Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 7: Tamperproofing II Minsk, Belarus, Spring 2014
|
|
- Stuart Kelley
- 6 years ago
- Views:
Transcription
1 Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 7: Tamperproofing II Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona collberg c June 16, 2014 Christian Collberg
2 2 / 74 Overview 1 Distributed Software Protection Scenarios 2 R-MATE Protection Ideas 3 Algorithms 4 The Tigress System
3 R-MATE Scenarios
4 4 / 74 Scenario: Protecting networked computer games Alice P
5 4 / 74 Scenario: Protecting networked computer games Alice P Bob
6 4 / 74 Scenario: Protecting networked computer games Alice P Bob P
7 4 / 74 Scenario: Protecting networked computer games Alice P Bob Cached data P
8 4 / 74 Scenario: Protecting networked computer games Alice P Bob Cached data P
9 4 / 74 Scenario: Protecting networked computer games Alice P Bob Cached data P
10 Scenario: Protecting medical records Alice Medical records database Medical records must be protected from improper access and improper modification. Records are stored on one secure site, accessed from multiple (sometimes mobile) devices. 5 / 74
11 Scenario: Protecting medical records Alice Medical records database E k (brittney.pdf) Confidential medical data Bob Medical records must be protected from improper access and improper modification. Records are stored on one secure site, accessed from multiple (sometimes mobile) devices. 5 / 74
12 Scenario: Protecting medical records Alice Medical records database E k (brittney.pdf) Confidential medical data Bob Medical records must be protected from improper access and improper modification. Records are stored on one secure site, accessed from multiple (sometimes mobile) devices. 5 / 74
13 Scenario: Protecting medical records Alice Medical records database E k (brittney.pdf) Confidential medical data Bob Medical records must be protected from improper access and improper modification. Records are stored on one secure site, accessed from multiple (sometimes mobile) devices. 5 / 74
14 Scenario: Protecting medical records Alice Medical records database E k (brittney.pdf) Confidential medical data Bob C if (role="doctor") allow(read write) elsif (role="nurse") allow(read) elsif (role="janitor") allow(nothing) Medical records must be protected from improper access and improper modification. Records are stored on one secure site, accessed from multiple (sometimes mobile) devices. 5 / 74
15 Scenario: Protecting medical records Alice Medical records database E k (brittney.pdf) Confidential medical data Bob C if (role="doctor") allow(read write) elsif (role="nurse") allow(read) elsif (role="janitor") read allow(nothing) Medical records must be protected from improper access and improper modification. Records are stored on one secure site, accessed from multiple (sometimes mobile) devices. 5 / 74
16 Scenario: Protecting medical records Alice Medical records database E k (brittney.pdf) Confidential medical data Bob C if (role="doctor") allow(read write) elsif (role="nurse") allow(read) elsif (role="janitor") read allow(nothing) Medical records must be protected from improper access and improper modification. Records are stored on one secure site, accessed from multiple (sometimes mobile) devices. 5 / 74
17 6 / 74 Scenario: Wireless sensor networks Alice Bob Sensor networks are common in military scenarios.
18 Scenario: Wireless sensor networks Alice Radioactivity? Chemicals? Troup movements? CPU Sensor Wifi Code Bob Sensor networks are common in military scenarios. 6 / 74
19 Scenario: Wireless sensor networks Alice Radioactivity? Chemicals? Troup movements? CPU Sensor Wifi Code bad Bob bad Sensor networks are common in military scenarios. The enemy can intercept/analyze/modify sensors. 6 / 74
20 Selective black-outs, consumers can adjust usage based on current costs, small-scale energy production,... 7 / 74 Scenario: Advanced Metering Infrastructure Electrical Grid Distribution Control Center Smart Meter
21 Selective black-outs, consumers can adjust usage based on current costs, small-scale energy production,... 7 / 74 Scenario: Advanced Metering Infrastructure Electrical Grid Distribution Control Center Smart Meter
22 Selective black-outs, consumers can adjust usage based on current costs, small-scale energy production,... 7 / 74 Scenario: Advanced Metering Infrastructure Electrical Grid Distribution Control Center HACKED! Smart Meter
23 Selective black-outs, consumers can adjust usage based on current costs, small-scale energy production,... 7 / 74 Scenario: Advanced Metering Infrastructure HACKED! Electrical Grid Distribution Control Center HACKED! HACKED! Smart Meter HACKED!
24 Selective black-outs, consumers can adjust usage based on current costs, small-scale energy production,... 7 / 74 Scenario: Advanced Metering Infrastructure Electrical Grid Distribution Control Center HACKED! Disconnect HACKED! Disconnect Disconnect HACKED! Smart Meter Disconnect HACKED! Disconnect
25 8 / 74 The Remote Man-At-The-End Problem Client Trusted Server Client
26 8 / 74 The Remote Man-At-The-End Problem Client Trusted Server Client Untrusted Client
27 8 / 74 The Remote Man-At-The-End Problem Client Trusted Server Client Untrusted Client Client SW/HW
28 8 / 74 The Remote Man-At-The-End Problem Client Trusted Server Client Untrusted Client Client SW/HW Debugger Tracer Slicer Emulator Disassembler Decompiler
29 8 / 74 The Remote Man-At-The-End Problem Client Trusted Server Client Variant 1 Untrusted Client Client SW/HW Debugger Tracer Slicer Emulator Disassembler Decompiler
30 8 / 74 The Remote Man-At-The-End Problem Client Trusted Server Client Variant Variant 1 2 Untrusted Client Client SW/HW Debugger Tracer Slicer Emulator Disassembler Decompiler
31 8 / 74 The Remote Man-At-The-End Problem Client Trusted Server Client Variant Variant 1 Variant 2 3 Untrusted Client Client SW/HW Debugger Tracer Slicer Emulator Disassembler Decompiler
32 8 / 74 The Remote Man-At-The-End Problem Client Trusted Server Client Variant Variant 1 Variant 2 Variant 3 4 Untrusted Client Client SW/HW Debugger Tracer Slicer Emulator Disassembler Decompiler
33 Debugger Tracer Slicer Emulator Disassembler Decompiler Self protect against tampering! Definition (Man-At-The-End (MATE) Attacks) MATE attacks occur in any setting where an adversary has physical access to a device and compromises it by inspecting, reverse engineering, or tampering with its hardware or software.
34 Debugger Tracer Slicer Emulator Disassembler Decompiler Detect remote tampering! Self protect against tampering! Definition (Man-At-The-End (MATE) Attacks) MATE attacks occur in any setting where an adversary has physical access to a device and compromises it by inspecting, reverse engineering, or tampering with its hardware or software. Definition (Remote MATE (R-MATE) Attacks) R-MATE attacks occur in distributed systems where untrusted clients are in frequent communication with trusted servers over a network, and where a malicious user can get an advantage by compromising an untrusted device.
35 Protection Ideas
36 11 / 74 Algorithm Ideas 1 Split move functionality from untrusted to trusted site.
37 11 / 74 Algorithm Ideas 1 Split move functionality from untrusted to trusted site. 2 Measure ask untrusted site are you running the right code?
38 11 / 74 Algorithm Ideas 1 Split move functionality from untrusted to trusted site. 2 Measure ask untrusted site are you running the right code? 3 Time make untrusted site compute challenge within given time.
39 11 / 74 Algorithm Ideas 1 Split move functionality from untrusted to trusted site. 2 Measure ask untrusted site are you running the right code? 3 Time make untrusted site compute challenge within given time. 4 Monitor monitor messages to detect signs of tampering.
40 12 / 74 Algorithm Ideas... 5 Hardware make untrusted site run tamperproof hardware.
41 12 / 74 Algorithm Ideas... 5 Hardware make untrusted site run tamperproof hardware. 6 Encrypt make untrusted site compute in encrypted domain.
42 12 / 74 Algorithm Ideas... 5 Hardware make untrusted site run tamperproof hardware. 6 Encrypt make untrusted site compute in encrypted domain. 7 Update make untrusted site continuously update its code.
