1. Out of the 3 types of attacks an adversary can mount on a cryptographic algorithm, which ones does differential cryptanalysis utilize?
|
|
- Howard Harper
- 6 years ago
- Views:
Transcription
1 Introduction Answer the following questions. When a word count restriction is given for a question, exceeding it will result in marks being deducted. If your answer is more than twice the maximum length, you will get zero for the question. Please include a word count for all your answers. We recommend that you use a utility like wc on ECF to count the number of words in your answer. Your answers should be written in proper English, with full sentences. We reserve the right to deduct marks for poor English, unintelligible answers or illegible handwriting. All answers should be written in your own words - no copy-pasting! The completed assignments should be submitted in hardcopy during class on April 4, Note that all written assignments should be done individually. 1 DES and differential cryptanalysis Read and answer the following questions: 1. Out of the 3 types of attacks an adversary can mount on a cryptographic algorithm, which ones does differential cryptanalysis utilize? [1 mark] 2. When was differential cryptanalysis first discovered? Which organization had knowledge of it at the time? [2 marks] 3. When did differential cryptanalysis first appear in public literature? List the title and the authors of the paper. [2 marks] 4. What is an active S-box as described in the article? Why is it important to maximize the number of active S-boxes? What property, discussed in class, does having the average number of active S-boxes per round be greater than 1 imply? [50 words] [10 marks] 1.1 Solution 1. Chosen Plaintext , IBM and the NSA , Eli Biham, Adi Shamir: Differential Cryptanalysis of DES-like Cryptosystems 4. An S-box is active in a round if the set of 6-bits that are input to the box are not all zero. Having the average number of S-boxes per round be greater than one implies that a large number of S-boxes will be active over the 16 rounds (as explained in the article). This means that there will be a large number of 1 s distributed over the rounds and as a result, any single S-box will cause other S-boxes to be active in later rounds. This implies that the cryptographic algorithm is likely to have good diffusion properties. 2 Rainbow tables Read and answer the following questions: 1. Find pre-images the following MD5 hash values [4 marks]: dd b ddd e8 b83b444c23f3d9dd2ddaa How much disk space is required to store a complete rainbow table for an ideal cryptographic hash function that has a hash value length of n bits? [1 mark] 3. How much disk space is required to store a complete rainbow table for the following hash functions? Use scientific notation and keep 3 significant figures. [4 marks] Page 1 of 7
2 MD5 SHA-1 SHA-256 SHA Given a complete rainbow table, what is the cost to perform a preimage attack? What is the probability of success? [2 marks] 5. Given a complete rainbow table, what is the cost to perform a collision attack? What is the probability of success? [2 marks] 6. Is the technique presented in the blog post still relevant in 2011? Justify. [20 words] [5 marks] 7. What is a simple to use defense against rainbow table based attacks? [20 words] [2 marks] 2.1 Solution Because of the vague wording in this question, answers are provided for your benefit. The quesiton will not be graded. 1. The pre-images are as follows: md5(568) = dd b ddd e8 md5(penguins1) = b83b444c23f3d9dd2ddaa Note that the question assumed that the rainbow table is a complete table of pre-images for every possible hash value (i.e. no reduction function). In practice, rainbow tables always have reduction functions to make storage for the pre-images feasible. In addition, rainbow tables are typically incomplete so not every hash value will have a pre-image in the table. Since the question implies that the rainbow table is complete, then there must be an entry for each hash value. The question doesn t specify the size of an entry, so the answer is given as the number of entries in the table, which is just 2 h ash s ize. MD5: entries SHA-1: entries SHA-256: entries SHA-512: entries 3. A pre-image attack requires one look up. Given a complete rainbow table, the probabiility is 100%. 4. A collision attack can be performed by generating a random string, computing the hash of the string and then doing a lookup into the table. The probability of success is also 100%. 5. The technique in the blog is not relevant given the wide availability of rainbow tables on the internet. 6. A simple defense is to salt your password so that the entries in a precomputed rainbow table are not valid. 3 Kerboros versus Public key infrastructure 1. What is the trusted third party called in Kerberos? Briefly describe its functions.[30 words] [5 marks] 2. What is the trusted thirs party called in PKI? Briefly describe its functions.[30 words] [5 marks] 3. Consider a DDOS attack on Kerboros s central server. Which property of security (confidentiality, availability, integrity) has been violated from the user s perspective? Explain. [2 marks] 4. Now consider a DDOS attack on a PKI s central server. Which property of security has been violated from the user s perspective? Explain. [2 marks] Page 2 of 7
