DOCSLIB.ORG

Cryptographic Hash Function

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cryptographic Hash Function Cryptographic Hash Function Stefan Lucks Bauhaus-Universität Weimar Summer 2019 –1– Stefan Lucks Hash Fun. (2019) Before taking this course, you must pass an introduction to Cryptography, first. This could, e.g., be “Introduction to Modern Cryptography” (Bachelor/Master), or some crypto course from your previous Bachelors’ program, . I You must not do both the “Introduction to Modern Cryptography” and this course, in the same semester. I You are not admitted to “Introduction to Modern Cryptography”, but you can do this this course, if you did study cryptography before. I You must not do this course, but you are admitted to “Introduction to Modern Cryptography”, if you did not study cryptography before. I Feel free to submit a copy of your transcripts of records from previous studies to my secretary, if you are not sure what counts as introduction to cryptography. I’ll immediately check to where you are admitted. Before the exam, we’ll require such a copy, anyway. –2– Stefan Lucks Hash Fun. (2019) General Information Some Information for You I I’ll switch between using the beamer and the blackboard. I When I am using the blackboard, you should make notes. I Information on the WWW: I Slides I Homework problems, and reading tasks I Code-example I Links to download further information and tools. –3– Stefan Lucks Hash Fun. (2019) General Information Motivation I Cryptographic hash functions are denoted the I “Workhorses”, I “Swiss army knife”, and I “Duct tape” of cryptography. I Since 2004: Many hash functions used in practice under attack. I 2007–2012: Competition for a new hash standard (Our Submission Skein has been one of five finalists) I We will also deal with Password-Hashing. Passwords are “everywhere”, to identify humans to systems, to unlock cryptographic keys, . I March 2014 – June 2015: Password Hash Competition (PHC) (Special recognition for our Submission Catena submission) –4– Stefan Lucks Hash Fun. (2019) General Information Learning Goals Learning goals: I Methods from theoretical and practical cryptography I Cryptanalysis (i.e., attacks) I Security proofs I Understanding of the state of current research in an important sub-field of cryptography. –5– Stefan Lucks Hash Fun. (2019) General Information 1: Introduction meat mincing machine (“Fleischwolf”) –6– Stefan Lucks Hash Fun. (2019) 1: Introduction What is / What Does a Hash Function? I A HF H maps a potentially long message M to small (n-bit) outputs H(M). I Consider H(M) as a “fingerprint” to identify M. I Collisions are inputs x 6= y with h(x) = h(y). Collisions are bad. If it is feasible to find a collision, the hash function is insecure. I Beyond security, you want a hash function to be fast. (Except when you are doing password hashing . ) Example: c ∗ c h :(f0; 1g ) ! f0; 1g , h(x1;:::; xn) = x1 ⊕ · · · ⊕ xn: –7– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.1: Hash Functions for Hash Tables I Hash table: data structure to implement an associative array I Example: search in a phone book I Advantages: fast access (O(1) if all goes well), small storage I Disadvantages: collisions slow down the access –8– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.1: Hash Tables Division Method I The table has p entries from 0 to p − 1 (p prime). I Write message x as a string of n m-bit values: x = (x1;:::; xn) m with xi 2 f0; 1g for 1 ≤ i ≤ n I Compute h1,..., hn: h1 = x1 h2 = (2 ∗ h1 + x2) mod p . hi = (2 ∗ hi−1 + xi) mod p and set finally h(x) = h(x1;:::; xn) = hn: –9– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.1: Hash Tables 1.2: Cryptographic Hash Functions Example use cases I Discover unauthorized manipulations of the message When first initialized, Open Source Tripwire scans the file sy- stem as directed by the administrator and stores information on each file scanned in a database. At a later date the same files are scanned and the results compared against the sto- red values in the database. Changes are reported to the user. Cryptographic hashes are employed to detect changes in a file without storing the entire contents of the file in the database. I Or in the context of digital signatures (! next slide) I Or for “Commitments” (! blackboard). –10– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.2: Cryptographic HF Digital Signatures (Hash-then-Sign) I Sign message of any length: I Typically in two steps: Hash 1. Apply hash function H to compute a short n-bit fingerprint of message 2. Apply signature scheme