43 12 / 74 Algorithm Ideas... 5 Hardware make untrusted site run tamperproof hardware. 6 Encrypt make untrusted site compute in encrypted domain. 7 Update make untrusted site continuously update its code. 8 Local obfuscate/tamperproof/watermark/... code.
44 13 / 74 Protocol Monitoring Trusted site Untrusted site Application Transport Internet Link Physical f 1 ()
45 13 / 74 Protocol Monitoring OK? Trusted site Application Transport Internet Link Physical Untrusted site f 1 () HACKED! Monitor messages to detect signs of tampering
46 13 / 74 Protocol Monitoring OK? Trusted site Application Transport Internet Link Physical Untrusted site f 1 () HACKED! Monitor messages to detect signs of tampering Not all tampering will violate protocols!
47 Protocol Monitoring OK? Trusted site Application Transport Internet Link Physical Untrusted site f 1 () HACKED! Monitor messages to detect signs of tampering Not all tampering will violate protocols! Need to monitor every level of the network stack? 13 / 74
48 14 / 74 Code Splitting Trusted site Untrusted site f 1 () X f 2 () Move functionality from untrusted to trusted site.
49 14 / 74 Code Splitting Trusted site Untrusted site X f 1 () f 2 () Move functionality from untrusted to trusted site. Increases network traffic, server load.
50 14 / 74 Code Splitting Trusted site Untrusted site X f 1 () f 2 () Move functionality from untrusted to trusted site. Increases network traffic, server load.
51 14 / 74 Code Splitting Trusted site Untrusted site f 1 () X f 2 () Move functionality from untrusted to trusted site. Increases network traffic, server load. Extreme: Run all code server-side.
52 15 / 74 Trusted Hardware Trusted site Untrusted site f 1 () f 2 () Bob has a trusted hardware unit.
53 Trusted Hardware Trusted site Untrusted site f 1 () is OK! hash(f 1 ) f 2 () is OK! hash(f 2 ) Trust Bob s site! f 1 () f 2 () Bob has a trusted hardware unit. Bob proves that his site contains no untrustworthy software. Trusted hardware makes it harder for Bob to cheat. 15 / 74
54 16 / 74 Encryption Trusted site Untrusted site 6*7=? Alice wants to outsource computation to Bob
55 16 / 74 Encryption Trusted site Untrusted site 6*7=? 6,7 42 6*7=42! Alice wants to outsource computation to Bob Doesn t want him to learn her inputs and outputs!
56 Encryption Trusted site Untrusted site 6*7=? D(E(42))=42! E(6),E(7) E(42) E(6)*E(7) Alice wants to outsource computation to Bob Doesn t want him to learn her inputs and outputs! Bob performs operations on encrypted data. 16 / 74
57 17 / 74 Continuous Evolution Trusted site Untrusted site f 1 ()
58 17 / 74 Continuous Evolution Trusted site Untrusted site f 1 () HACKED!
59 17 / 74 Continuous Evolution Trusted site f 1 () Untrusted site f 1 () HACKED! f 1 () The server continously updates the client code
60 17 / 74 Continuous Evolution Trusted site f 1 () Untrusted site f 1 () HACKED! f 1 () The server continously updates the client code Gives Bob a smaller window to hack!
61 18 / 74 Challenge Timing Trusted site Untrusted site challenge compute Alice asks Bob to compute a special function
62 18 / 74 Challenge Timing Trusted site Untrusted site response OK? challenge response compute Alice asks Bob to compute a special function Does it return the right result?
63 18 / 74 Challenge Timing Trusted site Untrusted site response OK? took too long? challenge response compute Alice asks Bob to compute a special function Does it return the right result? Does Bob return the result fast enough?
64 Alice asks Bob to compute a special function Does it return the right result? Does Bob return the result fast enough? Accurate timing on the general Internet is hard / 74 Challenge Timing Trusted site Untrusted site response OK? took too long? challenge response compute
65 19 / 74 Local Defenses Trusted site Untrusted site f 1 () Local defenses don t involve the trusted site
66 19 / 74 Local Defenses Trusted site Untrusted site f 1 () Local defenses don t involve the trusted site Hash the executable...
67 19 / 74 Local Defenses Trusted site Untrusted site f 1 () Local defenses don t involve the trusted site Hash the executable... Hash the state...
68 Local Defenses Trusted site Untrusted site f 1 () Local defenses don t involve the trusted site Hash the executable... Hash the state... Obfuscate / 74
69 20 / 74 Local Defenses Hardened Processors Bob temperature radiation CPU if (tampering) destroy private data shut down R A M power clock penetration Hardware can be hardened against attack. Consequences for cost, heat, clock-rate, energy-use...
70 Slicing functions
71 22 / 74 Move all client code server-side Trusted site Untrusted site X f 1 () f 2 () High compute load for the server and high latency for the client.
72 23 / 74 Move some client code server-side Trusted site Untrusted site X f 1 () f 2 () Intermediate level solution: some computation on the server, some on the client. balance computation, network traffic, tamper-detection. Use slicing algorithms.
73 int f(int x,int y){ int a = 4*x + y; } int c; if (y < 5) c = a*x+4; else c = 2*x+4; int sum = 0; for(int i=a;i<10;i++) sum += i; return x*(sum+c); a is an important variable hide it on the server! Whenever the client needs a get it from the server! Move code that depends on a to the server better performance!
74 int f(int x,int y){ int a = 4*x + y; } int c; if (y < 5) c = a*x+4; else c = 2*x+4; int sum = 0; for(int i=a;i<10;i++) sum += i; return x*(sum+c); Compute a forward slice from a move this code to the server! Keep unimportant variable c on both the client and the server better performance! Don t move large data structures better performance! Overhead depends in how much of the program is hidden on the server. On a LAN: 3 to 58%.
75 int client(int x,int y){ f1(x,y); int Ha = 5; int Hc = 0; int Hsum = 0; } int c; if (!f2(y,x)){ c = 2*x+4; f3(c); } int sum = 0; f4(sum); f5(); return x*f6(); void f1(int x,int y){ Ha=4*x+y;} boolean f2(int y,int x){ if (y < 5){ Hc = Ha*x + 4; return true; } else return false;} void f3(int c){ Hc = c;} void f4(int sum){ Hsum = sum;} void f5(){ for(int i=ha;i<10;i++) Hsum += i;} int f6(){ return Hsum+Hc;}
76 int client(int x,int y){ f1(x,y); int Ha = 5; int Hc = 0; int Hsum = 0; } int c; if (!f2(y,x)){ c = 2*x+4; f3(c); } int sum = 0; f4(sum); f5(); return x*f6(); void f1(int x,int y){ Ha=4*x+y;} boolean f2(int y,int x){ if (y < 5){ Hc = Ha*x + 4; return true; } else return false;} void f3(int c){ Hc = c;} void f4(int sum){ Hsum = sum;} void f5(){ for(int i=ha;i<10;i++) Hsum += i;} int f6(){ return Hsum+Hc;}
77 28 / 74 Example Functionfis the original one You want to hide variablea Compute a forward slice ona(pink). You want to protect all the pink code put it on the server in functionshf1...hf6. The client accesses the hidden functions by making RPCs. c is a partially hidden variable. It resides both on the client and the server, but the code that updates it is split between the two.
78 29 / 74 Performance Runtime overhead from 3 to 58%.
79 29 / 74 Performance Runtime overhead from 3 to 58%. Depends on the amount of protection that is added: 1 how much of the program is hidden on the server? 2 how much extra communication?
80 Performance Runtime overhead from 3 to 58%. Depends on the amount of protection that is added: 1 how much of the program is hidden on the server? 2 how much extra communication? Zhang and Gupta s measurements were done over a local area network! 29 / 74
81 30 / 74 Performance Packet turnaround times: target site # hops ms rorohiko.cs.arizona.edu cse.asu.edu
82 Verification by timing
83 32 / 74 Pioneer In a very restricted environment you can measure aspects of the untrusted client to verify that it is running the correct software. Server m( C ) Client C
84 33 / 74 Assumptions 1 The the client s hardware configuration is known; 2 The client-server latency is known; 3 The client can only communicate with the server.
