cse 543 computer security
play

CSE 543 - Computer Security Lecture 4 - Cryptography September 6, - PowerPoint PPT Presentation

Aug 14, 2023 •122 likes •358 views

CSE 543 - Computer Security Lecture 4 - Cryptography September 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Hash Algorithms Hash algorithm

  1. CSE 543 - Computer Security Lecture 4 - Cryptography September 6, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1

  2. Hash Algorithms • Hash algorithm – Compression of data into a hash value – E.g., h(d) = parity(d) – Such algorithms are generally useful in programs • … as used in cryptosystems – One-way - (computationally) hard to invert h() , i.e., compute h -1 (y), where y=h(d) – Collision resistant hard to find two data x 1 and x 2 such that h(x 1 ) == h(x 2 ) • Q: What can you do with these constructs? 2 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  3. Hash Functions • Design a “strong cryptographic hash function” • No formal basis – Concern is backdoors • MD2 – Substitution based on pi • MD4, MD5 – Similar, but complex functions in multiple passes • SHA-1 – 160-bit hash – “Complicated function” 3 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  4. Message Authentication Code • MAC – Authenticates integrity for data d – Uses some key k and hash algorithm h – To simplify, mac(k,d) = h( k+d ) • Why does this provide integrity? – Cannot produce mac(k,d) unless you know k, d – If you could, then can break h – Exercise for class: prove the previous statement • Used in protocols to authenticate content 4 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  5. HMAC • MAC that meets the following properties – Collision-resistant – Attacker cannot computer proper digest without knowing K • Even if attacker can see an arbitrary number of digests H(k+x) • Simple MAC has a flaw – Block hash algorithms mean that new content can be added – Turn H(K+m) to H(K+m+m ’ ) where m ’ is controlled by an attacker • HMAC(K, d) = H(K + H(K + d)) – Attacker cannot extend MAC as above – Prove it to yourself 5 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  6. Birthday Attack • A birthday attack is a name used to refer to a class of brute-force attacks. – birthday paradox : the probability that two or more people in a group of 23 share the same birthday is >than 50% • General formulation – function f() whose output is uniformly distributed – On repeated random inputs n = { n 1 , n 2 , , .., n k } • Pr(n i = n j ) = 1.2k 1/2 , for some 1 <= i,j <= k, 1 <= j < k, i != j • E.g., 1.2(365 1/2 ) ~= 23 • Q: Why is resilience to birthday attacks important? 6 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  7. Using hash values as authenticators • Consider the following scenario • Alice is a teacher who has not decided if she will cancel the next lecture. • When she does decide, she communicates to Bob the student through Mallory, her evil TA. • She does not care if Bob shows up to a cancelled class • Alice does not trust Mallory to deliver the message. • She and Bob use the following protocol: 1. Alice invents a secret t 2. Alice gives Bob h(t), where h() is a crypto hash function 3. If she cancels class, she gives t to Mallory to give to Bob If does not cancel class, she does nothing – If Bob receives the token t, he knows that Alice sent it – 7 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  8. Hash Authenticators • Why is this protocol secure? – t acts as an authenticated value (authenticator) because Mallory could not have produced t without inverting h() – Note : Mallory can convince Bob that class is occurring when it is not by simply not delivering h(t) (but we assume Bob is smart enough to come to that conclusion when the room is empty) • What is important here is that hash preimages are good as (single bit) authenticators. • Note that it is important that Bob got the original value h(t) from Alice directly (was provably authentic) 8 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  9. Hash chain • Now, consider the case where Alice wants to do the same protocol, only for all 26 classes (the semester) • Alice and Bob use the following protocol: 1.Alice invents a secret t 2.Alice gives Bob H 26 (t), where H 26 () is 26 repeated applications of H(). 3.If she cancels class on day d, she gives H (26-D) (t) to Mallory, e.g., If cancels on day 1, she gives Mallory H 25 (t) If cancels on day 2, she gives Mallory H 24 (t) ……. If cancels on day 25, she gives Mallory H 1 (t) If cancels on day 26, she gives Mallory t 4.If does not cancel class, she does nothing – If Bob receives the token t, he knows that Alice sent it 9 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  10. Hash Chain (cont.) • Why is this protocol secure? • On day d, H (26-d) (t) acts as an authenticated value (authenticator) because Mallory could not produce t without inverting H() because for any H k (t) she has k>(26-d) • That is, Mallory potentially has access to the hash values for all days prior to today, but that provides no information on today’s value, because they are all post-images of today’s value – Note : Mallory can again convince Bob that class is occurring by not delivering H (26-d) (t) • Important: chain of hash values are ordered authenticators • Important that Bob got the original value H 26 (t) from Alice directly (was provably authentic) 10 CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  11. Basic truths of cryptography … • Cryptography is not frequently the source of security problems – Algorithms are well known and widely studied • Use of crypto commonly is … (e.g., WEP) – Vetted through crypto community – Avoid any “proprietary” encryption – Claims of “new technology” or “perfect security” are almost assuredly snake oil 11 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  12. Why Cryptosystems Fail • In practice, what are the causes of cryptosystem failures – Not crypto algorithms typically 12 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  13. Case Study • ATM Systems – Some public data – High value information – Of commercial enterprises, banks have most interest in security • How do they work? – Card: with account number – User: provides PIN – ATM: Verifies that PIN corresponds to encryption of account number with PIN key (offset can be used) • Foundation of security – PIN key (can obtain PIN if known and forge cards) 13 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  14. Simple Fraud • Insiders – Make an extra card; special ops allow debit of any acct • Outsiders – Shoulder surfing; fake ATMs; replay pay response • PINs – Weak entropy of PIN keys; limit user PIN choices; same PIN for everyone • User-chosen PINs – Bad; Store encrypted in a file (find match); Encrypted on card • Italy – Fake ATMs; Offline ATMs (make several copies of card) 14 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  15. More Complex Issues • PIN key derivation – Set terminal key from two shares – Download PIN key encrypted under terminal key • Other banks ’ PIN keys – Encrypt ‘ working keys ’ under a zone key – Re-encrypt under ATM bank ’ s working key • Must keep all these keys secret 15 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  16. Products Have Problems • Despite well understood crypto foundations, products don ’ t always work securely – Lose secrets due to encryption in software – Incompatibilities (borrow my terminal) – Poor product design • Back doors enabled, non-standard crypto, lack of entropy, etc. – Sloppy operations • Ignore attack attempts, share keys, procedures are not defined or followed – Cryptanalysis sometimes • Home-grown algorithms!, improper parameters, cracking DES 16 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

