Applied Cryptography Basic Protocols
|
|
- Evan Allen
- 6 years ago
- Views:
Transcription
1 Applied Cryptography Basic Protocols Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1
2 Session keys It is prudent practice to use a different key for each session. This reduces the chance of compromise: There is less traffic encrypted under a single key, so there is less opportunity for cryptanalysis Session keys do not have to saved in file systems, so there is less opportunity for losing them through careless system administration. 2
3 Key Exchange Each time Alice and Bob start an information exchange, they first need to agree on a session key. First, we shall look at protocols to do this in a environment with symmetric cryptography only. Later we shall look at using public-key systems for exchanging keys. 3
4 Key Exchange under Symmetric Cryptography Trent runs a key distribution center; he shares keys with Alice and Bob. Alice and Bob trust Trent. 1. A, B 2. {K AB, B} KAT, {K AB, A} KBT 3. {K AB, A} KBT, {M} KAB 4. {M } KAB 4
5 Key Exchange under Public-Key Cryptography The Wrong Way 1. A, K A 2. B, K B 3. {M} KB 4. {M } KA 5
6 Here s Why 1a. A, K A 1b. A, K M 2a. B, K B 2b. B, K M 3. {M} KM 4. {M } KM 6
7 Man-in-the-Middle Attacks Man-in-the-middle attacks are possible when Reliance is placed on unencrypted messages Encrypted messages intended for one purpose can be used for another Messages from old runs of protocols can be reused in new ones Foiling man-in-the-middle attacks requires vigilance. 7
8 Key Exchange under Public-Key Cryptography The Right Way (one of them) 1. {B, K B } ST 2. {A, K A } ST 3. {M} KB 4. {M } KA 8
9 Interlocked Protocols In some circumstances, this can work: 1. A, K A 2. B, K B 3. 1 / 2 {M} KB 4. 1 / 2 {M } KA 5. 1 / 2 {M} KB 6. 1 / 2 {M } KA 9
10 Key Exchange with Digital Signature 1. {B, K B } ST 2. {A, K A } ST 3. {{M} KAB, {K AB } KB } SA Alice knows only Bob can read the message (privacy) Bob knows that Alice sent it (authenticity) 10
11 Authentication Key exchange is intimately related to authentication. You need to know who you re talking to under the key you re exchanging. But there are many cases where authentication is useful without key exchange. 11
12 Authentication with One-Way Functions 1. password P 2. H(P)=? E A Where E A is a stored copy of the has of her password. The host does not have to store the password itself. The idea to do this dates from the sixties and Wilkes attributes it to Needham and Guy. 12
13 Dictionary Attacks So, if H is a really good one-way function, can you still find somebody s password? The answer is probably: A large dictionary contains some 100,000 words; there are 150 million possible licence plates in the Netherlands; there are name lists containing 10,000 names for boys and girls. Trying them all takes a few months on a single PC. But finding one password in a 200-entry password file only takes days. 13
14 Add Salt to Taste By adding a random number, salt, to the password before applying the one-way function (and storing the random number in the password file), each password must be found by a full search of the whole dictionary. Preprocessing is no longer possible. 14
15 SKEY Alice chooses a random number R. The computer computes the list x 1, x 2,..., x n+1 as follows: x 1 = f (R), x i+1 = f (x i ). It prints out x 1, x 2,..., x n for Alice and stores only x n+1. When Alice logs on, she types x n. The computer checks f (x n )=? x n+1. If there is a match, the computer lets Alice in and replaces x n+1 by x n. The next time, Alice uses x n 1 as password. 15
16 Problems with passwords Passwords only work if the connection between user and computer is secure (and if the computer can be trusted). 16
17 Authentication using Public Keys The host keeps the public keys of the users. The users keep the corresponding secret key: 1. N H 2. {N H } K 1 A 3. {{N H } K 1 } K A A =? N H This protocol is overly simplistic. 17
18 A Better Protocol 1. N H 2. N A, {N H, N A } K 1 A 3. {{N H, N A } K 1 } K A A =? N H, N A 18
19 Wide-Mouthed Frog 1. A, {T A, B, K AB } KAT 2. {T T, A, K AB } KBT 3. {T B } KAB 19
20 Needham-Schroeder 1. A, B, N A 2. {N A, B, K AB, {A, K AB } KBT } KAT 3. {A, K AB } KBT 4. {N B } KAB 5. {N B 1} KAB 20
21 The Needham-Schroeder Protocol is Flawed When Bob receives message 3, he has no way of telling how fresh it is. After a year of cryptanalysis, Mallory breaks one of Alice and Bob s old keys. He can then do this: 3. {A, K AB } KBT (replay) 4. {N B } K AB 5. {N B 1} K AB 21
22 Freshness Roger Needham and Mike Schroeder discovered the flaw in their protocol themselves and it got Needham thinking. With Mike Borrows and Martín Abadí he set up a logic to reason about the correctness of authentication protocols. The BAN logic expresses initial beliefs about keys and derives from the messages sent and the freshness of the information contained in them, statements about beliefs after the run of an authentication protocol. 22
Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationOutline More Security Protocols CS 239 Computer Security February 6, 2006
Outline More Security Protocols CS 239 Computer Security February 6, 2006 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationOutline. More Security Protocols CS 239 Security for System Software April 22, Needham-Schroeder Key Exchange
Outline More Security Protocols CS 239 Security for System Software April 22, 2002 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationUser Authentication Protocols