85 34 / 74 Applications 1 Check cell phone/pda/smartcard for viruses; 2 Check voting machine code; 3 Check for rootkits on machines on your LAN.
86 35 / 74 Algorithm Basic idea: ask client for a hash of its code. If 1 the hash is the wrong value, or 2 the computation took too long the client has cheated! The hash function is constructed such that it can t be computed quicker.
87 Server 1. t 1 currenttime() nonce random() send nonce V: Client hash6() send() SHA-1() E: executable
88 Server 1. t 1 currenttime() nonce random() send nonce V: Client 2. receive nonce c hash6(nonce, V) send c hash6() send() SHA-1() E: executable
89 Server 1. t 1 currenttime() nonce random() send nonce 3. receive c t 2 currenttime() if t 2 t 1 > t or c is wrong then FAIL V: Client 2. receive nonce c hash6(nonce, V) send c hash6() send() SHA-1() E: executable
90 Server 1. t 1 currenttime() nonce random() send nonce 3. receive c t 2 currenttime() if t 2 t 1 > t or c is wrong then FAIL V: Client 2. receive nonce c hash6(nonce, V) send c hash6() send() SHA-1() 4. h SHA-1(nonce E) send h E: executable
91 Server 1. t 1 currenttime() nonce random() send nonce 3. receive c t 2 currenttime() if t 2 t 1 > t or c is wrong then FAIL 5. receive h if h is wrong then FAIL V: Client 2. receive nonce c hash6(nonce, V) send c hash6() send() SHA-1() 4. h SHA-1(nonce E) send h E: executable
92 Server 1. t 1 currenttime() nonce random() send nonce 3. receive c t 2 currenttime() if t 2 t 1 > t or c is wrong then FAIL 5. receive h if h is wrong then FAIL E: Client 2. receive nonce c hash6(nonce, V) send c V: hash6() send() SHA-1() 4. h SHA-1(nonce E) send h 6. r execute E send r executable
93 Server 1. t 1 currenttime() nonce random() send nonce 3. receive c t 2 currenttime() if t 2 t 1 > t or c is wrong then FAIL 5. receive h if h is wrong then FAIL 7. receive r E: Client 2. receive nonce c hash6(nonce, V) send c V: hash6() send() SHA-1() 4. h SHA-1(nonce E) send h 6. r execute E send r executable
94 37 / 74 Algorithm The hash function must be time optimal, if not the client can use the time he saved to execute his own instructions without the server noticing.
95 37 / 74 Algorithm The hash function must be time optimal, if not the client can use the time he saved to execute his own instructions without the server noticing. Others have tried to extend the protocol to general scenarios highly controversial.
96 The Tigress System
97 39 / 74 Tigress and the R-MATE Problem Trusted Server RPC(...) Trusted Clients
98 39 / 74 Tigress and the R-MATE Problem Trusted Server RPC(...) Trusted Clients RPC(...) Untrusted Client
99 39 / 74 Tigress and the R-MATE Problem Trusted Server RPC(...) Trusted Clients 1) Cryptographic keys 2) Login details 3) Sensitive algorithms 4) Security checks Tamper! Asset Untrusted Client
100 39 / 74 Tigress and the R-MATE Problem Trusted Server RPC(...) Trusted Clients Detect! Respond! 1) Sever connection 2) Phone home 3) Legal remedies Untrusted Client
101 39 / 74 Tigress and the R-MATE Problem Trusted Server RPC(...) Trusted Clients 1) Overwhelm the adversary s analytical abilities 2) Facilitate the server s tamper detection 1 2 Code 3 Variant Untrusted Client
102 39 / 74 Tigress and the R-MATE Problem Trusted Server RPC(...) Trusted Clients Trade offs: Diversity vs. security vs. performance 1 2 Code 3 Variant Untrusted Client
103 40 / 74 The Tigress System Server Client Code Blocks Code Blocks Code Transformations Renewer server.c Strategies A fully generalized code diversity system for protecting against R-MATE attacks.
104 A fully generalized code diversity system for protecting against R-MATE attacks. The trusted server continuously pushes diverse code variants to the untrusted clients. 40 / 74 The Tigress System Server Client Code Blocks Code Blocks Code Transformations Renewer server.c Strategies
105 A fully generalized code diversity system for protecting against R-MATE attacks. The trusted server continuously pushes diverse code variants to the untrusted clients. 40 / 74 The Tigress System Server Client Code Blocks Code Blocks Code Transformations Renewer server.c Strategies
106 41 / 74 Attack Model 1 There is no unassailable root-of-trust: the attacker can modify local code/hardware.
107 41 / 74 Attack Model 1 There is no unassailable root-of-trust: the attacker can modify local code/hardware. 2 The attacker knows the system: primitive code transformations, strategies for combining transformations, the source code of the entire system. Similar to Kerckhoffs s principles.
108 Attack Model 1 There is no unassailable root-of-trust: the attacker can modify local code/hardware. 2 The attacker knows the system: primitive code transformations, strategies for combining transformations, the source code of the entire system. Similar to Kerckhoffs s principles. 3 The attacker doesn t know the randomization seed and can t predict the order in which transformations are applied; location in the code where they are applied. 41 / 74
109 Primitives
110 43 / 74 Primitive Transformations Primitives Blocks Server Client interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) Block scheduler Block request/ receive Code transformer Definition (Primitive) A primitive is a code transformation that 1 adds confusion to the client code, taxing the adversary s analytical abilities (obfuscation); 2 makes modifying client code more difficult ( tamperproofing); 3 makes detecting tampering easier (tamper-detect).
111 44 / 74 Preserving Protocols Protocol Preserving interpret(...) flatten(...) opaque(...) split(...) Server Code transformer Blocks foo 0,0 foo 0,1 bar 0,0 bar 1,0 Client Block Bag Protocol-preserving primitives generate confusion and hardening.
112 44 / 74 Preserving Protocols Protocol Preserving interpret(...) flatten(...) opaque(...) split(...) Non Protocol Preserving var_encode(...) merge(...) RPC_encode(...) rnd_args(...) Server Code transformer Blocks foo 0,0 foo 0,1 bar 0,0 bar 1,0 Client Block Bag Protocol-preserving primitives generate confusion and hardening. Non-protocol-preserving primitives generate incompatible block variants.
113 Protocol-preserving primitives generate confusion and hardening. Non-protocol-preserving primitives generate incompatible block variants. Randomized primitives generate many unique variants. 44 / 74 Preserving Protocols Protocol Preserving interpret(...) flatten(...) opaque(...) split(...) Non Protocol Preserving var_encode(...) merge(...) RPC_encode(...) rnd_args(...) Server SEED Code transformer SEED Blocks foo 0,0 foo 0,1 bar 0,0 bar 1,0 Client Block Bag
114 45 / 74 Protocol-Preserving Primitives Flatten flatten(f, seed) removes nested control flow.
