IFN642 Applied Cryptography and Network Security

IFN642 Applied Cryptography and Network Security
Lecture 3: Cryptography, randomness and security Semester 1, 2018 IFN642

Outline Secure classical ciphers Integrity assurance Summary
One Time Pad Perfect secrecy Security of OTP Integrity assurance Hash functions Keyed hash functions Summary Semester 1, 2018 IFN642

Secure classical ciphers
Classical ciphers (from L1 and L2) have weaknesses that make ciphertext alone attacks possible: If key size is small, then brute force attack is easy Caesar cipher: ci = (pi + k) mod n English alphabet -> mod 26 Number of possible keys = 26 Linear cipher: C = EK(a, b)(P) = (aP + b) mod n Number of possible keys: Number of values for a = 12 ? WHY ? Number of values for b = 26 Total number of possible keys = 12 x 26 = 312 Transposition ciphers: Rail fence cipher: Key = number of rows, and possibly offset at start -> small Permutation cipher: Number of permutations length d = d! Semester 1, 2018 IFN642

Classical ciphers (from L1 and L2) have weaknesses that make ciphertext alone attacks possible: Even for larger key sizes, substitution ciphers can be attacked using redundancy of plaintext: Use Frequency Analysis of: Individual letters: Caesar, Linear, Simple random substitution Pairs of letters: Playfair, Hill with 2x2 key matrix, Triples: Hill with 3x3 key matrix, etc. Match frequent ciphertext characters to expected plaintext characters Examine recovered plaintext: does it make sense in context of expected message? Some trial and error needed Q: How do we use Frequency analysis to break Vigenère Cipher? Semester 1, 2018 IFN642

Secure cipher idea (Frank Miller, 1882): Security of Vigenère cipher ↑ as keyword length ↑ Best security if key is long: Use a key that is a string of random letters, as long as the message: Need to record key: use a note pad! For an unbreakable cipher: Key should be random letters, so no statistical relationship between plaintext and ciphertext For any plaintext & any ciphertext of given length, there exists a key mapping one to other Important condition: do not reuse the key! That is: use the key one time only (called one time pad) Semester 1, 2018 IFN642

One-Time Pad Example: If the message is: O N E T I M E P A D
and the random key sequence from the pad is: T B F R G F A R F M then the ciphertext is: H O J K O R E G F P because: O + T mod 26 = H N + B mod 26 = O E + F mod 26 = J etc. Semester 1, 2018 IFN642

One-Time Pad Provides security against ciphertext alone attacks:
Given: a ciphertext message of length n characters, and knowledge that key was a truly random sequence of n characters An attacker could try all possible keys of length n All keys are equally likely to have been used Each key used will return a possible plaintext Recovers all plaintext messages of length n. Attacker cannot determine which message is intended Attack is no better than just guessing message Assuming attacker has no access to the one-time pad, this scheme provides perfect secrecy Ciphertext does not leak any information about plaintext Semester 1, 2018 IFN642

One-Time Pad For the same example: ONETIMEPAD
correct key sequence is: TBFRGFARFM Suppose the attacker has the ciphertext: HOJKOREGFP If the attacker tries other key sequences: BXFGBMTMXM then decrypted text is GREENFLUID POYYAEAAZX then decrypted text is SALMONEGGS All keys equally likely -> all messages equally likely Semester 1, 2018 IFN642

One Time Pad Vernam One Time Pad (Gilbert Vernam 1919)
This is a binary additive OTP: Plaintext, key and ciphertext are all sequences of bits (0s and 1s) Key must be: Truly random, Same length as message, and Used once only (hence the name) Combining operation: binary addition mod 2 (XOR) Encrypt: XOR plaintext and key to produce ciphertext Decrypt: XOR ciphertext and key to recover plaintext Semester 1, 2018 IFN642

One Time Pad Binary addition modulo 2: Also known as XOR operation
Semester 1, 2018 IFN642

One Time Pad Vernam OTP operations:
Important note on XOR operation: 0  0 = 0 and 1  1 = 0 Encryption: XOR plaintext & key to form ciphertext P  K = C Decryption: XOR ciphertext & key to form plaintext C  K =P Since C  K = (P  K)  K = P  (K  K) =P NOTE: Binary OTP is a reciprocal cipher Semester 1, 2018 IFN642