for n-bit messages. Hash –11– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.2: Cryptographic HF Classical security requirements Consider a hash function h : X!Y: Collision Resistance: Infeasible to find a pair x 6= y with x; y 2 X and h(x) = h(y) Second-preimage Resistance: Given a random x 2R X , infeasible to find y 2 X with h(x) = h(y). (Pure) Preimage Resistance: Definition 1: Given a random z 2R Y, infeasible to find x 2 X with h(x) = z Definition 2: Given z = h(x), where x 2R X is randomly chosen; 0 0 infeasible to find any x 2R X with h(x ) = z, regardless of x = x0 or not. Also important (a few slides ahead): “Behave like a random oracle” –12– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.2: Cryptographic HF Example Attacking the cryptographically weak division-method hash function Consider h, based on the division method with prime p = 7: 1. Find x with h(x) = 1. 2. Given x = (00110011001100), find h(x). 3. Find any x0 6= x with h(x) = h(x0). 4. Find x with h(x) = 0. 5. Find x with h(x) = 5. 6. Homework: Repeat steps 1–5 for p = 2857. –13– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.2: Cryptographic HF Relationship between security definitions and example attacks See blackboard for details Relationship: I Collision-resistant ) second-preimage-resistant. I But not (second-preimage-resistant ) collision resistant). Generic: Let h : f0; 1g∗ ! f0; 1gn be an n-bit HF. I Preimages and second preimages in time 2n. I Collisions in time 2n=2 (!) (note that the attack given here also requires memory of 2n=2; later we will see that an attack in roughly the same time with O(1) units of memory is possible) –14– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.2: Cryptographic HF 1.3: Random Oracles The Problem: I Collision, second and pure preimage resistance sometimes insufficient I The exact properties a hash function should have are difficult to model/describe . But we would need to define them to prove the security of complex cryptosystems using a hash function and other primitives. An apparent Solution: Assume the hash function behaves like an “ideal hash function”. –15– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.3: Random Oracles Random oracle = Ideal hash function . which we do not have in practice I For all X 2 f0; 1g∗: choose random H(X) := Y 2 f0; 1gn. I In other words: I If X 6= X 0, then H(X) and H(X 0) are two independent uniformly distributed random variables. I If X = X 0, then H(X) is a uniformly distributed random variable and H(X 0) = H(X). I We cannot implement such a function. (Why not?) I But we can perform “lazy sampling”: I Define List of pairs (X; H(X)), initially empty I Enter input X I If no pair (X; ∗) in the List then Choose H(X) 2 f0; 1gn at random Insert (X; H(X)) into the list I (∗ Given X, there is exactly one H(X) with (X; H(X)) on the list ∗) I Return H(X) –16– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.3: Random Oracles Example: Digital Signatures (“Full Domain Hash”) “Using RSA to sign the hash of a message“ ∗ Given: message M, RSA-key (N; e; d) and H : f0; 1g ! ZN M −! X H(M) −! Y X d mod N −! Y Sign(M) Verify(M; Y ) X H(M) X Y e mod N return Y X d mod N X 0 H(M) if X = X 0 then return true else return false –17– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.3: Random Oracles Formal Background RSA Problem: ∗ e Given N; e and a random Y 2 ZN , find X with X mod N = Y . Chosen Message Attack (against a signature scheme): For i 2 f1;:::; qg loop 1. Choose Mi d 2. Receive the signature Yi (here: Yi = H(Mi ) mod N). The adversary knows the public key and the query bound q is polynomial in the security parameter. Existential Forgery: A pair (M; Y ) 2= f(Mi ; Yi ) j 1 ≤ i ≤ qg with Verify(M; Y )=true. –18– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.3: Random Oracles Main Result Theorem 1 (Bellare-Rogaway 1993) In the random oracle model, Full Domain Hash is secure. Namely, any efficient adversary able to provide an existential forgery in a chosen message attack can efficiently solve the RSA problem. –19– Stefan Lucks Hash Fun. (2019) 1: Introduction 1.3: Random Oracles Un-Instantiability I What happens, when we replace the random oracle by a “real” hash function (hopefully a “secure” one)? I Hope: The complex cryptosystem remains secure. I Problem: Theorem 2 (Canetti-Goldreich-Halevi, 1998) Assume a secure signature scheme, either in the random oracle model or even in the standard model. Then one can define another signature scheme, which is I Provably secure in the random oracle model, but I Completely insecure in the standard model.
