Professional Documents
Culture Documents
Nirmalya Kar
Introduction
Course Overview
Dan Boneh
cryptography
today?
Yesterday?
over the last week?
Dan Boneh
Nirmalya
Kar
9/9/16
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
9/9/16
Dan Boneh
Nirmalya
Kar
Welcome
Course objectives:
Learn how crypto primitives work
Learn how to use them correctly and reason about security
My recommendations:
Take notes
Answer the in-class questions
Dan Boneh
Nirmalya
Kar
9/9/16
Cryptography is everywhere
Secure communication:
web traffic: HTTPS
wireless traffic: 802.11i WPA2 (and WEP), GSM, Bluetooth
Secure communication
no eavesdropping
no tampering
Dan Boneh
Nirmalya
Kar
9/9/16
Alice
File 2
Alice
No eavesdropping
No tampering
Bob
E(k,m)=c
D(k,c)=m
9/9/16
Use Cases
Single use key: (one time key)
Key is only used to encrypt one message
encrypted email: new key generated for every email
Multi use key: (many time key)
Key used to encrypt multiple messages
encrypted files: same key used to encrypt many files
Need more machinery than for one-time key
Dan Boneh
Nirmalya
Kar
Things to remember
Cryptography is:
A tremendous tool
The basis for many security mechanisms
Cryptography is not:
The solution to all security problems
Reliable unless implemented and used properly
Something you should try to invent yourself
many many examples of broken ad-hoc designs
Dan Boneh
Nirmalya
Kar
9/9/16
Books to Read
End of Segment
Dan Boneh
9/9/16
Nirmalya Kar
What is cryptography?
Dan Boneh
9/9/16
CIA
Confidentiality Integrity Availability
Confidentiality: prevent unauthorized reading of
information
Integrity: prevent unauthorized writing of information
Availability: data is available in a timely manner when
needed
Availability is a new security concern
Due to denial of service (DoS) threats
Dan Boneh
Nirmalya
Kar
9/9/16
Crypto
Cryptology The art and science of making and breaking
secret codes
Cryptography making secret codes
Cryptanalysis breaking secret codes
Crypto all of the above (and more)
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
10
9/9/16
key
plaintext
Pi
encrypt
Ci
decrypt
Pi
plaintext
ciphertext
key
plaintext
Pi
encrypt
key
Trudy
Ci
decrypt
Bob
Pi
plaintext
ciphertext
Dan Boneh
Nirmalya
Kar
11
9/9/16
Cryptanalysis
This course focused on cryptanalysis
Trudy wants to recover key or plaintext
Trudy is not bound by any rules
For example, Trudy might attack the implementation, not
the algorithm itself
She might use side channel info, etc.
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
12
9/9/16
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
13
9/9/16
Crypto core
Talking
to Alice
Talking
to Bob
Alice
Bob
attacker???
m1
Secure communication:
m2
confidentiality and integrity
Dan Boneh
Nirmalya
Kar
Anonymous communication
Alice
signature
Who did I
just talk to?
Alice
Bob
Dan Boneh
Nirmalya
Kar
14
9/9/16
Anonymous communication
Anonymous digital cash
Can I spend a digital coin without anyone knowing who I am?
How to prevent double spending?
1$
Alice
Internet
Who was
that?
(anon. comm.)
Dan Boneh
Nirmalya
Kar
Crypto magic
Privately outsourcing computation
search
query
E[ query ]
Alice
E[ results ]
results
Alice
???
Bob
N
Dan Boneh
Nirmalya
Kar
15
9/9/16
A rigorous science
The three steps in cryptography:
Precisely specify threat model
Propose a construction
Prove that breaking construction under
threat mode will solve an underlying hard problem
Dan Boneh
Nirmalya
Kar
End of Segment
Dan Boneh
16
9/9/16
Nirmalya
Kar
Dan Boneh
Introduction
Dan Boneh
Definitions
Computer Security - generic name for the collection of tools
designed to protect data and to thwart hackers
Network Security - measures to protect data during their
transmission
Internet Security - measures to protect data during their
transmission over a collection of interconnected networks
34
Dan Boneh
Nirmalya
Kar
17
9/9/16
Security Services
Such as authentication, identification, encryption, signature, secret
sharing and so on.
