csce 790 secure computer systems applied cryptography
play

CSCE 790 Secure Computer Systems Applied Cryptography Professor - PowerPoint PPT Presentation

Aug 31, 2023 •13 likes •273 views

CSCE 790 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2020 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public Key to the world

  1. 
 CSCE 790 
 Secure Computer Systems 
 Applied Cryptography Professor Qiang Zeng Spring 2020

  2. Symmetric vs. Asymmetric Cryptography • Symmetric cipher is much faster • With asymmetric ciphers, you can post your Public Key to the world and then the world can communicate with your secretly without having to meet you first • Non-repudiation can only be achieved through asymmetric cryptography – Digital Signature • Key establishment with Asymmetric Crypto is easier (to be covered this lecture) CSCE 790 – Computer Systems Security 2

  3. Previous class… How do Digital Signatures assure non-repudiation? A Digital Signature is generated by one’s private key; nobody else can generate the signature CSCE 790 – Computer Systems Security 3

  4. Previous class… Since Asymmetric Cryptography is so versatile, can it replace Symmetric Cryptography completely? No, Symmetric Cryptography has its advantage on speed. Plus, all Asymmetric Ciphers are established on some computationally difficult number-theory problems, which are never mathematically proven to be difficult. Advances in number theory or Quantum Computing may one day render all asymmetric ciphers ineffective. But Symmetric Cryptography will keep safe (you only need to increase the key size when the computing power advances) CSCE 790 – Computer Systems Security 4

  5. Outline • Authentication Protocols • Data Integrity Checking Protocols • Forward Secrecy – Diffie-Hellman Key Agreement CSCE 790 – Computer Systems Security 5

  6. User Authentication • User authentication: to verify the identity of the communicating participant – E.g., the participant shows evidence about the knowledge of some password CSCE 790 – Computer Systems Security 6

  7. User Authentication – Password as Plaintext (Use it only over a secure channel) • Bob wants to authenticate Alice’s identity • Assumption: Bob knows Alice’s password is P A – P A is Alice’s credential P A Alice Bob The password is transmitted as plaintext, which can be intercepted by the adversary; this scheme is insecure for network-based communication CSCE 790 – Computer Systems Security 7

  8. User Authentication – Hash of Password (don’t use it) • Bob wants to authenticate Alice’s identity • Assumption: Bob knows Alice’s password is P A Hash(P A ) Alice Bob It is insecure as the adversary can record Hash(P A ) for Replay Attacks CSCE 790 – Computer Systems Security 8

  9. Challenge-response based User Authentication • Bob wants to authenticate Alice’s identity • Assumption: Bob knows Alice’s password is P A (1) Alice requests connection (Bob is Server; Alice is client) (2) Bob sends a nonce c Alice Bob (3) Alice sends Hash(c || P A ) This is called the Digest Access Authentication. Replay Attacks will not work, why? As Bob (Server) makes sure c is never reused. A Nonce is a number that is only used once CSCE 790 – Computer Systems Security 9

  10. Challenge-response based User Authentication • The scheme is still vulnerable to the Chosen Plaintext Attack – The adversary may intercept the request from Alice and impersonate the server – The fake server then sends Alice a pre-selected “challenge” c – Alice then returns Hash(c || password) – If the adversary has pre-computed Hash(c || password) for all possible passwords and the pre-selected c value, then a rainbow table attack can be launched • Countermeasure: Alice sends a client nonce (cnonce) along with Hash(cnonce || c || password) CSCE 790 – Computer Systems Security 10

  11. User Authentication vs. Data Integrity • User authentication: the identity of the communicating participant can be verified – E.g., the participant shows evidence about the knowledge of some password • Data integrity: the receiver can check whether the message has been manipulated – Data integrity implies that the data comes from the right origin CSCE 790 – Computer Systems Security 11

  12. Data Integrity with Symmetric Crypto • Alice wants to make sure Bob can verify the integrity of the message received m, Hash(m) Alice Bob We already covered that the adversary may replace both m and the hash; thus, this scheme is insecure if the message and the hash are both transmitted through an insecure channel CSCE 790 – Computer Systems Security 12

  13. Data Integrity with Symmetric Crypto • Alice wants to make sure Bob can verify the integrity of the message received • K is the shared key between Alice and Bob m, MAC(K, m) Alice Bob It is critical that the message should contain timestamp or sequence number; otherwise, it is vulnerable to Replay Attacks CSCE 790 – Computer Systems Security 13

  14. Data Integrity with Asymmetric Crypto • Alice wants to make sure Bob can verify the integrity of the message received • PR A is the private key of Alice m, Sign(PR A , m) Alice Bob • Bob recovers the digest from the signature • Then, Bob regenerates the digest independantely and compares it against the recovered digest • Can this scheme achieve non-repudiation? – Yes, everyone can verify that the signature was generated by Alice, and only Alice has the private key to generate it CSCE 790 – Computer Systems Security 14