Load more

Recommended publications
  • Argon and Argon2
    Argon and Argon2 Designers: Alex Biryukov, Daniel Dinu, and Dmitry Khovratovich University of Luxembourg, Luxembourg [email protected], [email protected], [email protected] https://www.cryptolux.org/index.php/Password https://github.com/khovratovich/Argon https://github.com/khovratovich/Argon2 Version 1.1 of Argon Version 1.0 of Argon2 31th January, 2015 Contents 1 Introduction 3 2 Argon 5 2.1 Specification . 5 2.1.1 Input . 5 2.1.2 SubGroups . 6 2.1.3 ShuffleSlices . 7 2.2 Recommended parameters . 8 2.3 Security claims . 8 2.4 Features . 9 2.4.1 Main features . 9 2.4.2 Server relief . 10 2.4.3 Client-independent update . 10 2.4.4 Possible future extensions . 10 2.5 Security analysis . 10 2.5.1 Avalanche properties . 10 2.5.2 Invariants . 11 2.5.3 Collision and preimage attacks . 11 2.5.4 Tradeoff attacks . 11 2.6 Design rationale . 14 2.6.1 SubGroups . 14 2.6.2 ShuffleSlices . 16 2.6.3 Permutation ...................................... 16 2.6.4 No weakness,F no patents . 16 2.7 Tweaks . 17 2.8 Efficiency analysis . 17 2.8.1 Modern x86/x64 architecture . 17 2.8.2 Older CPU . 17 2.8.3 Other architectures . 17 3 Argon2 19 3.1 Specification . 19 3.1.1 Inputs . 19 3.1.2 Operation . 20 3.1.3 Indexing . 20 3.1.4 Compression function G ................................. 21 3.2 Features . 22 3.2.1 Available features . 22 3.2.2 Server relief . 23 3.2.3 Client-independent update .
    [Show full text]
  • CASH: a Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection
    CASH: A Cost Asymmetric Secure Hash Algorithm for Optimal Password Protection Jeremiah Blocki Anupam Datta Microsoft Research Carnegie Mellon University August 23, 2018 Abstract An adversary who has obtained the cryptographic hash of a user's password can mount an offline attack to crack the password by comparing this hash value with the cryptographic hashes of likely password guesses. This offline attacker is limited only by the resources he is willing to invest to crack the password. Key-stretching techniques like hash iteration and memory hard functions have been proposed to mitigate the threat of offline attacks by making each password guess more expensive for the adversary to verify. However, these techniques also increase costs for a legitimate authentication server. We introduce a novel Stackelberg game model which captures the essential elements of this interaction between a defender and an offline attacker. In the game the defender first commits to a key-stretching mechanism, and the offline attacker responds in a manner that optimizes his utility (expected reward minus expected guessing costs). We then introduce Cost Asymmetric Secure Hash (CASH), a randomized key-stretching mechanism that minimizes the fraction of passwords that would be cracked by a rational offline attacker without increasing amortized authentication costs for the legitimate authentication server. CASH is motivated by the observation that the legitimate authentication server will typically run the authentication procedure to verify a correct password, while an offline adversary will typically use incorrect password guesses. By using randomization we can ensure that the amortized cost of running CASH to verify a correct password guess is significantly smaller than the cost of rejecting an incorrect password.
