breaking lmap
play

Breaking LMAP Etvs Lornd University, Budapest, Hungary ELTECRYPT - PowerPoint PPT Presentation

Dec 29, 2023 •364 likes •663 views

Mihly Brsz, Balzs Boros, Pter Ligeti, Krisztina Lja, Dniel A. Nagy Breaking LMAP Etvs Lornd University, Budapest, Hungary ELTECRYPT Research Group LMAP Pedro Peris-Lopez, Julio Cesar Hernandez- Castro, Juan M. Estvez

  1. Mihály Bárász, Balázs Boros, Péter Ligeti, Krisztina Lója, Dániel A. Nagy Breaking LMAP Eötvös Loránd University, Budapest, Hungary ELTECRYPT Research Group

  2. LMAP Pedro Peris-Lopez, Julio Cesar Hernandez- Castro, Juan M. Estvez Tapiador, Arturo Ribagorda: LMAP: A Real Lightweight Mutual Authentication Protocol for Low-cost RFID tags in: Proc. of RFIDSec06 Workshop on RFID Security, July 12-14, Graz, Austria, 2006. 2/29

  3. LMAP Minimalist cryptography Simple operations: Bitwise XOR ( ⊕ ) � Bitwise OR ( ∨ ) � Addition mod 2 m ( + ) � The goal: low complexity in the tags � adequate level of security � Is it possible? 3/29

  4. Active attack against LMAP Tieyan Li, Guilin Wang: Security Analysis of Two Ultra-Lightweight Mutual Authentication Protocol for Low-cost RFID tags , IFIP SEC 2007. � Active attack against the LMAP � de-synchronization attack � full-disclosure attack � 96 rounds of authentication is needed 4/29

  5. Breaking LMAP Our attack: � Passive attack � Intercepting a few consecutive rounds of authentication of the same tag is enough to calculate the keys and all other secrets � The attacker can impersonate the tag in the subsequent rounds 5/29

  6. LMAP keys and secrets K = K 1 || K 2 || K 3 || K 4 the keys 384 bit = 96 + 96 + 96 + 96 bit ID : a constant identification number (96 bit) IDS : an identification number that must be updated after every round of authentication (96 bit) n 1 , n 2 : random numbers generated by the reader (96 bit) 6/29

  7. Mutual authentication Tag identification hello READER TAG READER IDS Mutual authentication A || B || C READER TAG READER D 7/29

  8. Messages A, B, C, D A, B, C READER TAG READER A = IDS ⊕ K 1 ⊕ n 1 now the tag knows n 1 B = (IDS ∨ K 2 ) + n 1 reader authentication C = IDS + K 3 + n 2 the tag knows n 2 D READER TAG READER D = (IDS + ID) ⊕ n 1 ⊕ n 2 tag authentication 8/29

  9. Updating the keys and IDS IDS (n+1) = (IDS (n) + (n 2(n) ⊕ K 4(n) )) ⊕ ID K 1(n+1) = K 1(n) ⊕ n 2(n) ⊕ (K 3(n) + ID) K 2(n+1) = K 2(n) ⊕ n 2(n) ⊕ (K 4(n) + ID) K 3(n+1) = (K 3(n) ⊕ n 1(n) ) + (K 1(n) ⊕ ID) K 4(n+1) = (K 4(n) ⊕ n 1(n) ) + (K 2(n) ⊕ ID) A = IDS ⊕ K 1 ⊕ n 1 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 D = (IDS + ID) ⊕ n 1 ⊕ n 2 9/29

  10. Weaknesses of the LMAP � LMAP uses only bitwise operations and addition modulo 2 96 every bit depends only on the less significant bits � For the least significant bits the XOR operation and addition modulo 2 96 are the same we can compute the least significant bits (n) ⊕ K 4 IDS (n+1) = (IDS (n) + (n 2 (n) )) ⊕ ID (n) ⊕ n 2 (n) ⊕ (K 3 (n+1) = K 1 K 1 (n) + ID) A = IDS ⊕ K 1 ⊕ n 1 (n) ⊕ n 2 (n) ⊕ (K 4 K 2 (n+1) = K 2 (n) + ID) B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 (n) ⊕ n 1 (n) ⊕ ID) K 3 (n+1) = (K 3 (n) ) + (K 1 D = (IDS + ID) ⊕ n 1 ⊕ n 2 (n) ⊕ n 1 (n) ⊕ ID) K 4 (n+1) = (K 4 (n) ) + (K 2 10/29

