course information
play

Course Information CS 838 Applied Cryptography Instructor: Thomas - PowerPoint PPT Presentation

Dec 14, 2023 •21 likes •851 views

Course Information CS 838 Applied Cryptography Instructor: Thomas Ristenpart Website: http://pages.cs.wisc.edu/ rist/cs838/ 1 / 55 Cryptography usage Did you use any cryptography today? 2 / 55 Cryptography usage Did you use any

  1. Course Information CS 838 — Applied Cryptography Instructor: Thomas Ristenpart Website: http://pages.cs.wisc.edu/ rist/cs838/ 1 / 55

  2. Cryptography usage Did you use any cryptography • today? 2 / 55

  3. Cryptography usage Did you use any cryptography • today? • over the last week? 2 / 55

  4. Cryptography usage Did you use any cryptography • today? • over the last week? • over the Christmas break? 2 / 55

  5. Cryptography usage • https invokes the Secure Socket Layer (SSL) communication security protocol to securely transmit your credit card number to the server • SSL uses cryptography 3 / 55

  6. Cryptography usage Other uses of cryptography • ATM machines • On-line banking • Remote login and file transfer using SSH • X-Box, PlayStation 3 4 / 55

  7. What is cryptography about? Adversary: clever person with powerful computer Goals: • Data privacy • Data integrity and authenticity 5 / 55

  8. Privacy The goal is to ensure that the adversary does not see or obtain the data (message) M . Example : M could be a credit card number being sent by shopper Alice to server Bob and we want to ensure attackers don’t learn it. 6 / 55

  9. Integrity and authenticity The goal is to ensure that • M really originates with Alice and not someone else • M has not been modified in transit 7 / 55

  10. Integrity and authenticity example Bob Alice (Bank) Alice Pay $100 to Charlie ✲ Adversary Eve might • Modify “Charlie” to “Eve” • Modify “$100” to “$1000” Integrity prevents such attacks. 8 / 55

  11. Medical databases Doctor Database Get Alice ✲ Alice F A F A Reads F A Bob F B ✛ Modifies F A to F ′ A Put: Alice, F ′ Alice F ′ A A ✲ Bob F B 9 / 55

  12. Medical databases Doctor Database Get Alice ✲ Alice F A F A Reads F A Bob F B ✛ Modifies F A to F ′ A Put: Alice, F ′ Alice F ′ A A ✲ Bob F B • Privacy: F A , F ′ A contain confidential information and we want to ensure the adversary does not obtain them 9 / 55

  13. Medical databases Doctor Database Get Alice ✲ Alice F A F A Reads F A Bob F B ✛ Modifies F A to F ′ A Put: Alice, F ′ Alice F ′ A A ✲ Bob F B • Privacy: F A , F ′ A contain confidential information and we want to ensure the adversary does not obtain them • Integrity and authenticity: Need to ensure – doctor is authorized to get Alice’s file – F A , F ′ A are not modified in transit – F A is really sent by database – F ′ A is really sent by (authorized) doctor 9 / 55

  14. What is cryptography about? Adversary: clever person with powerful computer Goals: • Data privacy • Data integrity and authenticity 10 / 55

  15. Ideal World Secure channel: Cannot see inside or alter content. 11 / 55

  16. Ideal World Secure channel: Cannot see inside or alter content. All our goals would be achieved! 11 / 55

  17. Ideal World Secure channel: Cannot see inside or alter content. All our goals would be achieved! But cryptonium is only available on planet Crypton and is in short supply. 11 / 55

  18. Cryptographic schemes E : encryption algorithm K e : encryption key D : decryption algorithm K d : decryption key 12 / 55

  19. Cryptographic schemes E : encryption algorithm K e : encryption key D : decryption algorithm K d : decryption key Algorithms: standardized, implemented, public! 12 / 55

  20. Cryptographic schemes E : encryption algorithm K e : encryption key D : decryption algorithm K d : decryption key Settings: • public-key (assymmetric): K e public, K d secret • private-key (symmetric): K e = K d secret 13 / 55

  21. Cryptographic schemes E : encryption algorithm K e : encryption key D : decryption algorithm K d : decryption key How do keys get distributed? Magic, for now! 14 / 55

  22. Cryptographic schemes Our concerns: • How to define security goals? • How to design E , D ? • How to gain confidence that E , D achieve our goals? 15 / 55

