John Viega - Academia.edu (original) (raw)

Papers by John Viega

... Sample Bug • CVE-2004-0115 – Microsoft Virtual PC for Macintosh • The VirtualPC Services for ... more ... Sample Bug • CVE-2004-0115 – Microsoft Virtual PC for Macintosh • The VirtualPC Services for Mac 6.0 and 6.1 allowed local attackers to truncate ... Chuck Willis, MANDIANT • Michael Howard, Microsoft • Bruce Lowenthal, Oracle Corporation • Mark J. Cox, Red Hat Inc. ...

... Building Secure Software : How to Avoid Security Problems the Right Way. ... Commentaire. Rés... more ... Building Secure Software : How to Avoid Security Problems the Right Way. ... Commentaire. Résumé. In the age of e-Business, information security is no longer a minor detail: its at the heart of every business process and relationship. ...

... authenticated encryption at speeds of 10 gigabits per second and above in hardware, perform w... more ... authenticated encryption at speeds of 10 gigabits per second and above in hardware, perform well in ... is summarized in Section 7. Appendix A describes the use of GCM for 64-bit block ciphers. Test data that can be used for validating AES GCM implementations is contained in ...

The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both ... more The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both encryption and message authenti- cation, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most ecient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet trac in conjunction with software experiments and hardware designs. GCM has several useful features: it can accept IVs of arbitrary length, can act as a stand-alone message authentication code (MAC), and can be used as an incremental MAC. We show that GCM is secure in the standard model of concrete security, even when these fea- tures are used. We also consider several of its important system-security aspects.

... Examples of such systems include Naccio [ 4], Ariel [ 8]and PolicyMaker[ 1 ]. We anticipate i... more ... Examples of such systems include Naccio [ 4], Ariel [ 8]and PolicyMaker[ 1 ]. We anticipate incorporating this sort of tool as a small part of our total functionality. 6 C onc lusion We have identified some of the major problems plaguing software security, and discussed how sepa ...

We present the Galois Message Authentication Code (GMAC), a generic construction based on univers... more We present the Galois Message Authentication Code (GMAC), a generic construction based on universal hashing using multiplication in the finite field GF(2128). We also present GCM, a block cipher mode of operation that provides both encryption and message integrity in a single primitive, and is based on GMAC. The inherent parallelism in our con- structs enable hardware implementations to achieve

Progress in Cryptology - INDOCRYPT 2004, 2004

The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both ... more The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both encryption and message authenti- cation, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most ecient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet trac in conjunction with software experiments and hardware designs. GCM has several useful features: it can accept IVs of arbitrary length, can act as a stand-alone message authentication code (MAC), and can be used as an incremental MAC. We show that GCM is secure in the standard model of concrete security, even when these fea- tures are used. We also consider several of its important system-security aspects.

Lecture Notes in Computer Science, 2014

IT Professional, 2000

Supporters frequently tout Windows NT as being the most secure commercially available operating s... more Supporters frequently tout Windows NT as being the most secure commercially available operating system. Others tend to believe this opinion after hearing of Unix's many infamous security vulnerabilities. In reality, the two operating systems have far more in common from a security point of view than people expect. This, then, makes it difficult to honestly assert that NT is more

The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both ... more The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both encryption and message authenti- cation, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most ecient mode of operation for high speed packet networks, by using a realistic model of a network

... Sample Bug • CVE-2004-0115 – Microsoft Virtual PC for Macintosh • The VirtualPC Services for ... more ... Sample Bug • CVE-2004-0115 – Microsoft Virtual PC for Macintosh • The VirtualPC Services for Mac 6.0 and 6.1 allowed local attackers to truncate ... Chuck Willis, MANDIANT • Michael Howard, Microsoft • Bruce Lowenthal, Oracle Corporation • Mark J. Cox, Red Hat Inc. ...

... Building Secure Software : How to Avoid Security Problems the Right Way. ... Commentaire. Rés... more ... Building Secure Software : How to Avoid Security Problems the Right Way. ... Commentaire. Résumé. In the age of e-Business, information security is no longer a minor detail: its at the heart of every business process and relationship. ...

... authenticated encryption at speeds of 10 gigabits per second and above in hardware, perform w... more ... authenticated encryption at speeds of 10 gigabits per second and above in hardware, perform well in ... is summarized in Section 7. Appendix A describes the use of GCM for 64-bit block ciphers. Test data that can be used for validating AES GCM implementations is contained in ...

The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both ... more The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both encryption and message authenti- cation, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most ecient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet trac in conjunction with software experiments and hardware designs. GCM has several useful features: it can accept IVs of arbitrary length, can act as a stand-alone message authentication code (MAC), and can be used as an incremental MAC. We show that GCM is secure in the standard model of concrete security, even when these fea- tures are used. We also consider several of its important system-security aspects.

... Examples of such systems include Naccio [ 4], Ariel [ 8]and PolicyMaker[ 1 ]. We anticipate i... more ... Examples of such systems include Naccio [ 4], Ariel [ 8]and PolicyMaker[ 1 ]. We anticipate incorporating this sort of tool as a small part of our total functionality. 6 C onc lusion We have identified some of the major problems plaguing software security, and discussed how sepa ...

We present the Galois Message Authentication Code (GMAC), a generic construction based on univers... more We present the Galois Message Authentication Code (GMAC), a generic construction based on universal hashing using multiplication in the finite field GF(2128). We also present GCM, a block cipher mode of operation that provides both encryption and message integrity in a single primitive, and is based on GMAC. The inherent parallelism in our con- structs enable hardware implementations to achieve

Progress in Cryptology - INDOCRYPT 2004, 2004

The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both ... more The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both encryption and message authenti- cation, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most ecient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet trac in conjunction with software experiments and hardware designs. GCM has several useful features: it can accept IVs of arbitrary length, can act as a stand-alone message authentication code (MAC), and can be used as an incremental MAC. We show that GCM is secure in the standard model of concrete security, even when these fea- tures are used. We also consider several of its important system-security aspects.

Lecture Notes in Computer Science, 2014

IT Professional, 2000

Supporters frequently tout Windows NT as being the most secure commercially available operating s... more Supporters frequently tout Windows NT as being the most secure commercially available operating system. Others tend to believe this opinion after hearing of Unix's many infamous security vulnerabilities. In reality, the two operating systems have far more in common from a security point of view than people expect. This, then, makes it difficult to honestly assert that NT is more

The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both ... more The recently introduced Galois/Counter Mode (GCM) of op- eration for block ciphers provides both encryption and message authenti- cation, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most ecient mode of operation for high speed packet networks, by using a realistic model of a network