  11. Weaknesses of the LMAP � The addition modulo 2 96 means no difficulty if we know every less significant bit � The bitwise OR ( ∨ ) operation is a weak point in the protocol. B = (IDS ∨ K 2 ) + n 1 information about n 1 with the help of 1 bits of the IDS A = IDS ⊕ K 1 ⊕ n 1 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 D = (IDS + ID) ⊕ n 1 ⊕ n 2 11/29

  12. The steps of breaking LMAP � We will need a few consecutive rounds of authentication of the same tag � We compute the least significant bits (the 96 th bits) in a round where the least significant bit of the IDS is 1 � Next we compute the 95 th bits � We will need r rounds so that [IDS (n) ] k ∨ [IDS (n+1) ] k ∨ [IDS (n+2) ] k ∨ … ∨ [IDS (n+r-1) ] k = 1 for every k = 1, 2, …, 96 + two more rounds and we can A = IDS ⊕ K 1 ⊕ n 1 compute every key and secret B = (IDS ∨ K 2 ) + n 1 [M (n) ] k : the k -th bit of C = IDS + K 3 + n 2 message M in round n D = (IDS + ID) ⊕ n 1 ⊕ n 2 12/29

  13. The least significant bits: n 1 , K 1 Let us assume, that [IDS (n) ] 96 = 1 [M (n) ] k : the k -th bit of message M in round n ([IDS (n) ] 96 ∨ [K 2(n) ] 96 ) = 1 Known B = (IDS ∨ K 2 ) + n 1 k Unknown Is actually calculated [B (n) ] 96 = 1 ⊕ [n 1(n) ] 96 Known: A, B, C, D, IDS [n 1(n) ] 96 = [B (n) ] 96 ⊕ 1 Unknown: K 1 , K 2 , K 3 , K 4 , ID, n 1 , n 2 [A (n) ] 96 = [IDS (n) ] 96 ⊕ [K 1(n) ] 96 ⊕ [n 1(n) ] 96 [K 1(n) ] 96 = [A (n) ] 96 ⊕ [IDS (n) ] 96 ⊕ [n 1(n) ] 96 A = IDS ⊕ K 1 ⊕ n 1 B = (IDS ∨ K 2 ) + n 1 Unknown: K 1 , K 2 , K 3 , K 4 , ID, n 1 , n 2 C = IDS + K 3 + n 2 Known: the 96 th bit of n 1 , K 1 D = (IDS + ID) ⊕ n 1 ⊕ n 2 13/29

  14. The least significant bits: K 4 D = (IDS + ID) ⊕ n 1 ⊕ n 2 [D (n) ] 96 = [IDS (n) ] 96 ⊕ [ID] 96 ⊕ [n 1(n) ] 96 ⊕ [n 2(n) ] 96 IDS (n+1) = (IDS (n) + (n 2(n) ⊕ K 4(n) )) ⊕ ID [IDS (n+1) ] 96 = ([IDS (n) ] 96 + ([n 2(n) ] 96 ⊕ [K 4(n) ] 96 )) ⊕ ⊕ [ID] 96 [K 4(n) ] 96 = [IDS (n+1) ] 96 ⊕ [D (n) ] 96 ⊕ [n 1(n) ] 96 A = IDS ⊕ K 1 ⊕ n 1 Unknown: the 96 th bit of K 2 , K 3 , ID, n 2 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 Known: the 96 th bit of n 1 , K 1 , K 4 D = (IDS + ID) ⊕ n 1 ⊕ n 2 14/29

  15. Messages A, B, C, D in round n+1 [A (n+1) ] 96 = [IDS (n+1) ] 96 ⊕ [K 1 (n) ] 96 ⊕ [n 2 (n) ] 96 ⊕ [K 3 (n) ] 96 ⊕ ⊕ [ID] 96 ⊕ [n 1 (n+1) ] 96 [B (n+1) ] 96 = ([IDS (n+1) ] 96 ∨ ([K 2 (n) ] 96 ⊕ [n 2 (n) ] 96 ⊕ [K 4 (n) ] 96 ⊕ ⊕ [ID] 96 )) ⊕ [n 1 (n+1) ] 96 [C (n+1) ] 96 = [IDS (n+1) ] 96 ⊕ [K 3 (n) ] 96 ⊕ [n 1 (n) ] 96 ⊕ [K 1 (n) ] 96 ⊕ ⊕ [ID] 96 ⊕ [n 2 (n+1) ] 96 [D (n+1) ] 96 = [IDS (n+1) ] 96 ⊕ [ID] 96 ⊕ [n 1 (n+1) ] 96 ⊕ [n 2 (n+1) ] 96 (If [IDS (n+1) ] 96 = 1, then [B (n+1) ] 96 = 1 ⊕ [n 1 (n+1) ] 96 ) A = IDS ⊕ K 1 ⊕ n 1 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 D = (IDS + ID) ⊕ n 1 ⊕ n 2 15/29