  23. Why is cryptography hard? • One cannot anticipate an adversary strategy in advance; number of possibilities is infinite. • “Testing” is not possible in this setting. 16 / 55

  24. Early history Substitution ciphers/Caesar ciphers: K e = K d = π : Σ → Σ , a secret permutation e.g., Σ = { A , B , C , . . . } and π is as follows: A B C D · · · σ π ( σ ) E A Z U · · · E π ( CAB ) = π ( C ) π ( A ) π ( B ) = Z E A D π ( ZEA ) = π − 1 ( Z ) π − 1 ( E ) π − 1 ( A ) = C A B 17 / 55

  25. Early history Substitution ciphers/Caesar ciphers: K e = K d = π : Σ → Σ , a secret permutation e.g., Σ = { A , B , C , . . . } and π is as follows: A B C D · · · σ π ( σ ) E A Z U · · · E π ( CAB ) = π ( C ) π ( A ) π ( B ) = Z E A D π ( ZEA ) = π − 1 ( Z ) π − 1 ( E ) π − 1 ( A ) = C A B Not very secure! (Common newspaper puzzle) 17 / 55

  26. The age of machines Enigma: German World War II machine Broken by British in an effort led by Turing 18 / 55

  27. Shannon and One-Time-Pad (OTP) Encryption ← { 0 , 1 } k $ K e = K d = K � �� � K chosen at random from { 0 , 1 } k For any M ∈ { 0 , 1 } k – E K ( M ) = K ⊕ M – D K ( C ) = K ⊕ C 19 / 55

  28. Shannon and One-Time-Pad (OTP) Encryption ← { 0 , 1 } k $ K e = K d = K � �� � K chosen at random from { 0 , 1 } k For any M ∈ { 0 , 1 } k – E K ( M ) = K ⊕ M – D K ( C ) = K ⊕ C Theorem (Shannon): OTP is perfectly secure as long as only one message encrypted. “Perfect” secrecy, a notion Shannon defines, captures mathematical impossibility of breaking an encryption scheme. Fact: if | M | > | K | , then no scheme is perfectly secure. 19 / 55

  29. Modern Cryptography: A Computational Science Security of a “practical” system must rely not on the impossibility but on the computational difficulty of breaking the system. (“Practical” = more message bits than key bits) 20 / 55

  30. Modern Cryptography: A Computational Science Rather than: “It is impossible to break the scheme” We might be able to say: “No attack using ≤ 2 160 time succeeds with probability ≥ 2 − 20 ” I.e., Attacks can exist as long as cost to mount them is prohibitive, where Cost = computing time/memory, $$$ 21 / 55

  31. Modern Cryptography: A Computational Science Security of a “practical” system must rely not on the impossibility but on the computational difficulty of breaking the system. Cryptography is now not just mathematics; it needs to draw on computer science • Computational complexity theory • Algorithm design 22 / 55

  32. Classical Approach: Iterated design Scheme 1 . 1 23 / 55

  33. Classical Approach: Iterated design Scheme 1 . 1 → bug! 23 / 55

  34. Classical Approach: Iterated design Scheme 1 . 1 → bug! ↓ Scheme 1 . 2 23 / 55

  35. Classical Approach: Iterated design Scheme 1 . 1 → bug! ↓ Scheme 1 . 2 → bug! 23 / 55

  36. Classical Approach: Iterated design Scheme 1 . 1 → bug! ↓ Scheme 1 . 2 → bug! ↓ . . . ↓ Scheme 1 . n 23 / 55

  37. Classical Approach: Iterated design Scheme 1 . 1 → bug! ↓ Scheme 1 . 2 → bug! ↓ . . . ↓ Scheme 1 . n → deploy 23 / 55

  38. Classical Approach: Iterated design Scheme 1 . 1 → bug! ↓ Scheme 1 . 2 → bug! ↓ . . . ↓ Scheme 1 . n → deploy → bug! 23 / 55

  39. Good cryptography • Understanding the goals: Formal adversarial models and definitions of security goals • Beyond iterated design: Proof by reduction that a construction achieves its goal 24 / 55

  40. Defining security A great deal of design tries to produces schemes without first asking: “What exactly is the security goal?” This leads to schemes that are complex, unclear, and wrong. 25 / 55