115 45 / 74 Protocol-Preserving Primitives Flatten flatten(f, seed) removes nested control flow. Randomize Basic Block Ordering
116 46 / 74 Protocol-Preserving Primitives Interpret interpret(f,seed) turns a function into a specialized interpreter. prog={op1,op4,op9,...}; stack = [...]; pc =... op4: {push(pop()+pop()} op9: {push(pop()*pop()} op1: {push(pop()+ (pop()*pop())}
117 Protocol-Preserving Primitives Interpret interpret(f,seed) turns a function into a specialized interpreter. prog={op1,op4,op9,...}; stack = [...]; pc =... op4: {push(pop()+pop()} Randomize Dispatch Randomize op9: {push(pop()*pop()} op1: {push(pop()+ (pop()*pop())} Randomize 46 / 74
118 Protocol-Preserving Primitives Split split(f,seed) converts a function f into two functions called from f: void f1( int *a, int *x){ void f(int a){ int x; } void f(int a){ int x; } f1(&a,&x); f2(&a,&x); } void f2( int *a, int *x){ } 47 / 74
119 Protocol-Preserving Primitives Split split(f,seed) converts a function f into two functions called from f: void f(int a){ int x; } Randomize Split Point void f(int a){ int x; } f1(&a,&x); f2(&a,&x); void f1( int *a, int *x){ } void f2( int *a, int *x){ } 47 / 74
120 48 / 74 Protocol-Preserving Primitives Opaque opaque(f, seed) inserts non-functional code protected by an opaque predicate. (p q) T F T T F (p NULL) T BOGUS
121 p->p.next; q->q.next; 48 / 74 Protocol-Preserving Primitives Opaque opaque(f, seed) inserts non-functional code protected by an opaque predicate. (p q) T F T p q T F (p NULL) T BOGUS
122 Protocol-Preserving Primitives Opaque opaque(f, seed) inserts non-functional code protected by an opaque predicate. Randomize Transformation Type (p q) T F T p q Randomize Insertion Point T F (p NULL) T BOGUS Randomize Opaque Predicate p->p.next; q->q.next; 48 / 74
123 Non-Protocol-Preserving Primitives Merge merge(f 1,f 2,seed) combines functions f 1 (args 1 ) and f 2 (args 2 ) into f 1,2 (args 1 args 2,sel). void f1( int x){ } void f1( float y){ void f_1_2( int x, float y, int which){ if (which==1) else } } 49 / 74
124 Non-Protocol-Preserving Primitives rnd args rnd args(f, seed) randomly reorders f s formal parameters and adds extra, bogus, formals. void f(, ){ } void f( ){ },, 50 / 74
125 50 / 74 Non-Protocol-Preserving Primitives rnd args rnd args(f, seed) randomly reorders f s formal parameters and adds extra, bogus, formals. void f(, void f(,, Randomize Argument Order ){ } ){ } Insert Bogus Arguments
126 Non-Protocol-Preserving Primitives RPC encode RPC encode(n, seed) assigns a new random encoding of the n:th remote procedure callrpc(n,args). RPC(42,, ) RPC(93,,, ) If the adversary ignores block updates, he may execute an invalid block containing an RPC with an obsolete encoding. 51 / 74
127 Non-Protocol-Preserving Primitives RPC encode RPC encode(n, seed) assigns a new random encoding of the n:th remote procedure callrpc(n,args). RPC(42,, ) RPC(93,,, ) RPC(42,, ) RPC(93,,, ) Randomize RPC Randomize Argument Insert Bogus 51 / 74
128 52 / 74 RPC encode... RPC(42,, ) RPC(93,,, ) If the adversary ignores block updates, he may execute an invalid block containing an RPC with an obsolete encoding. This alerts the server of the tampering.
129 Mechanisms Strategies
130 54 / 74 System Overview Diversity Graph Diversity Graph main p 0 Code transformer Server Client main i 0,0 foo p 0 Diversity scheduler Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity The diversity graph represents the complex dependencies between blocks and protocols.
131 55 / 74 System Overview Diversity Graph Diversity Graph main p 0 Code transformer Server Client main i 0,0 foo p 0 Diversity scheduler Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity How does a transformation applied to one block force updates to other blocks? Initially, similar to a call graph.
132 Diversity Graph Forward Update Cycle int g; void foo(){ g++; } int main(){ foo(); }
133 Diversity Graph Forward Update Cycle int g; void foo(){ g++; } int main(){ foo(); } main p 0 main i 0,0 foo p 0 foo i 0,0 g p 0
134 Diversity Graph Forward Update Cycle int g; void foo(){ g++; } int main(){ foo(); } main p 0 main p 0 main i 0,0 main i 0,0 flatten(foo i foo p 0,0 ) 0 foo p 0 foo i 0,0 foo i 0,0 foo i 0,1 g p 0 g p 0
135 Diversity Graph Forward Update Cycle int g; void foo(){ g++; } int main(){ foo(); } main p 0 main p 0 main p 0 main i 0,0 main i 0,0 flatten(foo i foo p 0,0 ) encode var(gp 0 foo p 0 ) 0 main i 0,0 foo p 0 foo i 0,0 foo i 0,0 foo i 0,1 foo i 0,0foo i 0,1foo i 0,2 g p 0 g p 0 g p 0 g p 1
136 56 / 74 Diversity Graph Forward Update Cycle int g; void foo(){ g++; } int main(){ foo(); } main p 0 main p 0 main p 0 main p 0 main i 0,0 main i 0,0 main i 0,0 flatten(foo i foo p 0,0 ) 0 foo p 0 encode var(gp 0 ) foo p 0 rnd args(foop 0 ) main i 0,0 main i 0,1 foo p 0 foo p 1 foo i 0,0 foo i 0,0 foo i 0,1 foo i 0,0foo i 0,1foo i 0,2 foo i 0,0foo i 0,1foo i 0,2 fooi 1,0 g p 0 g p 0 g p 0 g p 1 g p 0 g p 1
137 Strategies Diversity maingraph p 0 Code transformer Server Client main i 0,0 foo p 0 Diversity scheduler Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity Temporal Diversity: program is continuously renewed. Spatial Diversity: defense-in-depth, multiple layers of primitives. Semantic Diversity: software aging, variants are not interchangeable. 57 / 74
138 58 / 74 Scheduler Operation // client.c int attribute((level(0))) g; void foo() attribute((level(9))); void foo() {g++; RPC(2,g);} int main() {foo();} Security Requirements profile foo 78% main 22% CIL Primitives interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) main 0,0 foo 0,0 Blocks g 0 foo 0,1 Server Client Diversity Graph main p 0 Code transformer main i 0,0 foo p 0 Diversity scheduler Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity
139 58 / 74 Scheduler Operation // client.c int attribute((level(0))) g; void foo() attribute((level(9))); void foo() {g++; RPC(2,g);} int main() {foo();} Security Requirements profile foo 78% main 22% Performance profile CIL Primitives interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) main 0,0 foo 0,0 Blocks g 0 foo 0,1 Server Client Diversity Graph main p 0 Code transformer main i 0,0 foo p 0 Diversity scheduler Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity
140 58 / 74 Scheduler Operation // client.c int attribute((level(0))) g; void foo() attribute((level(9))); void foo() {g++; RPC(2,g);} int main() {foo();} Security Requirements profile foo 78% main 22% Performance profile CIL Primitives interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) main 0,0 foo 0,0 Blocks g 0 foo 0,1 Server Client Diversity Graph main p 0 main i 0,0 foo p 0 Current diversity graph Code transformer Diversity scheduler Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity
141 58 / 74 Scheduler Operation // client.c int attribute((level(0))) g; void foo() attribute((level(9))); void foo() {g++; RPC(2,g);} int main() {foo();} Primitives interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) main 0,0 CIL Blocks g 0 foo 0,0 foo 0,1 Security Requirements profile foo 78% main 22% Server Current working set Performance profile Client Diversity Graph main p 0 main i 0,0 foo p 0 Current diversity graph Code transformer Diversity scheduler Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity
142 58 / 74 Scheduler Operation // client.c int attribute((level(0))) g; void foo() attribute((level(9))); void foo() {g++; RPC(2,g);} int main() {foo();} Primitives interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) Diversity Graph main p 0 main i 0,0 foo p 0 main 0,0 foo 0,0 CIL Blocks Current diversity graph g 0 foo 0,1 Code transformer Diversity scheduler Security Requirements profile foo 78% main 22% Server Current working set Primitives effect on diversity and performance Performance profile Client Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity
143 58 / 74 Scheduler Operation // client.c int attribute((level(0))) g; void foo() attribute((level(9))); void foo() {g++; RPC(2,g);} int main() {foo();} Primitives interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) Diversity Graph main p 0 main i 0,0 foo p 0 main 0,0 foo 0,0 CIL Blocks Current diversity graph g 0 foo 0,1 Code transformer Diversity scheduler Security Requirements profile foo 78% main 22% Server Current working set Primitives effect on diversity and performance Performance profile Active Set Client Functions on the client s call stack Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity
144 58 / 74 Scheduler Operation // client.c int attribute((level(0))) g; void foo() attribute((level(9))); void foo() {g++; RPC(2,g);} int main() {foo();} Primitives interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) Diversity Graph main p 0 main i 0,0 foo p 0 main 0,0 foo 0,0 CIL Blocks Current diversity graph g 0 foo 0,1 Code transformer Diversity scheduler Security Requirements profile foo 78% main 22% Server Current working set Primitives effect on diversity and performance Performance profile Active Set Client Functions on the client s call stack Overseer foo i 0,0 g p 0 foo i 0,1 Strategies temporal diversity spatial diversity semantic diversity Replacement rate
145 58 / 74 Scheduler Operation // client.c int attribute((level(0))) g; void foo() attribute((level(9))); void foo() {g++; RPC(2,g);} int main() {foo();} Primitives interpret(...) flatten(...) opaque(...) RPC_encode(...) var_encode(...) merge(...) split(...) rnd_args(...) Diversity Graph foo i 0,0 main p 0 main i 0,0 foo p 0 g p 0 foo i 0,1 main 0,0 foo 0,0 CIL Blocks Current diversity graph New diversity graph g 0 foo 0,1 Code transformer Diversity scheduler Strategies temporal diversity spatial diversity semantic diversity Security Requirements profile foo 78% main 22% Server Current working set New working set Primitives effect on diversity and performance Invalidated blocks Performance profile Active Set Client Functions on the client s call stack Overseer Replacement rate
146 59 / 74 Crime and Punishment Server Block scheduler if (!blockok()) punish(); getblock(22) Block request/ receive Client 1 Is the requested block part of the current block working set?