  16. The least significant bits: n 2 (n+1) ‏ [C (n+1) ] 96 = [IDS (n+1) ] 96 ⊕ [K 3(n) ] 96 ⊕ [n 1(n) ] 96 ⊕ ⊕ [K 1(n) ] 96 ⊕ [ID ] 96 ⊕ [n 2 (n+1) ] 96 [C (n) ] 96 = [IDS (n) ] 96 ⊕ [K 3(n) ] 96 ⊕ [n 2(n) ] 96 [D (n) ] 96 = [IDS (n) ] 96 ⊕ [ID] 96 ⊕ [n 1(n) ] 96 ⊕ [n 2(n) ] 96 [C (n) ] 96 ⊕ [D (n) ] 96 = [ID] 96 ⊕ [n 1(n) ] 96 ⊕ [K 3(n) ] 96 [n 2(n+1) ] 96 = [IDS (n+1) ] 96 ⊕ [C (n+1) ] 96 ⊕ [C (n) ] 96 ⊕ ⊕ [D (n) ] 96 ⊕ [K 1(n) ] 96 A = IDS ⊕ K 1 ⊕ n 1 Unknown: the 96 th bit of K 2 , K 3 , ID, n 2 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 Known: the 96 th bit of n 1 , n 2 (n+1) , K 1 , K 4 D = (IDS + ID) ⊕ n 1 ⊕ n 2 16/29

  17. The least significant bits: K 2 (n) [IDS (n+2) ] 96 = [IDS (n+1) ] 96 ⊕ [n 2(n+1) ] 96 ⊕ ⊕ [K 4(n+1) ] 96 ⊕ [ID] 96 = = [IDS (n+1) ] 96 ⊕ [n 2(n+1) ] 96 ⊕ [K 4(n) ] 96 ⊕ [n 1(n) ] 96 ⊕ [K 2(n) ] 96 [K 2(n) ] 96 = [IDS (n+2) ] 96 ⊕ [IDS (n+1) ] 96 ⊕ [n 2(n+1) ] 96 ⊕ ⊕ [K 4(n) ] 96 ⊕ [n 1(n) ] 96 A = IDS ⊕ K 1 ⊕ n 1 Unknown: the 96 th bit of K 3 , ID, n 2 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 Known: the 96 th bit of n 1 , n 2 (n+1) , K 1 , K 2 , K 4 D = (IDS + ID) ⊕ n 1 ⊕ n 2 17/29

  18. The least significant bits: n 1 (n+1) , ID [B (n+1) ] 96 = ([IDS (n+1) ] 96 ∨ ([K 2 (n) ] 96 ⊕ [n 2 (n) ] 96 ⊕ [K 4 (n) ] 96 ⊕ ⊕ [ID] 96 )) ⊕ [n 1 (n+1) ] 96 [D (n) ] 96 = [IDS (n) ] 96 ⊕ [ID] 96 ⊕ [n 1 (n) ] 96 ⊕ [n 2 (n) ] 96 (n+1) ] 96 = [B (n+1) ] 96 ⊕ ([IDS (n+1) ] 96 ∨ ([K 2 (n) ] 96 ⊕ [K 4 (n) ] 96 ⊕ [n 1 [D (n) ] 96 ⊕ [n 1 (n) ] 96 )) [D (n+1) ] 96 = [IDS (n+1) ] 96 ⊕ [ID] 96 ⊕ [n 1 (n+1) ] 96 ⊕ [n 2 (n+1) ] 96 [ID] 96 = [IDS (n+1) ] 96 ⊕ [D (n+1) ] 96 ⊕ [n 1 (n+1) ] 96 ⊕ [n 2 (n+1) ] 96 A = IDS ⊕ K 1 ⊕ n 1 Unknown: the 96 th bit of K 3 , n 2 B = (IDS ∨ K 2 ) + n 1 Known: the 96 th bit of n 1 , n 1 (n+1) , n 2 (n+1) , K 1 , K 2 , K 4 , ID C = IDS + K 3 + n 2 D = (IDS + ID) ⊕ n 1 ⊕ n 2 18/29