3 5. Consider a Kerboros system in which the central server has been silently compromised. Which property of security has been violated from the user s perspective? Explain. [2 marks] 6. Consider a PKI system in which the central server has been silently compromised. Which property of security has been violated from the user s perspective? Explain. [2 marks] 3.1 Solution 1. The trusted third party can be called the Key Distribution Center, or Authentication Server and Ticket Granting Server, which make up the former. 2. A (Root) Certificate Authority. 3. Availability, when the central server is not available, then the user cannot access any resources. 4. None, unavailability of the CA just means new keys cannot be certified. However, existing users with keys are not affected. 5. Confidentiality and/or integrity. Compromising the server means the adversary can eavesdrop on all connections as well as forge new connections. 6. Confidentiality and/or integrity depending on what the certified keys are used for. Confidentiality if they are encryption keys. Integrity if they are signing keys. 4 Public Key Encryption An alternative public key scheme, based on Diffie-Hellman works as follows: Alice selects a large prime number p and a generator g for the field defined by modp. Alice randomly selects a value x, 1 x p 2 and computes g x modp. The tuple {p, g, g x } becomes Alice s public key, and x is Alice s private key. Bob, who wants to send Alice a message m, get s Alice s public key through some certfied method. To encrypt m, he randomly selects a value y, 1 y p 2 and computes A = g y modp and B = m (g x ) y modp and sends {A,B} to Alice. Alice can recover m by computing B/A x modp Answer the following questions: 1. Is this scheme secure? If so, what difficult problem must the adversary solve to recover m without Alice s private key? Explain. [40 words] [4 marks] 2. Why are x and y restricted to the given range? What is wrong with using x, y = 0 or x, y = p 1? [20 words] [2 marks] 3. Suppose Bob is lazy and does not use a true random number generator. What weaknesses are introduced if y is not secret? What if the same y is used to encrypt multiple messages? [50 words] [6 marks] 4. How does this scheme compare to RSA in terms of computational requirements for Bob? Assume the same size modulus/key length is used for both. Explain. [20 words] [5 marks] 5. How does this scheme compare to RSA in space requirements for transmitting the encrypted mesage? Assume the same size modulus/key length is used for both. Explain. [20 words] [5 marks] Page 3 of 7
4 4.1 Solution 1. The scheme is as secure as Diffie-Hellman. Alice can recover m because she knows the value of x. To do the same, the adversary must recove x, which means thata he must be able to perform discrete log. Discrete log is a problem believed to be computationally hard. 2. x = 0 is not defined in the field of p, i.e. g 0 modp is not permitted. x = p 1 means that g x modp = 1 via fermat s little theorem. Thus, the adversary will be able to easily deduce the value of x. 3. By using the same y for several messages, this means that A = g y modp will be the same for all of those messages. Say we have two messages m and m, which encrypt to B and B respectively and the same y is used for both encryptions. Then we can see that m = B/A x and m = B /A x or A x = B /ma. Subsituting this back into the first equation we can recover m = B m /B. 4. This scheme has roughly double the computational requirements as RSA since it requires two exponentiations, one for A and one for B. 5. This scheme has roughly twice the space requirements since two values of size p must be sent as part of the cipher text. 5 Information Flow Models Given the following relationships between security categories and levels, answer the questions below: Confidentiality levels: T S > S. Confidentiality categories: C A, C B, C C. Integrity levels: C > NC. Subjects: S A : (T S, {C A, C B }), NC S B : (S, {C C }), NC S C : (S, {C A, C C }), C Objects: O A : (T S, {ø}), NC O B : (T S, {C A, C C }), NC O C : (S, {C C }), C 1. Ignore the integrity information and list the objects each subject can read and/or write using the Bell-LaPadula Policy. [6 marks] 2. Ignore the confidentiality information and list the objects each subject can read and/or write using the Biba Policy. [6 marks] 3. Suppose both confidentiaility and integrity access controls are active simultaneously. Indicate which subjects are then able to access which objects for both read and/or write. [6 marks] Page 4 of 7
5 5.1 Solution Note that the original question was phrased assuming Lipner s policy, which has integrity categories. However, Lipner s is no longer covered in the course and we use Biba that does not have integrity categories. Thus, the question will be graded without taking integrity categories into account. 1. Bell-Lapadula: 2. Biba: S A : Read = {O A }, W rite = {ø} S B : Read = {O C }, W rite = {O B, O C } S C : Read = {O C }, W rite = {O B } S A : Read = {O A, O B, O C }, W rite = {O A, O B } S B : Read = {O A, O B, O C }, W rite = {O A, O B } S C : Read = {O C }, W rite = {O A, O B, O C } 3. Combined: S A : Read = {O A, }, W rite = {ø} S B : Read = {O C }, W rite = {O B } S C : Read = {O C }, W rite = {O B } 6 Multi-factor authentication Bob recently signed up for telephone banking. He was given a dongle which works in conjunction with his PIN. Answer the following questions. 1. Briefly explain how this security scheme should work.[50 words] [5 marks] 2. Is this scheme secure against theft of the dongle? Explain. [20 words] [5 marks] 3. If the telephone company guarantees that all phone lines are free from eavsdropping, does this eliminate the need for the dongle? Explain. [20 words] [5 marks] 4. List all the cryptographic primitives used in this scheme. Clearly identify which ones reside in the dongle and which ones reside on the bank s servers.[20 words] [2 marks] 5. There is a serial number on each dongle. What purpose does this serve? [10 works] [1 mark] 6. Does this serial number need to be randomly generated? Does this serial number need to be kept secret by Bob? Explain. [30 words] [5 marks] Page 5 of 7
