Triple-DES with Two-Keys  hence must use 3 encryptions  would seem to need 3 distinct keys  but can use 2 keys with E-D-E sequence    C = EK1(DK2(EK1(P))) because encrypt & decrypt equivalent in security if K1=K2 then can work with single DES  standardized in ANSI X9.17 & ISO8732  no current known practical attacks
View full slide show




Double-DES?  could use 2 DES encrypts on each block  C = EK2(EK1(P)) issue of reduction to 1-DES; “is DES a group?”  Campbell, Wiener in 1992: NO!  “meet-in-the-middle” attack        works whenever use a cipher twice since X = EK1(P) = DK2(C) attack by encrypting P with all keys and store then decrypt C with keys and match X value Basic round of the attack takes 2 * 256 encryptions/decryptions; we may have to repeat it a few times. Show on board
View full slide show




Triple-DES with Three-Keys  although are no practical attacks on two- key, Triple-DES has some drawbacks  can use Triple-DES with Three-Keys to avoid even these  C = EK3(DK2(EK1(P)))  has been adopted by some Internet applications, eg PGP, S/MIME
View full slide show




Confidentiality, Authentication, Non-Repudiation Public Key Encryption Examples: RSA, ECC, Quantum Sender, Receiver have Complimentary Keys Plaintext = Decrypt(kPRIV, Encrypt(kPUB,Plaintext)) Joe Joe Encrypt Kpublic Decrypt Kpublic Encryption (e.g., RCS) Message, private key Authentication, Non-repudiation Digital Signature Decrypt Kprivate Encrypt Kprivate Key owner Key owner Plaintext = Decrypt(kPUB, Encrypt(kPRIV,Plaintext)) NIST Recommended: 2011: RSA 2048 bit
View full slide show




Different Keys for Encryption and Decryption • • • • • Encryption key, K1 Decryption key, K2 Ek1(M) = C Dk2(C) = M Dk2(Ek1(M)) = M Decryption Key Encryption Key Plaintext Ciphertext Encryption Decryption Original Plaintext
View full slide show




Summary • • • • Denial-of-service attacks • • • • The nature of denial-of-service attacks Classic denial-of-service attacks Source address spoofing SYN spoofing Flooding attacks • • • ICMP flood UDP flood TCP SYN flood Defenses against denialof-service attacks Responding to a denialof-service attack • • • Distributed denialof-service attacks Application-based bandwidth attacks • • SIP flood HTTP-based attacks Reflector and amplifier attacks • • • Reflection attacks Amplification attacks DNS amplification attacks
View full slide show




Encryption/Decryption Decryption Key Encryption Key Plaintext Ciphertext Encryption M Decryption C EK1(M) = C Original Plaintext M DK2(C) = M DK2(EK1(M)) = M
View full slide show




Parameters and x = triple(10); Arguments • Parameter: name a function gives an expression used to call a method First Call public int triple(int x) { return x*3; } Second Call x = triple(20); public int triple(int x) • Argument: – We might want to use the method more than once. – We might want to call a function using literals 60 { return x*3; } expression used to call a method • Why the difference? 30 int z = 20; x = triple(z); Third Call public int triple(int x) { return x*3; } Fourth Call x = triple(triple(10)); public int triple(int x) { return x*3; } 60 90
View full slide show