  19. The least significant bits: n 2 , K 3 [D (n) ] 96 = [IDS (n) ] 96 ⊕ [ID] 96 ⊕ [n 1(n) ] 96 ⊕ [n 2(n) ] 96 [n 2(n) ] 96 = [IDS (n) ] 96 ⊕ [ID] 96 ⊕ [n 1(n) ] 96 ⊕ [D (n) ] 96 [C (n) ] 96 = [IDS (n) ] 96 ⊕ [K 3(n) ] 96 ⊕ [n 2(n) ] 96 [K 3(n) ] 96 = [IDS (n) ] 96 ⊕ [C (n) ] 96 ⊕ [n 2(n) ] 96 Now we know the least significant bit of every key and secret! A = IDS ⊕ K 1 ⊕ n 1 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 D = (IDS + ID) ⊕ n 1 ⊕ n 2 19/29

  20. The 95th bits [A (n) ] 95 = [IDS (n) ] 95 ⊕ [K 1(n) ] 95 ⊕ [n 1(n) ] 95 [B (n) ] 95 = ([IDS (n) ] 95 ∨ [K 2(n) ] 95 ) ⊕ [n 1(n) ] 95 ⊕ ⊕ (([IDS (n) ] 96 ∨ [K 2(n) ] 96 ) ∨ [n 1(n) ] 96 ) [C (n) ] 95 = [IDS (n) ] 95 ⊕ [K 3(n) ] 95 ⊕ [n 2(n) ] 95 ⊕ ⊕ ([K 3(n) ] 96 ∨ [n 2(n) ] 96 ) [D (n) ] 95 = [IDS (n) ] 95 ⊕ [ID] 95 ⊕ ([IDS (n) ] 96 ∨ [ID] 96 ) ⊕ ⊕ [n 1(n) ] 95 ⊕ [n 2(n) ] 95 A = IDS ⊕ K 1 ⊕ n 1 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 D = (IDS + ID) ⊕ n 1 ⊕ n 2 20/29

  21. Computing all the bits � If [IDS (n) ] 95 = 1, then the problem is equivalent with that of least significant bits. � If [IDS (n) ] 95 = 0, then we have to wait for a later round where the 95 th bit of the IDS is 1. � After this we will compute the 95 th bits in round n as well. � After the 95 th bits we compute the 94 th bits and so on. (We use the same few rounds of authentication!) A = IDS ⊕ K 1 ⊕ n 1 B = (IDS ∨ K 2 ) + n 1 C = IDS + K 3 + n 2 D = (IDS + ID) ⊕ n 1 ⊕ n 2 21/29

  22. Waiting for the bit 1 in the IDS P([IDS (n) ] k = 1) = ½ P([IDS (n) ] k = 1 | [IDS (n-1) ] k = 0) = P([IDS (n) ] k = 1 | [IDS (n-1) ] k = 1) = ½ IDS (n+1) = (IDS (n) + (n 2(n) ⊕ K 4(n) )) ⊕ ID random If [IDS (n) ] 95 = 0, then in a later round it must be 1 22/29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

LMAP Informatjon Model Issues Tim Carey (Nokia) June 12, 2016 LMAP Informatjon Model Issues

LMAP Informatjon Model Issues Tim Carey (Nokia) June 12, 2016 LMAP Informatjon Model Issues

LMAP Informatjon Model Issues Tim Carey (Nokia) June 12, 2016 LMAP Informatjon Model Issues Summary In review of drafu-ietg-lmap-informatjon-model-09, we realized that this drafu: Modifjed the ma-schedule-obj to include new

330 views • 12 slides
IETF Measurement Standardization LMAP (touch on IPPM) Large-Scale Measurement of Broadband

IETF Measurement Standardization LMAP (touch on IPPM) Large-Scale Measurement of Broadband

IETF Measurement Standardization LMAP (touch on IPPM) Large-Scale Measurement of Broadband Performance LMAP Standardization History Evolved out of an FCCs MBA Program - 2012 NMASOG (Next-Generation Measurement Architecture

141 views • 13 slides
Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Breaking out of the box Understanding rela5onships between learning and assessment Breaking