147 1 Is the requested block part of the current block working set? 2 Valid RPC number? Valid RPC argument types? 59 / 74 Crime and Punishment Server Block scheduler if (!blockok()) punish(); getblock(22) Block request/ receive Client if (!rpcok()) punish(); RPC(2,42)
148 1 Is the requested block part of the current block working set? 2 Valid RPC number? Valid RPC argument types? 59 / 74 Crime and Punishment Diversity Graph main p 0 Server Block scheduler if (!blockok()) punish(); getblock(22) Block request/ receive Client main i 0,0 if (!rpcok()) punish(); RPC(2,42) foo p 0 Active Set foo i 0,0 foo i 0,1 g p 0 if (!activesetok()) punish(); Overseer
149 1 Is the requested block part of the current block working set? 2 Valid RPC number? Valid RPC argument types? 59 / 74 Crime and Punishment Diversity Graph main p 0 main i 0,0 foo p 0 Server punish(){ send kill block; insert delays(); send delay block; send allocmem block; collect forensics; } Block scheduler if (!blockok()) punish(); if (!rpcok()) punish(); getblock(22) RPC(2,42) Active Set Block request/ receive Client foo i 0,0 foo i 0,1 g p 0 if (!activesetok()) punish(); Overseer
150 Security Evaluation
151 61 / 74 Crime and Punishment Server Block scheduler if (!blockok()) punish(); getblock(22) Block request/ receive Client 1 Is the requested block part of the current block working set?
152 1 Is the requested block part of the current block working set? 2 Valid RPC number? Valid RPC argument types? 61 / 74 Crime and Punishment Server Block scheduler if (!blockok()) punish(); getblock(22) Block request/ receive Client if (!rpcok()) punish(); RPC(2,42)
153 1 Is the requested block part of the current block working set? 2 Valid RPC number? Valid RPC argument types? 61 / 74 Crime and Punishment Diversity Graph main p 0 Server Block scheduler if (!blockok()) punish(); getblock(22) Block request/ receive Client main i 0,0 if (!rpcok()) punish(); RPC(2,42) foo p 0 Active Set foo i 0,0 foo i 0,1 g p 0 if (!activesetok()) punish(); Overseer
154 1 Is the requested block part of the current block working set? 2 Valid RPC number? Valid RPC argument types? 61 / 74 Crime and Punishment Diversity Graph main p 0 main i 0,0 foo p 0 Server punish(){ send kill block; insert delays(); send delay block; send allocmem block; collect forensics; } Block scheduler if (!blockok()) punish(); if (!rpcok()) punish(); getblock(22) RPC(2,42) Active Set Block request/ receive Client foo i 0,0 foo i 0,1 g p 0 if (!activesetok()) punish(); Overseer
155 Enumeration of the Attack Space Find asset blocks A Find Detect blocks asset blocks Wait for blocks to appear in block bag Probe server for all blocks Analyze block A i Is A i an asset block? Tamper with A Tamper asset without being detected Analyze A to determine that they are orphan Prevent server from replacing AReport with newa blocks active set blocks AnalyzeReport Analyze Find blocks & build call valid active set containing blocks & build call RPCs/variables A graph graph uses A Prevent server from making meaningful updates to A Report an active set that has RPCs/variables A uses Report valid active set containing blocks with RPCs/variables A Ignore updates to A Reverse engineer updates Extract Patch new A variable/rpcnew with Find ancestor N k 1 of new block Compare N kcompare en- callgraphs N k cod- against all other blocks ings & call signaures from N 0,...,N k Avoid detection encodings 62 / 74
156 Enumeration of the Attack Space Tamper asset without being detected Find asset blocks A Tamper with A Avoid detection Find blocks Detect asset blocks Analyze A to determine that they are orphan blocks Prevent server from replacing A with new blocks Prevent server from making meaningful updates to A Reverse engineer updates Root represents the asset in the client code (security check, code that updates a global variable, the integrity of a control-flow path, global data,... ). Attack steps: 1 find the asset blocks 2 tamper with these blocks 63 / 74
157 64 / 74 The Attack Space Avoiding Detection Avoid detection Analyze A to determine that they are orphan blocks Prevent server from replacing A with new blocks Prevent server from making meaningful updates to A Reverse engineer updates 1 Orphan blocks (no calls, RPCs): modify at will!
158 64 / 74 The Attack Space Avoiding Detection Avoid detection Analyze A to determine that they are orphan blocks Prevent server from replacing A with new blocks Prevent server from making meaningful updates to A Reverse engineer updates 1 Orphan blocks (no calls, RPCs): modify at will! 2 Trick the server that asset blocks are all active: server can t update!
159 The Attack Space Avoiding Detection Avoid detection Analyze A to determine that they are orphan blocks Prevent server from replacing A with new blocks Prevent server from making meaningful updates to A Reverse engineer updates 1 Orphan blocks (no calls, RPCs): modify at will! 2 Trick the server that asset blocks are all active: server can t update! 3 Trick the server to only make trivial changes to asset blocks: ignore updates! 64 / 74
160 The Attack Space Avoiding Detection Avoid detection Analyze A to determine that they are orphan blocks Prevent server from replacing A with new blocks Prevent server from making meaningful updates to A Reverse engineer updates 1 Orphan blocks (no calls, RPCs): modify at will! 2 Trick the server that asset blocks are all active: server can t update! 3 Trick the server to only make trivial changes to asset blocks: ignore updates! 4 64 / 74
161 65 / 74 The Attack Space Countermeasures Avoid detection Analyze A to determine that they are orphan blocks Prevent server from replacing A with new blocks Prevent server from making meaningful updates to A Reverse engineer updates 1 Slow down reverse engineering using protocol-preserving primitives.
162 65 / 74 The Attack Space Countermeasures Avoid detection Analyze A to determine that they are orphan blocks Prevent server from replacing A with new blocks Prevent server from making meaningful updates to A Reverse engineer updates 1 Slow down reverse engineering using protocol-preserving primitives. 2 Use opaque to connect orphan blocks to the rest of the program.
163 The Attack Space Countermeasures Avoid detection Analyze A to determine that they are orphan blocks Prevent server from replacing A with new blocks Prevent server from making meaningful updates to A Reverse engineer updates 1 Slow down reverse engineering using protocol-preserving primitives. 2 Use opaque to connect orphan blocks to the rest of the program. 3 Use opaque primitive to insert calls to non-existing functions. If the adversary 65 / 74
164 66 / 74 Security Evaluation Empirical Test #1 Protocol Preserving Server Client Blocks Block Bag Non Protocol Preserving Code transformer bar 0,0 bar 1,0 RPC_encode(...) Ignore updates! Attack: Ignore block updates!
