crypto conclusion
play

Crypto Conclusion Message Authentication Codes Key Management Fall - PowerPoint PPT Presentation

Nov 18, 2022 •503 likes •982 views

Crypto Conclusion Message Authentication Codes Key Management Fall 2012 CS 334: Computer Security 1 Message Authentication message authentication is concerned with: protecting the integrity of a message Confirming identity of

  1. Crypto Conclusion Message Authentication Codes Key Management Fall 2012 CS 334: Computer Security 1

  2. Message Authentication • message authentication is concerned with: – protecting the integrity of a message – Confirming identity of sender – non-repudiation of origin (dispute resolution) – Very important for e-commerce • will consider the security requirements • then three alternative functions used: – message encryption – message authentication code (MAC) – hash function Fall 2012 CS 334: Computer Security 2

  3. General Security Requirements • disclosure This is message confidentiality. • traffic analysis We’ve dealt with it already. • Masquerade: insertion of message into network from fraudulent source • content modification: modification to content of message • sequence modification: modification to a sequence of messages, including insertion, deletion, reordering, etc. All the rest are authentication issues (including next slide) Fall 2012 CS 334: Computer Security 3

  4. General Security Requirements • Timing modification: Delay or replay of messages – E.g. in a connection-oriented application (say one that uses TCP) an entire session could be a replay of some previous valid session • Source repudiation: denial of transmission of message by source • Destination repudiation: Denial of receipt of message by destination Fall 2012 CS 334: Computer Security 4

  5. Message Encryption • message encryption by itself also provides a measure of authentication • if symmetric encryption is used then: – receiver knows sender must have created it, since only sender and receiver know key used – know content cannot have been altered if message has suitable structure, redundancy, or a checksum to detect any changes • This is an important stipulation. The assumption that the recipient will notice an altered message is based on the assumption that the recipient can distinguish between a good and bad message. Fall 2012 CS 334: Computer Security 5

  6. Message Encryption • if public-key encryption is used: – encryption provides no confidence of sender, since anyone potentially knows public-key – however if • sender signs message using their private-key • then encrypts with recipients public key • have both secrecy and authentication – again need to recognize corrupted messages – but at cost of two public-key uses on message Fall 2012 CS 334: Computer Security 6

  7. Fall 2012 CS 334: Computer Security 7

  8. Fall 2012 CS 334: Computer Security 8

  9. Message Authentication Code (MAC) • The answer to recognition of bad messages lies in creating a known structure somewhere in the message. This is part of the idea behind MACs • generated by an algorithm that creates a small fixed-sized block – depending on both message and some key – like encryption, BUT need not be reversible • appended to message as a signature • receiver performs same computation on message and checks it matches the MAC • provides assurance that message is unaltered and comes from sender Fall 2012 CS 334: Computer Security 9

  10. Message Authentication Code Fall 2012 CS 334: Computer Security 10

  11. Fall 2012 CS 334: Computer Security 11

  12. Message Authentication Codes • MAC does not provide secrecy • If using MAC with symmetric cipher: – generally use separate keys for each – can compute MAC either before or after encryption – is generally regarded as better done before • why use a MAC? – sometimes only authentication is needed – sometimes need authentication to persist longer than the encryption (eg. archival use) • note that a MAC is not a digital signature – That is, the sender can still deny having sent the message Fall 2012 CS 334: Computer Security 12

  13. MAC Properties • a MAC is a cryptographic checksum MAC = C K (M) – condenses a variable-length message M – using a secret key K – to a fixed-sized authenticator • is a many-to-one function – potentially many messages have same MAC – but (obviously) finding these needs to be very difficult Fall 2012 CS 334: Computer Security 13

  14. Requirements for MACs • Knowing a message and MAC, it is infeasible to find another message with the same MAC • MACs should be uniformly distributed (among the space of possible MACs) • MAC should depend equally on all bits of the message Fall 2012 CS 334: Computer Security 14

  15. Hash Functions • condenses arbitrary message to fixed size • usually assume that the hash function is public and not keyed —this is the difference between a hash function and a MAC (the lack of key) • hash used to detect changes to message • can use in various ways with message • most often to create a digital signature Fall 2012 CS 334: Computer Security 15

