Software Security Seminar - 1 Chapter 2. Protocol Building Blocks 2002. 6. 20. 발표자 : 최두호 Applied Cryptography.

Slides:



Advertisements
Similar presentations
Chapter 3 Public Key Cryptography and Message authentication.
Advertisements

Sri Lanka Institute of Information Technology
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Digital Signatures and Hash Functions. Digital Signatures.
L0. Introduction Rocky K. C. Chang, January 2013.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Lecture 1Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 1.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Asymmetric Cryptography part 1 & 2 Haya Shulman Many thanks to Amir Herzberg who donated some of the slides from
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Protocol Building Blocks 1.Protocols are multi-agent algorithms 2.Agents know protocol 3.Protocol unambiguous, well-defined 4.Protocol complete, action.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 Chap 1: Introduction Some background –The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext).
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
May 2002Patroklos Argyroudis1 A crash course in cryptography and network security Patroklos Argyroudis CITY Liberal Studies.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Chapter 4: Intermediate Protocols
13-1 Last time Security in Networks Network Security Controls Firewalls Honeypots Intrusion Detection Systems.
Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.
Chapter 2: Protocol Building Blocks
Cryptography, Authentication and Digital Signatures
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Key Exchange Methods Diffie-Hellman and RSA CPE 701 Research Case Study Derek Eiler | April 2012.
Based on Bruce Schneier Chapter 8: Key Management Dulal C Kar.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Protocols Chapter 2 Protocol: A series of steps, involving two or more parties, designed to accomplish a task. All parties involved must know the protocol.
CRYPTOGRAPHY & NETWORK SECURITY Introduction and Basic Concepts Eng. Wafaa Kanakri Computer Engineering Umm Al-Qura University.
Lecture 2: Introduction to Cryptography
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Cryptography 1 Crypto Cryptography 2 Crypto  Cryptology  The art and science of making and breaking “secret codes”  Cryptography  making “secret.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”
Introduction to Cryptography Summarized from “ Applied Cryptography, Protocols, Algorithms, and Source Code in C ”, 2nd. Edition, Bruce Schneier, John.
NEW DIRECTIONS IN CRYPTOGRAPHY Made Harta Dwijaksara, Yi Jae Park.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.
Protocol Building Block. INTRODUCTION TO PROTOCOL Protocol? ● Def : Series of steps to accomplish a task with two or more parties Cryptographic protocol?
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Security. Cryptography (1) Intruders and eavesdroppers in communication.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Key Exchange References: Applied Cryptography, Bruce Schneier
Computer Communication & Networks
NET 311 Information Security
Presentation transcript:

Software Security Seminar - 1 Chapter 2. Protocol Building Blocks 발표자 : 최두호 Applied Cryptography

Software Security Seminar - 2 Contents 2.1 Introduction to Protocols 2.2 Communications using Symmetric Cryptography 2.3 On-Way Functions 2.4 One-Way Hash Functions 2.5 Communications using Public-Key Cryptography

Software Security Seminar - 3 What is Protocols? A protocol is a series of steps involving two or more parties : -series of steps : has a sequence, from start to finish -two or more parties : required at least two people to complete the protocol -each step involves at least one of two things : computation bu one or more of the parties messages sent among the parties A cryptographic protocol is a protocol that uses cryptography.

Software Security Seminar - 4 The purpose of protocols 전화로 물건 구매 포커 게임 투표 컴퓨터상에서 구현 Anybody on computer network may be dishonest! Daily life

Software Security Seminar - 5 Alice : First participant in all the protocols Bob : Second participant in all the protocols Carol : Participant in the three- and four-party protocols Dave : Participant in the four-party protocols Eve : Eavesdropper Mallory : Malicious active attacker Trent : Trusted arbitrator Walter : Warden, he’ll be guarding Alice and Bob in some protocols Peggy : Prover Victor : Verifier The Players

Software Security Seminar - 6 An arbitrator : third party trusted to complete a protocol(ex. lawyer) Example (1) Alice gives the title to the lawyer. (2) Bob gives the check to Alice. (3) Alice deposits the check. (4) After waiting a specified time period for the check to clear, the lawyer gives the title to Bob. If the check does not clear within the specified time period, Alice shows proof of this to the lawyer and the lawyer returns the title to Alice. Arbitrated Protocols

Software Security Seminar - 7 Problems with computer arbitrators : - faceless arbitrator - the cost of maintaining an arbitrator - delay in any arbitrated protocol - bottleneck : needs the number of arbitrators -> increase the cost - vulnerable point for an attacker, since everyone on the network must trust the arbitrator Arbitrated Protocols(conti.)