165 66 / 74 Security Evaluation Empirical Test #1 Protocol Preserving Server Client Blocks Block Bag Non Protocol Preserving Code transformer bar 0,0 bar 1,0 RPC_encode(...) Ignore updates! Attack: Ignore block updates! Simulated Test: Turn off client updates.
166 Attack: Ignore block updates! Simulated Test: Turn off client updates. Result: RPCs are frequent in our test program, the server reliably detected the malicious behavior shortly after the first RPC encode update. 66 / 74 Security Evaluation Empirical Test #1 Protocol Preserving Server Client Blocks Block Bag Non Protocol Preserving Code transformer bar 0,0 bar 1,0 RPC_encode(...) Ignore updates!
167 67 / 74 Security Evaluation Empirical Test #2 Protocol Preserving Server Client opaque(...) Non Protocol Preserving Code transformer Blocks Block Bag if (P F ) bogus() Request complete program! Attack: Build a snapshot of the entire program, in order to analyze it off-line!
168 67 / 74 Security Evaluation Empirical Test #2 Protocol Preserving Server Client opaque(...) Non Protocol Preserving Code transformer Blocks Block Bag if (P F ) bogus() Request complete program! Attack: Build a snapshot of the entire program, in order to analyze it off-line! Simulated Test: Client disassembles its blocks, requests referenced blocks.
169 Attack: Build a snapshot of the entire program, in order to analyze it off-line! Simulated Test: Client disassembles its blocks, requests referenced blocks. Result: The malicious client quickly requested nonexistent blocks. 67 / 74 Security Evaluation Empirical Test #2 Protocol Preserving Server Client opaque(...) Non Protocol Preserving Code transformer Blocks Block Bag if (P F ) bogus() Request complete program!
170 68 / 74 Security Evaluation Empirical Test #3 main p 0 Server Client main i 0,0 Block Bag foo p 0 foo i 0,0 foo i 0,1 g p 0 All blocks are active! Attack: Prevent the server from updating blocks!
171 68 / 74 Security Evaluation Empirical Test #3 main p 0 Server Client main i 0,0 Block Bag foo p 0 foo i 0,0 foo i 0,1 g p 0 All blocks are active! Attack: Prevent the server from updating blocks! Simulated Test: Client reports the entire contents of the block bag as the active set.
172 Attack: Prevent the server from updating blocks! Simulated Test: Client reports the entire contents of the block bag as the active set. Result: Using the program call graph the server reliably identified the malicious 68 / 74 Security Evaluation Empirical Test #3 main p 0 Server Client main i 0,0 Block Bag foo p 0 foo i 0,0 foo i 0,1 g p 0 All blocks are active!
173 Security Evaluation Empirical Test #4 We re porting ChocolateDoom to Tigress. Capture-the-Flag exercises! To appear / 74
174 Discussion
175 71 / 74 Summary A system for detecting tampering of clients running on untrusted nodes in a distributed system.
176 71 / 74 Summary A system for detecting tampering of clients running on untrusted nodes in a distributed system. Assume the adversary has complete knowledge of our system no security-through-obscurity
177 72 / 74 Summary Security Protocol-preserving primitives: Gives attacker limited time-window for analysis/tampering.
178 72 / 74 Summary Security Protocol-preserving primitives: Gives attacker limited time-window for analysis/tampering. Non-protocol-preserving primitives: Harder to tamper without modifying expected behavior easier tamper-detection.
179 72 / 74 Summary Security Protocol-preserving primitives: Gives attacker limited time-window for analysis/tampering. Non-protocol-preserving primitives: Harder to tamper without modifying expected behavior easier tamper-detection. Security: Function of the frequency of code updates and the complexity and variability generated by primitives.
180 73 / 74 Summary Performance Highly tunable: Control which parts of the program to transform, which transformations to apply, update frequency.
181 73 / 74 Summary Performance Highly tunable: Control which parts of the program to transform, which transformations to apply, update frequency. Performance overhead: Infrastructure: 4% to 23%. Update delay: 2 to 3 seconds (protocol-preserving primitives), 7 to 24 seconds (non-protocol-preserving primitives).
182 74 / 74 Discussion Optimize differently for different scenarios: Client performance Server performance Network latency/bandwidth Client energy use Time-to-crack
183 Discussion Optimize differently for different scenarios: Client performance Server performance Network latency/bandwidth Client energy use Time-to-crack What about different network topologies? client-server 1 server + n untrusted clients running same code? 1 server + n untrusted clients running different code? 1 server + n trusted clients + m untrusted clients? 74 / 74
Defend Against Cracking Minsk, Belarus, Spring 2014
Software rotection: How to Crack rograms, and Defend Against Cracking Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg c May 27, 2014 Christian Collberg
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 4: Code Obfuscation Minsk, Belarus, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 4: Code Obfuscation Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg c June
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 5: Code Obfuscation II Moscow State University, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 5: Code Obfuscation II Moscow State University, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/
More informationPredicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning
Fakultät für Informatik Technische Universität München 26th USENIX Security Symposium Predicting the Resilience of Obfuscated Code Against Symbolic Execution Attacks via Machine Learning Sebastian Banescu
More informationObfuscating Transformations. What is Obfuscator? Obfuscation Library. Obfuscation vs. Deobfuscation. Summary
? Obfuscating Outline? 1? 2 of Obfuscating 3 Motivation: Java Virtual Machine? difference between Java and others? Most programming languages: Java: Source Code Machine Code Predefined Architecture Java
More informationISSISP 2014 Code Obfuscation Verona, Italy
ISSISP 2014 Code Obfuscation Verona, Italy Christian Collberg University of Arizona www.cs.arizona.edu/ collberg c July 27, 2014 Christian Collberg Overview 3 / 109 Code obfuscation what is it? Informally,
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 5: Code Obfuscation II Minsk, Belarus, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 5: Code Obfuscation II Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 3: Program Analysis Moscow State University, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 3: Program Analysis Moscow State University, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationMODELS OF DISTRIBUTED SYSTEMS
Distributed Systems Fö 2/3-1 Distributed Systems Fö 2/3-2 MODELS OF DISTRIBUTED SYSTEMS Basic Elements 1. Architectural Models 2. Interaction Models Resources in a distributed system are shared between
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationRemote Entrusting by Orthogonal Client Replacement
Remote Entrusting by Orthogonal Client Replacement Mariano Ceccato 1, Mila Dalla Preda 2, Anirban Majumdar 3, Paolo Tonella 1 1 Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University
More information15-441: Computer Networking. Wireless Networking
15-441: Computer Networking Wireless Networking Outline Wireless Challenges 802.11 Overview Link Layer Ad-hoc Networks 2 Assumptions made in Internet Host are (mostly) stationary Address assignment, routing
More informationSecurity (and finale) Dan Ports, CSEP 552
Security (and finale) Dan Ports, CSEP 552 Today Security: what if parts of your distributed system are malicious? BFT: state machine replication Bitcoin: peer-to-peer currency Course wrap-up Security Too
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationDISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN. Chapter 1. Introduction
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 1 Introduction Definition of a Distributed System (1) A distributed system is: A collection of
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 6 Week of March 6, 2017 Question 1 Password Hashing (10 min) When storing a password p for user u, a website randomly generates a string s (called
More informationRemote Entrusting by Orthogonal Client Replacement. Ceccato Mariano 1, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella 1.