  41. Defining security Being able to precisely state what is the security goal of a design is challenging but important. We will spend a lot of time developing and justifying strong, precise notions of security. Thinking in terms of these precise goals and understanding the need for them may be the most important thing you get from this course! 26 / 55

  42. The factoring problem Input: Composite integer N Desired output: prime factors of N Example: Input: 85 Output: 27 / 55

  43. The factoring problem Input: Composite integer N Desired output: prime factors of N Example: Input: 85 Output: 17 , 5 27 / 55

  44. The factoring problem Input: Composite integer N Desired output: prime factors of N Example: Input: 85 Output: 17 , 5 Can we write a factoring program? 27 / 55

  45. The factoring problem Input: Composite integer N Desired output: prime factors of N Example: Input: 85 Output: 17 , 5 Can we write a factoring program? Easy! Alg Factor( N ) / / N a product of 2 primes √ For i = 2 , 3 , . . . , ⌈ N ⌉ do If N mod i = 0 then return i 27 / 55

  46. The factoring problem Input: Composite integer N Desired output: prime factors of N Example: Input: 85 Output: 17 , 5 Can we write a factoring program? Easy! Alg Factor( N ) / / N a product of 2 primes √ For i = 2 , 3 , . . . , ⌈ N ⌉ do If N mod i = 0 then return i But this is very slow ... Prohibitive if N is large (e.g., 400 digits) 27 / 55

  47. Can we factor fast? • Gauss couldn’t figure out how • Nor does anyone know now Nobody today knows how to factor a 400 digit number in a practical amount of time. 28 / 55

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

NII Homepage INFORMATION SYSTEMS IN JAPAN 2.1 The Science Information System and NACSIS / NII

NII Homepage INFORMATION SYSTEMS IN JAPAN 2.1 The Science Information System and NACSIS / NII

1. ECONOMICS OF INFORMATION Economics of Information Services 1.1 Microeconomics of Information 1961- Market Models with Asymmetric Information for Scientific and Technical Data in Information Cost / Value the Information Age: Lemon Market,

530 views • 6 slides
Information Information partition Player 's information partition is a collection of his

Information Information partition Player 's information partition is a collection of his

Information by Prof. Kyung Hwan Baik. Slides for chapter 7 of Games and Information Information partition Player 's information partition is a collection of his information sets i such that each path is represented by one node in

799 views • 43 slides
1 Information and its Presentation: Gender Cues in Low-Information vs. High-Information

1 Information and its Presentation: Gender Cues in Low-Information vs. High-Information

Information and its Presentation: Gender Cues in Low-Information vs. High-Information Experiments David J. Andersen Tessa Ditonto Iowa State University (9214 words) This article examines how the presentation of information during a laboratory

738 views • 37 slides
. distribution of all types of information . Not just news and advertising Meet the information

. distribution of all types of information . Not just news and advertising Meet the information

Presentation By Howard I. Finberg Director, Information Te chnology The fuizona Republic 4/3/e7 TECHNOLOGY STRATEGY Become the information leader . Effective collection, storage, retrieval and . distribution of all types of information . Not just

1.21k views • 22 slides
optimization work (including the timing thereof), construction activities, power supply and

optimization work (including the timing thereof), construction activities, power supply and

Certain information contained in this presentation constitutes forward looking information. This information may relate to future events or the Companys future performance. All information other than information of historical fact is forward

594 views • 41 slides
Certain information contained in this presentation constitutes forward looking information. This

Certain information contained in this presentation constitutes forward looking information. This

Certain information contained in this presentation constitutes forward looking information. This information may relate to futur e events or the Companys future performance. All information other than information of historical fact is forward

489 views • 13 slides
Information The following Information has been compiled from various sources by

Information The following Information has been compiled from various sources by

Information The following Information has been compiled from various sources by Westaff/Personnel Plus! HR Consultants It has been updated to be current as of this morning but It contains perishable information that can change at any

805 views • 45 slides
Requesting information under the Freedom of Information Act and the Data Protection Act Leigh

Requesting information under the Freedom of Information Act and the Data Protection Act Leigh

Requesting information under the Freedom of Information Act and the Data Protection Act Leigh Day / CORE Training Event on Access to Information 10 July 2015 Emily Soothill Freedom of Information Act 2000 (FOIA) " Freedom of Information

568 views • 18 slides
Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval

Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval

Introduction to Information Retrieval Introducing Information Retrieval and Web Search Information Retrieval Information Retrieval (IR) is finding material (usually documents) of an unstructured nature (usually text) that satisfies an