  16. Hash Functions & Digital Signatures Fall 2012 CS 334: Computer Security 16

  17. Fall 2012 CS 334: Computer Security 17

  18. Fall 2012 CS 334: Computer Security 18

  19. Hash Function Properties • a Hash Function produces a fingerprint of some file/message/data h = H(M) – condenses a variable-length message M – to a fixed-sized fingerprint • assumed to be public Fall 2012 CS 334: Computer Security 19

  20. Requirements for Hash Functions 1. can be applied to any sized message M 2. produces fixed-length output h 3. is easy to compute h=H(M) for any message M 4. given h is infeasible to find x s.t. H(x)=h • one-way property 5. given x is infeasible to find y s.t . H(y)=H(x) • weak collision resistance 6. is infeasible to find any x,y s.t . H(y)=H(x) • strong collision resistance Fall 2012 CS 334: Computer Security 20

  21. Birthday Attacks • might think a 64-bit hash is secure • but by Birthday Paradox is not • birthday attack works thus: m/2 variations of a valid message – opponent generates 2 all with essentially the same meaning (m is length of hash) m/2 variations of a desired – opponent also generates 2 fraudulent message – two sets of messages are compared to find pair with same hash (probability > 0.5 by birthday paradox) – have user sign the valid message, then substitute the forgery which will have a valid signature • conclusion is that need to use larger hashes Fall 2012 CS 334: Computer Security 21

  22. Birthday Paradox • Classic probability problem that demonstrates that probability results often nonintuitive • The problem: Given a room with k people, what is the probability that two of them have the same birthday (same month and day, assume no twins, etc) • We seek P ( n , k ) Pr[ at least one duplicate in k items, = with each item able to take on one of n equally likely val ues between 1 and n ] We want P(365,k) Fall 2012 CS 334: Computer Security 22

  23. We start by computing Q Pr[ no matches], so P 1 -Q . = = First, number of ways of choosing k objects from group of 365 with no repeats : 365 ! K N 365 364 363 ( 365 k 1 ) = × × × × − + = ( 365 k )! − k If we allow repeats, then ther e are 365 possibilit ies. So, probabilit y of no repeats is 365 ! 365 ! ( 365 k )! − Q ( 365 , k ) = = k k 365 ( 365 k )! 365 − 365 ! Thus, P ( 365 , k ) 1 Q ( 365 , k ) 1 = − = − k ( 365 k )! 365 − Fall 2012 CS 334: Computer Security 23

  24. Graph of P(365,k) Fall 2012 CS 334: Computer Security 24

  25. Hash Functions & MAC Security • brute-force attacks exploiting m/2 – strong collision resistance hash have cost 2 • have proposal for h/w MD5 cracker – UPDATE: As of 2010, MD5 is no longer suitable for cryptographic use (trashed) • Use SHA-2 instead (has digest sizes of 224, 256, 384, 512) – Similar to SHA-1 (Which has mathematical weaknesses), though SHA-2 not broken – UPDATE UPDATE: On October 12, 2012, Keccak named winner of the NIST Hash Function Competition (and is thus SHA-3) • NIST wanted a hash that was not similar in design to SHA-1 (or SHA-2 in case that was broken) • Joan Daemen (of AES fame) one of designers Fall 2012 CS 334: Computer Security 25

  26. Hash Functions & MAC Security • cryptanalytic attacks exploit structure – like block ciphers want brute-force attacks to be the best alternative • have a number of analytic attacks on iterated hash functions – CV i = f[CV i-1 , M i ]; H(M)=CV N – typically focus on collisions in function f – like block ciphers is often composed of rounds – attacks exploit properties of round functions Fall 2012 CS 334: Computer Security 26

  27. Summary • have considered message authentication using: – message encryption – MACs – hash functions – general approach & security Fall 2012 CS 334: Computer Security 27