6 6.1 Solution 1. The security token contains a secret key that is used to run a stream cipher continuously. Since the the server share the same stream cipher and the same secret key, the output of the stream cipher is identical and thus can be used as a shared secret between Bob and the Bank. 2. Yes, if the security token is lost or stolen Bob simply needs to report the loss and the bank will assign him a new one. With multi-factor authentication the compromise of a single factor does not compromise the entire system. 3. Yes, security token, along with Bob s PIN number helps to authenticate Bob as Bob. Even if a secure channel exists the bank has no way of verifying the person using the secure channel is indeed Bob. 4. A stream cipher is used in this scheme. The same cipher is used on both the security token and the authentication server. 5. The serial number serves to identify the secret stream cipher key of each authentication token. 6. The serial number does not need to be random as it reveals no information about the key (which shoudl be random). It merely serves as an identifier so it only needs to be unique. As a result, it also does not need to be kept secret. It servers no purpose after the token has been activiated. 7 Web Security 1. Explain the same origin policy. What attacks does it prevent?[40 words] [5 marks] 2. What are drive-by downloads? What are some defenses against it?[30 words] [5 marks] 7.1 Solution The same origin policy allow scripts originating from the same site to interact with each other and the site contents, but prevents them from accessing contents and scripts originating from other sites. It prevents attacks that aim to steal private user information. Drive-by downloads is a category of attacks that download malicious files unto a user s computer without consent. Drive-by download attacks either exploit unpatched browser vulnerabilities, or trick the user into clicking on a malicious link. The best defenses are to keep the browser up to date, use a pop-up blocker, and avoid visiting suspicious sites. 8 Covert Channels Acme Corporation ships a proprietary web browser that contains a back-door which phones home periodically with private user information. Unfortunately for Acme, a group of security researchers discovered all the covert channels used in their malicious browser. The covert channels used were: Altering inter-packet timing Encoding data in the packet size Encoding data in the HTTP header Changing the browser User-Agent Sending extraneously packets Now Acme hired you to fix their mistakes. Suggest 2 new covert channel schemes.[50 words] [10 marks] Page 6 of 7
7 8.1 Solution Some possible alternatives are: Encoding data in the TCP Initial Sequence Number field Encoding data in the size of the TCP window Re-order the sequence in which images are requested from the web server Encoding data in the HTTP header only within SSL sessions Modulate the transfer speed of the browser s download manager Page 7 of 7
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Networking Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 2 Due: Friday, 10/28/2016 at 11:55pm PT Will be posted on
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationCryptography (Overview)
Cryptography (Overview) Some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) Modern secret key cryptography DES, AES Public key cryptography RSA, digital signatures Cryptography
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 2 Due: Wednesday, February 14, at 11:59pm Instructions. This homework is due Wednesday, February 14, at 11:59pm. No late homeworks will be accepted.
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationCSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L
CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More information(2½ hours) Total Marks: 75
(2½ hours) Total Marks: 75 N. B.: (1) All questions are compulsory. (2) Makesuitable assumptions wherever necessary and state the assumptions made. (3) Answers to the same question must be written together.
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationComputer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 10r. Recitation assignment & concept review Paul Krzyzanowski Rutgers University Spring 2018 April 3, 2018 CS 419 2018 Paul Krzyzanowski 1 1. What is a necessary condition for perfect
More informationSecurity: Cryptography
Security: Cryptography Computer Science and Engineering College of Engineering The Ohio State University Lecture 38 Some High-Level Goals Confidentiality Non-authorized users have limited access Integrity
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationCRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK
CRYPTOGRAPHY AND NETWROK SECURITY-QUESTION BANK UNIT-1 1. Answer the following: a. What is Non-repudiation b. Distinguish between stream and block ciphers c. List out the problems of one time pad d. Define
More informationKurose & Ross, Chapters (5 th ed.)