Security mechanism
The ways to provide such services
Detect, prevent and recover from a security attack
35
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
18
9/9/16
37
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
19
9/9/16
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
20
9/9/16
Access Control
Data Confidentiality
Connection Confidentiality
Connectionless Confidentiality
Selective-Field Confidentiality
Traffic Flow Confidentiality
Dan Boneh
Nirmalya
Kar
contd
Data Integrity
Dan Boneh
Nirmalya
Kar
21
9/9/16
Dan Boneh
Nirmalya
Kar
Ciphertext-Only Attack
Dan Boneh
Nirmalya
Kar
22
9/9/16
Known-Plaintext Attack
Dan Boneh
Nirmalya
Kar
Chosen-Plaintext Attack
Dan Boneh
Nirmalya
Kar
23
9/9/16
Chosen-Ciphertext Attack
Dan Boneh
Nirmalya
Kar
End of Segment
Dan Boneh
24
9/9/16
Nirmalya
Kar
Dan Boneh
History
Classical
Encryption
Techniques
Dan Boneh
Symmetric Ciphers
Dan Boneh
Nirmalya
Kar
25
9/9/16
k :=
Dan Boneh
Nirmalya
Kar
Mono-alphabetic Cipher
rather than just shifting the alphabet could shuffle (jumble)
the letters arbitrarily
each plaintext letter maps to a different random ciphertext
letter
Plaintext
Ciphertext
: abcdefghijklmnopqrstuvwxyz
: DKVQFIBJWPESCXHTMYAUOLRGZN
Plaintext
Ciphertext
: ifwewishtoreplaceletters
: WIRFRWAJUHYFTSDVFSFUUFYA
Dan Boneh
Nirmalya
Kar
26
9/9/16
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
27
9/9/16
Dan Boneh
Nirmalya
Kar
28
9/9/16
Dan Boneh
Nirmalya
Kar
2. Playfair cipher
q
q
q
q
Dan Boneh
Nirmalya
Kar
29
9/9/16
contd
3. if both letters fall in the same column, replace each with the
letter below it (again wrapping to top from bottom),
eg. mu" encrypts to "CM"
4. otherwise each letter is replaced by the one in its row in the
column of the other letter of the pair,
eg. hs" encrypts to "BP", and ea" to "IM" or "JM" (as desired)
Dan Boneh
Nirmalya
Kar
30
9/9/16
(+ mod 26)
c = Z Z Z J U C L U D T U N W G C Q S
Example
62
Dan Boneh
Nirmalya
Kar
31
9/9/16
: deceptivedeceptivedeceptive
: wearediscoveredsaveyourself
: ZICVTWQNGRZGVTWAVZHCQYGLMGJ
Dan Boneh
Nirmalya
Kar
MODULAR ARITHMETIC
The division relationship (a = q n + r) has two inputs (a and n)
and two outputs (q and r).
But
In modular arithmetic, we are interested in only one of the
outputs, the remainder r.
Dan Boneh
Nirmalya
Kar
32
9/9/16
Modulo Operator
The modulo operator is shown as mod. The second input (n) is called
the modulus. The output r is called the residue.
Figure : Division algorithm and modulo operator
Dan Boneh
Nirmalya
Kar
Set of Residues
The modulo operation creates a set, which in modular arithmetic is
referred to as the set of least residues modulo n, or Zn.
Dan Boneh
Nirmalya
Kar
33
9/9/16
67
Dan Boneh
Nirmalya
Kar
Properties of congruence
Property 1 Congruence is reflexive, i.e., a a (mod m) for every integer a and
natural number m.
Property 2 Congruence is symmetric, i.e., if a
b (mod m), then
b
a (mod m).
Property 3 Congruence is transitive, i.e., if
a b (mod m) and b
c (mod m), then a c (mod m).
Dan Boneh
Nirmalya
Kar
34
9/9/16
. Contd
Property 4 Congruences may be added : if
a b (mod m) and c d (mod m), then a + b c + d (mod m).
Property 5 Congruences may be multiplied : if
a b (mod m) and c d (mod m), then ab
cd (mod m).
c (mod m).