One Time Pad Example: Vernam one-time pad, continued
Plaintext is bitstream: If your message is alphanumeric, First, need to encode (not encrypt) it to form a bitstream, Then you can encrypt the bitstream Keystream is a truly random binary sequence same length as message: Example: ’this message is highly secret’ has 29 alpha characters (including spaces) Each character can be encoded using 8 bits Keystream required: truly random binary sequence 29x8=232 bits long (only the first 8 bits are shown in the figures on the next slides) Semester 1, 2018 IFN642

One Time Pad Binary OTP example: encryption
plaintext this message is highly secret t Use ASCII representation to convert alpha character to bitstream exclusive-OR plaintext  key % ciphertext The plaintext is encrypted character by character. t is converted to ascii 8-bit binary string (this step is encoding). The encryption key for the first character is an 8-bit secret string. Here the encryption algorithm is exclusive-OR. The 8-bit ciphertext string can also be represented by an ASCII symbol Semester 1, 2018 IFN642

One Time Pad Binary OTP example: decryption
plaintext this message is highly secret t Use ASCII representation to convert alpha character to bitstream exclusive-OR plaintext  key % ciphertext The binary representation of the first ciphertext character is an 8-bit string. The decryption key is the same 8-bit string used for encryption. The decryption algorithm is exclusive-OR. For the next character, another 8-bit binary string will be used from the key. For the whole message, the key length must be equal to the length of the plaintext. key  t plaintext Semester 1, 2018 IFN642

Perfect secrecy Mathematical concepts
Define a Cryptosystem: (P, C, K, E, D) There is a probability distribution: for the Plaintext: P[P=p] = PP[p] for the key: P[K=k] = PK[k] These probability distributions are independent Operations: encryption and decryption defined as c = Ek(p) p = Dk(c) Probability distributions PP[p] and PK[k] induce a probability distribution on the Ciphertext: P[C=c] = PC[c] Semester 1, 2018 IFN642

Perfect secrecy Mathematics
For Cryptosystem: (P, C, K, E, D): Probability distribution on Ciphertext: P[C=c] = PC[c] = ? Conditional Probability P[c|p] = ? Probability that C=c given that P=p Conditional Probability P[p|c] = ? Probability that P=p given C=c Semester 1, 2018 IFN642

Perfect secrecy Mathematics – Small example
b P[P=p] Plaintext: P = {a, b} Key: K = {k1, k2, k3} Ciphertext: C = {1, 2, 3, 4} Encryption / Decryption As shown in table K k1 k2 k3 P[K=k] P a b Ek1(p) 1 2 Ek2(p) 3 Ek3(p) 4 Semester 1, 2018 IFN642

Perfect secrecy Mathematics - Example
What is the probability distribution for the ciphertext: P[C=c] = ? And the conditional probability distributions? C 1 2 3 4 P[C=c] 2/16 7/16 4/16 3/16 P[c|p] a b 1 P[1|a]=1/2 P[1|b]=0 2 P[2|a]=1/4 P[2|b]=1/2 3 P[3|a]=1/4 P[3|b]=1/4 4 P[4|a]=0 P[4|b]=1/4 P[p|c] a b 1 P[a|1]=1 P[b|1]=0 2 P[a|2]=1/7 P[b|2]=6/7 3 P[a|3]=1/4 P[b|3]=3/4 4 P[a|4]=0 P[b|4]=1 Semester 1, 2018 IFN642

P a b P[P=p] ¼ ¾ K k1 k2 k3 P[K=k] ½ ¼ P a b Ek1(p) 1 2 Ek2(p) 3
4 C 1 2 3 4 P[C=c] P[c|p] a b 1 P[1|a]= P[1|b]= 2 P[2|a]= P[2|b]= 3 P[3|a]= P[3|b]= 4 P[4|a]= P[4|b]= P[p|c] a b 1 P[a|1]= P[b|1]= 2 P[a|2]= P[b|2]= 3 P[a|3]= P[b|3]= 4 P[a|4]= P[b|4]= Semester 1, 2018 IFN642

Perfect Secrecy Mathematics
A cryptosystem provides perfect secrecy if: No information can be obtained about the plaintext by observing the ciphertext Regardless of the amount of ciphertext you have Expressed more formally: A cryptosystem provides perfect secrecy if P[p | c] = P[p] for all pP and cC Semester 1, 2018 IFN642