Kurose & Ross, Chapters 8.2-8.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) Addison-Wesley, April 2009. Copyright 1996-2010, J.F Kurose and
More information(a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography
Code No: RR410504 Set No. 1 1. Write short notes on (a) Symmetric model (b) Cryptography (c) Cryptanalysis (d) Steganography 3. (a) Illustrate Diffie-hellman Key Exchange scheme for GF(P) [6M] (b) Consider
More informationPublic-key Cryptography: Theory and Practice
Public-key Cryptography Theory and Practice Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Chapter 1: Overview What is Cryptography? Cryptography is the study of
More informationSankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank
Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology Question Bank Subject: Information Security (160702) Class: BE Sem. VI (CE/IT) Unit-1: Conventional
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationECEN 5022 Cryptography
Introduction University of Colorado Spring 2008 Historically, cryptography is the science and study of secret writing (Greek: kryptos = hidden, graphein = to write). Modern cryptography also includes such
More informationDavid Wetherall, with some slides from Radia Perlman s security lectures.
David Wetherall, with some slides from Radia Perlman s security lectures. djw@cs.washington.edu Networks are shared: Want to secure communication between legitimate participants from others with (passive
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationLecture 9a: Secure Sockets Layer (SSL) March, 2004
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by
More information14. Internet Security (J. Kurose)
14. Internet Security (J. Kurose) 1 Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer:
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationHomework 2: Symmetric Crypto Due at 11:59PM on Monday Feb 23, 2015 as a PDF via websubmit.
Homework 2: Symmetric Crypto February 17, 2015 Submission policy. information: This assignment MUST be submitted as a PDF via websubmit and MUST include the following 1. List of collaborators 2. List of
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationChapter 9: Database Security: An Introduction. Nguyen Thi Ai Thao
Chapter 9: Database Security: An Introduction Nguyen Thi Ai Thao thaonguyen@cse.hcmut.edu.vn Spring- 2016 Outline Introduction to Database Security Issues Types of Security Threats to databases Database
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms
Public Key Cryptography Kurose & Ross, Chapters 8.28.3 (5 th ed.) Slides adapted from: J. Kurose & K. Ross \ Computer Networking: A Top Down Approach (5 th ed.) AddisonWesley, April 2009. Copyright 19962010,
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More information1. Diffie-Hellman Key Exchange
e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Diffie-Hellman Key Exchange Module No: CS/CNS/26 Quadrant 1 e-text Cryptography and Network Security Objectives
More informationPublic Key Cryptography
Public Key Cryptography Giuseppe F. Italiano Universita` di Roma Tor Vergata italiano@disp.uniroma2.it Motivation Until early 70s, cryptography was mostly owned by government and military Symmetric cryptography
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationLecture 2 Applied Cryptography (Part 2)
Lecture 2 Applied Cryptography (Part 2) Patrick P. C. Lee Tsinghua Summer Course 2010 2-1 Roadmap Number theory Public key cryptography RSA Diffie-Hellman DSA Certificates Tsinghua Summer Course 2010 2-2
More informationAuthentication and Key Distribution
1 Alice and Bob share a key How do they determine that they do? Challenge-response protocols 2 How do they establish the shared secret in the first place? Key distribution PKI, Kerberos, Other key distribution
More informationkey distribution requirements for public key algorithms asymmetric (or public) key algorithms
topics: cis3.2 electronic commerce 24 april 2006 lecture # 22 internet security (part 2) finish from last time: symmetric (single key) and asymmetric (public key) methods different cryptographic systems
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationFull file at https://fratstock.eu
Solutions Manual Introduction to Computer Security Version 1.1 M. T. Goodrich and R. Tamassia December 20, 2010 1 Terms of Use This manual contains solutions for selected exercises in the book Introduction
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationCryptographic Systems
CPSC 426/526 Cryptographic Systems Ennan Zhai Computer Science Department Yale University Recall: Lec-10 In lec-10, we learned: - Consistency models - Two-phase commit - Consensus - Paxos Lecture Roadmap
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More information10EC832: NETWORK SECURITY
10EC832: NETWORK SECURITY Objective: In this electronic age, security and privacy are two of the issues whose importance cannot be stressed enough. How do we ensure the systems we use are resistant to
More informationThis chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest
1 2 3 This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest PKCS, Diffie- Hellman key exchange. This first published
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More information1.264 Lecture 28. Cryptography: Asymmetric keys