User Authentication Protocols Class 5 Stallings: Ch 15 CIS-5370: 26.September.2016 1 Announcement Homework 1 is due today by end of class CIS-5370: 26.September.2016 2 User Authentication The process of
More informationSecurity protocols and their verification. Mark Ryan University of Birmingham
Security protocols and their verification Mark Ryan University of Birmingham Contents 1. Authentication protocols (this lecture) 2. Electronic voting protocols 3. Fair exchange protocols 4. Digital cash
More informationUser Authentication Protocols Week 7
User Authentication Protocols Week 7 CEN-5079: 2.October.2017 1 Announcement Homework 1 is posted on the class webpage Due in 2 weeks 10 points (out of 100) subtracted each late day CEN-5079: 2.October.2017
More informationOutline More Security Protocols CS 239 Computer Security February 4, 2004
Outline More Security Protocols CS 239 Computer Security February 4, 2004 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationModelling and Analysing of Security Protocol: Lecture 1. Introductions to Modelling Protocols. Tom Chothia CWI
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI This Course This course will primarily teaching you: How to design your own secure communication
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: Authenticate each other Establish sessions keys This process may
More informationElements of Security
Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 8, 2015 at 12:47 Slideset 7: 1 Car Talk Puzzler You have a friend in a police state
More informationDatasäkerhetsmetoder föreläsning 7
Datasäkerhetsmetoder föreläsning 7 Nyckelhantering Jan-Åke Larsson Cryptography A security tool, not a general solution Cryptography usually converts a communication security problem into a key management
More informationComputer Networks & Security 2016/2017
Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems
More informationApplied Cryptography Protocol Building Blocks
Applied Cryptography Protocol Building Blocks Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Protocols An algorithm describes a series of steps carried out by a process
More informationL7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L7: Key Distributions Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/16/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from or are
More informationNetwork Security (NetSec)
Chair of Network Architectures and Services Department of Informatics Technical University of Munich Network Security (NetSec) IN2101 WS 16/17 Prof. Dr.-Ing. Georg Carle Dr. Heiko Niedermayer Cornelius
More informationBAN Logic. Logic of Authentication 1. BAN Logic. Source. The language of BAN. The language of BAN. Protocol 1 (Needham-Schroeder Shared-Key) [NS78]
Logic of Authentication 1. BAN Logic Ravi Sandhu BAN Logic BAN is a logic of belief. In an analysis, the protocol is first idealized into messages containing assertions, then assumptions are stated, and
More informationDigital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)
Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationSecurity and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models
CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #9 Authentication Using Shared Secrets Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we introduce the concept of authentication and
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 18: Key Distribution and Agreement Department of Computer Science and Engineering University at Buffalo 1 Key Distribution Mechanisms Secret-key encryption
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 9 March 30, 2011 Question 1 Another Use for Hash Functions (8 min) The traditional Unix system for password authentication works more or less like
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationKEY EXCHANGE AUTHENTICATION AUTHENTICATION AND KEY... ANALYSIS OF AUTHENTICATION... MULTIPLE-KEY PUBLIC-KEY... 68
CHAPTER... 47 KEY EXCHANGE... 47 Key Exchange with Symmetric Cryptograp.. 47 Key Exchange with Public-Key Cryptograp.. 48 Man-in-the-Middle Attack... 48 Interlock Protocol... 49 Key Exchange with Digital
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationLecture 7 - Applied Cryptography
CSE497b Introduction to Computer and Network Security - Spring 2007 - Professor Jaeger Lecture 7 - Applied Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger
More informationLecture 4: Authentication Protocols
Graduate Course on Computer Security Lecture 4: Authentication Protocols Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, Inc @ NRL Washington DC http://www.cs.stanford.edu/~iliano/ DIMI, Universita
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationCIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols
CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Authentication Three basic models 1. Something you know Password,
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationDigital Signatures. Secure Digest Functions
Digital Signatures Secure Digest Functions 8 requirements for one-way hash functions given M, H(M) is easy to compute given H(M), M is difficult to compute given M, it is difficult to find M such that
More informationKey Establishment. Chester Rebeiro IIT Madras. Stinson : Chapter 10
Key Establishment Chester Rebeiro IIT Madras CR Stinson : Chapter 10 Multi Party secure communication C D A B E F N parties want to communicate securely with each other (N=6 in this figure) If sends a