Remote Entrusting by Orthogonal Client Replacement Ceccato Mariano, Mila Dalla Preda 2, Anirban Majumbar 3, Paolo Tonella Fondazione Bruno Kessler, Trento, Italy 2 University of Verona, Italy 3 University
More informationSecurity and Anonymity
Security and Anonymity Distributed Systems need a network to send messages. Any message you send in a network can be looked at by any router or machine it goes through. Further if your machine is on the
More information15-441: Computer Networking. Lecture 24: Ad-Hoc Wireless Networks
15-441: Computer Networking Lecture 24: Ad-Hoc Wireless Networks Scenarios and Roadmap Point to point wireless networks (last lecture) Example: your laptop to CMU wireless Challenges: Poor and variable
More informationLecture 14. System Integrity Services Obfuscation
Lecture 14 System Integrity Services Obfuscation OS independent integrity checking Observation Majority of critical server vulnerabilities are memory based Modern anti-virus software must scan memory Modern
More informationCS1622. Semantic Analysis. The Compiler So Far. Lecture 15 Semantic Analysis. How to build symbol tables How to use them to find
CS1622 Lecture 15 Semantic Analysis CS 1622 Lecture 15 1 Semantic Analysis How to build symbol tables How to use them to find multiply-declared and undeclared variables. How to perform type checking CS
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationTinySec: A Link Layer Security Architecture for Wireless Sensor Networks. Presented by Paul Ruggieri
TinySec: A Link Layer Security Architecture for Wireless Sensor Networks Chris Karlof, Naveen Sastry,, David Wagner Presented by Paul Ruggieri 1 Introduction What is TinySec? Link-layer security architecture
More informationDistributed Storage Systems: Data Replication using Quorums
Distributed Storage Systems: Data Replication using Quorums Background Software replication focuses on dependability of computations What if we are primarily concerned with integrity and availability (and
More informationOperating Systems Design Exam 3 Review: Spring Paul Krzyzanowski
Operating Systems Design Exam 3 Review: Spring 2012 Paul Krzyzanowski pxk@cs.rutgers.edu 1 Question 1 An Ethernet device driver implements the: (a) Data Link layer. (b) Network layer. (c) Transport layer.
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 11 October 4, 2017 CPSC 467, Lecture 11 1/39 ElGamal Cryptosystem Message Integrity and Authenticity Message authentication codes
More informationSoftware Protection via Obfuscation
Software Protection via Obfuscation Ciprian Lucaci InfoSec Meetup #1 1 About me Software Protection via Obfuscation - Ciprian LUCACI 2 About me 2008-2012 # Bachelor Computer Science @ Politehnica Univerity
More informationSecure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures By Chris Karlof and David Wagner Lukas Wirne Anton Widera 23.11.2017 Table of content 1. Background 2. Sensor Networks vs. Ad-hoc
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More information6.857 L17. Secure Processors. Srini Devadas
6.857 L17 Secure Processors Srini Devadas 1 Distributed Computation Example: Distributed Computation on the Internet (SETI@home, etc.) Job Dispatcher Internet DistComp() { x = Receive(); result = Func(x);
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationAuthentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
More informationCSCI 420: Mobile Application Security. Lecture 7. Prof. Adwait Nadkarni. Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger
CSCI 420: Mobile Application Security Lecture 7 Prof. Adwait Nadkarni Derived from slides by William Enck, Patrick McDaniel and Trent Jaeger 1 cryptography < security Cryptography isn't the solution to
More informationCMSC 330: Organization of Programming Languages. OCaml Imperative Programming
CMSC 330: Organization of Programming Languages OCaml Imperative Programming CMSC330 Spring 2018 1 So Far, Only Functional Programming We haven t given you any way so far to change something in memory
More informationTypes. Type checking. Why Do We Need Type Systems? Types and Operations. What is a type? Consensus
Types Type checking What is a type? The notion varies from language to language Consensus A set of values A set of operations on those values Classes are one instantiation of the modern notion of type
More informationExercises with solutions, Set 3
Exercises with solutions, Set 3 EDA625 Security, 2017 Dept. of Electrical and Information Technology, Lund University, Sweden Instructions These exercises are for self-assessment so you can check your
More informationCIS 700/002 : Special Topics : Protection Mechanisms & Secure Design Principles
CIS 700/002 : Special Topics : Protection Mechanisms & Secure Design Principles Nikheel V Savant CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 20: Intrusion Prevention Department of Computer Science and Engineering University at Buffalo 1 Lecture Overview Firewalls purpose types locations Network perimeter
More informationSecure Multi-Party Computation. Lecture 13
Secure Multi-Party Computation Lecture 13 Must We Trust? Can we have an auction without an auctioneer?! Declared winning bid should be correct Only the winner and winning bid should be revealed Using data
More informationTable 1 lists the projects and teams. If you want to, you can switch teams with other students.
University of Arizona, Department of Computer Science CSc 620 Assignment 3 40% Christian Collberg August 27, 2008 1 Introduction This is your main project for the class. The project is worth 40% of your
More informationManaged. Code Rootkits. Hooking. into Runtime. Environments. Erez Metula ELSEVIER. Syngress is an imprint of Elsevier SYNGRESS
Managed Code Rootkits Hooking into Runtime Environments Erez Metula ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint
More informationIntellectual Property Protection using Obfuscation
Intellectual Property Protection using Obfuscation Stephen Drape Collaboration between Siemens AG, Munich and the University of Oxford Research Project sponsored by Siemens AG, Munich March 2009 Contents
More informationTrojan-tolerant Hardware & Supply Chain Security in Practice
Trojan-tolerant Hardware & Supply Chain Security in Practice Who we are Vasilios Mavroudis Doctoral Researcher, UCL Dan Cvrcek CEO, Enigma Bridge George Danezis Professor, UCL Petr Svenda CTO, Enigma Bridge
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Midterm 2 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be
More informationCS408 Cryptography & Internet Security
CS408 Cryptography & Internet Security Lecture 18: Cryptographic hash functions, Message authentication codes Functions Definition Given two sets, X and Y, a function f : X Y (from set X to set Y), is
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationMODELS OF DISTRIBUTED SYSTEMS
Distributed Systems Fö 2/3-1 Distributed Systems Fö 2/3-2 MODELS OF DISTRIBUTED SYSTEMS Basic Elements 1. Architectural Models 2. Interaction Models Resources in a distributed system are shared between
More informationtypedef void (*type_fp)(void); int a(char *s) { type_fp hf = (type_fp)(&happy_function); char buf[16]; strncpy(buf, s, 18); (*hf)(); return 0; }
Dawn Song Fall 2012 CS 161 Computer Security Practice Questions 1. (6 points) Control Hijacking Indicate whether the statement is always valid. Indicate true or false, and give a one sentence explanation.
More informationOperating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.
Operating Systems Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring 2014 Paul Krzyzanowski Rutgers University Spring 2015 April 22, 2015 2015 Paul Krzyzanowski 1 Question 1 A weakness of using
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationCS 416: Operating Systems Design April 22, 2015
Question 1 A weakness of using NAND flash memory for use as a file system is: (a) Stored data wears out over time, requiring periodic refreshing. Operating Systems Week 13 Recitation: Exam 3 Preview Review
More informationIndustrial Approach: Obfuscating Transformations
Industrial Approach: Obfuscating Transformations Yury Lifshits Steklov Institute of Mathematics, St.Petersburg, Russia yura@logic.pdmi.ras.ru Tartu University 17/03/2006 Yury Lifshits (Steklov Inst. of
More informationFunctional Programming. Pure Functional Programming
Functional Programming Pure Functional Programming Computation is largely performed by applying functions to values. The value of an expression depends only on the values of its sub-expressions (if any).