Perfect Secrecy Mathematics
Example: Shift Cipher OTP (P, C, K, E, D) P = C = K = {0, 1, 2, …, 25} Ek(p)= p + k mod 26 and Dk(c)= c - k mod 26 P[p] = 1/26 P[k] = 1/26 These are uniform distributions: all characters equally likely Semester 1, 2018 IFN642

Perfect Secrecy Claude Shannon
studied properties of cryptographic systems, & developed information theory (published in 1948): Suppose (P, C, K, E, D) is a cryptosystem where |K|=|C|=|P| The cryptosystem provides perfect secrecy iff: every key is used with equal probability 1/|K|, and pP and cC,  unique key k such that Ek(p)=c That is, there must be the same number of keys as there are messages, each key is equally likely, and there is a unique key that maps each plaintext to a ciphertext One-Time Pad is the only cipher to do this Photo: By Jacobs, Konrad ( [CC BY-SA 2.0 de ( via Wikimedia Commons Semester 1, 2018 IFN642

Measuring uncertainty
Entropy: Concept introduced by Shannon Entropy measures the uncertainty of a message Suppose a random variable X takes on a finite set of values {x1, x2, …, xn} according to a probability distribution P[X=x]. The entropy of X is defined as: Examples: If |X|=n and P[x]=1/n: H(X) = -n(1/n)log2(1/n)=log2n If P[x1]=1 and P[xi]=0 (all i  [2..n]): H(X) = 0 Semester 1, 2018 IFN642

Properties of Entropy: Suppose X is a random value X={x1, …, xn} with P[xi] > 0 for 1  i  n. Then: H(X)  log2n (That is, log2n is the maximum uncertainty value) H(X) = log2n iff P[xi] = 1/n for 1  i  n (Only obtain maximum if all variables equally likely) Semester 1, 2018 IFN642

Let (P, C, K, E, D) be a cryptosystem For a string of plaintext p1, p2, p3, …, pn have resulting string of ciphertext c1, c2, c3, …, cn Apply ciphertext-only attack to find key: Natural language plaintext may rule out some keys Many possible keys remain, only one is actually correct Unicity Distance: Value of n when expected number of correct keys is 1 That is, average amount of ciphertext required for attacker to uniquely compute the key Can be computed as U = H(K)/D where: H(K) is the entropy of the key space, and D is the redundancy of the plaintext in bits per character For English language with 26 characters D = 3.2 Semester 1, 2018 IFN642

Example: Plaintext redundancy Th qeen wil opn th carnvl Trnthevlumedn Hw mch rductn is tolrble? Semester 1, 2018 IFN642

Security of the One Time Pad
Why can’t we reuse the key? Assume same key is used to encrypt two different messages: Output ciphertexts Ci and Cj Ci = Pi  K Cj = Pj  K (Same key is used) Now combine these two ciphertexts: Ci  Cj = Pi  K  Pj  K Recall for XOR function K  K = 0 This gives us Ci  Cj = Pi  Pj That is, sum of two ciphertexts is sum of the underlying plaintexts! Now, we don’t need to know the key. Depending on the source material redundancy, it can be possible to obtain info on both plaintexts Semester 1, 2018 IFN642

Security of the One Time Pad
Q: If we meet the 3 conditions (on slide 10), the one-time pad provides perfect secrecy  … so why do we need any other ciphers? A: There’s a practical problem: OTP is a symmetric cipher same keystream (truly random, same length as message) is required to encrypt and decrypt a message, and we can’t reuse keys, so can you: Distribute key to receiver securely if transmitting info? Store key securely if you are storing info? If you can send/store the key securely, maybe you could just send/store original message securely? That is, you don’t need to use encryption at all  Major problem is key management Semester 1, 2018 IFN642

Security and the One Time Pad
Other considerations: OTP provides perfect secrecy for messages Perfect if your security concern is confidentiality Q: What if you are concerned about message integrity? Example: Alice sends a message to Bob Does Bob receive the message Alice sent, or Does he receive an altered version? OTP provides no protection against alteration May not even be detected! Semester 1, 2018 IFN642

Security and the One Time Pad
Common misconception with crypto: Confidentiality provides some degree of integrity protection Based on assumption: If an attacker can’t read a message, they won’t change it – because they’d have no idea what they were changing it to False assumption! Attacker might not care what message is changed to, just that it is not what it was intended to be Example: industrial process control In some circumstances, may need mechanism to provide assurance of message integrity Semester 1, 2018 IFN642

