Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 26 Review of Some Mid-Term Problems.

Published byMervin Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 26 Review of Some Mid-Term Problems."— Presentation transcript:

1 CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 26 Review of Some Mid-Term Problems

2 One-Time Pad: Restating The Question One may argue that one-time pad cipher is completely useless for the following reason. As OTP requires the agreement of a key that is as long as the message, any channel that is used to send the key can also be used to send the message instead. Hence one does not need OTP encryption. Explain why this argument is incorrect by describing a scenario where one- time pad can still be useful. CS426Fall 2010/Lecture 252

3 Answers to the OTP Question Standard Answer: A secure channel can exist before messages exist. An interesting answer: –One can send message & key through multiple channels, assume that the adversary cannot eavesdrop all channels –Related to secret sharing: How to split a secret to be shared in multiple shares so that one needs all shares to recover the secret? CS426Fall 2010/Lecture 253

4 Other Answers to the OTP Question With an authentic, but insecure channel, two parties can agree on a secret key without sending it –Has integrity (authenticity), but not confidentiality Can then use OTP to send messages E.g.: Diffie-Hellman Key agreement Protocol: –See next slide Quantum communication provide another kind of channels suitable for sending keys but not messages: any eavesdropping will be detected CS426Fall 2010/Lecture 254

5 CS526Spring 2009/Lecture 235 Key Agreement: Diffie-Hellman Protocol  Key agreement protocol, A and B agree on K  Setup: choose a prime p, and g in {2,…,p-1}, p and g public. K = (g b mod p) a = g ab mod p g a mod p g b mod p K = (g a mod p) b = g ab mod p Pick random, secret a Compute and send g a mod p Pick random, secret b Compute and send g b mod p

6 Semantic Security Question Restated We require secure ciphers to provide Semantic Security (Ciphertext indistinguishability), that is, if an adversary chooses two equal-length messages M 0 and M 1, and is given E K [M b ], where b is uniformaly randomly chosen from {0,1}, the adversary has little advantage in guessing b. Suppose that ECB mode is used, show how to choose M 0 and M 1 such that from the ciphertext C=E K [M b ], one can easily tell whether it is an encryption of M 0 or M 1. CS426Fall 2010/Lecture 256

7 Why Ciphertext Indistinguishability? Information Theoretical Security: Given C, each M is equally likely –Cannot achieve in practice Computational Security (attempt 1): Given C, cannot recover M –What is some information about M is recovered? –What if adv. has some knowledge about M already? Computational Security (attempt 2): Given C, cannot find any additional info about M, except its length. CS426Fall 2010/Lecture 257

8 How to Formalize Computational Security? Given C, suppose adv. knows it is the cihpertext of either M 0 or M 1, still cannot tell which one it is. –What if adv. can tell some pairs but not others? Have the adv choose M 0 or M 1, let C be ciphertext of one of them, still cannot tell which one it is. Note: The Adv sees only one ciphertext C CS426Fall 2010/Lecture 258

9 Answers to the Semantic Security Question Choose M 0 be B 1 B 1 and M 1 be B 1 B 2, where B 1 and B 2 are two different blocks. –If C has two repeated blocks, then it encrypts M 0, otherwise, it encrypts M 1 –Any B 1 and B 2 would work, no need to be all 0’s, or all 1’s Incorrect answer: –Let M 0 be all 0’s, and M 1 be all 1’s. –Using a secure block cipher, one cannot tell CS426Fall 2010/Lecture 259

10 New ScareWare: Kenzero [BBC News, April 2010] A trojan spread through P2P file sharing Prompts you to a game installation window on your PC and asks for your personal information. Take browser’s history, publishes online. Also, once found proof of illegally downloading files, sends an e-mail or another pop-up that threatens legal action if you don't pay (1500 Yen) $15 to "settle your violation of copyright law.“ Website Yomiuri claims that 5500 people have so far admitted to being infected. Also similar incident in Europe CS426Fall 2010/Lecture 2510

11 Confused Deputy Problem How is confused deputy problem solved in UNIX? –Use the setuid family of system calls to Drop root privilege when no longer needed. Switch between two users ids –Require programmers to proactively use these while writing the programs. CS426Fall 2010/Lecture 2511

12 No Confused Deputy Problem in Capability Systems Two masters each pass in their own capabilities (for file accesses) to the program A file access by the program must select a capability –The selection of a capability also selects the master The master for each access is thus specified –No designation without authority Cannot talk about an object w/o some authority over it CS426Fall 2010/Lecture 2512

13 BLP Question: Possible Flows From one object to another of the same level –Legal Human users leaking information –Out of hand channel Use channels not intended for transmitting inf –Covert channels, not overt From low level object to high –Integrity concern, but legal wrt intend of BLP Read high file, close file, drop to low, and write –Satisfy BLP definition, illegal wrt intent CS426Fall 2010/Lecture 2513

Download ppt "CS426Fall 2010/Lecture 251 Computer Security CS 426 Lecture 26 Review of Some Mid-Term Problems."

Similar presentations

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 10 Lecturer: Moni Naor.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 4 Jonathan Katz.
1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.

1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.
Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.

Foundations of Cryptography Lecture 13 Lecturer: Moni Naor.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Session 4 Asymmetric ciphers.

Session 4 Asymmetric ciphers.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Homework #4 Solutions Brian A. LaMacchia Portions © 2002-2006, Brian A. LaMacchia. This material is provided without.

Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from

Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …

Intro To Encryption Exercise 1. Monoalphabetic Ciphers Examples:  Caesar Cipher  At Bash  PigPen (Will be demonstrated)  …

Similar presentations

Ads by Google