1.01k views • 57 slides
Information Theory Don Fallis Information in the Wild Intentional Information Transfer Data

Information Theory Don Fallis Information in the Wild Intentional Information Transfer Data

Information Theory Don Fallis Information in the Wild Intentional Information Transfer Data Storage Measuring Information Surprise! Inversely Related to Probability The lower the probability of event A, the more information you get by

608 views • 33 slides
recovery rates, net present values and internal rates of return, timing for the commencement of

recovery rates, net present values and internal rates of return, timing for the commencement of

Certain information contained in this presentation constitutes forward looking information. This information may relate to future events or the Companys future performance. All information other than information of historical fact is forward

582 views • 41 slides
11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information

11/15/2012 Storage of Classified Information DoD Information Security Program 1 Information Security Webinar Storage of Classified Information Host: Treva Alexander, SAPPC Information Security Course Manager, DSS - CDSE Gained experience in

329 views • 14 slides
INFORMATION AS POWER COMM1A WEEK 1; Sept 21, 2015 Information as Power 2 Information shapes

INFORMATION AS POWER COMM1A WEEK 1; Sept 21, 2015 Information as Power 2 Information shapes

INFORMATION AS POWER COMM1A WEEK 1; Sept 21, 2015 Information as Power 2 Information shapes behavior News media are the principal providers of current affairs information Political elites and those seeking to replace them have a strong

900 views • 64 slides
Information & Entropy Comp 595 DM Professor Wang Information & Entropy Information

Information & Entropy Comp 595 DM Professor Wang Information & Entropy Information

Information & Entropy Comp 595 DM Professor Wang Information & Entropy Information Equation p = probability of the event happening b = base (base 2 is mostly used in information theory) *unit of information is determined by base

226 views • 9 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Chapter 9: Information and Strategic Behavior Asymmetric information. Firms may have

Chapter 9: Information and Strategic Behavior Asymmetric information. Firms may have

Chapter 9: Information and Strategic Behavior Asymmetric information. Firms may have better (private) information on their own costs, the state of the demand... Static game fi rms information can be partially revealed by

309 views • 11 slides
from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing

Strong Key Derivation from Biometrics Benjamin Fuller, Boston University/MIT Lincoln Laboratory Privacy Enhancing Technologies for Biometrics, Haifa January 15, 2015 Based on three works: Computational Fuzzy Extractors [FullerMengReyzin13]

1.44k views • 55 slides
CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security

CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security

Cryptography is very old and very new Crypto is an ancient discipline Recall Julius Caesar, Enigma,... CS 4803 Crypto as a science (modern cryptography) has short but Computer and Network Security exciting history Most of it

638 views • 4 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 7: Introduction to Public-Key Cryptography Objectives of this Lecture 1.

678 views • 21 slides
Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application

Network Security Where we are in the Course Security crosses all layers Application Transport Network Link Physical CSE 461 University of Washington 2 Security Threats Security is like performance Means many things

374 views • 13 slides
Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU)

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU)

Reusable Non-Interactive Secure Computation Melissa Chase (MSR Redmond) Yevgeniy Dodis (NYU) Yuval Ishai (Technion) Daniel Kraschewski (TNG Technology Consulting) Tianren Liu (MIT UW) Rafail Ostrovsky (UCLA) Vinod Vaikuntanathan

1.31k views • 109 slides
Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin

Enabling the Aviation CO 2 Allowance Trading Through Secure Market Mechanisms Massimiliano Zanin mz@innaxis.org Secure CO 2 allowance trading :: Introduction Secure CO 2 allowance trading :: Introduction Problem: Computing without trust

598 views • 25 slides
From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell

From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell

From Crypto to Code Greg Morrisett Languages over a career Pascal/Ada/C/SML/Ocaml/Haskell ACL2/Coq/Agda Latex Powerpoint Someone elses Powerpoint 2 Cryptographic techniques Already ubiquitous: e.g., SSL/TLS

1.04k views • 37 slides
Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology

Background Secure Computation Security Model Generic Protocol Applications Secure Multi-Party Computation Gunnar Kreitz KTH Royal Institute of Technology gkreitz@kth.se October 4 2012 Gunnar Kreitz Secure Multi-Party Computation

1.28k views • 59 slides

More recommend