Chapter 3: Encryption and Related Technologies Flashcards
What is homomorphic encryption?
Allows encrypted information to be manipulated without decrypting it first (data in use)
What is multiparty computation?
Allows two or more computers to participate in a computation and compute a mathematical result without otherwise revealing private information
What does the term encrypt mean?
To convert information or data into a cypher or code
What is a cypher?
Mathematical transformations of data, in which data is scrambled according to some kind of function
What is a code?
Transformations that typically involve a one-to-one replacement of a word, letter, figure or symbol with another word, letter, figure or symbol
What is the difference between plaintext and cyphertext?
Plaintext - clear and readable text
Cyphertext - the encrypted message
What is the work factor?
The amount of effort that an adversary needs to expend to decrypt a message
What is threat modeling?
Understanding the adversary the system has been designed to protect against, the capabilities that adversary has, and the likely forms of attack the system may experience
What is a cryptographic system?
Collection of cryptographic algorithms, protocols, software and other items that use cryptography to achieve information security goals
What factors can cause cryptographic implementation flaws?
- Bugs - Implementation errors
- Back doors - Flaws that have been deliberately placed in a product for later exploitation
- Weaknesses - Mathematical vulnerabilities that are unknown when they are developed and deployed but are later discovered
- Obsolescence - Erosion over time
Why is entropy important?
Merely encrypting with an algorithm and a key is not sufficient to ensure security. It is also necessary to use randomness, also called entropy, so that an attacker observing the output of an encryption system cannot determine if the same message is encrypted a second time
Where must entropy be applied in modern cryptographic systems?
Both in creating keys and encrypting messages
List the 2 kinds of encryption algorithms
Secret key algorithms (aka symmetric)
Public key algorithms (aka asymmetric)
What is a symmetric or secret key algorithm?
Uses the same key to encrypt and decrypt the plaintext
What is an asymmetric or public key algorithm?
Designed so that the plaintext can be encrypted using only public information, but decrypting the cyphertext requires the use of private information
Is RSA a symmetric or asymmetric algorithm?
Asymmetric
What is the most common symmetric algorithm in use today?
AES - typically used with 128 or 256 bit keys
What is a brute force attack?
Try every possible key
What is another name for a brute force attack?
Key search attack
What technology will theoretically be capable of breaking 128-bit AES with relative ease?
A sufficiently large quantum computer
Though it is believes that it will not have the ability to crack AES-256 in any reasonable amount of time
Why is it a bad idea to develop your own encryption algorithm?
Secret algorithms are typically weaker because they have not been as widely tested
It is also difficult to understand the risk of using such an algorithm
What are the differences between a cryptographic key and a password?
With a cryptographic key
• Information must be mathematically transformed
• Does not decide whether or not to grant access
• Cannot be reset if the key is lost
• To change the key you have to decrypt then re-encrypt the information
With a password
• Access to the controlled information is mediated by a program
• Because the program is making decisions, it can be manipulated by other factors (ex. the system allows access without a password Thursdays at 5)
• Software accessed confidential parts of the program even when a password is not provided
Which private key algorithm was published by the US government in their Federal Information Processing Standard (FIPS) in 1977?
Data Encryption Standard (DES)
A public demonstration in 1998 showed that DES could be broken, what was the solution?
Encrypting a message with DES three time over, each time with a different key (a technique called triple DES or 3DES)
Why was cryptography not widely used until the rise of e-commerce in the 1990s?
Lack of workable public key cryptography
Export controls - government restricted the export of any computer technology that could perform cryptography
CPU speed
Which browser first incorporated transparent cryptography in 1995?
Netscape Navigator
What encryption protocol do web browsers use to automatically encrypt information as it travels between browser and web server?
Secure Socket Layer (SSL) - later renamed to Transport Layer Security (TLS)
Often called SSL/TLS today
What is a pluggable cryptographic protocol?
The single protocol supports the use of multiple hash functions and ciphers
How does TLS determine which algorithm to use?
TLS client connects to a TLS server, the two negotiate the most secure version of each algorithm from the set of algorithms that each implement
What does TLS not protect?
Knowing how much data is exchanged and what the endpoints are
Knowing that data is being exchanged at all
TLS provides neither anonymity or stealth
To achieve anonymity, it is necessary to hide one’s traffic within a crowd, which systems can do this?
Proxies and mix networks, also called onion routing networks
How do systems such as onion routing networks work?
Combine traffic from multiple computers into a single channel that is sent between multiple computers and then separating out the traffic again
How does the onion router (Tor) work?
Uses a sophisticated system that relies on multiple layers of encryption and sends every users’ traffic to at least three different computers in sequence, so that not even the nodes of the mix network know with whom the users are communicating
To offer stealth, it is necessary to masquerade one’s traffic so that it cannot be observed, how can this be done?
By hiding the traffic using a masking protocol or using steganography
TLS works at the transport layer, some internet telephone protocols use encryption at which layer?
Application layer
Which wireless network protocols have encryption built in?
802.11 WPA and WPA2
Which 2 approaches are commonly used to encrypt data at rest?
Application level encryption
Device level encryption
Application level encryption is also known as…
File-level or document-level encryption
Where is device-level encryption is applied?
It is built into the computer’s storage subsystem and performs encryption on a block-by-block basis
List the 3 approaches for working with encrypted data
Secure enclaves
Homomorphic encryption
Multiparty computation
What are secure enclaves?
