Security Articles from Wikipedia

More documents

Recommendations

Info

Advanced Encryption Standard 7 round-trip timings based on its local clock, and compensates for the increased noise by averaging over a larger number of samples." [24] In October 2005, Dag Arne Osvik, Adi Shamir and Eran Tromer presented a paper demonstrating several cache-timing attacks against AES. [26] One attack was able to obtain an entire AES key after only 800 operations triggering encryptions, in a total of 65 milliseconds. This attack requires the attacker to be able to run programs on the same system or platform that is performing AES. In December 2009 an attack on some hardware implementations was published that used differential fault analysis and allows recovery of key with complexity of . [27] In November 2010 Endre Bangerter, David Gullasch and Stephan Krenn published a paper which described a practical approach to a "near real time" recovery of secret keys from AES-128 without the need for either cipher text or plaintext. The approach also works on AES-128 implementations that use compression tables, such as OpenSSL. [28] Like some earlier attacks this one requires the ability to run arbitrary code on the system performing the AES encryption. [29] NIST/CSEC validation The Cryptographic Module Validation Program (CMVP) is operated jointly by the United States Government's National Institute of Standards and Technology (NIST) Computer Security Division and the Communications Security Establishment (CSE) of the Government of Canada. The use of validated cryptographic modules is not required by the United States Government for unclassified uses of cryptography. The Government of Canada also recommends the use of FIPS 140 validated cryptographic modules in unclassified applications of its departments. Although NIST publication 197 ("FIPS 197") is the unique document that covers the AES algorithm, vendors typically approach the CMVP under FIPS 140 and ask to have several algorithms (such as Triple DES or SHA1) validated at the same time. Therefore, it is rare to find cryptographic modules that are uniquely FIPS 197 validated and NIST itself does not generally take the time to list FIPS 197 validated modules separately on its public web site. Instead, FIPS 197 validation is typically just listed as an "FIPS approved: AES" notation (with a specific FIPS 197 certificate number) in the current list of FIPS 140 validated cryptographic modules. The Cryptographic Algorithm Validation Program (CAVP)[30] allows for independent validation of the correct implementation of the AES algorithm at a reasonable cost. Successful validation results in being listed on the NIST validations page. This testing is a pre-requisite for the FIPS 140-2 module validation described below. FIPS 140-2 validation is challenging to achieve both technically and fiscally. [31] There is a standardized battery of tests as well as an element of source code review that must be passed over a period of a few weeks. The cost to perform these tests through an approved laboratory can be significant (e.g., well over $30,000 US) [31] and does not include the time it takes to write, test, document and prepare a module for validation. After validation, modules must be re-submitted and re-evaluated if they are changed in any way. This can vary from simple paperwork updates if the security functionality did not change to a more substantial set of re-testing if the security functionality was impacted by the change.
Advanced Encryption Standard 8 Test vectors Test vectors are a set of known ciphers for a given input and key. NIST distributes the reference of AES test vectors as AES Known Answer Test (KAT) Vectors (in ZIP format) [32] . Performance High speed and low RAM requirements were criteria of the AES selection process. Thus AES performs well on a wide variety of hardware, from 8-bit smart cards to high-performance computers. On a Pentium Pro, AES encryption requires 18 clock cycles / byte, [33] equivalent to a throughput of about 11 MiB/s for a 200 MHz processor. On a Pentium M 1.7 GHz throughput is about 60 MiB/s. Notes [1] Key sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128, 192, and 256-bit key sizes are specified in the AES standard. [2] Block sizes of 128, 160, 192, 224, and 256 bits are supported by the Rijndael algorithm, but only the 128-bit block