1.264 Lecture 28 Cryptography: Asymmetric keys Next class: Anderson chapters 20. Exercise due before class (Reading doesn t cover same topics as lecture) 1 Asymmetric or public key encryption Receiver
More informationComputer Security Fall 2006 Joseph/Tygar MT 2 Solutions
CS 161 Computer Security Fall 2006 Joseph/Tygar MT 2 Solutions Problem 1. [Covert Channels] (30 points) (a) (5 points) Write down the Fiat-Shamir zero-knowledge protocol (as presented in class) where Alice
More informationPass, No Record: An Android Password Manager
Pass, No Record: An Android Password Manager Alex Konradi, Samuel Yeom December 4, 2015 Abstract Pass, No Record is an Android password manager that allows users to securely retrieve passwords from a server
More informationUser Authentication Principles and Methods
User Authentication Principles and Methods David Groep, NIKHEF User Authentication - Principles and Methods 1 Principles and Methods Authorization factors Cryptographic methods Authentication for login
More informationCryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators
Cryptography in Lotus Notes/Domino Pragmatic Introduction for Administrators Belfast, 11-Nov-2010 Innovative Software Solutions. Thomas Bahn - graduated in mathematics, University of Hannover - developing
More informationCPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME:
CPSC 481/681 SPRING 2006 QUIZ #1 7 MAR 2006 NAME: There are 6 questions on this quiz. Each question is individually weighted. If you do not understand the question, please ask for clarification. 1 I. (24
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ Chapter 8 Network Security Computer Networking: A Top Down Approach, 5 th edition. Jim Kurose, Keith Ross Addison-Wesley, April 2009.
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More information1-7 Attacks on Cryptosystems
1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationMore on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017
More on Cryptography CS 136 Computer Security Peter Reiher January 19, 2017 Page 1 Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of cryptography Symmetric
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationCMSC 414 S09 Exam 2 Page 1 of 6 Name:
CMSC 414 S09 Exam 2 Page 1 of 6 Name: Total points: 100. Total time: 115 minutes. 6 problems over 6 pages. No book, notes, or calculator Unless stated otherwise, the following conventions are used: K{X}
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationDigital Signatures. Secure Digest Functions
Digital Signatures Secure Digest Functions 8 requirements for one-way hash functions given M, H(M) is easy to compute given H(M), M is difficult to compute given M, it is difficult to find M such that
More informationIntroduction and Overview. Why CSCI 454/554?
Introduction and Overview CSCI 454/554 Why CSCI 454/554? Get Credits and Graduate Security is important More job opportunities More research funds 1 Workload Five homework assignments Two exams (open book
More information1 Identification protocols
ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationEEC-682/782 Computer Networks I
EEC-682/782 Computer Networks I Lecture 23 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB
More informationLecture 6 - Cryptography
Lecture 6 - Cryptography CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse443-s12 Question Setup: Assume you and I donʼt know anything about
More informationThe question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 2 M.M:50 The question paper contains 40 multiple choice questions with four choices and students will have to pick the
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationHY-457 Information Systems Security
HY-457 Information Systems Security Recitation 1 Panagiotis Papadopoulos(panpap@csd.uoc.gr) Kostas Solomos (solomos@csd.uoc.gr) 1 Question 1 List and briefly define categories of passive and active network
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationChapter 19 Security. Chapter 19 Security
Chapter 19 Security Outline 19.1 Introduction 19.2 Cryptography 19.2.1 Secret-Key Cryptography 19.2.2 Public-Key Cryptography 19.3 Authentication 19.3.1 Basic Authentication 19.3.2 Biometrics and Smart
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationVerteilte Systeme (Distributed Systems)
Verteilte Systeme (Distributed Systems) Lorenz Froihofer l.froihofer@infosys.tuwien.ac.at http://www.infosys.tuwien.ac.at/teaching/courses/ VerteilteSysteme/ Security Threats, mechanisms, design issues
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationCryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice
Cryptography some history Caesar cipher, rot13 substitution ciphers, etc. Enigma (Turing) modern secret key cryptography DES, AES public key cryptography RSA, digital signatures cryptography in practice
More informationINFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2
Digital Signature Introduction to Computer Security Lecture 7 Digital Signature October 9, 2003 Construct that authenticates origin, contents of message in a manner provable to a disinterested third party
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationCryptographic Hash Functions
ECE458 Winter 2013 Cryptographic Hash Functions Dan Boneh (Mods by Vijay Ganesh) Previous Lectures: What we have covered so far in cryptography! One-time Pad! Definition of perfect security! Block and
More informationTest 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More information