Modeling security 1. Models - encryption r Alice and Bob have the same key k r Alice and Bob exchange encrypted messages r Eve wants to get the plaintext.

Slides:

Advertisements

Similar presentations

Cryptography encryption authentication digital signatures

Advertisements

MAC Raushan. DES simple fiestel network 3131 PlainText Blocks 2*4=8bits 31 f f =0011 xor 0011=0000 = 0 f(r,k)=(2*r+k^2)%8 f(1,5)=(2*1+5^2)%8=3 xor 3 3.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

Fubswrjudskb Frxuvh qxpehu: / Lqvwuxfwru:Lyrqd Ehcdnryd Wrgdb’v Wrslfv: 1.Orjlvwlfv: -Fodvv olvw -Vboodexv 2. Wkh Pdwk 3. Zkdw lv Fubswrjudskb.

Intro 1 Introduction Intro 2 Good Guys and Bad Guys  Alice and Bob are the good guys  Trudy is the bad guy  Trudy is our generic “intruder”

L0. Introduction Rocky K. C. Chang, January 2013.

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

Lecture 3.3: Public Key Cryptography III CS 436/636/736 Spring 2012 Nitesh Saxena.

VM: Chapter 5 Guiding Principles for Software Security.

1 CS 854 – Hot Topics in Computer and Communications Security Fall 2006 Introduction to Cryptography and Security.

Class 1 Background, Tools, and Trust CIS 755: Advanced Computer Security Spring 2015 Eugene Vasserman

Andy’s Basic Crypto Course (ABC) Part 1 - Introduction.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

Introduction to Modern Cryptography Instructor: Amos Fiat Strongly based on presentation and class by Benny Chor School of Computer Science Tel- Aviv Univ.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Lecture 2.2: Private Key Cryptography II CS 436/636/736 Spring 2012 Nitesh Saxena.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Lecture 3: Cryptographic Tools modified from slides of Lawrie Brown.

ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Cryptography Lecture 1: Introduction Piotr Faliszewski.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

13-1 Last time Security in Networks Network Security Controls Firewalls Honeypots Intrusion Detection Systems.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Network Security Lecture 11 Presented by: Dr. Munam Ali Shah.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

Class 5 Channels and Preview CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

Network Security David Lazăr.

V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.

CS555Topic 251 Cryptography CS 555 Topic 25: Quantum Crpytography.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 28 Omar Meqdadi Department of Computer Science and Software Engineering.

Class 2 Cryptography Refresher CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

CRYPTOGRAPHY & NETWORK SECURITY Introduction and Basic Concepts Eng. Wafaa Kanakri Computer Engineering Umm Al-Qura University.

Lecture 2: Introduction to Cryptography

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.

Software Security Seminar - 1 Chapter 10. Using Algorithms 조미성 Applied Cryptography.

Overview of Cryptography & Its Applications

Códigos y Criptografía Francisco Rodríguez Henríquez Códigos y Criptografía Francisco Rodríguez Henríquez CINVESTAV

Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.

Nawaf M Albadia

Lecture 23 Symmetric Encryption

Network Security7-1 Today r Reminders m Ch6 Homework due Wed Nov 12 m 2 nd exams have been corrected; contact me to see them r Start Chapter 7 (Security)

+ Security. + What is network security? confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver.

Cryptography Readings Encryption, Decryption, & Digital Certificates.

Ch 13 Trustworthiness Myungchul Kim

Dan Boneh Introduction Course Overview Online Cryptography Course Dan Boneh.

1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.

CSCI 391: Practical Cryptology Introduction. Definitions Digital encryption techniques are used to protect data in two ways: to maintain privacy and to.

INCS 741: Cryptography Overview and Basic Concepts.

Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim

8: Network Security8-1 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides freely available to all (faculty, students,

Cryptography Hyunsung Kim, PhD University of Malawi, Chancellor College Kyungil University February, 2016.

@Yuan Xue Case Study (Mid-term question) Bob sells BatLab Software License Alice buys BatLab Credit card information Number of.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

ISSeG Integrated Site Security for Grids WP2 - Methodology

What is network security?

Presentation transcript:

Modeling security 1

Models - encryption r Alice and Bob have the same key k r Alice and Bob exchange encrypted messages r Eve wants to get the plaintext. What can she do? r What can Eve do? r The model we studied: eavesdropping, known plaintext, chosen plaintext/ciphertext r Bad news for the attacker  Any reasonable algorithm (e.g. AES) beats all of these  The best current (2012) attack on AES in the model breaks it in time and more than 2 80 chosen ciphertexts. 2

New security goals r We “know” how to do confidentiality, integrity and authentication. r Is anything else even needed  Hint: we need to work even with those we don’t completely trust r n-out-of n secret sharing r t-out-of n secret sharing 3

4 Administrative Details r Grade – 100% test r Office hours :Wednesday 13:00-14:00 r – r Tel r Bibliography:  Security engineering / R. Anderson  Foundations of Cryptography, I and II/ O. Goldreich

Principles for the attacker r The model is a simplification r Complexity is your friend r Find the weakest link r Know the system  Model assumes that attacker has full knowledge. Real life is different. r Know the attacks 5

Know the system r An encryption system includes  Users  Physical environment  Plaintext storage & plaintext input  Encryption software / hardware  (Almost always) – a larger hardware / software system such as a computer  A key  A communication channel r Any of these elements can be vulnerable r The model considers just the communication link and input to the encryption algorithm 6

Know the Attacks r On users  Social attacks – bribe the user, threaten the user, swindle the user  Outside our scope r Physical environment  Input attacks: e.g. key loggers, a bug in the wall  Outside our scope 7

More attacks r Device hardware  Side channel attacks – e.g. timing  Fault attacks – e.g. glitch  Optical attacks  Chemical attacks r Question: so many options, why isn’t this part of the model? r Answer: they all require physical proximity and that is considered impossible 8

An economic approach r An attacker’s potential utility  Money, knowledge, ideology, vengeance r The risks  Cost of an attack  Probability of failure  Risk of getting caught r Example – table of attacks on encryption system 9

What about the defense? r A breach / exploit / attack has costs r Defense has its own costs r Problems  All attack avenues must be adequately blocked  Attacker’s model: plans, capabilities, utility are imperfectly known r Principles  Know the attacks and the defenses  Layered defense  Redundancy is good  But, remember the utility! 10

Shocking example 11 Do you know what this is? Here’s a hint