Dan Boneh
Nirmalya
Kar
Inverses
In modular arithmetic, we often need to find the inverse of a
number relative to an operation.
We are normally looking for an
additive inverse (relative to an addition operation)
or
a multiplicative inverse (relative to a multiplication operation).
Dan Boneh
Nirmalya
Kar
35
9/9/16
Additive Inverse
In Zn, two numbers a and b are additive inverses of each other if
Note
Multiplicative Inverse
36
9/9/16
Hill Cipher
takes m successive plaintext letters and substitutes for them m
ciphertext letters
Note
example
Consider the plaintext "pay more money" and use the encryption key
The first three letters of the plaintext are represented by the vector
Dan Boneh
Nirmalya
Kar
37
9/9/16
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
38
9/9/16
Now she has the key and can break any ciphertext encrypted with
that key.
Dan Boneh
Nirmalya
Kar
key
K
S
T
.
.
R
N
E
E
K
S
T
.
.
R
N
N
E
K
S
T
.
.
R
Dan Boneh
Nirmalya
Kar
39
9/9/16
Transposition Ciphers
A transposition cipher does not substitute one symbol for another,
instead it changes the location of the symbols.
Classification
Dan Boneh
Nirmalya
Kar
40
9/9/16
Dan Boneh
Nirmalya
Kar
41
9/9/16
Example
Dan Boneh
Nirmalya
Kar
Keys
In Example, a single key was used in two directions for the column
exchange: downward for encryption, upward for decryption. It is
customary to create two keys.
Dan Boneh
Nirmalya
Kar
42
9/9/16
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
43
9/9/16
Task :
For the given cipher text & key find the find the plain text if
double transposition of columns was employed by the sender
Cipher text
Key
: GOOYTPGRYAHPCROISD
: 241536 for both rounds.
87
Dan Boneh
Nirmalya
Kar
44
9/9/16
Stream Ciphers
Dan Boneh
Nirmalya
Kar
Block Ciphers
In a block cipher, a group of plaintext symbols of size m (m > 1)
are encrypted together creating a group of ciphertext of the
same size. A single key is used to encrypt the whole block even if
the key is made of multiple values.
Dan Boneh
Nirmalya
Kar
45
9/9/16
End of Segment
Dan Boneh
Nirmalya
Kar
Dan Boneh
Dan Boneh
46
9/9/16
Dan Boneh
Nirmalya
Kar
Problem
How many padding bits must be added to a message of 100
characters if 8-bit ASCII is used for encoding and the block
cipher accepts blocks of 64 bits?
Solution :
Dan Boneh
Nirmalya
Kar
47
9/9/16
Substitution or Transposition
Note
To be resistant to exhaustive-search attack,
a modern block cipher needs to be designed as a
substitution cipher.
Dan Boneh
Nirmalya
Kar
Problem
Suppose that we have a block cipher where n = 64. If there are 10
1s in the ciphertext, how many trial-and-error tests does Eve
need to do to recover the plaintext from the intercepted
ciphertext in each of the following cases?
a. The cipher is designed as a substitution cipher.
b. The cipher is designed as a transposition cipher.
Dan Boneh
Nirmalya
Kar
48
9/9/16
Dan Boneh
Nirmalya
Kar
Contd
Invertibility : A straight P-box can be used in the encryption
cipher & its inverse in the decryption cipher.
98
Dan Boneh
Nirmalya
Kar
49
9/9/16
Contd
Compression and expansion P-boxes are non-invertible
Dan Boneh
Nirmalya
Kar
S-Box
Note
An S-box is an m n substitution unit, where m and n are not
necessarily the same.
Dan Boneh
Nirmalya
Kar
50
9/9/16
Example
In an S-box with three inputs and two outputs, we have
5.101
Dan Boneh
Nirmalya
Kar
Example
The following table defines the input/output relationship for an S-box
of size 3 2. The leftmost bit of the input defines the row; the two
rightmost bits of the input define the column. The two output bits are
values on the cross section of the selected row and column.
Based on the table, an input of 010 yields the output 01. An input of
101
yields the output of 00.
