x - Faculty of Computer Science - Technische Universität Dresden
• One Time Password One time password – only used to authenticate a single transation • Advantage – abuse of OTP becomes harder for the attacker • Implementations – list of OTPs • known from online banking: TAN, iTAN – on the fly generated and transmitted over a second channel • mTAN – time-synchronized (hardware) tokens: • token knows a secret s • OTP= f(s,time) – hash chain based 103
• OTP Implementations – hash chain based One time password • Leslie Lamport: “Password Authentication with Insecure Communication” • users generates hash chain: – h n (…h 3 (h 2 (h 1 (password)))) • users sends h n () as his “password” during register procedure • next login user sends h n-1 () • server verifies: h(h n-1 ()) = h n () • server now stores: h n-1 () 104
Security in Computer Networks Multi
Areas of Teaching and Research •
5/48 Examples of changes w.r.t. ano
The massmedia „newspaper“ will
Multimedia Forensics
Multimedia Forensics
Areas of Teaching and Research •
15 General Aims of Education in IT-
General Aims of Education in IT-sec
General Aims of Education in IT-sec
…but no this way! First stupid an
Aims of Education: Offers by other
3 Cryptographic basics Table of Con
History of Communication Networks (
Important Terms computers interconn
threats: Threats and corresponding
confidentiality integrity availabil
commands universal universal Trojan
Which protection measures against w
money time Considered maximal stren
Strength of the attacker (model) At
Electromagentic radiation >dir AUTT
Why should I protect myself... ? ..
Previously on Security and Cryptogr
154 Keys have to be very long for i
Definition for information-theoreti
Another definition for information-
Symmetric authentication systems (2
About cryptographically strong syst
clear: in NP � but difficulty can
Search of prime numbers (1) 1. Are
Z n : ring of residue classes mod n
Calculating with and without p,q (3
Compose ? Calculating with and with
Calculating with and without p,q (7
Calculating with and without p,q (9
Calculating with and without p,q (1
Calculating with and without p,q (1
Calculating with and without p,q (1
184 The s 2 -mod-n-Pseudo-random Bi
s 2 -mod-n-generator as symmetric e
s 2 -mod-n-generator as asymmetric
Security of the s 2 -mod-n-generato
Security of PBGs more precisely (1)
Security of PBGs more precisely (3)
constructive proof often Scheme of
Alg.2: has to demand uniformity Why
GMR - signature system (2) Construc
To factor is difficult (1) Theorem:
Solution of problem 1 (1) Tree of r
Note In the proof you dispose the
Key generation 1) Choose two prime
Proof (2) Holds, of course, for m
secret area plaintext x random numb
secret area text with signature and
( x s ) Attack on digital signature
Active Attack of Davida against RSA
secret area plaintext x random numb
Faster calculation of the secret op
64-bit block plaintext L 0 IP round
L i-1 L i = R i-1 Decryption Why do
Generation of a key for each of the
L i-1 One round complement compleme
Generalization of DES 1.) 56 � 16
e.g. 64 bits with DES ECB Main prob
Cipher Block Chaining (CBC) All lin
� plaintext block n memory for ci
Block length a Length of the output
shift register 1 b CFB for authenti
Plain Cipher Block Chaining (PCBC)
Utilization of indeterministic bloc
Diffie-Hellman key agreement (1) pr
andom number 1 Domain of trust secr
Find a generator in cyclic group Z
x, s(x), “pass” or “fail” r
Signature system for blindly provid
Reconstruction of the secret: Thres
adio television videophone phone in
adio television videophone phone in
Since about 1990 reality Video-8 ta
Problems with exchanges Unsolved pr
Questions: Attacker (-model) • Ho
Questions: Attacker (-model) • Ho
Change language