Presentation is loading. Please wait.

Presentation is loading. Please wait.

Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

Published byBlanche Lynch Modified over 8 years ago

Similar presentations

Presentation on theme: "Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman"— Presentation transcript:

1 Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S15/

2 Administrative stuff Schedule updated – More changes soon, but they won’t be major Watch for quiz announcements Periodically check main page for news and schedule page for changes and slides http://www.cis.ksu.edu/~eyv/CIS755_S15/ Paper reading and the “huh?” moment

3 Security basics “What is being secured?” – And security goal/property “Secure against what?” – Threat/attacker model, players and resources Kerckhoffs’ principle – Roughly, the only thing secret about a security system should be the secret key Shannon’s maxim – “The enemy knows the system”

4 What does “secure” mean? Secrecy/Confidentiality Authenticity Integrity Privacy/Anonymity – Pseudonymity – Unlinkability – Deniability Accountability

5 Safety vs. security Think like an adversary! Random → malicious faults Engineering for security: “What’s the worst that can happen?” Assume it will… Always, always, ALWAYS state your assumptions!

6 Building secure systems Players – Incentives and resources Adversary model – Logical or illogical: cost vs. payoff Levels of assurance Proactive vs. reactive enforcement – Fail-closed/secure or fail-open/insecure? – Method of returning to secure states

7 More basics Trusted vs. trustworthy – e.g. the recent SSL Certificate Authority fiasco Risk, hazard, vulnerability – Adversary, ROI, scale Assurance levels – “Rainbow” book series, Common Criteria Method of returning to secure states Fail-closed/secure or fail-open/insecure?

8 Security mechanisms (incomplete list) Access control Authentication Separation of roles Logging Trusted components in the hands of trustworthy parties

9 Always state your assumptions!

10 Basic cryptographic primitives Confidentiality (encryption) – Symmetric (e.g. AES) – Asymmetric (e.g. RSA) Hash functions Integrity and authentication – Symmetric (authentication codes) – Asymmetric (signatures) Key agreement Random numbers

11 Encryption Basic idea: someone seeing ciphertext learns nothing about plaintext without correct key With or without authentication Symmetric – based on tests/best guess – e.g. AES (block cipher) Asymmetric – based on math assumptions – e.g. RSA

12 Security properties of encryption Semantic security Chosen plaintext security (IND-CPA) Chosen ciphertext security (IND-CCA) – IND-CCA2 Security proof “games”

13 NEVER BUILD YOUR OWN WHEN SOLUTION EXISTS!!!

14 Aside: Information theory Conditional vs. unconditional security – Unconditional, e.g. one-time pad – Conditional e.g. RSA, AES … Symmetric encryption Hash functions Remember: confusion and diffusion

15 Basic (but more complex) primitives Confidentiality (encryption) – Symmetric (e.g. AES), asymmetric (e.g. RSA) – Malleable vs. non-malleable – Deterministic vs. randomized Hash functions Message authentication codes, signatures Random numbers Key agreement

16 Some basic cryptographic primitives Confidentiality (encryption) – Symmetric (e.g. AES)E K (M),D K (M) – Asymmetric (e.g. RSA)E PK (M),D SK (M) Hash functions (e.g. SHA-3)h(M) Integrity and authentication – Symmetric (MACs)MAC K (M) – Asymmetric (signatures)Sig SK (M),V PK (M) Key agreement Random numbersn = nonce or E -1

17 Example: WEP – IV, RC4(IV, k)  (M, c(M)) – Claim: 24-bit IV + 40-bit key = 64-bit security Example: WEP – IV, RC4(IV, k)  (M, c(M)) – Claim: 24-bit IV + 40- bit key = 64-bit security On your right: text from Jonathan Katz Aside: composability Is this secure against chosen-plaintext attacks? – It is randomized… 40-bit key (in some implementations)! – Claims that, with IV, this gives a 64-bit effective key(!) And how is the IV chosen? – Only 24 bits long -- IV repetitions are a problem! – Reset to 0 upon re-initialization – Some implementations increment the IV as a counter A repeating IV allows the attacker to compute the XOR of two plaintexts – We have discussed already how this can be damaging Small IV space means the attacker can build a dictionary of (IV, RC4(IV, k)) pairs – If portions of some plaintexts known, this enables determination of other plaintexts Known-plaintext attacks discovered on this usage of RC4 – Possible because the first byte of plaintext is a fixed, known header! Chosen-plaintext attacks – Send IP traffic/e-mail to the mobile host and watch it get forwarded – Transmit broadcast messages to access point – Authentication spoofing No cryptographic integrity protection – The checksum is linear (i.e., c(x  y) = c(x)  c(y)) and unkeyed, and therefore easy to attack – Allows IP redirection attack – Allows TCP “reaction” attacks Look at whether TCP checksum is valid Form of chosen-ciphertext attack Encryption used to provide authentication of mobile station (access point sends nonce; station returns an encryption of the nonce) – Allows easy spoofing after eavesdropping

18 Questions?

Download ppt "Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman"

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 10 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
Class 1 Background, Tools, and Trust CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

Class 1 Background, Tools, and Trust CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.

WEP Weaknesses Or “What on Earth does this Protect” Roy Werber.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Intercepting Mobiles Communications: The Insecurity of 802.11 Danny Bickson ACNS Course, IDC Spring 2007.

Intercepting Mobiles Communications: The Insecurity of Danny Bickson ACNS Course, IDC Spring 2007.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP)
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 8 Jonathan Katz.

Similar presentations

Ads by Google