size is specified in the AES standard. [3] Westlund, Harold B. (2002). "NIST reports measurable success of Advanced Encryption Standard" (http:/ / www. findarticles. com/ p/ articles/ mi_m0IKZ/ is_3_107?pnum=2& opg=90984479). Journal of Research of the National Institute of Standards and Technology. . [4] John Schwartz (October 3, 2000). "U.S. Selects a New Encryption Technique" (http:/ / www. nytimes. com/ 2000/ 10/ 03/ business/ technology-us-selects-a-new-encryption-technique. html). New York Times. . [5] "'Rijndael' pronunciation" (http:/ / rijndael. info/ audio/ rijndael_pronunciation. wav). . [6] Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, Niels Ferguson, Tadayoshi Kohno, Mike Stay (May 2000). "The Twofish Team’s Final Comments on AES Selection" (http:/ / www. schneier. com/ paper-twofish-final. pdf). . [7] "Efficient software implementation of AES on 32-bit platforms". (http:/ / www. springerlink. com/ index/ UVX5NQGNN55VK199. pdf) Lecture Notes in Computer Science: 2523. 2003 [8] http:/ / code. google. com/ p/ byte-oriented-aes [9] Lynn Hathaway (June 2003). "National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information" (http:/ / csrc. nist. gov/ groups/ ST/ toolkit/ documents/ aes/ CNSS15FS. pdf) (PDF). . Retrieved 2011-02-15. [10] John Kelsey, Stefan Lucks, Bruce Schneier, Mike Stay, David Wagner, and Doug Whiting, Improved Cryptanalysis of Rijndael, Fast Software Encryption, 2000 pp213–230 (http:/ / www. schneier. com/ paper-rijndael. html) [11] Ou, George (April 30, 2006). "Is encryption really crackable?" (http:/ / www. webcitation. org/ 5rocpRxhN). Ziff-Davis. Archived from the original (http:/ / www. zdnet. com/ blog/ ou/ is-encryption-really-crackable/ 204) on August 7, 2010. . Retrieved August 7, 2010. [12] "Sean Murphy" (http:/ / www. isg. rhul. ac. uk/ ~sean/ ). University of London. . Retrieved 2008-11-02. [13] Bruce Schneier. "AES News, Crypto-Gram Newsletter, September 15, 2002" (http:/ / www. schneier. com/ crypto-gram-0209. html). . Retrieved 2007-07-27. [14] Niels Ferguson, Richard Schroeppel, Doug Whiting (2001). "A simple algebraic representation of Rijndael" (http:/ / www. macfergus. com/ pub/ rdalgeq. html) (PDF/PostScript). Proceedings of Selected Areas in Cryptography, 2001, Lecture Notes in Computer Science. Springer-Verlag. pp. 103–111. . Retrieved 2006-10-06. [15] Bruce Schneier, AES Announced (http:/ / www. schneier. com/ crypto-gram-0010. html), October 15, 2000 [16] Bruce Schneier (2009-07-01). "New Attack on AES" (http:/ / www. schneier. com/ blog/ archives/ 2009/ 07/ new_attack_on_a. html). Schneier on Security, A blog covering security and security technology. . Retrieved 2010-03-11. [17] Biryukov, Alex; Khovratovich, Dmitry (2009-12-04). "Related-key Cryptanalysis of the Full AES-192 and AES-256" (http:/ / eprint. iacr. org/ 2009/ 317). . Retrieved 2010-03-11. [18] Nikolić, Ivica (2009). "Distinguisher and Related-Key Attack on the Full AES-256". Advances in Cryptology - CRYPTO 2009. Springer Berlin / Heidelberg. pp. 231–249. doi:10.1007/978-3-642-03356-8_14. ISBN 978-3-642-03355-1. [19] Bruce Schneier (2009-07-30). "Another New AES Attack" (http:/ / www. schneier. com/ blog/ archives/ 2009/ 07/ another_new_aes. html). Schneier on Security, A blog covering security and security technology. . Retrieved 2010-03-11. [20] Alex Biryukov; Orr Dunkelman; Nathan Keller; Dmitry Khovratovich; Adi Shamir (2009-08-19). "Key Recovery Attacks of Practical Complexity on AES Variants With Up To 10 Rounds" (http:/ / eprint. iacr. org/ 2009/ 374). . Retrieved 2010-03-11. [21] Henri Gilbert; Thomas Peyrin (2009-11-09). "Super-Sbox Cryptanalysis: Improved Attacks for AES-like permutations" (http:/ / eprint. iacr. org/ 2009/ 531). . Retrieved 2010-03-11. [22] Vincent Rijmen (2010). "Practical-Titled Attack on AES-128 Using Chosen-Text Relations" (http:/ / eprint. iacr. org/ 2010/ 337. pdf). . [23] Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger (2011). "Biclique Cryptanalysis of the Full AES" (http:/ / research. microsoft. com/ en-us/ projects/ cryptanalysis/ aesbc. pdf). .
Page 1 and 2: Security Articles from Wikipedia PD
Page 3 and 4: Article Licenses License 180
Page 5 and 6: Advanced Encryption Standard 2 is a
Page 7 and 8: Advanced Encryption Standard 4 The
Page 9: Advanced Encryption Standard 6 Know
Page 13 and 14: Block cipher 10 Block cipher In cry