  28. Key Management Fall 2012 CS 334: Computer Security 28

  29. Key Distribution Issues • hierarchies of KDC’s required for large networks, but must trust each other • session key lifetimes should be limited for greater security • use of automatic key distribution on behalf of users, but must trust system • use of decentralized key distribution • controlling purposes keys are used for Fall 2012 CS 334: Computer Security 29

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE

CRYPTO HERE, CRYPTO THERE, CRYPTO, CRYPTO EVERYWHERE WORLD AQUATIC HEALTH CONFERENCE WILLIAMSBURG, VA THURSDAY, OCTOBER 17 TH , 2019 JOHN KELLY, PE IOWA DEPARTMENT OF PUBLIC HEALTH DISCLAIMER THIS PRESENTATION: IS INTENDED FOR

843 views • 40 slides
Crypto Conclusion (maybe) Message Authentication Codes Key Management Fall 2018 CS 334:

Crypto Conclusion (maybe) Message Authentication Codes Key Management Fall 2018 CS 334:

Crypto Conclusion (maybe) Message Authentication Codes Key Management Fall 2018 CS 334: Computer Security 1 Message Authentication message authentication is concerned with: protecting the integrity of a message Confirming

512 views • 48 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
Cryptography for Software and Web Developers Part 5: Dont believe the crypto hype Hanno B

Cryptography for Software and Web Developers Part 5: Dont believe the crypto hype Hanno B

Snake Oil Nationalism Conclusion Cryptography for Software and Web Developers Part 5: Dont believe the crypto hype Hanno B ock 2014-05-28 1 / 10 New fancy crypto tool Snake Oil Example Telegram Nationalism Example Threema

670 views • 11 slides
- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops

- The First Crypto Merchant - Crypto Payment Crypto Payment for online shops for retail shops Did you know? Our payment system has ZERO FEES for processing payments How it works? It takes only a few minutes to complete Merchant Initiate

269 views • 11 slides
Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on

Javascript Crypto & The Case Against Crypto Reductionism Ben Adida Mozilla Workshop on Real-World Crypto January 2013 promote openness, innovation & opportunity on the Web. previously easy to deploy easy to use privacy

610 views • 22 slides
Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013

Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013

Introduction 1/24 Gatan Leurent Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013 UCL Crypto Group FSE 2013 Cryptanalysis of WIDEA G. Leurent Microelectronics Laboratory UCL Crypto Group

617 views • 32 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Radboud University Nijmegen e-Passport example

1.11k views • 12 slides
Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Crypto intro Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example Encryption: modes of operation Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information

856 views • 73 slides
Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Outline Public key crypto RSA Essentials Computer Security: Public Key Crypto Public Key Crypto

Public key crypto Public key crypto RSA Essentials RSA Essentials Public Key Crypto in Java Public Key Crypto in Java Radboud University Nijmegen Radboud University Nijmegen Public key protocols Public key protocols Diffie-Hellman and El

448 views • 16 slides
w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals

Aditus Luxury Access Platform for Crypto A ffl uents Presentation 21 Nov 2017 w w w . a d i t u s . n e t Crypto-currencies have created a new class of a ffl uent individuals Crypto-currency values have been the best performing asset class

206 views • 19 slides
Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO

Algorithms, cryptography and protocols DONT EVER ROLL YOUR OWN PROTOCOL, CRYPTO ALGO, CRYPTO Use this space to add an image. IMPLEMENTATION, OR CRYPTO RNG Insert an image and change the scale to cover this box. ALSO, KEY MANAGEMENT IS

1.01k views • 81 slides
19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a

Is 2 255 19 big enough? What marketing says Generate public keys 56-bit crypto: Broken. on a strong elliptic curve 128-bit crypto: Okay. over the field Z (2 255 19). 256-bit crypto: High security! Is that safe? 512-bit

121 views • 11 slides
Cryptanalysis of C2 Julia Borghoff , Lars R. Knudsen, Gregor Leander, Krystian Matusiewicz CRYPTO

Cryptanalysis of C2 Julia Borghoff , Lars R. Knudsen, Gregor Leander, Krystian Matusiewicz CRYPTO