    [Show full text]
  • Rifflescrambler – a Memory-Hard Password Storing Function ⋆
    RiffleScrambler – a memory-hard password storing function ? Karol Gotfryd1, Paweł Lorek2, and Filip Zagórski1;3 1 Wrocław University of Science and Technology Faculty of Fundamental Problems of Technology Department of Computer Science 2 Wrocław University Faculty of Mathematics and Computer Science Mathematical Institute 3 Oktawave Abstract. We introduce RiffleScrambler: a new family of directed acyclic graphs and a corresponding data-independent memory hard function with password independent memory access. We prove its memory hard- ness in the random oracle model. RiffleScrambler is similar to Catena – updates of hashes are determined by a graph (bit-reversal or double-butterfly graph in Catena). The ad- vantage of the RiffleScrambler over Catena is that the underlying graphs are not predefined but are generated per salt, as in Balloon Hashing. Such an approach leads to higher immunity against practical parallel at- tacks. RiffleScrambler offers better efficiency than Balloon Hashing since the in-degree of the underlying graph is equal to 3 (and is much smaller than in Ballon Hashing). At the same time, because the underlying graph is an instance of a Superconcentrator, our construction achieves the same time-memory trade-offs. Keywords: Memory hardness, password storing, Markov chains, mixing time. 1 Introduction In early days of computers’ era passwords were stored in plaintext in the form of pairs (user; password). Back in 1960s it was observed, that it is not secure. It took around a decade to incorporate a more secure way of storing users’ passwords – via a DES-based function crypt, as (user; fk(password)) for a se- cret key k or as (user; f(password)) for a one-way function.
    [Show full text]
  • Hash Functions
    11 Hash Functions Suppose you share a huge le with a friend, but you are not sure whether you both have the same version of the le. You could send your version of the le to your friend and they could compare to their version. Is there any way to check that involves less communication than this? Let’s call your version of the le x (a string) and your friend’s version y. The goal is to determine whether x = y. A natural approach is to agree on some deterministic function H, compute H¹xº, and send it to your friend. Your friend can compute H¹yº and, since H is deterministic, compare the result to your H¹xº. In order for this method to be fool-proof, we need H to have the property that dierent inputs always map to dierent outputs — in other words, H must be injective (1-to-1). Unfortunately, if H is injective and H : f0; 1gin ! f0; 1gout is injective, then out > in. This means that sending H¹xº is no better/shorter than sending x itself! Let us call a pair ¹x;yº a collision in H if x , y and H¹xº = H¹yº. An injective function has no collisions. One common theme in cryptography is that you don’t always need something to be impossible; it’s often enough for that thing to be just highly unlikely. Instead of saying that H should have no collisions, what if we just say that collisions should be hard (for polynomial-time algorithms) to nd? An H with this property will probably be good enough for anything we care about.
    [Show full text]
  • Cs 255 (Introduction to Cryptography)
    CS 255 (INTRODUCTION TO CRYPTOGRAPHY) DAVID WU Abstract. Notes taken in Professor Boneh’s Introduction to Cryptography course (CS 255) in Winter, 2012. There may be errors! Be warned! Contents 1. 1/11: Introduction and Stream Ciphers 2 1.1. Introduction 2 1.2. History of Cryptography 3 1.3. Stream Ciphers 4 1.4. Pseudorandom Generators (PRGs) 5 1.5. Attacks on Stream Ciphers and OTP 6 1.6. Stream Ciphers in Practice 6 2. 1/18: PRGs and Semantic Security 7 2.1. Secure PRGs 7 2.2. Semantic Security 8 2.3. Generating Random Bits in Practice 9 2.4. Block Ciphers 9 3. 1/23: Block Ciphers 9 3.1. Pseudorandom Functions (PRF) 9 3.2. Data Encryption Standard (DES) 10 3.3. Advanced Encryption Standard (AES) 12 3.4. Exhaustive Search Attacks 12 3.5. More Attacks on Block Ciphers 13 3.6. Block Cipher Modes of Operation 13 4. 1/25: Message Integrity 15 4.1. Message Integrity 15 5. 1/27: Proofs in Cryptography 17 5.1. Time/Space Tradeoff 17 5.2. Proofs in Cryptography 17 6. 1/30: MAC Functions 18 6.1. Message Integrity 18 6.2. MAC Padding 18 6.3. Parallel MAC (PMAC) 19 6.4. One-time MAC 20 6.5. Collision Resistance 21 7. 2/1: Collision Resistance 21 7.1. Collision Resistant Hash Functions 21 7.2. Construction of Collision Resistant Hash Functions 22 7.3. Provably Secure Compression Functions 23 8. 2/6: HMAC And Timing Attacks 23 8.1. HMAC 23 8.2.