Integrity assurance If your security concern is for the integrity of a message, you might be worried about: Accidental errors or alterations Example: file downloaded incorrectly due to transmission error Deliberate alterations: Example: MITM attacker altering message from Alice to Bob Hi Bob, The article you wanted is $45.99. Please transfer payment to account number Kind regards, Alice Message sent over insecure channel The article you wanted is $99.99. Please transfer payment to account number Semester IFN642

Integrity assurance Mechanisms used to provide integrity assurance include: Hash functions Message Digests, Manipulation Detection Codes, File fingerprints Keyed hash functions Message Authentication Codes Semester 1, 2018 IFN642

Hash functions: Operation
Diagram Hash functions: Operation …M… H(M) Hash Function H Message of arbitrary length Fixed length output Semester 1, 2018 IFN642

Hash functions For cryptographic application, want hash functions with four basic properties: H1: Fixed length output H(M) for arbitrary length input M H2: H(M) is one-way Given M, it is easy to compute H(M), but given H(M), it is infeasible to compute M H3: H(M) is collision-resistant Hard to find two different messages M and M’ so that the hash outputs H(M) = H(M’) H4: Avalanche effect A small change in M produces a major change in H(M) Semester 1, 2018 IFN642

Hash functions: Application
Hash function for message integrity assurance: Alice and Bob agree on a hash function H( ) to use. Alice (message sender): Generates message M Uses M as input to H( ), calculates H(M) Sends both M and H(M) to Bob. Bob (message receiver): Receives M’ and H(M), Uses M’ as input to H( ) and calculates H(M’), Compares H(M) and H(M’) If H(M) ≠ H(M’) then Bob knows the message M’ Bob received is not what Alice sent: it has been altered If H(M) = H(M’) then Bob assumes the message M’ he received is the message M Alice sent: assumes unaltered Semester 1, 2018 IFN642

Hash functions Hash functions involve iterative use of a one-way compression function f Example: Merkle–Damgård construction Ralph Merkle and Ivan Damgård Damgard_hash_big.svg Semester 1, 2018 IFN642

Hash functions: Merkle–Damgård hash function
Construct cryptographic hash functions from one-way compressions functions: Compression function f: takes 2 inputs of fixed sizes, produces a fixed size output Compression function output is input into next iteration: Semester 1, 2018 IFN642

Hash functions Well known hash functions include:
MD5: produces 128 bit hash value SHA-1: produces 160 bit hash value SHA-2: Family of 6 hash functions with different output lengths. Includes SHA-256 – produces a 256 bit hash value SHA-3: Competition held by US NIST Keccak selected in 2012, Released as NIST standard 2015. Can alter parameters to select different instances Semester 1, 2018 IFN642

Hash functions: MD5 MD5: Ron Rivest, published 1992.
Break message up into 512-bit blocks Pad to form last 512-bit block if necessary specific padding rules Compression algorithm operates on 128 bit internal state Considered as four x 32-bit words (A, B, C, D) A, B, C and D: initialized with known constants Uses Merkle–Damgård construction Each 512-bit message block is used in turn to modify the 128 bit internal state value 512-bit block = 16 x 32-bit words 64 operations used: 4 rounds of 16 operations Each of the sixteen 32-bit words used as input to an operation Semester 1, 2018 IFN642

Hash functions: MD5 MD5: state update operation
Occurs within the compression function Mi: a 32-bit word from the 512-bit message block Ki: a 32-bit constant Uses: Nonlinear function F Integer addition modulo 232 Left rotation 4 rounds of 16 operations Different F for each round Semester 1, 2018 IFN642

Hash functions: MD5 MD5: Security issues:
128-bit hash value Size means only 2128 possible hash values Birthday attacks require trying 264 possible messages to find a collision Collisions found: 1996 – Dobbertin: Found collision of compression function 2004 – Wang et al found collisions for full MD5 2006 – Klima could construct collisions in a few hours, using a laptop Not collision resistant: not considered secure Semester 1, 2018 IFN642