Page 15 and 16: Block cipher 12 Block ciphers and o
Page 17 and 18: Block cipher modes of operation 14
Page 27 and 28: Certificate authority 24 Certificat
Page 29 and 30: Certificate authority 26 Security T
Page 31 and 32: CMAC 28 The CMAC tag generation pro
Page 33 and 34: Cryptographic hash function 30 resi
Page 35 and 36: Cryptographic hash function 32 func
Page 37 and 38: Cryptographic hash function 34 Algo
Page 39 and 40: DiffieHellman key exchange 36 The s
Page 41 and 42: DiffieHellman key exchange 38 3. Bo
Page 43 and 44: DiffieHellman key exchange 40 Upon
Page 45 and 46: DiffieHellman key exchange 42 • C
Page 47 and 48: Digital signature 44 every paramete
Page 49 and 50: Digital signature 46 implemented. I
Page 51 and 52: Digital signature 48 authority). Fo
Page 53 and 54: Digital Signature Algorithm 50 Digi
Page 55 and 56: Digital Signature Algorithm 52 Sens
Page 57 and 58: HMAC 54 Implementation The followin
Page 59 and 60: HMAC 56 External links • FIPS PUB
Page 61 and 62:
HTTP Secure 58 Browser integration
Page 63 and 64:
HTTP Secure 60 From an architectura
Page 65 and 66:
IPsec 62 IPsec Internet Protocol Se
Page 67 and 68:
IPsec 64 operates directly on top o
Page 69 and 70:
IPsec 66 Cryptographic algorithms C
Page 71 and 72:
IPsec 68 External links • All IET
Page 73 and 74:
Kerberos (protocol) 70 Kerberos (pr
Page 75 and 76:
Kerberos (protocol) 72 Client Authe
Page 77 and 78:
Kerberos (protocol) 74 External lin
Page 79 and 80:
Message authentication code 76 Mess
Page 81 and 82:
Message authentication code 78 Exte
Page 83 and 84:
NeedhamSchroeder protocol 80 S resp
Page 85 and 86:
Pretty Good Privacy 82 Pretty Good
Page 87 and 88:
Pretty Good Privacy 84 Security qua
Page 89 and 90:
Pretty Good Privacy 86 PGP 3 and fo
Page 91 and 92:
Pretty Good Privacy 88 based on sec
Page 93 and 94:
Public key certificate 90 Public ke
Page 95 and 96:
Public key certificate 92 (b) ensur
Page 97 and 98:
Public key certificate 94 Usefulnes
Page 99 and 100:
Public key infrastructure 96 As tim
Page 101 and 102:
Public key infrastructure 98 Extern
Page 103 and 104:
Public-key cryptography 100 In cont
Page 105 and 106:
Public-key cryptography 102 To achi
Page 107 and 108:
Public-key cryptography 104 using t
Page 109 and 110:
Public-key cryptography 106 Spreadi
Page 111 and 112:
Public-key cryptography 108 Externa
Page 113 and 114:
RSA (algorithm) 110 The RSA algorit
Page 115 and 116:
RSA (algorithm) 112 A working examp
Page 117 and 118:
RSA (algorithm) 114 Signing message
Page 119 and 120:
RSA (algorithm) 116 Side-channel an
Page 121 and 122:
RSA (algorithm) 118 • The PKCS #1
Page 123 and 124:
S/MIME 120 administrative overhead
Page 125 and 126:
Secure Electronic Transaction 122 T
Page 127 and 128:
Secure Shell 124 Usage SSH is typic
Page 129 and 130:
Secure Shell 126 • RFC 4462, Gene
Page 131 and 132:
Secure Shell 128 ability to multipl
Page 133 and 134:
Security service (telecommunication
Page 135 and 136:
Security service (telecommunication
Page 137 and 138:
SHA-1 134 SHA-1 SHA-1 General Desig
Page 139 and 140:
SHA-1 136 Applications SHA-1 forms
Page 141 and 142:
SHA-1 138 At the Rump Session of CR
Page 143 and 144:
SHA-1 140 a = temp Add this chunk's
Page 145 and 146:
SHA-1 142 • Xiaoyun Wang, Yiqun L
Page 147 and 148:
Stream cipher 144 Types of stream c
Page 149 and 150:
Stream cipher 146 Filter generator
Page 151 and 152:
Stream cipher 148 SNOW Pre-2003 Ver
Page 153 and 154:
Symmetric-key algorithm 150 Key gen
Page 155 and 156:
Transport Layer Security 152 TLS 1.
Page 157 and 158:
Transport Layer Security 154 • SS
Page 159 and 160:
Transport Layer Security 156 • Fi
Page 161 and 162:
Transport Layer Security 158 Length
Page 163 and 164:
Transport Layer Security 160 layer
Page 165 and 166:
Transport Layer Security 162 Suppor
Page 167 and 168:
Transport Layer Security 164 • RF
Page 169 and 170:
Transport Layer Security 166 Extern
Page 171 and 172:
X.509 168 Extensions informing a sp
Page 173 and 174:
X.509 170 00:d3:a4:50:6e:c8:ff:56:6
Page 175 and 176:
X.509 172 Exploits • MD2-based ce
Page 177 and 178:
X.509 174 External links • ITU-T
Page 179 and 180:
Article Sources and Contributors 17
Page 181 and 182:
Article Sources and Contributors 17
Page 183:
License 180 License Creative Common
show all

Security Articles from Wikipedia

Create successful ePaper yourself

Delete template?

Save as template?