    [Show full text]
  • Sketch of Lecture 34 Mon, 4/16/2018
    Sketch of Lecture 34 Mon, 4/16/2018 Passwords Let's say you design a system that users access using personal passwords. Somehow, you need to store the password information. The worst thing you can do is to actually store the passwords m. This is an absolutely atrocious choice, even if you take severe measures to protect (e.g. encrypt) the collection of passwords. Comment. Sadly, there is still systems out there doing that. An indication of this happening is systems that require you to update passwords and then complain that your new password is too close to the original one. Any reasonably designed system should never learn about your actual password in the rst place! Better, but still terrible, is to instead store hashes H(m) of the passwords m. Good. An attacker getting hold of the password le, only learns about the hash of a user's password. Assuming the hash function is one-way, it is infeasible for the attacker to determine the corresponding password (if the password was random!!). Still bad. However, passwords are (usually) not random. Hence, an attacker can go through a list of common passwords (dictionary attack), compute the hashes and compare with the hashes of users (similarly, a brute-force attack can simply go through all possible passwords). Even worse, it is immediately obvious if two users are using the same password (or, if the same user is using the same password for dierent services using the same hash function). Comment. So, storing password hashes is not OK unless all passwords are completely random.
    [Show full text]
  • A Survey of Password Attacks and Safe Hashing Algorithms
    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 04 Issue: 12 | Dec-2017 www.irjet.net p-ISSN: 2395-0072 A Survey of Password Attacks and Safe Hashing Algorithms Tejaswini Bhorkar Student, Dept. of Computer Science and Engineering, RGCER, Nagpur, Maharashtra, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - To authenticate users, most web services use pair of message that would generate the same hash as that of the username and password. When a user wish to login to a web first message. Thus, the hash function should be resistant to application of the service, he/she sends their user name and second-pre-image. password to the web server, which checks if the given username already exist in the database and that the password is identical to 1.2 Hashing Algorithms the password set by that user. This last step of verifying the password of the user can be performed in different ways. The user Different hash algorithms are used in order to generate hash password may be directly stored in the database or the hash value values. Some commonly used hash functions include the of the password may be stored. This survey will include the study following: of password hashing. It will also include the need of password hashing, algorithms used for password hashing along with the attacks possible on the same. • MD5 • SHA-1 Key Words: Password, Hashing, Algorithms, bcrypt, scrypt, • SHA-2 attacks, SHA-1 • SHA-3 1.INTRODUCTION MD5: Web servers store the username and password of its users to authenticate its users. If the web servers store the passwords of This algorithm takes data of arbitrary length and produces its users directly in the database, then in such case, password message digest of 128 bits (i.e.