  15. Data Integrity + Confidentiality with Symmetric Crypto • Alice wants to make sure Bob can verify the integrity of the message received • In addition, Alice wants to achieve confidentiality E(K, m), MAC(K, m) Alice Bob CSCE 790 – Computer Systems Security 15

  16. Data Integrity + Confidentiality with Asymmetric Crypto • Alice wants to make sure Bob can verify the integrity of the message received • In addition, Alice wants to achieve confidentiality E(PU B , m), Sign(PR A , m) Alice Bob • What is the disadvantage of this scheme? – Asymmetric Crypto is quite expensive. It is not economic to use it to encrypt a large amount of data (Recall that when you sign a message, you do not sign the message directly but its digest, e.g., 256 bits) CSCE 790 – Computer Systems Security 16

  17. Data Integrity + Confidentiality with Asymmetric Crypto • Alice wants to make sure Bob can verify the integrity of the message received • In addition, Alice wants to achieve confidentiality E(K, m), MAC(K, m), E(PU B , K) Alice Bob • Alice can pick a key – The key is used to encrypt and generate the MAC – The key is encrypted using Bob’s public key and sent to Bob CSCE 790 – Computer Systems Security 17

  18. Can We Do Better? E(K, m), MAC(K, m), E(PU B , K) Alice Bob • The adversary may collect the traffic between Alice and Bob, even though the adversary does not understand the conversation • It is possible that one day the adversary gets Bob’s private key (e.g., the adversary is CIA) • Is there countermeasure that protects the confidentiality of the past conversations even all the traffic has been collected and the long-time private key (of Bob) is leaked one day CSCE 790 – Computer Systems Security 18

  19. Forward Secrecy • Forward Secrecy (also called Perfect Forward Secrecy) protects past conversations against future compromises of long-time secret keys or passwords. • It implies that even CIA has collected the traffic of all the past conversations and later obtains the key or password, you can deny the content about the conversation • Forward Secrecy is usually built on Diffie- Hellman based key agreement CSCE 790 – Computer Systems Security 19

  20. Diffie-Hellman Key Agreement • While DH can also be used for encryption, the most wide use is to negotiate keys • The most prominent property of DH is that even the adversary obtains all the traffic for key agreement in plaintext, the adversary cannot infer the key Seemingly impossible , but was achieved by Diffie and Hellman in 1976 CSCE 790 – Computer Systems Security 20

  21. DH Key Agreement CSCE 790 – Computer Systems Security 21

  22. DH Key Agreement CSCE 790 – Computer Systems Security 22

  23. Subject to Man-in-the-middle Attack • The essential problem is that the schemes lacks authentication – Alice has no way to authenticate whether B is sent by Bob – Bob has no way to authenticate whether A is sent by Alice CSCE 790 – Computer Systems Security 23

  24. DH Key Agreement with Authentication • Example: Station-to-Station protocol • (1) Alice → Bob : A, g, p • (2) Alice ← Bob : B , Cert B , E K (S B (A, B )) //Bob signs it • (3) Alice → Bob : Cert A , E K (S A ( A , B )) // Alice signs it CSCE 790 – Computer Systems Security 24

  25. Summary • Important Applications of Crypto for – User Authentication – Data Integrity – Confidentiality • Diffie-Hellman Key Agreement – Modular Logarithm – For Forward Secrecy CSCE 790 – Computer Systems Security 25

  26. Writing Assignments • How to achieve authentication and data integrity of communication over an insecure channel? • Why is Diffie-Hellman Key Agreement subject to the man-in-the-middle Attack? • Reading: • https://stackoverflow.com/questions/6441578/ how-secure-is-htaccess-password-protection CSCE 790 – Computer Systems Security 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography

527 views • 26 slides
CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems Asymmetric Cryptography Professor Qiang Zeng Spring 2020 Previous Class Symmetric Encryption Block Ciphers DES (dont use it), 3-DES, AES Mode of operation: ECB (dont use it), CBC,

563 views • 24 slides
CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang Zeng Spring 2020

CSCE 790 Secure Computer Systems PKI and Kerberos Professor Qiang Zeng Spring 2020 Previous Class Important Applications of Crypto User Authentication verify the identity based on something you know Sending the

302 views • 26 slides
HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography &

HOST Cryptography I ECE 525 Cryptography Handbook of Applied Cryptography & http://cseweb.ucsd.edu/users/mihir/cse207/ Brief History: Proliferation of computers and communication systems in 1960s brought with it a demand to protect

273 views • 24 slides
Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020

Applied Cryptography (Pt. 1) Engineering Secure Software Last Revised: October 13, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Networks, Cryptography, and You Most application developers Dont implement networking

333 views • 30 slides
Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020

Applied Cryptography (Pt. 2) Engineering Secure Software Last Revised: October 16, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Recap Symmetric keys Benefit: fastest, mathematically the strongest Drawback:

425 views • 23 slides
1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

Cryptography security Cryptography may be a component of a secure system Cryptographic Systems Adding cryptography may not make a Authentication & Communication system secure Protocols Paul Krzyzanowski Distributed Systems

753 views • 23 slides
CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1:

CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1:

CSCE 790 Computer Systems Security Introduction Professor Qiang Zeng Spring 2020 Story 1: Morris the first worm in history CSCE 790 Computer Systems Security 2 Story 2: Malware, Stuxnet , took down Irans nuclear facilities

344 views • 30 slides
CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020

CSCE 790 Computer Systems Security Firmware Security Professor Qiang Zeng Spring 2020 Previous Class Virus vs. Worm vs. Trojan Drive-by download Botnet Rootkit CSCE 790 Computer Systems Security 2 Trojan vs. Virus

302 views • 16 slides
Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy:

Applied Cryptography Lecture 1 Applied Cryptography Lecture 1 Our first encounter with secrecy: Secret-Sharing Secrecy Secrecy Cryptography is all about controlling access to information Access to learning and/or influencing

2.01k views • 171 slides
CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng

CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng

CSCE 790 Computer Systems Security Biometrics (Something You Are) Professor Qiang Zeng Spring 2020 Previous Class Credentials Something you know (Knowledge factors) Something you have (Possession factors) Something

506 views • 24 slides
Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in

Cryptography: Public Key Cryptography; Mathematical Preliminaries Greg Plaxton Theory in Programming Practice, Spring 2005 Department of Computer Science University of Texas at Austin Secure Communication Earlier we discussed the problems

202 views • 18 slides
CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous

CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous

CSCE 790 Computer Systems Security Malware Professor Qiang Zeng Spring 2020 Previous Class Implementation Principles Policy and Mechanism Decoupling Reference Monitor Bell-LaPadula (BLP) Secrecy Model No read up

822 views • 34 slides
Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems

Secure Systems Engineering Chester Rebeiro Indian Institute of Technology Madras Secure Systems Computer systems can be considered a closed box. Informa8on in the box is safe as long as nothing enters or leaves the box. Systems S8ll

206 views • 16 slides
Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID

Secure UHF Tags with Strong Cryptography Development of ISO/IEC 18000-63 Compatible Secure RFID Tags and Presentation of First Results Walter Hinz, Klaus Finkenzeller, Martin Seysen Barcelona, February 19 th , 2013 Agenda Motivation for

416 views • 26 slides
Block-Supply Chain: A New Anti- Counterfeiting Supply Chain Using NFC and Blockchain By: Naif

Block-Supply Chain: A New Anti- Counterfeiting Supply Chain Using NFC and Blockchain By: Naif

Block-Supply Chain: A New Anti- Counterfeiting Supply Chain Using NFC and Blockchain By: Naif Alzahrani Nirupama Bulusu Portland State University Motivation Products Counterfeiting World Health Organization (WHO) 2008 [1]: 30% of

919 views • 53 slides
The Pandemic Challenge Responding to COVID-19 Who We Are, What We Do Together Our Impact Is

The Pandemic Challenge Responding to COVID-19 Who We Are, What We Do Together Our Impact Is

The Pandemic Challenge Responding to COVID-19 Who We Are, What We Do Together Our Impact Is Greater We unleash the power of collaboration between CDC and philanthropies, organizations, corporations, governments and individuals in order to

342 views • 8 slides
CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and

CS 356 Lecture 5 User Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Integrity, Confidentiality, Availability, Authentication, and Accountability Types of threats: active vs. passive,

449 views • 24 slides
Practical Password Recovery on an Practical Password Recovery on an MD5 Challenge/Response such

Practical Password Recovery on an Practical Password Recovery on an MD5 Challenge/Response such

Practical Password Recovery on an Practical Password Recovery on an MD5 Challenge/Response such as MD5 Challenge/Response such as APOP * APOP * Yu Sasaki ( The University of Electro-Communications ) Go Yamamoto (NTT) Kazumaro Aoki (NTT)

436 views • 8 slides
wubalubadubdub 1 Yuriy Ackermann Yuriy Ackermann Sr. Certification Engineer Sr. Certification

wubalubadubdub 1 Yuriy Ackermann Yuriy Ackermann Sr. Certification Engineer Sr. Certification

Universal Second Factor authentication or why 2FA today is wubalubadubdub 1 Yuriy Ackermann Yuriy Ackermann Sr. Certification Engineer Sr. Certification Engineer @FIDOAlliance @FIDOAlliance twitter/github: @herrjemand twitter/github:

574 views • 42 slides
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Patrick

CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Patrick

1.09k views • 49 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical Unclonable Func1ons and Applica1ons: A Tutorial h8p://ieeexplore.ieee.org/document/6823677/ Edge Devices 1000s of them expected to be deployed Low power

1.06k views • 71 slides

More recommend