Dr Nick Saville Breaking out of the box Understanding rela5onships between learning and assessment Breaking out of the box - a metaphor for thinking about rela5onships and interpreta5ons breaking out breaking out of the box of the

895 views • 68 slides
IETF 88, Vancouver ALTO WG November 2013 Overview & Motivation How to make Large -Scale

IETF 88, Vancouver ALTO WG November 2013 Overview & Motivation How to make Large -Scale

ALTO for Querying LMAP Results draft-seedorf-lmap-alto-02 Jan Seedorf David Goergen Radu State Vijay Gurbani Enrico Marocco IETF 88, Vancouver ALTO WG November 2013 Overview & Motivation How to make Large -Scale Measurement of

377 views • 12 slides
Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD

Parsing OSM XML iD OSMCha To-Fix Frontend Developer kepta kushan2020 Breaking down iD Breaking down iD 15% Rendering Painting 21% Javascript 64% HTML A sample of what iD is doing behind the scenes Breaking down JS 13% Draw Vector

426 views • 27 slides
THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING

THE MSSM FROM SS BREAKING MARIANO QUIROS, ICREA/IFAE HEP 2006 THE MSSM FROM SS BREAKING p.1/31 OUTLINE Introduction Higgs sector Tree-level masses EWSB and fine-tuning Supersymmetric spectrum Dark

361 views • 34 slides
Breaking Up Breaking Up Is Is Hard Hard To Do (But It Might To Do (But It Might Be Be Easier

Breaking Up Breaking Up Is Is Hard Hard To Do (But It Might To Do (But It Might Be Be Easier

Breaking Up Breaking Up Is Is Hard Hard To Do (But It Might To Do (But It Might Be Be Easier with a Prenup) Easier with a Prenup) Gregory S. Gregory S. William Williams, , Esq. Esq. Carr rruthe uthers & rs & Roth, P.A.

170 views • 6 slides
The Benefit of the Doubt The Swedish Legal System Why Breaking the Law? Judas Priest Breaking

The Benefit of the Doubt The Swedish Legal System Why Breaking the Law? Judas Priest Breaking

The Benefit of the Doubt The Swedish Legal System Why Breaking the Law? Judas Priest Breaking The Law Lyrics There I was completely wasting, out of work and down All inside it's so frustrating as I drift from town to town Feel as though

269 views • 10 slides
Transitions in Place Leonard Hock, D.O., M.A.C.O.I., CMD Breaking Bad News Goals and Objectives

Transitions in Place Leonard Hock, D.O., M.A.C.O.I., CMD Breaking Bad News Goals and Objectives

3/22/2012 Transitions in Place Leonard Hock, D.O., M.A.C.O.I., CMD Breaking Bad News Goals and Objectives Understand and use the key steps in breaking bad news. Confirm and be able to use effective methods of communication in breaking

245 views • 8 slides
SUSY breaking and the MSSM Spontaneous SUSY breaking at tree-level ORaifeartaigh, Fayet,

SUSY breaking and the MSSM Spontaneous SUSY breaking at tree-level ORaifeartaigh, Fayet,

SUSY breaking and the MSSM Spontaneous SUSY breaking at tree-level ORaifeartaigh, Fayet, Iliopoulos Spontaneous SUSY Breaking 0 | H | 0 > 0 implies that SUSY is broken. 2 D a D a , V = F i F i + g 2 find models where F i = 0

249 views • 24 slides
Breaking Gridlock, Breaking Ground: Tackling Anchorage Housing Affordability Presented by Michele

Breaking Gridlock, Breaking Ground: Tackling Anchorage Housing Affordability Presented by Michele

Breaking Gridlock, Breaking Ground: Tackling Anchorage Housing Affordability Presented by Michele Brown MOA Senior Citizens Advisory Commission Senior Housing Forum Loussac Library October 22, 2014 Our Goal: All Anchorage residents have

496 views • 36 slides
i.e., Higgs? 1 Understanding Electroweak Symmetry breaking is essential for significant progress

i.e., Higgs? 1 Understanding Electroweak Symmetry breaking is essential for significant progress

Symmetry is fundamental to our understanding of the basic laws of physics Mass is always associated with symmetry breaking Easier to discover the symmetry: e.g. SU(2) x U(1) Harder to discover the symmetry breaking mechanism, i.e., Higgs? 1

862 views • 24 slides
Dynamical SUSY breaking A rule of thumb for SUSY breaking theory with no flat directions that