5.102
Dan Boneh
Nirmalya
Kar
51
9/9/16
XOR
0 1 1 0 1 1 1
1 0 1 1 0 1 0
Dan Boneh
Nirmalya
Kar
Circular Shift
Another component found in some modern block ciphers is the
circular shift operation.
Figure : Circular shifting an 8-bit word to the left or right
5.104
Dan Boneh
Nirmalya
Kar
52
9/9/16
Swap
The swap operation is a special case of the circular shift operation
where k = n/2.
Figure : Swap operation on an 8-bit word
5.105
Dan Boneh
Nirmalya
Kar
5.106
Dan Boneh
Nirmalya
Kar
53
9/9/16
Diffusion
The idea of diffusion is to hide the relationship between the
ciphertext and the plaintext.
Note
Dan Boneh
Nirmalya
Kar
Confusion
The idea of confusion is to hide the relationship between the
ciphertext and the key.
Note
Dan Boneh
Nirmalya
Kar
54
9/9/16
109
Dan Boneh
Nirmalya
Kar
self-invertible
Invertible
noninvertible
2. Non-Feistel ciphers
Dan Boneh
Nirmalya
Kar
55
9/9/16
Dan Boneh
Nirmalya
Kar
Example
The plaintext and ciphertext are each 4 bits long and the key is 3 bits long.
Assume that the function takes the first and third bits of the key,
interprets these two bits as a decimal number, squares the number, and
interprets the result as a 4-bit binary pattern. Show the results of
encryption and decryption if the original plaintext is 0111 and the key is
101.
Solution
The function extracts the first and second bits to get 11 in binary or 3 in
decimal. The result of squaring is 9, which is 1001 in binary.
Dan Boneh
Nirmalya
Kar
56
9/9/16
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
57
9/9/16
115
Dan Boneh
Nirmalya
Kar
End of Segment
Dan Boneh
58
9/9/16
Nirmalya
Kar
Dan Boneh
Dan Boneh
59
9/9/16
5.119
Note
In a modern stream cipher, each r-bit word in the plaintext stream is
enciphered using an r-bit word in the key stream to create the
corresponding r-bit word in the ciphertext stream.
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
60
9/9/16
Dan Boneh
Nirmalya
Kar
Example
Solution
If ci = 0, bi has no role in calculation of bm. This means that bi is not
connected to the feedback function. If ci = 1, bi is involved in calculation
of bm. In this example, c1 and c3 are 0s, which means that we have
only three connections. Bellow figure shows the design.
Dan Boneh
Nirmalya
Kar
61
9/9/16
Example
Solution:
Dan Boneh
Nirmalya
Kar
Table :
62
9/9/16
Table :
63
9/9/16
Dan Boneh
Nirmalya
Kar
End of Segment
Dan Boneh
64
9/9/16
Nirmalya
Kar
Dan Boneh
Block ciphers
Simplified DES
Dan Boneh
Dan Boneh
Nirmalya
Kar
65
9/9/16
Simplified DES
The S-DES encryption algorithm takes an 8-bit block of
plaintext (example: 10111101) and a 10-bit key as input and
produces an 8-bit block of ciphertext as output.
The S-DES decryption algorithm takes an 8-bit block of
ciphertext and the same 10-bit key used to produce that
ciphertext as input and produces the original 8-bit block of
plaintext.
131
Dan Boneh
Nirmalya
Kar
Contd
The encryption algorithm involves five functions:
an initial permutation (IP)
a complex function labeled fK, which involves both permutation and
substitution operations and depends on a key input (k1 )
a simple permutation function that switches (SW) the two halves of
the data
The function fK again with key input (k2 )
and finally a permutation function that is the inverse of the initial
permutation (IP1 )
132
Dan Boneh
Nirmalya
Kar
66
9/9/16
Contd
133
Dan Boneh
Nirmalya
Kar
Contd
) )
where
K1 = P8 Shift(P10(key))
( (
K2 = P8 Shift Shift(P10(key))
))
) )
134
Dan Boneh
Nirmalya
Kar
67
9/9/16
135
Dan Boneh
Nirmalya
Kar
Contd
Let the 10-bit key be designated as (k1, k2, k3, k4, k5, k6, k7, k8,
k9, k10).