More informationInformation Security CS 526
Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric
More informationStrong Password Protocols
Strong Password Protocols Strong Password Protocols Password authentication over a network Transmit password in the clear. Open to password sniffing. Open to impersonation of server. Do Diffie-Hellman
More informationFrom Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005
Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4 Introduction Security policies Provide for the sharing of resources within specified limits
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationKey Agreement. Guilin Wang. School of Computer Science, University of Birmingham
Key Agreement Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Motivations As we know, symmetric key encryptions are usually much more efficient than public key encryptions,
More informationCryptanalysis of Two Password-Authenticated Key Exchange. Protocols between Clients with Different Passwords
International Mathematical Forum, 2, 2007, no. 11, 525-532 Cryptanalysis of Two Password-Authenticated Key Exchange Protocols between Clients with Different Passwords Tianjie Cao and Yongping Zhang School
More informationFall 2005 Joseph/Tygar/Vazirani/Wagner Final
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Final PRINT your name:, (last) SIGN your name: (first) PRINT your Unix account name: PRINT your TA s name: You may consult any books, notes,
More informationCryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography
Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography Key Management The first key in a new connection or association is always delivered via a courier Once you have a key, you
More informationNetwork Security. Chapter 7 Cryptographic Protocols
Network Security Chapter 7 Cryptographic Protocols 1 Introduction! Definition: A cryptographic protocol is defined as a series of steps and message exchanges between multiple entities in order to achieve
More informationOutline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication
Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationChair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 3
Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle Network Security Chapter 3 Cryptographic Protocols for Encryption, Authentication and Key Establishment Overview
More informationGrenzen der Kryptographie
Microsoft Research Grenzen der Kryptographie Dieter Gollmann Microsoft Research 1 Summary Crypto does not solve security problems Crypto transforms security problems Typically, the new problems relate
More informationCSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni
CSCI 667: Concepts of Computer Security Lecture 9 Prof. Adwait Nadkarni 1 Derived from slides by William Enck, Micah Sherr, Patrick McDaniel, Peng Ning, and Vitaly Shmatikov Authentication Alice? Bob?
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationFall 2010/Lecture 32 1
CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Cryptographic Authentication Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationKEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington
KEY AGREEMENT PROTOCOLS CIS 400/628 Spring 2005 Introduction to Cryptography This is based on Chapter 13 of Trappe and Washington DIFFIE-HELLMAN KEY EXCHANGE Alice & want to exchange a ton of data using
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationCS3235 Seventh set of lecture slides
CS3235 Seventh set of lecture slides Hugh Anderson National University of Singapore School of Computing October, 2007 Hugh Anderson CS3235 Seventh set of lecture slides 1 Warp 9... Outline 1 Public Key
More informationSPi Calculus: Outline. What is it? Basic SPi Calculus Notation Basic Example Example with Channel Establishment Example using Cryptography
SPi Calculus: Outline What is it? Basic SPi Calculus Notation Basic Example Example with Channel Establishment Example using Cryptography SPi Calculus: What is it? SPi Calculus is an executable model for
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationVerification of security protocols introduction
Verification of security protocols introduction Stéphanie Delaune CNRS & IRISA, Rennes, France Tuesday, November 14th, 2017 Cryptographic protocols everywhere! they aim at securing communications over
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationA Protocol for Secure Public Instant Messaging
Financial Cryptography - Feb 27, 2006 A Protocol for Secure Public Instant Messaging Mohammad Mannan and Paul C. van Oorschot Digital Security Group Carleton University, Canada Mohammad Mannan Feb 27,
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same
More informationECEN 5022 Cryptography
Introduction University of Colorado Spring 2008 Historically, cryptography is the science and study of secret writing (Greek: kryptos = hidden, graphein = to write). Modern cryptography also includes such
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationEEC-682/782 Computer Networks I
EEC-682/782 Computer Networks I Lecture 25 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB
More informationSecurity Handshake Pitfalls
Cryptographic Authentication Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationKey distribution and certification
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification Authority
More information13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.