Dynamical SUSY breaking A rule of thumb for SUSY breaking theory with no flat directions that

Dynamical SUSY breaking A rule of thumb for SUSY breaking theory with no flat directions that spontaneously breaks a continuous global symmetry generally breaks SUSY Goldstone boson with a scalar partner (a modulus), but if there are no flat

750 views • 36 slides
Breaking Hardware Wallets Breaking Bitcoin September 2017 Nicolas Bacca @btchip Why Hardware

Breaking Hardware Wallets Breaking Bitcoin September 2017 Nicolas Bacca @btchip Why Hardware

Breaking Hardware Wallets Breaking Bitcoin September 2017 Nicolas Bacca @btchip Why Hardware Wallets ? - high level overview YES NO Do you want to send 1.337 BTC to Public data 1UnREADABLE Operations on private data, with user validation

739 views • 24 slides
Breaking Down Barrie iers Asya Choudry Genetic Counsellor Community Engagement Manager for

Breaking Down Barrie iers Asya Choudry Genetic Counsellor Community Engagement Manager for

Breaking Down Barrie iers Asya Choudry Genetic Counsellor Community Engagement Manager for Breaking Down Barriers BREAKING DOWN BARRIERS WORKSHOP, BIRMINGHAM, SEPTEMBER 2018 Introduction Passion for Genetic Counselling GOSH/UCLH

125 views • 10 slides
2018-2019 BUDGET Breaking Down the Budget Breaking Down the Budget This presentation focuses on

2018-2019 BUDGET Breaking Down the Budget Breaking Down the Budget This presentation focuses on

A Citizens Guide to the 2018-2019 BUDGET Breaking Down the Budget Breaking Down the Budget This presentation focuses on the Jackson County School Districts budget for the 2018-2019 school year. In this report we will concentrate on the

234 views • 21 slides
The Methodology of Provable Security Marc Joye Thomson Security Labs marc.joye@thomson.net

The Methodology of Provable Security Marc Joye Thomson Security Labs marc.joye@thomson.net

The Methodology of Provable Security Marc Joye Thomson Security Labs marc.joye@thomson.net DIWALL Seminar March 20, 2008 Contents Part I Introduction Part II Signature Schemes Part III Encryption Schemes Part IV Conclusion Part I

463 views • 24 slides
Evaluating the Security of Implementations Against Side Channel Attacks Activities from ANSSI

Evaluating the Security of Implementations Against Side Channel Attacks Activities from ANSSI

Evaluating the Security of Implementations Against Side Channel Attacks Activities from ANSSI Laboratory for Embedded Security Emmanuel Prouff emmanuel.prouff@ssi.gouv.fr Agence Nationale de la S ecurit e des Syst` emes dInformation

790 views • 68 slides
Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain,

Relay Attacks and Distance Bounding Protocols Gildas Avoine Universit e catholique de Louvain, Belgium Workshop on Cryptography for the Internet of Things November 20 21, 2012, Antwerp, Belgium SUMMARY Relay Attacks Distance Bounding

349 views • 21 slides
ECS 235B, Lecture 26 March 13, 2019 March 13, 2019 ECS 235B, Foundations of Computer and

ECS 235B, Lecture 26 March 13, 2019 March 13, 2019 ECS 235B, Foundations of Computer and

ECS 235B, Lecture 26 March 13, 2019 March 13, 2019 ECS 235B, Foundations of Computer and Information Security 1 State Machine Model: 2-Bit Machine Levels High , Low , meet 4 properties: 1. For every input i k , state s j , there is an element c

380 views • 22 slides
Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat Model- Unencrypted SSID Hiding SSID - network name LoboGuest eduroam Default broadcast SSID SSID hiding do not broadcast SSID

552 views • 18 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Tor update 2012 Roger Dingledine The Tor Project https://torproject.org/ 1 Today's plan 0)

Tor update 2012 Roger Dingledine The Tor Project https://torproject.org/ 1 Today's plan 0)

Tor update 2012 Roger Dingledine The Tor Project https://torproject.org/ 1 Today's plan 0) Crash course on Tor 1) History of Tor censorship attempts 2) Attacks on low-latency anonymity 3) Tor performance issues 4) Next

1.04k views • 58 slides
Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Chapter 1

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Chapter 1

Cryptography and Network Security Chapter 1 Fourth Edition by William Stallings Chapter 1 Introduction The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the

483 views • 21 slides

More recommend