Then the permutation P10 is defined as:
P10
3 5 2 7 4 10 1 9 8 6
each position in the table gives the identity of the input bit that
produces the output bit in that position.
For example, the key (1010000010) is permuted to
(1000001100)
136
Dan Boneh
Nirmalya
Kar
68
9/9/16
Contd
Next, perform a circular left shift (LS-1), or rotation, separately on the first five
bits and the second five bits.
Eg:- the result is (00001 11000).
Next apply P8, which picks out and permutes 8 of the 10 bits according to the
following rule:
P8
6 3 7 4 8 5 10 9
137
Dan Boneh
Nirmalya
Kar
S-DES Encryption
138
Dan Boneh
Nirmalya
Kar
69
9/9/16
IP
4
E/P
E/P
8
K2
8
4
4
S0
S1
2
Plaintext
K1
S0
S1
2
2
P4
2
P4
4
4
4
IP-1
8
SW
Ciphertext
Dan Boneh
Nirmalya
Kar
Contd
Initial and Final Permutations
First permute 8-bit block of plaintext using the IP function:
2 6 3 1
IP
4 8 5 7
140
Dan Boneh
Nirmalya
Kar
70
9/9/16
Contd
The function fk
the function fK, consists of a combination of permutation and
substitution functions.
Let L and R be the leftmost 4 bits and rightmost 4 bits of the 8-bit
input to fK , and let F be a mapping from 4-bit strings to 4-bit strings.
fK(L, R) = (L F(R, SK), R)
where SK is a subkey.
Example: The output of the IP stage is (10111101) and F(1101, SK) =
(1110) for some key SK.
Then fK(10111101) = (01011101) because (1011) (1110) = (0101).
141
Dan Boneh
Nirmalya
Kar
Contd
Mapping of F
input is a 4-bit number (n1n2n3n4).
The first operation is an expansion/permutation operation:
E/P
4 1 2 3 2 3 4 1
Dan Boneh
Nirmalya
Kar
71
9/9/16
Contd
Let us rename these 8 bits:
The first 4 bits (first row of the preceding matrix) are fed into
the S-box S0 to produce a 2-bit output, and the remaining 4 bits
(second row) are fed into S1 to produce another 2-bit output.
143
Dan Boneh
Nirmalya
Kar
Contd
The S-boxes operate as follows The first and fourth input bits are treated as a 2-bit number that
specify a row of the S-box,
the second and third input bits specify a column of the S-box.
The entry in that row and column, in base 2, is the 2-bit output.
144
Dan Boneh
Nirmalya
Kar
72
9/9/16
Contd
Example:-
0
1
1
0
0
0
0
1
For S0
first and fourth input bits are 00 or 0 or row 0
second and third input bits are 10 or 2 or column 2
For S1
first and fourth input bits are 11 or 3 or row 3
second and third input bits are 00 or 0 or column 0
145
Dan Boneh
Nirmalya
Kar
Contd
Next, the 4 bits produced by S0 and S1 undergo a further
permutation as follows:
146
Dan Boneh
Nirmalya
Kar
73
9/9/16
End of Segment
Dan Boneh
Nirmalya
Kar
Dan Boneh
Block ciphers
DES
Dan Boneh
74
9/9/16
History
Early 1970s: Horst Feistel designs Lucifer at IBM
key-len = 128 bits ; block-len = 128 bits
1973: NBS asks for block cipher proposals.
IBM submits variant of Lucifer.
1976: NBS adopts DES as a federal standard
key-len = 56 bits ; block-len = 64 bits
1997: DES broken by exhaustive search
2000: NIST adopts Rijndael as AES to replace DES
Widely deployed in banking (ACH) and commerce
Dan Boneh
Nirmalya
Kar
Contd
Dan Boneh
Nirmalya
Kar
75
9/9/16
DES Structure
Figure :
General
structure of
DES
Dan Boneh
Nirmalya
Kar
Figure :
A round in DES
(encryption site)
DES uses 16
rounds. Each round
of DES is a Feistel
cipher.