Key distribution and certification Kerberos In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification
More informationAoT: Authentication and Access Control for the Entire IoT Device Life-Cycle
AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle Noura Alomar November 7th, 2018 1 AoT The AoT paper is one of the earliest and most cited papers on IoT defense and it considers
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More information22-security.txt Tue Nov 27 09:13: Notes on Security Protocols , Fall 2012 Carnegie Mellon University Randal E.
22-security.txt Tue Nov 27 09:13:37 2012 1 Notes on Security Protocols 15-440, Fall 2012 Carnegie Mellon University Randal E. Bryant References: Tannenbaum: 9.1, 9.2 (skip 9.2.3), 9.4.1 BASICS Desired
More informationIntroduction to Cryptography. Ramki Thurimella
Introduction to Cryptography Ramki Thurimella Encryption & Decryption 2 Generic Setting 3 Kerckhoff s Principle Security of the encryption scheme must depend only on The secret key NOT on the secrecy of
More information2.1 Basic Cryptography Concepts
ENEE739B Fall 2005 Part 2 Secure Media Communications 2.1 Basic Cryptography Concepts Min Wu Electrical and Computer Engineering University of Maryland, College Park Outline: Basic Security/Crypto Concepts
More informationCryptography III Want to make a billion dollars? Just factor this one number!
Cryptography III Want to make a billion dollars? Just factor this one number! 3082010a0282010100a3d56cf0bf8418d66f400be31c3f22036ca9f5cf01ef614de2eb9a1cd74a0c344b5a20d5f80df9a23c89 10c354821aa693432a61bd265ca70f309d56535a679d68d7ab89f9d32c47c1182e8a14203c050afd5f1831e5550e8700e008f2
More informationCS Protocols. Prof. Clarkson Spring 2016
CS 5430 Protocols Prof. Clarkson Spring 2016 Review: Secure channel When we last left off, we were building a secure channel The channel does not reveal anything about messages except for their timing
More informationNetwork Security and Internet Protocols
Network Security and Internet Protocols Luca Viganò Dipartimento di Informatica Università di Verona Sicurezza delle Reti A.A. 12/13 Lecture 5 Luca Viganò (Università di Verona) Network Security and Internet
More information(More) cryptographic protocols
(More) cryptographic protocols Myrto Arapinis School of Informatics University of Edinburgh October 19, 2017 1/24 Authentication and key agreement protocols 2/24 Authentication and key agreement Long-term
More informationSymmetric Encryption
Symmetric Encryption Ahmed Y. Banihammd & Ihsan, ALTUNDAG Mon November 5, 2007 Advanced Cryptography 1st Semester 2007-2008 University Joseph Fourrier, Verimag Master Of Information Security And Coding
More informationAuthentication Protocols
COMP Distributed Systems Protocols Kevin Jeffay Department of Computer Science University of North Carolina at Chapel Hill jeffay@cs.unc.edu October 5, 999 http://www.cs.unc.edu/~jeffay/courses/compf99
More informationCS Protocol Design. Prof. Clarkson Spring 2017
CS 5430 Protocol Design Prof. Clarkson Spring 2017 Review Cryptography: Encryption, block ciphers, block cipher modes, MACs, cryptographic hash functions, digital signatures, authenticated encryption,
More informationChapter 10 : Private-Key Management and the Public-Key Revolution
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 10 : Private-Key Management and the Public-Key Revolution 1 Chapter 10 Private-Key Management
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationAdvanced Cryptography 1st Semester Symmetric Encryption
Advanced Cryptography 1st Semester 2007-2008 Pascal Lafourcade Université Joseph Fourrier, Verimag Master: October 22th 2007 1 / 58 Last Time (I) Security Notions Cyclic Groups Hard Problems One-way IND-CPA,
More informationCIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries
CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationCS 161 Authentication Protocols. Zero knowledge review
CS 161 Authentication Protocols 27 September 2006 2006 Doug Tygar 1 CS 161 27 September 2006 Zero knowledge review Goal: authenticate without leaking any information What you need to know about Rabin signatures:
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More information