    [Show full text]
  • Client-CASH: Protecting Master Passwords Against Offline Attacks Jeremiah Blocki, Anirudh Sridhar Motivation: Password Storage
    Client-CASH: Protecting Master Passwords against Offline Attacks Jeremiah Blocki, Anirudh Sridhar Motivation: Password Storage asridhar, 123456 Username Salt Hash 85e23cfe002 asridhar 89d978034a3f 1f584e3db87 6 aa72630a9a2 345c062 SHA1(12345689d978034a3f6) =85e23cfe0021f584e3db87aa + 72630a9a2345c062 2 Offline Attacks: A Common Problem • Password breaches at major companies have affected millions of users. No key stretching? Dictionary of 1000 words Password of 4 words: Horse battery staple 1012 possibilities correct 3.5 x 1011 hashes/second ~ 3 seconds to crack Key Stretching Hash Function Cost: C H Hk … Memory Hard Functions Hash Iteration A Fundamental Tradeoff Increased Costs for Honest Party A Fundamental Tradeoff Is the extra effort worth it? A Fundamental Tradeoff Can I tip the scales? A Key Observation password 12345 letmein abc123 …. …… password unbreakable unbr3akabl3 Most …. …… guesses are wrong unbr3akabl3 A Key Observation unbr3akabl3 unbr3akabl3 unbr3@k@bl3 …. password 12345 unbr3akabl3 letmein abc123 …. …… password unbreakable unbr3akabl3 …. …… Most guesses are correct unbr3akabl3 A Key Observation unbr3akabl3 unbr3akabl3 unbr3akabl3 …. password 12345 unbr3akabl3 letmein abc123 …. …… password unbreakable unbr3akabl3 …. …… Goal Asymmetry: COST < COST Pepper [M96],[BD16] Pepper: t asridhar, 123456 Username Salt Hash asridhar 89d978034a3f 85e23cfe002 1f584e3db87 aa72630a9a2 345c062 SHA1(12345689d978034a3f6)=85e23cfe 0021f584e3db87aa72630a9a2345c062 Pepper [Manber96],[BD16] asridhar, 123456 Pepper: t Username Salt Hash asridhar
    [Show full text]
  • Using Improved D-HMAC for Password Storage
    Computer and Information Science; Vol. 10, No. 3; 2017 ISSN 1913-8989 E-ISSN 1913-8997 Published by Canadian Center of Science and Education Using Improved d-HMAC for Password Storage Mohannad Najjar1 1 University of Tabuk, Tabuk, Saudi Arabia Correspondence: Mohannad Najjar, University of Tabuk, Tabuk, Saudi Arabia. E-mail: [email protected] Received: May 3, 2017 Accepted: May 22, 2017 Online Published: July 10, 2017 doi:10.5539/cis.v10n3p1 URL: http://doi.org/10.5539/cis.v10n3p1 Abstract Password storage is one of the most important cryptographic topics through the time. Different systems use distinct ways of password storage. In this paper, we developed a new algorithm of password storage using dynamic Key-Hashed Message Authentication Code function (d-HMAC). The developed improved algorithm is resistant to the dictionary attack and brute-force attack, as well as to the rainbow table attack. This objective is achieved by using dynamic values of dynamic inner padding d-ipad, dynamic outer padding d-opad and user’s public key as a seed. Keywords: d-HMAC, MAC, Password storage, HMAC 1. Introduction Information systems in all kinds of organizations have to be aligned with the information security policy of these organizations. The most important components of such policy in security management is access control and password management. In this paper, we will focus on the password management component and mostly on the way of such passwords are stored in these information systems. Password is the oldest and still the primary access control technique used in information systems. Therefore, we understand that to have an access to an information system or a part of this system the authorized user hast to authenticate himself to such system by using an ID (username) and a password Hence, password storage is a vital component of the Password Access Control System.