Hash functions: SHA-1 SHA-1: US NSA published algorithm in 1995
Break message up into 512-bit blocks Pad to form last 512-bit block if necessary specific padding rules Algorithm operates on a 160 bit internal state Considered as five x 32-bit words (A, B, C, D, E) A, B, C, D and E initialised with known constants Each 512-bit message block used in turn to modify internal state value 512-bit block = 16 x 32-bit words 80 operations used Extend bit words into bit words (specific formula) Each of the bit words used as input to an operation Semester 1, 2018 IFN642

Hash functions: SHA-1 SHA-1 state update operation
Occurs within the compression function For the tth iteration: Wt: the 32-bit word Kt: a 32-bit constant Uses: Nonlinear function F Integer addition modulo 232 Left rotations 80 operations 4 different F; Each used for 20 iterations Semester 1, 2018 IFN642

Hash functions: SHA-1 SHA-1: Security issues:
160-bit hash value Size means only 2160 possible hash values Birthday attack requires trying approx 280 possible messages to find a collision Collisions found: 2005 – Rijmen and Oswald: Found collisions for reduced version SHA-1: 53 rounds instead of 80 2005 – Wang et al describe attack to find collisions for full SHA-1, found collisions for 58-round SHA-1 2015 – Stevens, Kerpman and Peyrin attack on compression function 2017 – CWI Amsterdam and Google performed collision attack on SHA-1 Not collision resistant: no longer considered secure Semester 1, 2018 IFN642

Hash functions: SHA-2 SHA-2: US NIST published in 2001.
Set of six hash functions, with different digest lengths: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 Merkle-Damgard construction Widely used: SHA-256 Breaks message into 512-bit blocks Treat a block as bit words, expand to bit words Uses internal state of 8 32-bit words (A, B, C, D, E, F, G) Compression function has 64 round operation Semester 1, 2018 IFN642

Hash functions: SHA256 SHA-256 Operation: For the tth iteration: Uses:
For the tth iteration: Wt: the 32-bit word Kt: a 32-bit constant Uses: Addition modulo 232 Multiple nonlinear functs Semester 1, 2018 IFN642

Hash functions: SHA-2 SHA-2: Security issues?
Range of sizes for output hash value Can choose large enough to make birthday attack infeasible No collisions found yet Still considered secure However, construction is similar to SHA-1 SHA-3 competition to find alternative designs – submissions made in 2008 Semester 1, 2018 IFN642

Hash functions : SHA-3 SHA-3 intended to be very different design
not based on Merkle–Damgård construction Instead, structure used is ‘sponge’ construction Has a large internal state (25 x 64-bit words) Data absorbed: Message blocks are XORed into part of the state The state is updated nonlinearly Output is ‘squeezed out’ Blocks are read from part of the state (same part that absorbed input – called rate of sponge) Important: large part of state not touched directly by inputs/output (called capacity of sponge) Security level is half of capacity Semester 1, 2018 IFN642

Hash functions: problem
Problem for dedicated Hash functions: Mechanism can’t prevent unauthorised modification of M Only useful for detecting accidental modifications Example: transmission errors or data corruption in storage Not useful for integrity assurance against active attackers Active attacker example: Suppose in transmission from Alice to Bob a malicious MITM Intercepts the message { M, H(M) } sent by Alice Changes M to M’ Recalculates the hash H(M’) Then sends { M’,H(M’) } to Bob If Bob relies on H(M) for integrity assurance he will mistakenly think M’ sent by MITM is the unaltered message from Alice! Semester 1, 2018 IFN642

Hash functions & Message Authentication: Options
Message authentication is a mechanism or service used to verify the integrity of a message, by assuring that the data received are exactly as sent. Figure illustrates a variety of ways in which a hash code can be used to provide message authentication, as follows: The message plus concatenated hash code is encrypted using symmetric encryption. Since only A and B share the secret key, the message must have come from A and has not been altered. The hash code provides the structure or redundancy required to achieve authentication. Only the hash code is encrypted, using symmetric encryption. This reduces the processing burden for those applications not requiring confidentiality. Shows the use of a hash function but no encryption for message authentication. The technique assumes that the two communicating parties share a common secret value S. A computes the hash value over the concatenation of M and S and appends the resulting hash value to M. Because B possesses S, it can recompute the hash value to verify. Because the secret value itself is not sent, an opponent cannot modify an intercepted message and cannot generate a false message. Confidentiality can be added to the approach of (c) by encrypting the entire message plus the hash code. When confidentiality is not required, method (b) has an advantage over methods (a) and (d), which encrypts the entire message, in that less computation is required. secret Semester 1, 2018 IFN642