Outline C2 - description Attack scenarios Conclusion Cryptanalysis of C2 Julia Borghoff , Lars R. Knudsen, Gregor Leander, Krystian Matusiewicz CRYPTO 2009 1 / 19 Outline C2 - description Attack scenarios Conclusion C2 - description 1

979 views • 36 slides
Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform

Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform

Ethereum and the crypto landscape Different Crypto Value Propositions Name Payment Platform Stable Coin Dapps Sum $ Bitcoin 154.00 $ Ethereum 29.00 $ XRP 18.70 $ BCH 7.70 $ EOS 7.20 $ LiteCoin 7.00 $ BNB 4.70 $ Tether

160 views • 12 slides
Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for 2020 Tim Gneysu Hardware Security Group Horst Grtz Institute for IT-Security, Bochum 1/24/2013 Outline Introduction Alternative Public-Key

735 views • 55 slides
Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information

Information Systems Security Dr. Ayman Abdel-Hamid College of Computing and Information Technology Arab Academy for Science & Technology and Maritime Transport Digital Signatures and Authentication Protocols ISS Dr. Ayman Abdel-Hamid 1

582 views • 27 slides

10 Network Security, Principles and Practice,3 rd Ed. :

574 views • 20 slides
Alex Suciu Northeastern University Special Session Advances in Arrangement Theory Mathematical

Alex Suciu Northeastern University Special Session Advances in Arrangement Theory Mathematical

A RRANGEMENT COMPLEMENTS AND M ILNOR FIBRATIONS Alex Suciu Northeastern University Special Session Advances in Arrangement Theory Mathematical Congress of the Americas Montral, Canada July 25, 2017 A LEX S UCIU (N ORTHEASTERN ) A RRANGEMENT

593 views • 17 slides
High Reliability Monitoring and Control of Wind Turbines Peter Seiler Department of Aerospace

High Reliability Monitoring and Control of Wind Turbines Peter Seiler Department of Aerospace

A EROSPACE E NGINEERING AND M ECHANICS High Reliability Monitoring and Control of Wind Turbines Peter Seiler Department of Aerospace Engineering & Mechanics University of Minnesota A EROSPACE E NGINEERING AND M ECHANICS Turbine Components

1.02k views • 55 slides
RULING ELDER 101 SHENANGO LEADERFEST 2018 BOOK OF ORDER G-2.0301 RULING ELDER DEFINED As there

RULING ELDER 101 SHENANGO LEADERFEST 2018 BOOK OF ORDER G-2.0301 RULING ELDER DEFINED As there

PRINCIPLES AND PRACTICES RULING ELDER 101 SHENANGO LEADERFEST 2018 BOOK OF ORDER G-2.0301 RULING ELDER DEFINED As there were in Old Testament times elders for the government of the people, so the New Testament church provided persons with

689 views • 23 slides
Financial Distress among the Elderly: Bankruptcy and Foreclosure Wenli Li, Philadelphia Fed,

Financial Distress among the Elderly: Bankruptcy and Foreclosure Wenli Li, Philadelphia Fed,

Financial Distress among the Elderly: Bankruptcy and Foreclosure Wenli Li, Philadelphia Fed, and Michelle J. White, UCSD and NBER Increase in elderly financial distress since 2000 Bankruptcies and foreclosures are both important indicators

346 views • 22 slides
The Biblical Profile of an Elder Part 3 I. Exemplifies Godly Character II. Is an Example in His

The Biblical Profile of an Elder Part 3 I. Exemplifies Godly Character II. Is an Example in His

The Biblical Profile of an Elder Part 3 I. Exemplifies Godly Character II. Is an Example in His Own Home A. The Husband of One Wife B. Manages His Own Household Well C. Not Self-Willed D. Hospitable III. Is an Established Believer A. Not a

204 views • 5 slides
Shepherds David Lipscomb 1 Controlling the church by virtue of authority of office is

Shepherds David Lipscomb 1 Controlling the church by virtue of authority of office is

Lesson Fourteen Faithful Shepherds David Lipscomb 1 Controlling the church by virtue of authority of office is unknown in the scriptures. All should seek to control simply and only through the authority of truth, impressed by lives of

703 views • 31 slides

More recommend