Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Similar documents
CIS 4360 Secure Computer Systems Symmetric Cryptography

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

There are numerous Python packages for cryptography. The most widespread is maybe pycrypto, which is however unmaintained since 2015, and has

Cryptographic Concepts

UNIT - IV Cryptographic Hash Function 31.1

Network Security Technology Project

Introduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell

Cryptographic Algorithm Validation Program:

Message authentication codes

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Security: Cryptography

Message Authentication and Hash function 2

: Practical Cryptographic Systems March 25, Midterm

CSE 127: Computer Security Cryptography. Kirill Levchenko

Lecture 1 Applied Cryptography (Part 1)

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

1.264 Lecture 28. Cryptography: Asymmetric keys

Lecture 9: Public-Key Cryptography CS /05/2018

ASYMMETRIC CRYPTOGRAPHY

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

ISA 662 Internet Security Protocols. Outline. Prime Numbers (I) Beauty of Mathematics. Division (II) Division (I)

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

CSCE 715: Network Systems Security

FIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Chapter 9 Public Key Cryptography. WANG YANG

Cipher Suite Configuration Mode Commands

Winter 2011 Josh Benaloh Brian LaMacchia

RSA. Public Key CryptoSystem

Deploying a New Hash Algorithm. Presented By Archana Viswanath

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 11 Basic Cryptography

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

Other Topics in Cryptography. Truong Tuan Anh

Computer Security: Principles and Practice

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

CS408 Cryptography & Internet Security

CSC/ECE 774 Advanced Network Security

Summary on Crypto Primitives and Protocols

Digital Signatures. Luke Anderson. 7 th April University Of Sydney.

PROTECTING CONVERSATIONS

Cryptography and Network Security

Cryptographic Hash Functions. Rocky K. C. Chang, February 5, 2015

CSC 474/574 Information Systems Security

Sankalchand Patel College of Engineering, Visnagar Department of Computer Engineering & Information Technology. Question Bank

Security. Communication security. System Security

Cryptographic Hash Functions

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Message Authentication Codes and Cryptographic Hash Functions

Inside the World of Cryptographic Algorithm Validation Testing. Sharon Keller CAVP Program Manager NIST ICMC, May 2016

Encrypted Data Deduplication in Cloud Storage

Cryptography. Recall from last lecture. [Symmetric] Encryption. How Cryptography Helps. One-time pad. Idea: Computational security

APNIC elearning: Cryptography Basics

Public-key Cryptography: Theory and Practice

Cryptography MIS

Implementing Cryptography: Good Theory vs. Bad Practice

A hash function is strongly collision-free if it is computationally infeasible to find different messages M and M such that H(M) = H(M ).

Encryption. INST 346, Section 0201 April 3, 2018

Asymmetric Cryptography. kprv. kpub. used in digital signature

CSC 774 Network Security

Intended status: Standards Track January 13, 2015 Expires: July 17, 2015

Encryption I. An Introduction

Spring 2010: CS419 Computer Security

Unit 8 Review. Secure your network! CS144, Stanford University

Cryptography: More Primitives

Randomness Extractors. Secure Communication in Practice. Lecture 17

Cryptography and Network Security. Sixth Edition by William Stallings

Lecture III : Communication Security Mechanisms

Cryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng

9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers

Symantec Corporation

Cryptography and Network Security Chapter 12. Message Authentication. Message Security Requirements. Public Key Message Encryption

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

CS408 Cryptography & Internet Security

UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering. Introduction to Cryptography ECE 597XX/697XX

POST-QUANTUM CRYPTOGRAPHY VIENNA CYBER SECURITY WEEK DR. DANIEL SLAMANIG

Hashes, MACs & Passwords. Tom Chothia Computer Security Lecture 5

(2½ hours) Total Marks: 75

Computer Security. Two main issues are current regarding security for computer communication systems

Refresher: Applied Cryptography

Remote E-Voting System

Internet Engineering Task Force (IETF) Request for Comments: 5959 Category: Standards Track August 2010 ISSN:

L13. Reviews. Rocky K. C. Chang, April 10, 2015

6 Cryptographic Operations API

Lecture 3.4: Public Key Cryptography IV

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

1. OVERVIEW RELEASE ITEMS HOW TO APPLY ADDITIONAL FUNCTIONS AND CHANGE FUNCTIONS FROM PREVIOUS EDITION...

Data Integrity. Modified by: Dr. Ramzi Saifan

Internet Engineering Task Force (IETF) Request for Comments: 7518 Category: Standards Track May 2015 ISSN:

Public Key Algorithms

Kurose & Ross, Chapters (5 th ed.)