  17. Problems • Systems may work in general, but – Are difficult to use in practice – Counter-intuitive – Rewards aren ’ t clear – Correct usage is not clear – Too many secrets ultimately • Fundamentally, two problems – Too complex to use – No way to determine if use if correct 17 CSE543 Computer (and Network) Security - Fall 2005 - Professor McDaniel CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer

Introduction to Computer Security Rev. Sept 2015 What is Computer Security? 2 Computer Security is the protection of computing systems and the data that they store or access 3 Why is Computer Security Important? Computer Security allows

690 views • 19 slides
Quick Intro to Computer Security What is computer security? Securing communication

Quick Intro to Computer Security What is computer security? Securing communication

Carnegie Mellon Quick Intro to Computer Security What is computer security? Securing communication Cryptographic tools Access control User authentication Computer security and usability Thanks to Mike Reiter for the

412 views • 38 slides
Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and

Introduction to Computer Security Why do we need computer security? What are our goals and what threatens them? Lecture 1 Page 1 CS 236 Online Why Is Security Necessary? Because people arent always nice Because a lot of

415 views • 25 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J CSCI 6268/TLEN 5831, Fall 2004 Introduction UC Davis PhD in 2000 Cryptography Interested in broader security as well

492 views • 12 slides
Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer

Introduction Attacks Security Goals Fall 2010 CS 334 Computer Security 1 What is Computer Security? Generally concerned with protection of computer related assets Risk analysis and management! Manage could mean prevention of

537 views • 26 slides
Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure

IN3210 Network Security Computer Security Foundations What is Security? Attacker Assets Threat Counter- measure Computer Security Security of computers and networks Protection of digital assets Axioms of Computer Security:

240 views • 23 slides
Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak

8.10.2019 Information Security Basic Ciphers Computer Security: Ensure security of data kept on the computer Ahmet Burak Can Network Security: Hacettepe University Ensure security of communication over insecure medium

267 views • 10 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #2 Aug 25 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Economist Survey Please read it Main points Security is a MUCH

600 views • 27 slides
CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human

Overview CS 480/ 557 Computer Security I ntroduction to I nf ormation 1. Physical Security 2.Human Security 3.Program Security Security Computer security threats Unintentional: - Coding faults - Operational faults -

238 views • 8 slides
CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL:

CSE 543 - Computer Security Lecture 11 - OS Security October 2, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 OS Security An secure OS should provide the

873 views • 28 slides
Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3:

Computer Security http://security.di.unimi.it/sicurezza1819/ Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives

839 views • 38 slides
Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1314 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

1.08k views • 42 slides
Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of

Computer Security 3e Security.di.unimi.it/sicurezza1516 Chapter 3: 1 Chapter 3: Foundations of Computer Security Chapter 3: 2 Agenda Security strategies Prevention detection reaction Security objectives Confidentiality

553 views • 39 slides
CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL:

CSE 543 - Computer Security Lecture 12 - MAC Security October 4, 2007 URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ CSE543 Computer (and Network) Security - Fall 2007 - Professor Jaeger 1 Mandatory Access Control Is about administration

462 views • 19 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 11 th 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Quiz #2 later today Allocate last 30 mins No Class

488 views • 30 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #25 Dec 1 st 2005 CSCI 6268/TLEN 5831, Fall 2005 Announcements Remainder of the semester: Quiz #3 is Today 40 mins

414 views • 20 slides
FAI The Universal Deployment Tool Thomas Lange, University of Cologne

FAI The Universal Deployment Tool Thomas Lange, University of Cologne

FAI The Universal Deployment Tool Thomas Lange, University of Cologne lange@informatik.uni-koeln.de FOSDEM, January 2016 1 / 13 What is FAI? FAI = Fully Automatic Installation Unattended mass deployment From empty disk to

177 views • 13 slides
Cosmological Family Asymmetry and CP violation Satoru Kaneko ( Ochanomizu Univ .) 2005. 9. 21 at

Cosmological Family Asymmetry and CP violation Satoru Kaneko ( Ochanomizu Univ .) 2005. 9. 21 at

Cosmological Family Asymmetry and CP violation Satoru Kaneko ( Ochanomizu Univ .) 2005. 9. 21 at Tohoku Univ . T . Endoh , S . K. , S . K . Kang , T . Morozumi , M . Tanimoto , PRL ( 02) T . Endoh , T . Morozumi , Z . Xiong , Prog . Theor .

440 views • 19 slides
Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault

Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault

Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault Tolerance Given 6 Generals: 4 Loyal General, 2 Traitor Why is a solution for this impossible? 1 1 G Each loyal general receives 3 0 correct

547 views • 38 slides
Finding Multivariate Outlier Applied Multivariate Statistics Spring 2012 Goals Concept:

Finding Multivariate Outlier Applied Multivariate Statistics Spring 2012 Goals Concept:

Finding Multivariate Outlier Applied Multivariate Statistics Spring 2012 Goals Concept: Detecting outliers with (robustly) estimated Mahalanobis distance and QQ-plot R: chisq.plot, pcout from package mvoutlier Appl.

442 views • 28 slides
Set theory and Hausdorff measures Mrton Elekes emarci@renyi.hu www.renyi.hu/ emarci Rnyi

Set theory and Hausdorff measures Mrton Elekes emarci@renyi.hu www.renyi.hu/ emarci Rnyi

Set theory and Hausdorff measures Mrton Elekes emarci@renyi.hu www.renyi.hu/ emarci Rnyi Institute and Etvs Lornd University, Budapest Warsaw 2012 Mrton Elekes emarci@renyi.hu www.renyi.hu/ emarci Set theory and Hausdorff

798 views • 66 slides
Current status of MD5 and SHA-1 Eric Rescorla Network Resonance ekr@networkresonance.com Eric

Current status of MD5 and SHA-1 Eric Rescorla Network Resonance ekr@networkresonance.com Eric

Current status of MD5 and SHA-1 Eric Rescorla Network Resonance ekr@networkresonance.com Eric Rescorla SAAG, IETF 62 1 Review of hash function terminology Collision Find M , M st H ( M ) = H ( M ) 1st preimage Given X , find M st H (

149 views • 10 slides
MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com

MD5 Chosen-Prefix Collisions on GPUs Marc Bevand m.bevand@gmail.com marc.bevand@rapid7.com Agenda MD5 on GPUs Dec 2008: rogue CA certificate on PS3 cluster MD5 birthday search Results &amp; performance MD5 on GPUs MD5 is

448 views • 18 slides
SO FAR Revelation Principle Single parameter environments Second price auctions

SO FAR Revelation Principle Single parameter environments Second price auctions

T RUTH J USTICE A LGOS Mechanism Design: Recent Advances Teachers: Ariel Procaccia and Alex Psomas (this time) SO FAR Revelation Principle Single parameter environments Second price auctions Myersons lemma Myersons

478 views • 35 slides

More recommend