DOCSLIB.ORG

Alice and Bob in Wonderland a First Glimpse in the World of Security and Cryptography

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Alice and Bob in Wonderland a First Glimpse in the World of Security and Cryptography NXP SEMICONDUCTORS Alice and Bob in Wonderland A first glimpse in the world of security and cryptography September 2018 Mario Lamberger Agenda Introduction The Good The Bad The Ugly The Future COMPANY PUBLIC Introduction About myself MSc, PhD in technical mathematics, TU Graz Post-doc assistant at IAIK @ TU Graz – Java + network security, cryptography Habilitation in IT-Security @ IAIK/TU Graz 20+ publications in mathematics, cryptography, IT-security Principal Cryptographer and Security Assessment expert @ NXP – Joined 2011 – Works on crypto libraries, certification topics, analysis on random number generators – Lead of „NXP Security School“, trainings on cryptography, certification topics, implementation security Trained more than 2500 employees COMPANY PUBLIC THE GOOD Security in general COMPANY PUBLIC Key security requirements “Hello Confidentiality World” Integrity Keeping secrets Ensuring unmodified secret (business value data transport & “Hello “Hello of data, privacy – unmodified SW World” World” encryption is the execution technology of choice) Authenticity Alice Availability Verifying identities for Ensuring that the source of data/SW, “Fake” Bob services remain (trusted access control available operations) Bob “Fake” Alice COMPANY PUBLIC CONFIDENTIALITY Historic examples: This ... is ... Sparta! Scytale: – Oldest known military encryption scheme. – It was used by the Spartans already 2500 years ago to encrypt messages. – For encryption a wooden cylinder has been used with a certain diameter (acting as the key). The Scytale is a transposition cipher. Alternative hypothesis: Message authentication COMPANY PUBLIC Historic examples: Alea iacta est! Caesar cipher – The Caesar-Cipher is named after Julius Caesar (100-40 B.C.). – It was used for military correspondence. – For encryption the letters of the message where replaced by different letters of the same alphabet. The Caesar cipher is a substitution cipher. Other examples: – Vigenère cipher – Hill cipher – ... COMPANY PUBLIC Ceasar cipher in our days... Cipher text Ns hwduytlwfumd, f Hfjxfw hnumjw, fqxt pstbs fx Hfjxfw'x hnumjw, ymj xmnky hnumjw, Hfjxfw'x htij tw Hfjxfw xmnky, nx tsj tk ymj xnruqjxy fsi rtxy bnijqd pstbs jshwduynts yjhmsnvzjx. Ny nx f yduj tk xzgxynyzynts hnumjw ns bmnhm jfhm qjyyjw ns ymj uqfnsyjcy nx wjuqfhji gd f qjyyjw xtrj kncji szrgjw tk utxnyntsx itbs ymj fqumfgjy. Ktw jcfruqj, bnym f xmnky tk Shift 3, F btzqi gj wjuqfhji gd I, G btzqi gjhtrj = 5 J, fsi xt ts. Ymj rjymti nx sfrji fkyjw In cryptography, a Caesar cipher, also known as Caesar's cipher, the shift cipher, Caesar's code or Caesar shift, is one of the Ozqnzx Hfjxfw, bmt zxji ny ns mnx simplest and most widely known encryption techniques. It is a type uwnafyj htwwjxutsijshj. of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B would become E, and so on. The method is named after Julius Caesar, who used it in his private correspondence. COMPANY PUBLIC Symmetric Cryptography Symmetric key information Enc Dec COMPANY PUBLIC Important Features and Principles of Block Ciphers n-bit block size Kerckhoff’s principle: – The attacker always knows the Plaintext (P) algorithm; the only information unknown to him/her is the key. – DES (1976) 010 010 Key Cipher 010 k-bit key Brute force attack (K) .. – Basically, given P and C, try out all 010 possible K – Possible on every cipher Ciphertext (C) COMPANY PUBLIC Modern Encryption Practice: Block Ciphers Practical version of block substitution cipher for fixed key – Easy computation rule instead of huge table 1 1 2 2 3 3 ... ... 4 4 Introduce computation rule to compute table elements: ... ... [m] = E (m, k) S Goal is to design „good“ rule E : S COMPANY PUBLIC https://www.youtube.com/watch?v=mlzxpkdXP58 COMPANY PUBLIC Performance, performance, performance... AES instructions (Intel, ARM, NXP, ...) PXOR %xmm5, %xmm0 AESENC %xmm6, %xmm0 Intel: AESENC %xmm7, %xmm0 AESENC %xmm8, %xmm0 AESENC takes 4 cycles, so 40 cycles for full AES (at 2GHz 800MB per second!) AESENC %xmm9, %xmm0 AESENC %xmm10, %xmm0 AESENC %xmm11, %xmm0 Remember the brute-force attack from before? AESENC %xmm12, %xmm0 AESENC %xmm13, %xmm0 AESENC %xmm14, %xmm0 Above Intel PC: 5 10 encryptions per sec AESENCLAST %xmm15, %xmm0 10 years 7 23 ⋅ Computing power of Bitcoin network: 5 10 encryptions per sec 2,1581810 = 2.158.000.000.000 years ≈ ⋅ 12 13.799.000.000 years age of our universe ⋅ COMPANY PUBLIC Widely used block ciphers Triple-DES – IBM + NSA – Based on DES (1976) AES – V. Rijmen/J. Daemen SM4 – Chinese cipher – Chinese wireless LAN cipher standard (WAPI) COMPANY PUBLIC How to encrypt large amounts of data ? Block by block ECB point in time 1 point in timepoint 1 in timepoint 2 in time 22 pointpointpoint ininin time timetime t tt ... ...... Cipher block chaining CBC IVm1 Ctr block 1n nm1 Ctr nblockm 22 n nn mmCtrtt block t nnn Counter mode CTR cii = ES(cmi-1i, k )mi,E kS), i>0 k ES k ES EkS kk EEESSS kkk m1 n m2 n mt n ...... c1 nc1 c2 n c2 n nn ... cccttt nnn SenderSender Receiver Receiver ...... point in time 1 c1 pointn inc time2 2 nn ccttpoint in time tnn Ctr block 1 n Ctr block 2 n ... Ctr block t n mii = DS(cii, k) ci-1, i>0 DS k DS kk DDSS kk ES k ES k ES k ... c1 IV n n c2m1 n n m2 ct nn ... mmtnt nn m1 n m2 n ... mt n COMPANY PUBLIC What would you prefer ? CBC/CTR mode output COMPANY PUBLIC INTEGRITY Cryptographic Hash Functions – Protecting Integrity Analogy: digital fingerprints NOT to be confused with: Data – Hash tables in databases Compression: Data of arbitrary length is mapped to a fixed length of bits (Typical values: = 256 bits) Hash Easy to compute : Hash functions should be very efficient! Cryptographic properties: NO COLLUSION NO COLLISIONS! A hash function should be hard to invert! It should be hard to find two data elements with the same hash value COMPANY PUBLIC Cryptographic Hash Functions Applications – “Historic” Important building block: >100 occurences in Windows operating system 98246 012345 6789… ? Representative Commitment Randomizer SHA256(“Mario”) = 61 C8 E1 6A D9 0D 4E 6D A3 17 18 0F A4 45 E2 62 E9 31 3B BF 21 FD 4D 30 B3 B9 B4 42 58 86 B2 F5 SHA256(“Marion”) = 34 17 CF DF 67 C5 1B 20 FE 04 24 BC 47 D5 69 2E 87 59 FB 06 B3 6D 48 28 A6 AD 1C 65 4A 9D C3 67 COMPANY PUBLIC Cryptographic Hash Functions Applications – Today Bitcoin mining Proof of work (c) https://coincentral.com Solving “hash puzzles” (SHA-256) August 2017, the mining difficulty (block #479669) (bit security ~2 . ) 71 65 0000000000000000005d68cd57cfb4f925aa1e3e729feb0cb81a64393306ad4f COMPANY PUBLIC Hash functions – a quick look under the hood MD4-family of hash functions Current state-of-the-art: SHA-2 family (FIPS 180-4) Alternative construction: SHA-3 (sponge contruction) – Again a competition, – Again J. Daemen COMPANY PUBLIC AUTHENTICITY AKA RECYCLING IN CRYPTO Message Authentication Codes (block cipher based) Recycling in cryptography: point in time 1 point in time 2 point in time t ... CBC mode of operation IV n m1 n m2 n mt n CBC MAC ci = ES(ci-1 mi, k), i>0 ES k ES k ES k (ISO/IEC 9797-1 MAC Algorithm 1) ... CMAC c1 n c2 n ct n Sender (NIST SP 800-38B) Receiver c1 n c2 n ... ct n mi = DS(ci, k) ci-1, i>0 DS k DS k DS k IV n m1 n m2 n ... mt n COMPANY PUBLIC HMAC – keyed-hash message authentication code Originally defined in 1996 Used extensively by IETF (RFC2104) Widely standarized NIST FIPS 198-1 ( )|| || ′ ′ ⊕ ⊕ 1 Hash Hash ( , ) COMPANY PUBLIC Using Encryption for Authentication Basic authentication principles: – Something known – Something possessed – Something inherent How to NOT do it: ID E = Enc(ID, Key) Key Key E COMPANY PUBLIC A simple example for an authentication protocol All modern authentication protocols use a time-variant parameter – Nonce (random challenge) – Timestamp – Sequence number Challenge – response protocol Challenge R Key Key E = Enc(R, Key) Different for each authentication run! COMPANY PUBLIC PUBLIC KEY CRYPTO AKA ASYMMETRIC CRYPTO The problem so far ... How do Alice and Bob get their symmetric keys in the first place ? What if Alice and Bob are not the only people on earth ? A B E F 15 keys C D 7 10 people 25 10 keys 9 18 After⋅ 2500 years it≈ was⋅ time for a new concept ... COMPANY PUBLIC COMPANY PUBLIC Public Key Signatures CREATE Remember 00110…..11001 11111…..10011 11111…..10011 hash digitally digitally signeddocument hash private key sender signed hash collisions ? hash 00110…..11001 compare VERIFY 00110…..11001 11111…..10011 digitally signeddocument public key sender COMPANY PUBLIC Asymmetric/ Public Key Cryptography Based on hard and long-studied mathematical problems from number theory, algebra, … In theory, no initial key exchange between Alice and Bob The idea: – Each participating party owns a key pair – A key pair consists of • A public key (can be known to everybody) • A private key (must stay under the sole control of the owner) COMPANY PUBLIC RSA (Rivest, Shamir, Adleman, 1978) Based on the so called factorization problem: dC – Given two prime numbers, it is easy to multiply them. d Given the product, it is difficult to find the prime numbers. B A: nA,eA B: n ,e RSA Keys – Every participant has B B C : nC,eC – a modulus n = p·q (public), the product of two large prime numbers – a public exponent e (for performance reasons, one often chooses small prime numbers with few 1’s) e = 216 + 1 are common choices (e = 3,17 in old designs) dA – a private exponent d.
Load more

Recommended publications
  • Models and Algorithms for Physical Cryptanalysis
    MODELS AND ALGORITHMS FOR PHYSICAL CRYPTANALYSIS Dissertation zur Erlangung des Grades eines Doktor-Ingenieurs der Fakult¨at fur¨ Elektrotechnik und Informationstechnik an der Ruhr-Universit¨at Bochum von Kerstin Lemke-Rust Bochum, Januar 2007 ii Thesis Advisor: Prof. Dr.-Ing. Christof Paar, Ruhr University Bochum, Germany External Referee: Prof. Dr. David Naccache, Ecole´ Normale Sup´erieure, Paris, France Author contact information: [email protected] iii Abstract This thesis is dedicated to models and algorithms for the use in physical cryptanalysis which is a new evolving discipline in implementation se- curity of information systems. It is based on physically observable and manipulable properties of a cryptographic implementation. Physical observables, such as the power consumption or electromag- netic emanation of a cryptographic device are so-called `side channels'. They contain exploitable information about internal states of an imple- mentation at runtime. Physical effects can also be used for the injec- tion of faults. Fault injection is successful if it recovers internal states by examining the effects of an erroneous state propagating through the computation. This thesis provides a unified framework for side channel and fault cryptanalysis. Its objective is to improve the understanding of physi- cally enabled cryptanalysis and to provide new models and algorithms. A major motivation for this work is that methodical improvements for physical cryptanalysis can also help in developing efficient countermea- sures for securing cryptographic implementations. This work examines differential side channel analysis of boolean and arithmetic operations which are typical primitives in cryptographic algo- rithms. Different characteristics of these operations can support a side channel analysis, even of unknown ciphers.
    [Show full text]
  • Effects of Architecture on Information Leakage of a Hardware Advanced Encryption Standard Implementation Eric A
    Air Force Institute of Technology AFIT Scholar Theses and Dissertations Student Graduate Works 9-13-2012 Effects of Architecture on Information Leakage of a Hardware Advanced Encryption Standard Implementation Eric A. Koziel Follow this and additional works at: https://scholar.afit.edu/etd Part of the Computer and Systems Architecture Commons, and the Information Security Commons Recommended Citation Koziel, Eric A., "Effects of Architecture on Information Leakage of a Hardware Advanced Encryption Standard Implementation" (2012). Theses and Dissertations. 1127. https://scholar.afit.edu/etd/1127 This Thesis is brought to you for free and open access by the Student Graduate Works at AFIT Scholar. It has been accepted for inclusion in Theses and Dissertations by an authorized administrator of AFIT Scholar. For more information, please contact [email protected]. EFFECTS OF ARCHITECTURE ON INFORMATION LEAKAGE OF A HARDWARE ADVANCED ENCRYPTION STANDARD IMPLEMENTATION THESIS Eric A. Koziel AFIT/GCO/ENG/12-25 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson Air Force Base, Ohio APPROVED FOR PUBLIC RELEASE; DISTRIBUTION UNLIMITED The views expressed in this thesis are those of the author and do not reflect the official policy or position of the United States Air Force, Department of Defense, or the United States Government. This material is declared a work of the U.S. Government and is not subject to copyright protection in the United States. AFIT/GCO/ENG/12-25 EFFECTS OF ARCHITECTURE ON INFORMATION LEAKAGE OF A HARDWARE ADVANCED ENCRYPTION STANDARD IMPLEMENTATION THESIS Presented to the Faculty Department of Electrical & Computer Engineering Graduate School of Engineering and Management Air Force Institute of Technology Air University Air Education and Training Command In Partial Fulfillment of the Requirements for the Degree of Master of Science in Cyber Operations Eric A.
    [Show full text]
  • Some Words on Cryptanalysis of Stream Ciphers Maximov, Alexander
    Some Words on Cryptanalysis of Stream Ciphers Maximov, Alexander 2006 Link to publication Citation for published version (APA): Maximov, A. (2006). Some Words on Cryptanalysis of Stream Ciphers. Department of Information Technology, Lund Univeristy. Total number of authors: 1 General rights Unless other specific re-use rights are stated the following general rights apply: Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal Read more about Creative commons licenses: https://creativecommons.org/licenses/ Take down policy If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. LUND UNIVERSITY PO Box 117 221 00 Lund +46 46-222 00 00 Some Words on Cryptanalysis of Stream Ciphers Alexander Maximov Ph.D. Thesis, June 16, 2006 Alexander Maximov Department of Information Technology Lund University Box 118 S-221 00 Lund, Sweden e-mail: [email protected] http://www.it.lth.se/ ISBN: 91-7167-039-4 ISRN: LUTEDX/TEIT-06/1035-SE c Alexander Maximov, 2006 Abstract n the world of cryptography, stream ciphers are known as primitives used Ito ensure privacy over a communication channel.
    [Show full text]
  • Cryptography Weekly Independent Teaching Activities Teaching Credits Hours 4 6
    COURSE OUTLINE (1) GENERAL SCHOOL SCHOOL OF SCIENCES ACADEMIC UNIT DEPARTMENT OF MATHEMATICS LEVEL OF STUDIES UNDERGRADUATE PROGRAM COURSE CODE 311-2003 SEMESTER F COURSE TITLE CRYPTOGRAPHY WEEKLY INDEPENDENT TEACHING ACTIVITIES TEACHING CREDITS HOURS 4 6 COURSE TYPE Special background PREREQUISITE COURSES: NO LANGUAGE OF INSTRUCTION and GREEK EXAMINATIONS: IS THE COURSE OFFERED TO YES ERASMUS STUDENTS COURSE WEBSITE (URL) http://www.math.aegean.gr/index.php/en/academics/undergraduate- programs (2) LEARNING OUTCOMES Learning outcomes In this course the students are introduced to the basic complexity theory and how computational difficulty in solving problems can be exploited to build secure cryptographic protocols. The lectures are, then, focused on some elementary cryptographic schemes like Caesar’s cipher, general substitution ciphers, polyalphabetic ciphers and how they can be broken efficiently. Then the students are introduced to Shannon’s cryptographic principles of confusion and diffusion and how they lead to the Feistel-based block ciphers. Then, as case studies, the block ciphers DES, CAST-128 and AES are presented along with analysis of their security properties. In the middle of the course, the students are introduced to public key cryptography and the RSA, ElGamal scheme and the foundations of Elliptic Curve Cryptography as well as the state of the art in the cryptanalysis of RSA and ECC. The aim of this course is mainly to introduce the students into the basic concepts of cryptography and cryptanalysis. At the end of the course, they could develop and analyse certain cryptographic systems and they could be ready to use and modify certain cryptanalysis techniques.
    [Show full text]
  • CE441: Data and Network Security Cryptography — Symmetric
    CE441: Data and Network Security Cryptography — Symmetric Behnam Momeni, PhD Department of Computer Engineering Sharif University of Technology Fall 2019 . B. Momeni (Sharif Univ. of Tech.) CE441: Data and Network Security Fall 2019 1 / 94 Cryptology: Cryptography and Cryptanalysis Review: What Does Security Mean? Outline 1 Cryptology: Cryptography and Cryptanalysis Review: What Does Security Mean? Cryptography: Definition and Models Classic Cryptography Cryptanalysis: A Glimpse 2 Confidentiality-Providing Schemes 3 Integrity-Providing Schemes 4 Full Fledged Schemes . B. Momeni (Sharif Univ. of Tech.) CE441: Data and Network Security Fall 2019 2 / 94 Cryptology: Cryptography and Cryptanalysis Review: What Does Security Mean? Security Goals Availability CIA Triad Confidentiality Integrity . B. Momeni (Sharif Univ. of Tech.) CE441: Data and Network Security Fall 2019 3 / 94 Cryptology: Cryptography and Cryptanalysis Review: What Does Security Mean? Definition Defining an scheme has two main parts Syntax: specifies operations which can be performed by honest participants of the scheme e.g. The symmetric encryption scheme, SE = (K; E; D), contains a key generation function K, an encryption function E, and a decryption function D k K : 8m : Dk (Ek (m)) = m The scheme is modeled here Semantic: specifies conditions which must be met by a secure scheme The security definition is formalized here . B. Momeni (Sharif Univ. of Tech.) CE441: Data and Network Security Fall 2019 4 / 94 Cryptology: Cryptography and Cryptanalysis Review: What Does Security Mean? Game-based Definition Model the scheme operations normally Then, devise a game between an adversary and a challenger Adversary tries to break the security definition Challenger wants to demonstrate inability of the adversary Adversary is trying to obtain some advantage e.g.
    [Show full text]
  • Security System on Data Encryption & Decryption
    International Research Journal of Engineering and Technology (IRJET)e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 Security System on Data Encryption & Decryption Mr. Mukul Aggarwal1, Mr. Deepak Kumar Yadav2, Dr. Himanshu Arora3 and Mr. Sudhanshu Vashistha4 1B. Tech Student, Department of CSE, Arya College of Engineering and Research Center, Jaipur 2B. Tech Student, Department of CSE, Arya College of Engineering and Research Center, Jaipur 3Professor, Department of CSE, Arya College of Engineering and Research Center, Jaipur 4Assistant Professor, Department of CSE, Arya College of Engineering and Research Center, Jaipur ---------------------------------------------------------------------- ***--------------------------------------------------------- Abstract— Now’s a day’s security is a feature or factor which is most services attack. It is the attack in which third- person important about any sector which ensures the protection of data. It directly access the server. prevents unauthorized persons, thieves, hackers, etc. In this field, Access Control: It is the process in which only authorized there are three main feature which is essential for data security i.e. person can only access the data resources confidentiality, integrity, availability, these three main features which prevent from unauthorized any other third person. Confidentiality TABLE I basically if we send the data from one person to another person then FONT SIZES FOR PAPERS only authorized person can access & integrity if we transfer the information from one to another then no one can change. The availability of the resources should be available 24/7 hour or data should be available on demand. Process of communication using Encryption and Decryption over data. To convert the plain text into ciphertext is Encryption and convert the ciphertext into plain text is Decryption and both methods called as a Cryptology.
    [Show full text]
  • When Encryption Is Not Enough Effective Concealment of Communication Pattern, Even Existence (Bitgrey, Bitloop)
    When Encryption is Not Enough Effective Concealment of Communication Pattern, even Existence (BitGrey, BitLoop) Gideon Samid Department of Electrical Engineering and Computer Science Case Western Reserve University, Cleveland, OH [email protected] Abstract: How much we say, to whom, and when, is inherently telling, even if the contents of our communication is unclear. In other words: encryption is not enough; neither to secure privacy, nor to maintain confidentiality. Years ago Adi Shamir already predicted that encryption will be bypassed. And it has. The modern dweller of cyber space is routinely violated via her data behavior. Also, often an adversary has the power to compel release of cryptographic keys over well-exposed communication. The front has shifted, and now technology must build cryptographic shields beyond content, and into pattern, even as to existence of communication. We present here tools, solutions, methods to that end. They are based on equivocation. If a message is received by many recipients, it hides the intended one. If a protocol calls for decoy messages, then it protects the identity of the sender of the contents-laden message. BitGrey is a protocol that creates a "grey hole" (of various shades) around the communicating community, so that very little information leaks out. In addition the BitLoop protocol constructs a fixed rate circulating bit flow, traversing through all members of a group. The looping bits appear random, and effectively hide the pattern, even the existence of communication within the group. 1 Introduction We have fought for freedom in the physical world, and now the war moved to cyber space.
    [Show full text]
  • Arxiv:Quant-Ph/0601207V3 2 May 2006 Acmdtraid Atcooi,Ad.Cnlol´Impic, S/ Canal Avda
    E. WOLF, PROGRESS IN OPTICS VVV c 199X ALL RIGHTS RESERVED X QUANTUM CRYPTOGRAPHY BY Miloslav Duˇsek Department of Optics, Palack´yUniversity 17. listopadu 50, 77200 Olomouc, Czech Republic Norbert Lutkenhaus¨ Institut f¨ur Optik, Information und Photonik Universit¨at Erlangen-N¨urnberg Staudtstr. 7/B3, 91058 Erlangen, Germany Martin Hendrych ICFO - Institut de Ci`encies Fot`oniques Parc Mediterrani de la Tecnologia, Avda. Canal Ol´ımpic, s/n 08860 Castelldefels (Barcelona), Spain arXiv:quant-ph/0601207v3 2 May 2006 1 CONTENTS1 PAGE 1. CIPHERING 3 § 2. QUANTUM KEY DISTRIBUTION 9 § 3. SOMEOTHERDISCRETEPROTOCOLSFORQKD 14 § 4. EXPERIMENTS 18 § 5. TECHNOLOGY 26 § 6. LIMITATIONS 34 § 7. SUPPORTING PROCEDURES 35 § 8. SECURITY 38 § 9. PROSPECTS 51 REFERENCES§ 52 1Run LaTeX twice for up-to-date contents. 2 1. CIPHERING 3 1. Ciphering §§§ 1.1. INTRODUCTION, CRYPTOGRAPHIC TASKS There is no doubt that electronic communications have become one of the main pillars of the modern society and their ongoing boom requires the development of new methods and techniques to secure data transmission and data storage. This is the goal of cryptography. Etymologically derived from Greek κρυπτoς´ , hidden or secret, and γραϕη´, writing, cryptography may generally be defined as the art of writing (encryption) and deciphering (decryption) messages in code in order to ensure their confidentiality, authenticity, integrity and non-repudiation. Cryptog- raphy and cryptanalysis, the art of codebreaking, together constitute cryptology (λoγoς´ , a word). Nowadays many paper-based communications have already been replaced by elec- tronic means, raising the challenge to find electronic counterparts to stamps, seals and hand-written signatures. The growing variety of applications brings many tasks that must be solved.
    [Show full text]
  • Evaluation of Anonymity and Confidentiality Protocols Using
    Form Methods Syst Des (2015) 47:265–286 DOI 10.1007/s10703-015-0232-5 Evaluation of anonymity and confidentiality protocols using theorem proving Tarek Mhamdi1 · Osman Hasan1 · Sofiène Tahar1 Published online: 20 June 2015 © Springer Science+Business Media New York 2015 Abstract Anonymity and confidentiality protocols constitute crucial parts in many net- work applications as they ensure anonymous communications between entities in a network or provide security in insecure communication channels. Evaluating the properties of these protocols is therefore of paramount importance, especially in the case of safety-critical appli- cations. However, traditional analysis techniques, like simulation, cannot ascertain accurate analysis in this domain. We propose to overcome this limitation by conducting an informa- tion leakage analysis of anonymity and cryptographic protocols within the trusted kernel of a higher-order-logic theorem prover. For this purpose, we first introduce two novel measures of information leakage, namely the information leakage degree and the conditional information leakage degree and then present a higher-order-logic formalization of information measures and the underlying required theories of measure, probability and information. For illustration purposes, we use the proposed framework to evaluate the security properties of the one-time pad encryption system as well as the properties of an anonymity-based single MIX. We show how this formal analysis allowed us to find a counter-example for a theorem that was reported in the
    [Show full text]
  • Preuves De Connaissances Interactives Et Non-Interactives Olivier Blazy
    Preuves de connaissances interactives et non-interactives Olivier Blazy To cite this version: Olivier Blazy. Preuves de connaissances interactives et non-interactives. Cryptographie et sécurité [cs.CR]. Université Paris-Diderot - Paris VII, 2012. Français. tel-00768787 HAL Id: tel-00768787 https://tel.archives-ouvertes.fr/tel-00768787 Submitted on 24 Dec 2012 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Ecole´ Normale Sup´erieure D´epartement d’Informatique Universit´eParis 7 Denis Diderot Preuves de connaissance interactives et non-interactives Th`ese pr´esent´eeet soutenue publiquement le 27 septembre 2012 par Olivier Blazy pour l’obtention du Doctorat de l’Universit´eParis Diderot (sp´ecialit´einformatique) Devant le jury compos´ede : Directeur de th`ese: David Pointcheval (CNRS, Ecole´ Normale Sup´erieure) Rapporteurs : Jean-S´ebastien Coron (Universit´edu Luxembourg) Marc Fischlin (Universit´ede Darmstadt) Fabien Laguillaumie (CNRS, LIP) Examinateurs : Michel Abdalla (CNRS, Ecole´ Normale Sup´erieure) Antoine Joux (DGA, Universit´ede Versailles) Eike Kiltz (Universit´ede la Ruhr, Bochum) Damien Vergnaud (CNRS, Ecole´ Normale Sup´erieure) Travaux effectu´es au Laboratoire d’Informatique de l’Ecole´ Normale Sup´erieure Remerciements Bien des gens ont contribu´ede pr`es ou de loin `al’accomplissement de ce m´emoire.
    [Show full text]
  • Automatic Detection of Weak Cipher Usage in Aircraft Communications
    Automatic detection of weak cipher usage in aircraft communications Francesco Intoci, Mattia Mariantoni, Theresa Stadler Department of Computer Science, EPFL, Switzerland - Supervised by Kasra Edalatnejadkhamene SPRING Lab, EPFL, Switzerland Abstract—The Aircraft Communications Addressing and Re- sufficiently tech-savvy user to intercept ACARS-transmitted porting System (ACARS) allows aircraft to communicate with en- messages. This development increases the risk of eavesdrop- tities on the ground via short messages. To provide confidentiality ping attacks as potential adversaries need less resources and for sensitive information communicated via the ACARS network, some operators started to deploy proprietary cryptography to specialist knowledge to intercept communications [2]. encrypt message contents. This is highly problematic, however, A recent measurement study on the privacy of sensitive as all of the observed approaches in practice offer next to no content submitted on the ACARS channel found a significant communication security but give a false sense of it. Authorities information leakage [2]. The study demonstrates that ACARS hence would like to filter out weak ciphers at the network level to alert operators of their risks. messages submitted in the clear undermine efforts to hide This project explored the use of deep convolutional neural sensitive location information and cause major privacy issues networks (CNN) for automatic detection of weakly encrypted to business, military, and government aircraft. message contents on the ACARS data link network. We con- Many of the described issues are a result of cleartext message structed a labelled dataset of plaintext and ciphertext messages contents being freely accessible to passive eavesdroppers. The and experimentally evaluated the performance of a deep CNN for message classification.
    [Show full text]
  • IT8761 Security Laboratory Manual
    IT8761 SECURITY LABORATORY REGULATION – 2017 DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING DEPARTMENT OF INFORMATION TECHNOLOGY LAB INCHARGE HOD PRINCIPAL LIST OF EXPERIMENTS Ex. Name of the Experiment No. 1. Perform encryption, decryption using the following substitution techniques i. Ceaser cipher ii. Playfair cipher iii. Hill Cipher iv. Vigenere cipher 2. Perform encryption and decryption using following transposition techniques i. Rail fence ii. Row & Column Transformation 3. Apply DES algorithm for practical applications. 4. Apply AES algorithm for practical applications. 5. Implement RSA Algorithm using HTML and JavaScript 6. Implement the Diffie-Hellman Key Exchange algorithm for a given problem. 7. Calculate the message digest of a text using the SHA-1 algorithm. 8. Implement the SIGNATURE SCHEME - Digital Signature Standard. 9. Demonstrate intrusion detection system (ids) using any tool eg. Snort or any other s/w. 10. Automated Attack and Penetration Tools Exploring N-Stalker, a Vulnerability Assessment Tool 11. Defeating Malware i. Building Trojans ii. Rootkit Hunter Software Download Links: Visual Studio Code: https://code.visualstudio.com/download Snort - https://www.snort.org/downloads N-Stalker - https://www.nstalker.com/products/editions/free/download/ GMER - http://www.gmer.net/ JAVA - https://www.java.com/en/download/ Ex. No : 1(a) Encryption and Decryption Using Ceaser Cipher Date : AIM: To encrypt and decrypt the given message by using Ceaser Cipher encryption algorithm. ALGORITHMS: 1. In Ceaser Cipher each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. 2. For example, with a left shift of 3, D would be replaced by A, E would become B, and so on.
    [Show full text]