Keyed hash functions A solution: Keyed hash functions
Also called cryptographic checksums or message authentication codes (MAC) A hash function HK(M) with two inputs: Message M Cryptographic key K Secret key protects against unauthorized modification of the hash value Calculating HK(M) value requires knowledge of secret key. Attacker can only successfully modify information and update the HK(M) value appropriately if they know the key. Semester 1, 2018 IFN642

Hash functions: Keyed hash functions
Diagram Hash functions: Keyed hash functions …M… HK(M) Keyed Hash Function HK Message of arbitrary length Fixed length output Key K Semester 1, 2018 IFN642

Using a keyed hash function to provide integrity services during transmission: Sender: Generates message M, Generates MAC = HK(M) from M, using K (shared secret key) Sends { M, MAC } to Receiver Receiver: Receives {M’, MAC}, Generates MAC’ from M’, using K (shared secret key) Compares MAC’ and MAC If MAC’ ≠ MAC then knows the message has been altered, but if MAC’ = MAC assumes that message is unaltered Alice sends both her message and the MAC of the message to Bob. Bob verifies the integrity of the message by: 1) generating his own MAC/ from the message he received, and 2) checking that the MAC he generates, MAC/ = MAC. If MAC/ = MAC, then Bob is assured that the message that Alice sent is exactly the same as the message that he received; else If MAC/  MAC, then Bob knows that the message that Alice sent was changed in some way before he received it. In this case, Bob would ignore the contents of the received message M’, and ask Alice to send the message again. Semester 1, 2018 IFN642

Diagram Hash functions: Keyed hash functions Sender Receiver Keyed Hash Function MAC Message M MAC = HK(M) Keyed Hash Function MAC’ Message M’ MAC’ = HK(M’) same key MAC Encryption key and decryption key are the same. So need a secure channel for key distribution. MAC=MAC’? possible modifications in transit Semester 1, 2018 IFN642 2

Keyed hash functions (MACs) can be built from regular hash functions, by including a secret key in a certain way Example: RFC 2104 describes “HMAC: Keyed-Hashing for Message Authentication”, including: HMAC-MD5 based on the hash function MD5 HMAC-SHA1 based on the hash function SHA-1 Can use HMAC with any hash function Semester 1, 2018 IFN642

Keyed hash function HMAC: Bellare, Canetti and Krawczyk, 1996.
For key K and message m defined as: HMAC(K,m) = H(K’opad||H(K’ipad||m)) Where: H() denotes the hash function K’ is a key derived from K by: Padding K with 0s if it is too short for input to H() Hashing K if it is too long for input to H() opad is the (hex) constant 0x5c5c5c … ipad is the (hex) constant 0x363636… Semester 1, 2018 IFN642

Keyed hash function HMAC diagram: (from Stallings text, p401)
Semester 1, 2018 IFN642

Keyed hash function HMAC: (Stallings diagram p403 for efficient implementation) Semester 1, 2018 IFN642

Keyed hash function Security:
If an attacker observes M and MAC(K,M), should not be able to construct a message M’ where MAC(K,M) = MAC(K,M’) Otherwise, can substitute M’ for M: successful forgery MAC(K,M) should be uniformly distributed For two randomly chosen messages, M and M’, Prob that MAC(K,M) = MAC(K,M’) = 2-n for n-bit MAC Possible to brute force Key or Hash value Make this infeasible by increasing size Security for HMAC depends on security of H() also Semester 1, 2018 IFN642

Summary If your security goal is confidentiality:
One Time Pad is perfect! As long as you meet the key conditions Not very practical, and doesn’t provide any integrity assurance If your security goal is integrity: Could use a hash function Which function? Depends on application and threat May need to use a keyed hash function Some other options for MACS based on symmetric ciphers – explore later in semester Semester 1, 2018 IFN642

IFN642 Applied Cryptography and Network Security

Similar presentations

Presentation on theme: "IFN642 Applied Cryptography and Network Security"— Presentation transcript:

Similar presentations

About project

Feedback

Log in

Auth with social network:

IFN642 Applied Cryptography and Network Security

Similar presentations

Presentation on theme: "IFN642 Applied Cryptography and Network Security"— Presentation transcript:

Similar presentations

About project

Feedback