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 2: Attack Models Minsk, Belarus, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 2: Attack Models Minsk, Belarus, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg c May
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationComputer Science 461 Final Exam May 22, :30-3:30pm
NAME: Login name: Computer Science 461 Final Exam May 22, 2012 1:30-3:30pm This test has seven (7) questions, each worth ten points. Put your name on every page, and write out and sign the Honor Code pledge
More informationSecurity of Cryptosystems
Security of Cryptosystems Sven Laur swen@math.ut.ee University of Tartu Formal Syntax Symmetric key cryptosystem m M 0 c Enc sk (m) sk Gen c sk m Dec sk (c) A randomised key generation algorithm outputs
More informationCSE Computer Security (Fall 2006)
CSE 543 - Computer Security (Fall 2006) Lecture 18 - Network Security November 7, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ 1 Denial of Service Intentional prevention of access to valued resource
More informationAdvanced Distributed Algorithms and Data Structures. Christian Scheideler Institut für Informatik Universität Paderborn
Advanced Distributed Algorithms and Data Structures Christian Scheideler Institut für Informatik Universität Paderborn Advanced Distributed Algorithms and Data Structures Lecture: Thu 2-4 pm, F2.211 Tutorial:
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationANONYMOUS CONNECTIONS AND ONION ROUTING
I J C I T A E Serials Publications 6(1) 2012 : 31-37 ANONYMOUS CONNECTIONS AND ONION ROUTING NILESH MADHUKAR PATIL 1 AND CHELPA LINGAM 2 1 Lecturer, I. T. Dept., Rajiv Gandhi Institute of Technology, Mumbai
More informationLecture 1: Perfect Security
CS 290G (Fall 2014) Introduction to Cryptography Oct 2nd, 2014 Instructor: Rachel Lin 1 Recap Lecture 1: Perfect Security Scribe: John Retterer-Moore Last class, we introduced modern cryptography and gave
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationOperating Systems Design Exam 3 Review: Spring 2011
Operating Systems Design Exam 3 Review: Spring 2011 Paul Krzyzanowski pxk@cs.rutgers.edu 1 1. Why does an IP driver need to use ARP, the address resolution protocol? IP is a logical network. An IP address
More informationIntroduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras
Introduction to Information Security Prof. V. Kamakoti Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 09 Now, we discuss about the insecurity of passwords.
More informationCryptography: More Primitives
Design and Analysis of Algorithms May 8, 2015 Massachusetts Institute of Technology 6.046J/18.410J Profs. Erik Demaine, Srini Devadas and Nancy Lynch Recitation 11 Cryptography: More Primitives 1 Digital
More informationTHE SECOND GENERATION ONION ROUTER. Roger Dingledine Nick Mathewson Paul Syverson. -Presented by Arindam Paul
THE SECOND GENERATION ONION ROUTER Roger Dingledine Nick Mathewson Paul Syverson 1 -Presented by Arindam Paul Menu Motivation: Why do we need Onion Routing? Introduction : What is TOR? Basic TOR Design
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationDistributed Sensing for Spectrum Agility: Incentives and Security Considerations
Distributed Sensing for Spectrum Agility: Incentives and Security Considerations S. Arkoulis, P. Frangoudis, G. Marias, G. Polyzos Athens University of Economics and Business {arkoulistam,pfrag,marias,polyzos}@aueb.gr
More informationCOS 318: Operating Systems. File Systems. Topics. Evolved Data Center Storage Hierarchy. Traditional Data Center Storage Hierarchy
Topics COS 318: Operating Systems File Systems hierarchy File system abstraction File system operations File system protection 2 Traditional Data Center Hierarchy Evolved Data Center Hierarchy Clients
More informationProbfuscation: An Obfuscation Approach using Probabilistic Control Flows
Probfuscation: An Obfuscation Approach using Probabilistic Control Flows Andre Pawlowski, Moritz Contag, and Thorsten Holz Horst Görtz Institute (HGI), Ruhr-University Bochum, Germany Abstract. Sensitive
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner May 2, 2013 Goals For Today State-sponsored adversaries Anonymous communication Internet censorship State-Sponsored
More informationInternet Protocol and Transmission Control Protocol
Internet Protocol and Transmission Control Protocol CMSC 414 November 13, 2017 Internet Protcol Recall: 4-bit version 4-bit hdr len 8-bit type of service 16-bit total length (bytes) 8-bit TTL 16-bit identification
More informationAutotuning. John Cavazos. University of Delaware UNIVERSITY OF DELAWARE COMPUTER & INFORMATION SCIENCES DEPARTMENT
Autotuning John Cavazos University of Delaware What is Autotuning? Searching for the best code parameters, code transformations, system configuration settings, etc. Search can be Quasi-intelligent: genetic
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 1 January 26, 2011 Question 1 Buffer Overflow Mitigations Buffer overflow mitigations generally fall into two categories: (i) eliminating the cause
More informationControlled-Channel Attacks: Deterministic Side Channels for Untrusted Operating Systems. Yuanzhong Xu, Weidong Cui, Marcus Peinado
: Deterministic Side Channels for Untrusted Operating Systems Yuanzhong Xu, Weidong Cui, Marcus Peinado 2 Goal Protect the data of applications running on remote hardware 3 New tech Trusted Platform Modules
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationComputer Security Spring 2010 Paxson/Wagner Notes 3/8. Key Management. 1 Cryptographic Hash Functions. 2 Man-in-the-middle Attacks
CS 161 Computer Security Spring 2010 Paxson/Wagner Notes 3/8 Key Management In this lecture, we ll talk about how to manage keys. For instance, how does Alice find out Bob s public key? Does it matter?
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationAnonymous Communication and Internet Freedom
Anonymous Communication and Internet Freedom CS 161: Computer Security Prof. David Wagner April 29, 2016 Announcements Final exam in RSF Fieldhouse, 5/10, arrive by 7PM HW4 due Monday, 5/2, 11:59pm Review
More informationRemote Procedure Calls
CS 5450 Remote Procedure Calls Vitaly Shmatikov Abstractions Abstractions for communication TCP masks some of the pain of communicating over unreliable IP Abstractions for computation Goal: programming
More informationStorage and File System
COS 318: Operating Systems Storage and File System Andy Bavier Computer Science Department Princeton University http://www.cs.princeton.edu/courses/archive/fall10/cos318/ Topics Storage hierarchy File
More informationAdvanced Systems Security: Ordinary Operating Systems
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Advanced Systems Security:
More informationComputer Architecture Spring 2016
Computer Architecture Spring 2016 Lecture 08: Caches III Shuai Wang Department of Computer Science and Technology Nanjing University Improve Cache Performance Average memory access time (AMAT): AMAT =
More informationIdentity-Based Cyber Defense. March 2017
Identity-Based Cyber Defense March 2017 Attackers Continue to Have Success Current security products are necessary but not sufficient Assumption is you are or will be breached Focus on monitoring, detecting
More informationStrongly Anonymous Communications in Mobile Ad Hoc Networks
Strongly Anonymous Communications in Mobile Ad Hoc Networks Y.Dong 1, V.O.K.Li 1, S.M.Yiu 2 and C.K.Hui 2 Dept. of Electrical and Electronic Engineering, the University of Hong Kong 1 Dept. of Computer
More information1. Out of the 3 types of attacks an adversary can mount on a cryptographic algorithm, which ones does differential cryptanalysis utilize?
Introduction Answer the following questions. When a word count restriction is given for a question, exceeding it will result in marks being deducted. If your answer is more than twice the maximum length,
More informationOutline : Wireless Networks Lecture 10: Management. Management and Control Services : Infrastructure Reminder.
Outline 18-759: Wireless Networks Lecture 10: 802.11 Management Peter Steenkiste Departments of Computer Science and Electrical and Computer Engineering Spring Semester 2016 http://www.cs.cmu.edu/~prs/wirelesss16/
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationIntroduction to Cryptoeconomics
Introduction to Cryptoeconomics What is cryptoeconomics? Cryptoeconomics is about... Building systems that have certain desired properties Use cryptography to prove properties about messages that happened
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationLecture 10. Data Integrity: Message Authentication Schemes. Shouhuai Xu CS4363 Cryptography Spring
Lecture 10. Data Integrity: Message Authentication Schemes Shouhuai Xu CS4363 Cryptography Spring 2007 1 Roadmap Problem Statement Definition Constructions Remarks Shouhuai Xu CS4363 Cryptography Spring
More informationCMSC 414 Computer and Network Security
CMSC 414 Computer and Network Security Buffer Overflows Dr. Michael Marsh August 30, 2017 Trust and Trustworthiness You read: Reflections on Trusting Trust (Ken Thompson), 1984 Smashing the Stack for Fun
More informationLecture 7 - Applied Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
More informationCS Protocol Design. Prof. Clarkson Spring 2017
CS 5430 Protocol Design Prof. Clarkson Spring 2017 Review Cryptography: Encryption, block ciphers, block cipher modes, MACs, cryptographic hash functions, digital signatures, authenticated encryption,
More information