New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Computer Security

by: Libby Kuhlman

Computer Security CSE 543

Libby Kuhlman
Penn State
GPA 3.53


Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Class Notes
25 ?




Popular in Course

Popular in Computer Science and Engineering

This 0 page Class Notes was uploaded by Libby Kuhlman on Sunday November 1, 2015. The Class Notes belongs to CSE 543 at Pennsylvania State University taught by Staff in Fall. Since its upload, it has received 22 views. For similar materials see /class/233115/cse-543-pennsylvania-state-university in Computer Science and Engineering at Pennsylvania State University.

Similar to CSE 543 at Penn State

Popular in Computer Science and Engineering


Reviews for Computer Security


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 11/01/15
CSE 543 Computer Security Lecture 4 Cryptography September 6 2007 URL httpwwwcsepsuedutiaeqercse543f07 Hash Algorithms Hash algorithm Compression of data into a hash value Eg hd parityd Such algorithms are generally useful in programs as used in cryptosystems Oneway computationally hard to invert h ie compute h1y where yhd Collision resistant hard to find two data x1 and x2 such that hX1 hX2 Q What can you do with these constructs m P y p7 1 r CSE543 Computer and Network Security Fall 2007 Professor Jaeger S Hash Functions mg Design a strong cryptographic hash function No formal basis Concern is backdoors MD2 Substitution based on pi MD4 MD5 Similar but complex functions in multiple passes SHA I 160bit hash Complicated function PENNSTATE Message Authentication Code MAC Authenticates integrity for data d Uses some key k and hash algorithm h To simplify mackd h kd Why does this provide integrity Cannot produce mackd unless you know k d If you could then can break h Exercise for class prove the previous statement Used in protocols to authenticate content H M A C PENNTE MAC that meets the following properties Collisionresistant Attacker cannot computer proper digest without knowing K Even if attacker can see an arbitrary number of digests Hkx Simple MAC has a flaw Block hash algorithms mean that new content can be added Turn HKm to HKmm where m is controlled by an attacker HMACK d HK HK d Attacker cannot extend MAC as above Prove it to yourself Birthday Attack quotw Abirthday attack is a name used to refer to a class of bruteforce attacks birthday paradox the probability that two or more people in a group of 23 share the same birthday is gtthan 50 General formulation function f whose output is uniformly distributed On repeated random inputs n n1 n2 nk Prni nj 12km for some 1 lt ij lt k1 ltj lt k i j Eg1236512 23 Q Why is resilience to birthday attacks important PENNSTATE Using hash values as authenticators 0 Consider the following scenario 0 Alice is a teacher who has not decided if she will cancel the next lecture 0 When she does decide she communicates to Bob the student through Mallory her evil TA She does not care if Bob shows up to a cancelled class Alice does not trust Mallory to deliverthe message 0 She and Bob use the following protocol Alice invents a secrett Alice gives Bob ht where h is a cwpto hash function If she cancels class she gives t to Mallory to give to Bob If does not cancel class she does nothing If Bob receives the token t he knows that Alice sent it I l DNA Hash Authenticators 0 Why is this protocol secure t acts as an authenticated value authenticator because Mallory could not have produced twithout inverting h Note Mallory can convince Bob that class is occurring when it is not by simply not delivering ht but we assume Bob is smart enough to come to that conclusion when the room is empty 0 What is important here is that hash preimages are good as single bit authenticators 0 Note that it is important that Bob got the original value ht from Alice directly was provany authentic I l Hash chain PENNSTATE 0 Now consider the case where Alice wants to do the same protocol only for all 26 classes the semester 0 Alice and Bob use the following protocol 1Aice invents a secrett 2Alice gives Bob H26t where H260 is 26 repeated applications of H 3 If she cancels class on day d she gives H2639Dt to Mallory eg If cancels on day 1 she gives Mallory H25t If cancels on day 2 she gives Mallory H24t If cancels on day 25 she gives Mallory H1t If cancels on day 26 she gives Malloryt 4f does not cancel class she does nothing If Bob receives the token t he knows that Alice sent it I l Hash Chain cont 0 Why is this protocol secure 0 On day d H2639dt acts as an authenticated value authenticator because Mallory could not produce t without inverting H because for any Hkt she has kgt26 d 0 That is Mallory potentially has access to the hash values for all days prior to today but that provides no information on today s value because they are all postimages of today s value Note Mallory can again convince Bob that class is occurring by not delivering H2639dt 0 Important chain of hash values are ordered authenticators 0 Important that Bob got the original value H25t from Alice directly was provany authentic I l Basic truths of cryptography PENNSTATE Cryptography is not frequently the source of security problems Algorithms are well known and widely studied Use of crypto commonly is eg WEP Vetted through crypto community Avoid any proprietary encryption Claims of new technology or perfect security are almost assuredly snake oil W y Cryptosystems Fail In practice what are the causes of cryptosystem failures Not crypto algorithms typically FAILURE WHEN YOUR BEST JUST ISN39T GOOD ENOUGH CSE543 Computer and Network Security Fall 2007 Professor Jaeger Case Study PENN ATM Systems Some public data High value information Of commercial enterprises banks have most interest in security How do they work Card with account number User provides PIN ATM Verifies that PIN corresponds to encryption of account number with PIN key offset can be used Foundation of security PIN key can obtain PIN if known and forge cards I l Simple Fraud PENN Insiders Make an extra card special ops allow debit of any acct Outsiders Shoulder surfing fake ATMs replay pay response PINs Weak entropy of PIN keys limit user PIN choices same PIN for everyone Userchosen PINs Bad Store encrypted in a file find match Encrypted on card Italy Fake ATMs Offline ATMs make several copies of card I l More Complex Issues PENNSTATE PIN key derivation Set terminal key from two shares Download PIN key encrypted under terminal key Other banks PIN keys Encrypt working keys under a zone key Reencrypt under ATM bank s working key Must keep all these keys secret 3 ix 57 Products Have Problems mg Despite well understood crypto foundations products don t always work securely Lose secrets due to encryption in software lncompatibilities borrow my terminal Poor product design Back doors enabled nonstandard crypto lack of entropy etc Sloppy operations Ignore attack attempts share keys procedures are not defined or followed Cryptanalysis sometimes Homegrown algorithmsl improper parameters cracking DES S Problems mg Systems may work in general but Are difficult to use in practice Counterintuitive Rewards aren t clear Correct usage is not clear Too many secrets ultimately Fundamentally two problems Too complex to use No way to determine if use if correct What Can We Do Anderson suggests Determine exactly what can go wrong Find all possible failure modes Put in safeguards Describe how preventions protect system Correct implementation of safeguards Implementation of preventions meets requirements Decisions left to people are small in number and clearly understood People know what to do Problems of security in general 57 Important prInCIples mg Don t design your own crypto algorithm Use standards whenever possible Make sure you understand parameter choices Make sure you understand algorithm interactions Eg the order of encryption and authentication Turns out that authenticate then encrypt is risky Be open with your design Solicit feedback Use open algorithms and protocols Open code jury is still out Building systems with cryptography PENNSTATE Use quality libraries SSLeay Iim from Lenstra Victor Shoup s library RSAREF cryptolib Find out what cryptographers think of a package before using it Code review like crazy Educate yourself on how to use library Caveats by original designer and programmer Common issues that lead to pitfalls PENNSTATE Generating randomness Storage of secret keys Virtual memory pages secrets onto disk Protocol interactions Poor user interface Poor choice of key length prime length using parameters from one algorithm in another PENNSTATL F3 A really good book on the topic The Code Book Simon Singh Anchor Books 1999


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Amaris Trozzo George Washington University

"I made $350 in just two days after posting my first study guide."

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.