    [Show full text]
  • Privacyidea Documentation Release 2.3
    privacyIDEA Documentation Release 2.3 Cornelius Kölbel June 23, 2015 Contents 1 Table of Contents 3 1.1 Overview.................................................3 1.2 Installation................................................3 1.3 First Steps................................................ 12 1.4 Configuration............................................... 17 1.5 Tokenview................................................ 47 1.6 Userview................................................. 52 1.7 Policies.................................................. 56 1.8 Audit................................................... 72 1.9 Client machines............................................. 72 1.10 Application Plugins........................................... 75 1.11 Tools................................................... 79 1.12 Import.................................................. 80 1.13 Code Documentation........................................... 82 1.14 Frequently Asked Questions....................................... 173 2 Indices and tables 175 HTTP Routing Table 177 Python Module Index 179 i ii privacyIDEA Documentation, Release 2.3 privacyIDEA is a modular authentication system. Using privacyIDEA you can enhance your existing applications like local login, VPN, remote access, SSH connections, access to web sites or web portals with a second factor during authentication. Thus boosting the security of your existing applications. Originally it was used for OTP authentication devices. But other “devices” like challenge response and SSH
    [Show full text]
  • Cryptacus Newsletter
    SEPTEMBER 2016, NO 1 Cryptacus Newsletter First Cryptacus.eu Newsletter Welcome to this first edition of the monthly Crypta- cus Newsletter, bringing you a quick glimpse into the latest developments in the IoT cryptanalysis area. There are not a lot of contributors to this first edition of the newsletter, for obvious reasons, but we’d love you to send us your contributions for in- coming issues, comments and feedback to [email protected] News from the Chair Castro accepted to be the editor of This month we recommend to by GILDAS AVOINE this newsletter. Thanks, Julio! I hope read the paper Lock It and Still Lose you will keep this newsletter excit- It - On the (In)Security of Automo- ing by regularly sending your news to tive Remote Keyless Entry Systems, Julio. published in the 25th USENIX Se- During Haifa’s meeting, we also curity Symposium (USENIX Security discussed the third grand period. 2016). Cryptacus encountered several diffi- This brilliant piece of work, by culties to launch the third grant pe- our colleague and WG4 leader riod, but this issue should be fixed Flavio Garcia (with David Os- soon. Note that the scientific commit- wald, Timo Kasper and Pierre tee, chaired by Bart Preneel, will pro- Pavlidès) which you can enjoy at pose in the coming days the location http://goo.gl/nkeDB5, has been all Cryptacus’ Management Committee of the next meeting. Right after, the over the news recently, being covered Meeting organised in Haifa, Israel, MC will vote on the grant agreement, at news sites such as The Guardian, was really interesting and useful which is a mandatory step before the Daiy Mail, WIRED, The Register, Busi- (Thanks, Orr!) for the current and next period starts.
    [Show full text]
  • Providing Confidentiality, Data Integrity and Authentication of Transmitted Information
    VOL. 14, NO. 1, JANUARY 2019 ISSN 1819-6608 ARPN Journal of Engineering and Applied Sciences ©2006-2019 Asian Research Publishing Network (ARPN). All rights reserved. www.arpnjournals.com PROVIDING CONFIDENTIALITY, DATA INTEGRITY AND AUTHENTICATION OF TRANSMITTED INFORMATION Saleh Suleman Saraireh Al - Hussien Bin Talal University, Maan, Jordan E-Mail: [email protected] ABSTRACT Transmission of secret information through non - secure communication channels is subjected to many security threats and attacks. The secret information could be government documents, exam questions, patient information, hospital information and laboratory medical reports. Therefore it is essential to use a strong and robust security technique to ensure the security of such information. This requires the implementation of strong technique to satisfy different security services. In this paper different security algorithms are combined together to ensure confidentiality, authentication and data integrity. The proposed approach involves the combination between symmetric key encryption algorithm, hashing algorithm and watermarking. So, before the transmission of secret information it should be encrypted using the advanced encryption standard (AES), hashed using secure hash algorithm 3 (SHA3) and then embedded over an image using discrete wavelet transform (DWT), discrete cosine transforms (DCT) and singular value decompositions (SVD) watermarking technique. The security performance of the proposed approach is examined through different security metrics, namely, peak signal - to - noise ratio (PSNR) and normalized correlation coefficient (NC); the obtained results reflect the robustness and the resistance of the proposed approach to different attacks. Keywords: cryptography, watermarking, hashing, authentication, confidentiality. 1. INTRODUCTION algorithm, the embedded information can be visible or Nowadays the amount of exchanged data has invisible.
    [Show full text]