be used for encrypting messages to Bob. K D, to be used for decrypting
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationL8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L8: Public Key Infrastructure Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/21/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from
More informationConfiguring Certificate Authorities and Digital Certificates
CHAPTER 43 Configuring Certificate Authorities and Digital Certificates Public Key Infrastructure (PKI) support provides the means for the Cisco MDS 9000 Family switches to obtain and use digital certificates
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 4, 2017 CPSC 467, Lecture 11 1/39 ElGamal Cryptosystem Message Integrity and Authenticity Message authentication codes
More information