Software Security Seminar - 8 Arbitrated protocols can be subdivided into two lower- level subprotocols : - a nonarbitrated subprotocol - an arbitrated subprotocol : excuted only when there is a dispute Adjudicated Protocols

Software Security Seminar - 9 The best type of protocol The protocol itself guarantees fairness : no arbitrator, no adjudicator Self-Enforcing Protocols

Software Security Seminar - 10 Against cryptographic algorithms used in protocols Against cryptographic techniques used to implement the algorithms and protocols Against the protocols themselves -Passive Attack : eavesdrop, the attacker does not affect the protocol ( player Eve) -Active Attack : introduce new messages in the protocol, delete existing message, interrupt a communication channel, alter stored information(player Mallory) Attacks against Protocols

Software Security Seminar - 11 Cheater : an attacker who is one of the parties involved in the protocol -Passive cheaters follow the protocol but try to obtain more information -Active cheaters disrupt the protocol in progress in an attempt to cheat Attacks against Protocols(conti.)

Software Security Seminar Introduction to Protocols 2.2 Communications using Symmetric Cryptography 2.3 On-Way Functions 2.4 One-Way Hash Functions 2.5 Communications using Public-Key Cryptography

Software Security Seminar - 13 (1) Alice and Bob agree on a cryptosystem. (2) Alice and Bob agree on a key. (3) Alice takes her plaintext message and encrypts it using the encryption algorithm and the key. This creates a ciphertext message. (4) Alice sends the ciphertext message to Bob. (5) Bob decrypts the ciphertext message with the same algorithm and key and reads it. Basic Scenario

Software Security Seminar - 14 Keys must be distributed in secret If a key is compromised, Eve can decrypt all message traffic and she can pretend to be one of the parties Key management : A network n users requires n(n-1)/2 Problems

Software Security Seminar Introduction to Protocols 2.2 Communications using Symmetric Cryptography 2.3 On-Way Functions 2.4 One-Way Hash Functions 2.5 Communications using Public-Key Cryptography

Software Security Seminar - 16 One-way function is relatively easy to compute but significantly harder to revere Given x, it is easy to compute f(x) but given f(x), it is hard to compute x Example : smashing a plate It can not be used for encryption Definition

Software Security Seminar - 17 A special type of one-way functioin It is easy to compute f(x) for given x, hard to compute x for given f(x) but if you know the secret y, you can easily compute x for given f(x), y Example : A watch It can be used public-key cryptography A trapdoor one-way function

Software Security Seminar Introduction to Protocols 2.2 Communications using Symmetric Cryptography 2.3 On-Way Functions 2.4 One-Way Hash Functions 2.5 Communications using Public-Key Cryptography

Software Security Seminar - 19 A one-way hash function : compression function, contraction function, message digest, fingerprint, cryptographic checksum, message integrity check(MIC), manipulation detection code(MDC) Input : string with arbitrary length, output : string with fixed length -> many to one function Example : byte XOR Collision-free : It is hard to find x,x’ such that f(x)=f(x’) One-way Hash functions

Software Security Seminar - 20 Data Authentication Code(DAC) A one-way hash function with the addition of a secret key : f(x,k) = y, k : a key MACs can make by using a hash function or a block encryption algorithm Message Authentication Codes(MACs)

Software Security Seminar Introduction to Protocols 2.2 Communications using Symmetric Cryptography 2.3 On-Way Functions 2.4 One-Way Hash Functions 2.5 Communications using Public-Key Cryptography

Software Security Seminar , Diffie-Hellman (1) Alice and Bob agree on a public-key cryptosystem. (2) Bob sends Alice his public key. (3) Alice encrypts her message using Bob’s public key and sends it to Bob. (4) Bob decrypts Alice’s message using his private key. It solves the key-management problem. Concept

Software Security Seminar - 23 Content Encryption : Symmetric-Key Cryptosystem Sending Secret Key : Public-Key Cryptosystem Problem -Public-key algorithms are slow -Vulnerable to chosen plaintext attacks Hybrid Cryptosystems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.