Cryptographic protocols are widely applied to many application to enjoy security, privacy, authenticity and other features. Such protocols and cryptographic techniques are often composed to try to realize complicated features like a LEGO. It seems a good way to achieve many new security and privacy goals. However, the security of combination of cryptographic techniques cannot be thought is LEGO. This keynote talk at IWSEC 2015 explains how we are tackling with this issues for long years and how this problem is essential for future applications like blockchain. This talk was provided on August 26, 2015.
How to hack cryptographic protocols with Formal MethodsOfer Rivlin, CISSP
Presented at OWASP AppSec-IL conference, 2018
Video at: https://youtu.be/3G5U8HhfJlI
https://appsecisrael2018.sched.com/event/Fvqr/how-to-hack-cryptographic-protocols-with-formal-methods
The design of even the smallest security protocols is prone to vulnerabilities. For example, the security protocols of federation & connected cars networks are extremely complex. I explore the use of formal methods for automating validation and hacking cryptographic protocols
Creating HAGRAT, A Remote Access Tool (RAT) and the related Command and Control (C2) infrastructure for Penetration Testing exercises that simlate persistent, targeted attacks.
Securing Text Messages Application Using MEDZatulNadia
Implementing hybrid security algorithm in securing data.
-Introduction
-Problem statement
-Objective
-Process model
-Public key cryptosystem
-Data model
-Proposed model
-Encryption and decryption process
-Proof of concept
* netbeans 8.1 *xampp *database
*java programming language
-Expected results
*performance for key generation, encryption and decryption
*graph
-References
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Linux IoT Botnet Wars and the lack of basic security hardeningMender.io
Eystein Stenberg, CTO of Mender.io , walks through the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. He covers specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.
Information and network security 11 cryptography and cryptanalysisVaibhav Khanna
The purpose of cryptography is to hide the contents of messages by encrypting them so as to make them unrecognizable except by someone who has been given a special decryption key. The purpose of cryptanalysis is then to defeat this by finding ways to decrypt messages without being given the key
UNIT II E-MAIL SECURITY & FIREWALLS
PGP – S/MIME – Internet Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of Firewalls – Firewall designs – SET for E-Commerce Transactions.
How to hack cryptographic protocols with Formal MethodsOfer Rivlin, CISSP
Presented at OWASP AppSec-IL conference, 2018
Video at: https://youtu.be/3G5U8HhfJlI
https://appsecisrael2018.sched.com/event/Fvqr/how-to-hack-cryptographic-protocols-with-formal-methods
The design of even the smallest security protocols is prone to vulnerabilities. For example, the security protocols of federation & connected cars networks are extremely complex. I explore the use of formal methods for automating validation and hacking cryptographic protocols
Creating HAGRAT, A Remote Access Tool (RAT) and the related Command and Control (C2) infrastructure for Penetration Testing exercises that simlate persistent, targeted attacks.
Securing Text Messages Application Using MEDZatulNadia
Implementing hybrid security algorithm in securing data.
-Introduction
-Problem statement
-Objective
-Process model
-Public key cryptosystem
-Data model
-Proposed model
-Encryption and decryption process
-Proof of concept
* netbeans 8.1 *xampp *database
*java programming language
-Expected results
*performance for key generation, encryption and decryption
*graph
-References
Slides for a college course at City College San Francisco. Based on "Hands-On Ethical Hacking and Network Defense, Third Edition" by Michael T. Simpson, Kent Backman, and James Corley -- ISBN: 9781285454610.
Instructor: Sam Bowne
Class website: https://samsclass.info/123/123_S17.shtml
Linux IoT Botnet Wars and the lack of basic security hardeningMender.io
Eystein Stenberg, CTO of Mender.io , walks through the various malware infecting Linux IoT devices including Mirai, Hajime, and BrickerBot and the vulnerabilities they leverage to enslave or brick connected devices. He covers specific vectors they used to exploit devices and cover some basics in security hardening that would have largely protected from many of the widespread malware.
Information and network security 11 cryptography and cryptanalysisVaibhav Khanna
The purpose of cryptography is to hide the contents of messages by encrypting them so as to make them unrecognizable except by someone who has been given a special decryption key. The purpose of cryptanalysis is then to defeat this by finding ways to decrypt messages without being given the key
UNIT II E-MAIL SECURITY & FIREWALLS
PGP – S/MIME – Internet Firewalls for Trusted System: Roles of Firewalls – Firewall related terminology- Types of Firewalls – Firewall designs – SET for E-Commerce Transactions.
Botnets became one of the most observed and dangerous threat in the malware landscape. For this reason, it is crucial to design
techniques able to detect bot-infected hosts at dierent levels (enterprise, ISP, etc.). In this presentation, a possible taxonomy showing how different approaches to botnet detection can be categorized, enlightening the different advantages and disadvantages of the design choices. In addition, possible future research directions are presented.
Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. In this talk we will discuss modern attacks, techniques, how to defend & respond to those threats.
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
Reverse Engineering Malware: A look inside Operation TovarLancope, Inc.
Join us as we step through the reverse engineering of CryptoLocker, identifying important functionality and weaknesses. We'll demonstrate how we were able to use this information to help protect our customers months ago, the weaknesses that the Department of Justice took advantage of, and how you can do the same for other types of malware down the line.
Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.
Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.
Topics covered include:
• Properly protecting stored cardholder data - encryption, hashing, masking and truncation
• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security
• How to identify and mitigate missing encryption
This presentation is created for Applied Data Communication lecture of Computer Systems Engineering master programme at Tallinn University of Technology
Introduction to Firewall
Firewall Traversals
Issues with the use of firewalls
Types of firewalls
SSL / TLS Tunnelling
SSL Proxy
Working of SSL Proxy
Benefits of SSL Proxy
SSL / TLS Proxy Servers
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
A department seminar I gave at the department of Software, Information Systems Engineering and Cyber, Ben-Gurion University.
Agenda:
- Ways for the Industry to consume an academic research
- Example:
- provable software & security
- Analysis tools demos
- Avispa & Tamarin Prover
- Advanced attacks/analysis/next steps
Botnets became one of the most observed and dangerous threat in the malware landscape. For this reason, it is crucial to design
techniques able to detect bot-infected hosts at dierent levels (enterprise, ISP, etc.). In this presentation, a possible taxonomy showing how different approaches to botnet detection can be categorized, enlightening the different advantages and disadvantages of the design choices. In addition, possible future research directions are presented.
Incident handlers manage security incidents by understanding common attack techniques, vectors and tools as well as defending against and/or responding to such attacks when they occur. In this talk we will discuss modern attacks, techniques, how to defend & respond to those threats.
Symmetric encryption and message confidentialityCAS
Symmetric Encryption Principles
Data Encryption Standard
Advanced Encryption Standard
Stream Ciphers and RC4
Cipher Block Modes of Operation
Key Distribution
Reverse Engineering Malware: A look inside Operation TovarLancope, Inc.
Join us as we step through the reverse engineering of CryptoLocker, identifying important functionality and weaknesses. We'll demonstrate how we were able to use this information to help protect our customers months ago, the weaknesses that the Department of Justice took advantage of, and how you can do the same for other types of malware down the line.
Sensitive data is vulnerable when it is stored insecurely and transmitted over open networks. The PCI Security Council takes a hard line on protecting cardholder data and describes specific methods to comply with its standards.
Attend this webinar to better understand methods that make data theft more difficult for attackers and render stolen data unusable.
Topics covered include:
• Properly protecting stored cardholder data - encryption, hashing, masking and truncation
• Securing data during transmission - using strong cipher suites, valid certificates, and strong TLS security
• How to identify and mitigate missing encryption
This presentation is created for Applied Data Communication lecture of Computer Systems Engineering master programme at Tallinn University of Technology
Introduction to Firewall
Firewall Traversals
Issues with the use of firewalls
Types of firewalls
SSL / TLS Tunnelling
SSL Proxy
Working of SSL Proxy
Benefits of SSL Proxy
SSL / TLS Proxy Servers
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
Pgp-Pretty Good Privacy is the open source freely available tool to encrypt your emails then you can very securely send mails to others over internet without fear of eavesdropping by cryptanalyst.
A department seminar I gave at the department of Software, Information Systems Engineering and Cyber, Ben-Gurion University.
Agenda:
- Ways for the Industry to consume an academic research
- Example:
- provable software & security
- Analysis tools demos
- Avispa & Tamarin Prover
- Advanced attacks/analysis/next steps
In many of today’s computer application needs, faster operation is essential to the efficient implementation
of information security algorithm. RC4 has been used as the data encryption algorithm for many
applications and protocols including the Wi-Fi, Skype, and Bit Torrent to name a few. Several efficient
approaches to the implementation of RC4 have been proposed and we review some of those. More recently
some parallel approaches to faster implementation of RC4 have been presented and we include those in our
survey of efficient approaches to RC4. This paper presents an analysis of available hardware/software
parallel implementations of RC4 symmetric key-based algorithm and some security approaches which
make it more secure.
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAijcisjournal
Modern cryptography targeted towards providing data confidentiality still pose some limitations. The security of public-key cryptography is based on unproven assumptions associated with the hardness /complicatedness of certain mathematical problems. However, public-key cryptography is not unconditionally secure: there is no proof that the problems on which it is based are intractable or even that their complexity is not polynomial. Therefore, public-key cryptography is not immune to unexpectedly strong computational power or better cryptanalysis techniques. The strength of modern cryptography is being weakened and with advances of big data, could gradually be suppressed. Moreover, most of the currently used public-key cryptographic schemes could be cracked in polynomial time with a quantum computer. This paper presents a renewed focus in fortifying the confidentiality of big data by proposing a quantum-cryptographic protocol. A framework was constructed for realizing the protocol, considering some characteristics of big data and conceptualized using defined propositions and theorems.
A QUANTUM CRYPTOGRAPHY PROTOCOL FOR ACCESS CONTROL IN BIG DATAijcisjournal
Modern cryptography targeted towards providing data confidentiality still pose some limitations. The security of public-key cryptography is based on unproven assumptions associated with the hardness complicatedness of certain mathematical problems. However, public-key cryptography is not unconditionally secure: there is no proof that the problems on which it is based are intractable or even that their complexity is not polynomial. Therefore, public-key cryptography is not immune to unexpectedly strong computational power or better cryptanalysis techniques. The strength of modern cryptography is being weakened and with advances of big data, could gradually be suppressed. Moreover, most of the currently used public-key cryptographic schemes could be cracked in polynomial time with a quantum computer. This paper presents a renewed focus in fortifying the confidentiality of big data by proposing a quantum-cryptographic protocol. A framework was constructed for realizing the protocol, considering some characteristics of big data and conceptualized using defined propositions and theorems.
IMPLEMENT A NOVEL SYMMETRIC BLOCK CIPHER ALGORITHMijcisjournal
Cryptography technology is a security technique used to change plain text to another shape of data or to symbols, which is known as the cipher text. Cryptography aims to keep the data secure during its journey through public networks. Currently, there are many proposed algorithms that provide this service especially for sensitive data or very important conversations either through mobile or video conferences. In this paper, an inventive security symmetric algorithm is implemented and evaluated, and its performance is compared to the AES. The algorithm has four different rounds for each quarter of the key container table, and each of them serves to shift the table. The algorithm uses the XOR operation, which, being lightweight and cheap, is very appropriate for use with Real Time Applications. The result shows that the suggested algorithm spends less time than AES although it has 16 rounds and the numbers used to mix up the table are big.
Cryptography technology is a security technique used to change plain text to another shape of data or to
symbols, which is known as the cipher text. Cryptography aims to keep the data secure during its journey
through public networks. Currently, there are many proposed algorithms that provide this service
especially for sensitive data or very important conversations either through mobile or video conferences. In
this paper, an inventive security symmetric algorithm is implemented and evaluated, and its performance is
compared to the AES. The algorithm has four different rounds for each quarter of the key container table,
and each of them serves to shift the table. The algorithm uses the XOR operation, which, being lightweight
and cheap, is very appropriate for use with Real Time Applications. The result shows that the suggested
algorithm spends less time than AES although it has 16 rounds and the numbers used to mix up the table
are big.
Domain: Information Security | Data Security
Topic: Comparative Analysis of Encryption Algorithms
Subtopic: Symmetric & Asymmetric Algorithms
Data security
attacks
Cryptography Encryption algorithms. ECC and Blowfish Blowfish AES
Comparison of Various Algo. on the basis of Diff. Parameters
Comparison of Algorithms on the Basis of Speed
Average Time of Encryption
References
Biography
Comparison of Algorithms on the Basis of Speed
Two Days National Level Workshop on Network Security on Februrary 27th and 28th 2015 organzied by Department of Computer Science, Rathinam College of Arts and Science, Eachanari, Coimbatore.
The sessions are handled by Mr. Neeraj Kumar, Associate Consultant Information and Network Security, UTL Technologies, Banagalore.
The program was organized in association with UTL Technologies, Bangalore.
Improving Cloud Security Using Multi Level Encryption and AuthenticationAM Publications,India
As people have become more social and electronically attached, the concern for information sharing over the internet still persist. As known many powerful cryptographical approaches have been proposed in the past which are practically impossible to break, yet there exists a major concern of total encryption and decryption time taken as a whole. It is a known fact that in encrypting a large chunk of data, traditional asymmetric key algorithm may be slower to symmetric key algorithm by 1000 times or more. Hence this paper proposes a hierarchical structure in which the parties are first authenticated, then exchange keys by asymmetric key algorithm, then do actual encryption and decryption by the symmetric key algorithm. This will be useful to improve the security in cloud applications.
Similar to Cryptographic Protocol is and isn't like LEGO. (20)
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
Instagram has become one of the most popular social media platforms, allowing people to share photos, videos, and stories with their followers. Sometimes, though, you might want to view someone's story without them knowing.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
4. At Wikipedia
A security protocol (cryptographic protocol or
encryption protocol) is an abstract or concrete
protocol that performs a security-related function
and applies cryptographic methods, often as
sequences of cryptographic primitives
.
A protocol describes how the algorithms should be
used. A suf
fi
ciently detailed protocol includes details
about data structures and representations, at which
point it can be used to implement multiple,
interoperable versions of a program.
4
5. Cryptographic Protocol is Important
• Many security technologies based on cryptography
are served as Cryptographic Protocol.
• We do not directly use cryptographic primitives
like AES and RSA.
• We have long and established study on
cryptographic primitives.
• How much do we know about on cryptographic
protocols?
5
15. Constructing something by LEGO
Combination of blocks to realize functions
designated in the instruction
15
16. Cryptographic Protocol is like LEGO
Matching between security functionality and building blocks
16
Security Functionality Building block
Authentication
Anonymity
Con
fi
dentiality Key Exchange Encryption
Challenge-Response
Shu
ffl
e
18. SSL/TLS looks like LEGO
18
Client Server
Symmetric Encryption
Key Exchange
Entity Authentication
Negotiation
Integrity Check
19. However, security isn t like LEGO
19
Man-in-the-Middle Attack
Alice Bob
Adversary
Think as
Bob s key
20. Security model of cryptographic primitive
Operational environment is simple.
20
Alice Bob
E( ) D( )
Encryption Key Decryption Key
Adversary
21. Environment of real protocol
• Communication channels are controlled by the
adversary.
• Not limited to eavesdropping
• Man-in-the-middle
• Some of protocol participants are controlled by
the adversary.
• Leakage of secret information
21
22. What can be done by an adversary?
• Control the communication channel
• Eavesdrop
• Stop
• Resend
• Forge message
• Attack on cryptography (with quite low probability)
• Obtain plaintext
• Forge signature
• Obtain session keys, …
22
23. Dolev-Yao Model
23
• Cryptography is treated as ideal operation.
• Only a party who has a decryption key
obtains plaintext.
• The other party obtains nothing.
• Same treatment for digital signature and
others
• An adversary can control communication
channel.
• Eavesdrop, stop, and send any message.
24. How di
ffi
cult is it to evaluate the security?
• Protocol execution produce huge number of states .
• Each action produce a new state of protocol
execution.
• An adversary can attack on followings. We should
care both.
• Miscon
fi
guration of protocol which produce
insecure state
• Attack on cryptographic primitives
24
25. History of Evaluation
25
Formal Veri
fi
cation Mathematical Proof
• Formal method
• Find the existence of
insecure state
• Automated veri
fi
cation
• Tool-aided
• Rigorous proof
• Estimate probability of
attack
• Same as cryptographic
Primitive
26. Formal Veri
fi
cation
• Cryptographic algorithm is idealized.
• Explore the existence of state against the
security property.
• Dolev-Yao Model.
• Omit the possibility of successful attack
on underlying cryptographic algorithm.
26
28. Mathematical Proof
• Estimate the probability which the
adversary breaks the security property.
• Show the probability is negligible.
• Like the security proof of cryptographic
algorithm.
28
29. Universal Composability (UC)
• De
fi
ne the ideal functionality, then prove
that the actual protocol is indistinguishable
against the ideal functionality.
29
F
Ideal Functionality Actual Protocol
Z
P2
P4
P3
P1
P2
P4
P3
P1
30. Combination of Formal Veri
fi
cation and UC
• Combine the merit of formal veri
fi
cation
and mathematical rigorous proof.
• Many researches from 2002
• Game-based evaluation
• Crypto-verif
30
32. Attack on standard protocols
We had many attacks on standard cryptographic protocols.
32
Wireless LAN
SSL/TLS
WEP (2004)
WPA-TKIP (2004)
WPA-PSK (2011)
TIME/CRIME/Lucky Thirteen
Heartbleed
POODLE …
33. An example in wireless LAN
• Attack on WPA-TKIP (Beck-Tews: 2008)
• Use ARP packet to
fi
gure the key stream
• Improvement of this attack by Ohigashi and
Morii (2009)
33
35. CRIME attack
• Use compression functionality in SSL/TLS
• Figure out the contents of Cookie by
comparison of data size after the
compression
• Independent from The security of
underlying cryptographic primitive
35
36. Heartbleed bug
36
• Bugs in OpenSSL related to Heatbeat
extension
• Insu
ffi
cient check of data size
• An adversary can obtain the contents
of data in the server
• This attack is independent from the
strength of underlying cryptographic
primitives, too.
38. Only in the speci
fi
cation?
• Most threats come from implementation
• or pitfall between the speci
fi
cation and
implementation.
38
39. Pitfall between speci
fi
cation and implementation
In the case of Heartbleed
• The description in RFC document does not
describe the details of implementation
• Treatment of data length (ex. the case of size = 0)
• No instruction is provided for developers
39
40. Solve the pitfall
• Write protocol speci
fi
cation without
ambiguity for implementation
• Clarify the operational condition and
implementation condition.
40
41. We need collections of knowledge
• There was no trust point where collects security
information on cryptographic protocols.
• Protocol designers and engineers need tips and
best practice.
• Which protocol is secure?
• What kind of design is good?
• Notes for implementation
41
42. CELLOS (2013 12 -):
International Consortium on Cryptographic Protocols
42
https://www.cellos-consortium.org
43. Overview of CELLOS
43
Universities
and Research
Institute
System
Vendors
(Developmen
t
Perspective
)
System
Vendors
(Usage
Perspective
)
For protocol design
For system design
International
Standardizati
on
Organizations
Fixing or
deprecation of
insecure protocols
For research and
education
Referencers
Wide-ranging and
reliable
security
information from
experts
Public
Information
Consolidation of reliable information
concerning security evaluation on a global
scale
Discussions align to actual ICT systems
Consolidation of analysis
theories, tools and results
through formal verification
Consolidation of analysis
theories and methods
other than formal
verification
Consolidation of detailed
information on the latest
attack methods
Possibilities and
impacts of attacks
on actual ICT
systems
Methods for
dealing with
attacks on actual
ICT systems
Universities
and Research
Institutions
Company
CELLOS
Latest analysis theories and methods and evaluation results
Realistic
countermeasures
Detailed checking of
information based on its
technical validity
44. The action example against POODLE
44
Date/Time
(JST)
Action
Oct. 14, 18:39
Find new in the Twitter and reported to the online
discussion system. Discussed on the impacts.
Oct. 15, 14:04 Started editing a prompt report
Oct. 15, 14:04 1st draft of the prompt report
Oct. 15, 21:48
2nd draft of the prompt report
Add important descriptions on attacking
condition and impacts
Oct. 15, 22:20 3rd draft, add product names
Oct. 15, 22:20 Edit both English and Japanese version
Oct. 15, 22:52 Publish the 1st prompt report
Oct. 15, 23:09 Add information on new version of OpenSSL
Oct. 16, 10:07 Correct editorial errors
45. Evaluation of New Protocols
45
• Evaluate a cryptographic protocol
proposed by member of CELLOS
• Conduct formal verification by a
evaluation group in the working group
• The report will be publicly available on
the Web site.
• Used for supportive document for
standardization and so on.
46. Requirements for the evaluation
• Open
• Evaluation criteria
• Evaluation method
• Public Veri
fi
able
• Uni
fi
ed evaluation framework
46
47. ISO/IEC 29128 (2011 Nov.)
• ISO/IEC standard on “Evaluation of Cryptographic
Protocols”
• Defines a workflow of protocol verification and protocol
assurance levels according to verification techniques.
• Workflow
• A protocol designer writes documents and submit to an
evaluator.
• Protocol specification, Adversarial model, Security
requirements and the Result.
• The evaluator checks the correctness of these
documents and re-execute the tool.
• Introducing Four Protocol Assurance Levels
47
48. Protocol assurance level in ISO/IEC 29128
48
Protocol
Assurance Level PAL1 PAL2 PAL3 PAL4
Protocol
Specification
PPS_SEMIFORMAL
Semiformal description of
protocol specification.
PPS_FORMAL
Formal description of
protocol specification.
PPS_ MECHANIZED
Formal description of protocol specification in a tool-
specific specification language, whose semantics is
mathematically defined.
Adversarial Model
PAM_INFORMAL Informal
description of adversarial
model.
PAM_ FORMAL
Formal description of
adversarial model.
PAM_ MECHANIZED
Formal description of adversarial model in a tool-
specific specification language, whose semantics is
mathematically defined.
Security Property
PSP_INFORMAL
Informal description of
security property
PSP_ FORMAL
Formal description of
security property.
PSP_ MECHANIZED
Formal description of security property in a tool-
specific specification language, whose semantics is
mathematically defined.
Self-assessment
Evidence
PEV_ARGUMENT
Informal argument that the
specification of the
cryptographic protocol in
its adversarial model
achieves and satisfies its
objectives and properties.
PEV_HANDPROVEN
Mathematically formal
paper- and-pencil proof
verified by human that the
specification of the
cryptographic protocol in
its adversarial model
achieves and satisfies its
objectives and properties.
PEV_BOUNDED
Tool-aided bounded
verification
that the
specification of the
cryptographic protocol in
its adversarial model
achieves and satisfies its
objectives and properties.
PEV_UNBOUNDED
Tool-aided unbounded
verification that the
specification of the
cryptographic protocol in
its adversarial model
achieves and satisfies its
objectives and properties.
Accurate
49. Toward future applications
• Cryptographic protocols are implemented
to realize future applications.
• Directly connected to the business
• ApplePay
• Bitcoin (Blockchain)
49
50. Blockchain
• Fundamental techniques to realize Public Ledger using P2P
network and chained digital signature
• Used in digital currencies like Bitcoin
50
User
P2P Network
Ledger
Each node update its distributed ledger
User
User
User
User
User
Ledger
Ledger
Ledger
Ledger
Ledger
Change
Ledge
r
Time: t
Ledge
r
Time: t+1
H(Lt)
H(Lt-1)
Digital Signature Digital Signature
51. Blockchain
• Fundamental techniques to realize Public Ledger using P2P
network and chained digital signature
• Used in digital currencies like Bitcoin
51
User
P2P Network
Ledger
Each node update its distributed ledger
User
User
User
User
User
Ledger
Ledger
Ledger
Ledger
Ledger
Change
Ledge
r
Time: t
Ledge
r
Time: t+1
H(Lt)
H(Lt-1)
Digital Signature Digital Signature
52. Application of blockchain
• Digital currency
• Smart Contract
• Registration and certi
fi
cation
• Publicly veri
fi
able storage
52
53. How much do we know on the security of Bitcoin?
53
Formalization
Formal Analysis
Coq Others
Security
Anti-double
spneding
[GKL15] [B15], [G14] Not found
Anti-Money
Laundering
Not found Not found Not found
Privacy
Unlinkability [AKRSC13] Not Found Not Found
Taint-
resistnat
[MO15] Not Found Not Found
54. Cryptographic Protocols are becoming the
foundation
• Blockchain is a foundation of public veri
fi
able trust
• Several applications will be developed over blockchain
• Several private company focus on the research of
cryptographic protocols including applications of
blockchain.
• Application, experiment and business are arising
quickly in LEGO and agile development manner.
• Cryptographic protocols directly connect to business.
54
55. We need more study.
• Insu
ffi
cient security evaluation for emerging
cryptographic protocols, unfortunately.
• Quick business development vs. security
• Needs for development methods to clear
the risks both for business operator and
users
55
56. Conclusion
• Abstract of cryptographic protocol
• Why cryptographic protocol is and isn t like LEGO
• How can we evaluate the security
• Future applications
• We need more study toward smart applications
based on cryptographic protocols.
56