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Lecture 20 Public key Crypto. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides from Miller and Bailey s ECE 422

Elaine Barker and Allen Roginsky NIST June 29, 2010

Cryptographic hash functions and MACs

MTAT Applied Cryptography

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Cryptography Introduction

Classical Cryptography. Thierry Sans

Transcription:

Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013

Digital Signatures Diagram illustrating how to sign a message Why do we use a one-way hash? How does a collision or second pre-image attack relate to this?

Digital Signatures What assurances do we get? o Authentication? o Confidentiality? o Integrity? o Non-repudiation? MAC vs. Digital Signature o What are the differences? What do we sign?

Digital Signatures When do we sign? o Sign-then-Encrypt (common) Surreptitious forwarding attack o Encrypt-then-Sign Authorship claim attack

Order of Authentication/ Encryption Encrypt then Authenticate (Sign/MAC) o More secure (in theory) o More efficient to discard bogus messages Authenticate (Sign/MAC) then Encrypt o Harder to attack the MAC, not visible o Disclosing data is less severe than accepting modified data o Horton Principle authenticate what you mean, not what you say Encrypt and Authenticate o Process in parallel o MAC protect authenticity, not privacy All choices can be used securely and insecurely

Message Authentication Three approaches o Benefits of each? o Drawbacks? o Third option broken, use HMAC

Digital Certificates Who has a digital certificate? What is the most common use for certificates?

Performance Test Goal: figure out the relative computing time for algorithms (one block) o SHA-1 o AES o RSA Encrypt o RSA Signature Order the above, fastest to slowest

Performance Test Average of 10, 000 iterations SHA-1 0.0017 ms AES 0.0142 ms 8x slower than a hash RSA encrypt 0.3647 ms 3515x slower than a hash RSA signature 5.9751 ms 215x slower than a hash 26x slower than AES 421x slower than AES 16x slower than RSA enc.

RSA Padding Or: How RSA should really be used (See PKCS #1)

RSA Primitives RSA Encryption o m e = c (mod n) RSA Decryption o c d = m (mod n) Pitfalls of using RSA o What if m is very small? Take the e th root of c Use RSA padding o Implementation flaws timing attacks Insert constant delays or binding RSA Labs publishes the standards for using RSA o Public Key Cryptography Standard #1 (PKCS #1)

Overview of PKCS #1 Good cryptographic practice o Employ a key pair in only one scheme One pair for signatures, one for encryption Provides 2 approaches for using the RSA primitives o Legacy PKCS1-v1_5 o Recommended OAEP, PSS

PKCS1- v1_5 Encryption Encryption o o Message m becomes EM EM = 0x00 0x02 PS 0x00 M EM is then used with the encryption primitive Decryption o PS is randomly generated, non- zero, bytes PS must be at least 8 bytes Why must PS have a minimum length? Ensure that the decrypted message conforms to the expected structure above, remove padding, etc How does this scheme affect the size of the message to be encrypted? When does this approach produce identical ciphertexts?

PKCS1- v1_5 Signatures Signature o o Hash message m, pre-pend the digestid to create T EM = 0x00 0x01 PS 0x00 T EM is then used with the signature primitive Verification o o PS is the byte 0xff repeated over and over Use public key to obtain EM Ensure that EM conforms to the expected structure above, remove padding, etc How does this scheme affect the size of the message digests that can be used? When does this approach produce identical signatures?

PKCS1- v1_5 Encryption o EM = 0x00 0x02 PS 0x00 M Signature o EM = 0x00 0x01 PS 0x00 T Why do both start with 0x00?

RSA Encryption with OAEP OAEP o Optimal Asymmetric Encryption Padding o In addition to being more secure adds the ability to associate a label with the message Encrypt(M, L (optional), n, e)

RSA Encryption with OAEP PS is the byte 0x00 repeated over and over seed is a random series of bytes How does this scheme affect the size of the message to be encrypted? When does this approach produce identical ciphertexts?

RSA Signatures with PSS PSS o Probabilistic Signature Scheme Padding 1 and Padding 2 are bytes of 0x00 Salt is random bc is 0xbc When does this approach produce identical signatures? Set leftmost x bits to 0

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback