Applied Cryptography CS 6260
Popular in Course
verified elite notetaker
Popular in ComputerScienence
This 0 page Class Notes was uploaded by Alayna Veum on Monday November 2, 2015. The Class Notes belongs to CS 6260 at Georgia Institute of Technology - Main Campus taught by Alexandra Boldyreva in Fall. Since its upload, it has received 8 views. For similar materials see /class/234025/cs-6260-georgia-institute-of-technology-main-campus in ComputerScienence at Georgia Institute of Technology - Main Campus.
Reviews for Applied Cryptography
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/02/15
Implementation pitfalls 0 We learned about various cryptographic primitives and the provable security approach saw many secure constructions 0 You are almost ready to employ this knowledge in practice 0 Let us review some common mistakes one needs to be aware of and avoid when implementing cryptographic protocols Always remember to 0 Use widely accepted and believed to be secure building blocks eg AES 0 Use provably secure under reasonable assumptions constructions eg CBC 0 Do not assume that the schemes provide security properties other than what is proven about them eg encryption does not provide authenticity o Realize that the use of a provably secure scheme does not guarantee that the entire system will be secure 0 Make sure that you implement exactly the scheme that was proven secure Not using the right primitives o ATMbased passive optical networks commonly use a block cipher called CHURN It s key size is 8 bits and it s block size is 4 bits Using the constructs without security proofs o The use of the ECB mode and the Plain RSA encryption is still very common Not considering the security bounds Consider the encryption algorithm of a scheme CTRSL Let Eo1kxo1 ao1 be a block cipher Rk01L One can prove that for every A making q queries there exists B st 39 d f q Adng LA S Advil B 7H1 Is CTRS secure V qg Not using the right tool Adv gg m A AdvfltBgt W o It is tempting to believe that encryption prOVIde some authenticity o WEP protocol for IEEE 80211 Wireless networks uses a scheme like CTRS With L244064 Ol39 80 0 The first versions of the SSH protocol IPsec specification and the WEP protocol did not use message authentication codes 0 Assume L24 and q4096 Then the last term becomes 12 and thus were subject to certain attacks and no security is guaranteed by the bound Not implementing exactly the provable secure schemes 0 A slightest tweak to a provablysecure scheme can make it insecure 0 Diebold voting machines encrypted the votes with CBC but used allzero string as an IV 0 Microsoft Word and Excel used CBCS but did not pick a new random R each time Random numbers 0 So one can implement K3 01k as follows 0 It is usually straightforward to implement the pseudocode function keygem 1 th K descriptions in C or Java agg39 quot31 m key0 randlt key1 rand k l gt key2 randlt key3 randlt 0 However how do you implement commands like Kb 01 return K return ke o The C offers a builtin random number generator that works roughly as this 0 But looking at how rand works we notice that 32bit number 31 procedure srendltseedgt function randltgt keym keym 39 1103515245H12345 mod 2 state 7 ed state ltltstate 1103515245 12345 keym WWW39110351524519345391103515245 mod 2147483648 12345 mod 231 return state 31 key3 key0 1103515245123451103515245 2 12345 1103515245 12345 mod 2 o This means that there are still only 232 possibilities for the key
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'