Dan Boneh
Nirmalya
Kar
76
9/9/16
Dan Boneh
Nirmalya
Kar
Contd
154
Dan Boneh
Nirmalya
Kar
77
9/9/16
Contd
Figure :
Key generation
Dan Boneh
Nirmalya
Kar
Multiple DES
The major criticism of DES regards its key length. Fortunately DES is not a
group. This means that we can use double or triple DES to increase the key
size.
Approaches:
q Double DES
q Triple DES
Dan Boneh
Nirmalya
Kar
78
9/9/16
Double DES
Meet-in-the-Middle Attack
However, using a known-plaintext attack called meet-in-the-middle
attack proves that double DES improves this vulnerability slightly (to
257 tests), but not tremendously (to 2112).
Dan Boneh
Nirmalya
Kar
Contd
Dan Boneh
Nirmalya
Kar
79
9/9/16
Triple DES
Dan Boneh
Nirmalya
Kar
End of Segment
Dan Boneh
80
9/9/16
Nirmalya Kar
Block ciphers
AES
Dan Boneh
Nirmalya
Kar
Introduction
The Advanced Encryption Standard (AES) is a symmetric-key
block cipher published by the National Institute of Standards and
Technology (NIST) in December 2001.
Topics to be discuss :
q
q
q
q
Criteria
Rounds
Data Units
Structure of Each Round
Dan Boneh
Nirmalya
Kar
81
9/9/16
qCriteria
The criteria defined by NIST for selecting AES fall into three
areas:
1. Security
2. Cost
3. Implementation.
Dan Boneh
Nirmalya
Kar
qRounds.
AES is a non-Feistel cipher that encrypts and decrypts a data
block of 128 bits. It uses 10, 12, or 14 rounds. The key size, which
can be 128, 192, or 256 bits, depends on the number of rounds.
Note
AES has defined three versions, with 10, 12, and 14 rounds.
Each version uses a different cipher key size (128, 192, or 256),
but the round keys are always 128 bits.
Dan Boneh
Nirmalya
Kar
82
9/9/16
Contd
Dan Boneh
Nirmalya
Kar
Dan Boneh
Nirmalya
Kar
83
9/9/16
Contd
Figure : Block-to-state and state-to-block transformation
Dan Boneh
Nirmalya
Kar
Contd
Example
Dan Boneh
Nirmalya
Kar
84
9/9/16
Dan Boneh
Nirmalya
Kar
End of Segment
Dan Boneh
85
9/9/16
Nirmalya
Kar
Dan Boneh
Block ciphers
Attacks on Block
Ciphers
Dan Boneh
Differential Cryptanalysis
Eli Biham and Adi Shamir introduced the idea of differential
cryptanalysis.
This is a chosen-plaintext attack.
Dan Boneh
Nirmalya
Kar
86
9/9/16
Example
Assume that the cipher is made only of one exclusive-or operation.
Without knowing the value of the key, Eve can easily find the
relationship between plaintext differences and ciphertext differences if
by plaintext difference we mean P1 P2 and by ciphertext difference,
we mean C1 C2. The following proves that C1 C2 = P1 P2:
Dan Boneh
Nirmalya
Kar
174
Dan Boneh
Nirmalya
Kar
87
9/9/16
Linear Cryptanalysis
Linear cryptanalysis was presented by Mitsuru Matsui in 1993.
The analysis uses known plaintext attacks.
Dan Boneh
Nirmalya
Kar
Contd
Figure : A simple cipher with a linear S-box
Dan Boneh
Nirmalya
Kar
88
9/9/16
Contd
Dan Boneh
Nirmalya
Kar
89
9/9/16
Contd
have two major placement alternatives
link encryption
encryption occurs independently on every link
implies must decrypt traffic between links
requires many devices, but paired keys
end-to-end encryption
encryption occurs between original source and final
destination
need devices at each end with shared keys
Dan Boneh
Nirmalya
Kar
Contd
180
Dan Boneh
Nirmalya
Kar
90
9/9/16
Contd
Characteristics of Link and End-to-End Encryption
181
Dan Boneh
Nirmalya
Kar
182
Dan Boneh
Nirmalya
Kar
91
9/9/16
End of Segment
Dan Boneh
92