- They rely on modifications to the microprocessor to provide security
- Some of these systems rely on curtained memory, which prevents the microprocessor from accessing the memory where the secure application is running
- Another approach uses specialized hardware within the microprocessor to automatically encrypt memory as it is written and decrypt it as it is read
What is homomorphic encryption?
A collection of mathematical techniques for working with encrypted data
What is multiparty computation?
Multiparty computation is a class of algorithms that allows programs running on different computers to participate in computations such that results can be computed without compromising each party’s private data
What are digital signatures?
Using encryption to certify that a document has not been modified since some time in the past
What 2 kinds of cryptographic quantum technology have already been demonstrated in the laboratory?
Quantum computers
Quantum key distribution (QKD)
What is quantum key distribution (QKD)?
Approach for distributing an encryption key to two endpoints so that it is physically impossible (according to our understanding of physics) for a third party to get a copy of the key
List the 2 kinds of secret key algorithms
Stream ciphers
Block ciphers
What are stream ciphers?
Encryption algorithms that transform one byte of data at a time
The RC4 algorithm was widely used in the 1990s with the Netscape SSL protocol and is still somewhat used today, although its popularity is waning
What are block ciphers?
Transform a small block of data at one time, typically 16, 32 or 64 bytes
Both DES and AES are block ciphers
Which 2 mathematical functions are ciphers based on?
Substitution
Transposition
What is substitution in encryption?
Substitutes one pattern for another according to a code book
What is transposition in encryption?
Scrambling the bits within a set of bytes
Traditionally, do steam ciphers use substitution or transposition?
Substitution
Traditionally, do block ciphers use substitution or transposition?
Both
Which is generally considered safer, stream ciphers or block ciphers? Why?
Because stream ciphers typically only use substitution and block ciphers use both substitution and transposition, block ciphers are somewhat more secure
What is the drawback of block ciphers versus stream ciphers?
Block ciphers are generally slower because they perform both substitution and transposition
Though today’s computer are fast enough to allow stream ciphers to be used as block ciphers and vice versa in the majority of applications
Which algorithm was adopted by the US government in 2001?
AES
What weaknesses does AES have?
Currently regarded as containing no significant algorithmic weaknesses
How does AES work?
Consists of an inner mathematical operations that is repeated
AES-128 repeats this function 10 times and is said to have 10 rounds
AES-192 has 12 rounds
AES-256 has 14 rounds
Each round makes it harder to decrypt
Which encryption algorithm has the US National Security Agency (NSA) for top secret information?
AES-256 (but not AES-128)
Why do some organizations use triple DES over AES?
They believe it is more thoroughly understood than AES
Which algorithm was developed by the Chinese government?
SM4
What are lightweight encryption algorithms?
Algorithms designed to encrypt small amounts of data - just a few bytes - or that must run in low-powered environments
List 2 examples of lightweight encryption algorithms
SIMON and SPECK, both developed by the NSA
What is cryptanalisys?
The process of trying to decipher an encrypted message without knowing the key
A brute force attack is the most basic form of cryptanalysis, what do more sophisticated methods rely on?
Analyzing individual mathematical operations that create the encryption algorithm and correlating many applications of the algorithm over a large set of data
In what circumstances is an encryption algorithm considered broken?
- Known ciphertext attack
- Known plaintext attack
- Chosen plaintext attack
- Differential cryptanalysis
- Related key attack
What is a Known cyphertext attack?
Given a ciphertext C, the attacker can determine the plaintext P
What is a Known plaintext attack?
Given a plaintext P and a ciphertext C, the attacker can determine the encryption key K
What is a Chosen plaintext attack?
Given a plaintext P of the attacker’s choosing and the encrypted ciphertext C of that message, the attacker can determine the encryption key K
What is Differential cryptanalysis?
Given a number of similar plaintext messages P1 through PN and the corresponding ciphertext messages C1 through CN, the attacker can determine encryption key K
What is a Related key attack?
Given a number of related keys and a collection of ciphertext encrypted with each key, it is possible to learn some or all of the keys, and therefore decrypt some or all of the ciphertext
Why was DES-128 weaker than DES-56?
The change to the substitution boxes that NSA had applied to the original 128-bit algorithm submitted by IBM had made the algorithm stronger
By the mid-1990s, why was 56-bit DES no longer considered sufficiently long?
It could be brute-forced by Deep Crack (a million-dollar special-purpose computer created for the purpose of demonstrating the weakness of the algorithm
What is a Clipper chip?
A microchip with encryption embedded, developed by the US government in the mid-1990s
Why was the Clipper chip not commercially successful?
- Featured a mandatory key escrow that would have let the U.S. government decode Clipper-encoded messages with a valid court order
- Hardware vendors did not want to accept the additional costs and manufacturing complexities of adding a U.S. government chip to their products
- Organizations that needed more than 56 bits of security but still wished to follow government standards could simply use triple DES or 3DES
List 4 symmetric algorithms
DES
3DES (triple DES)
RC4
AES
Is DES a block or stream cipher?
Block cipher
Is 3DES a block or stream cipher?
Block cipher
Is RC4 a block or stream cipher?
Stream cipher
Is AES a block or stream cipher?
Block cipher
What is the key size for the DES algorithm?
56 bits
What is the key size for the 3DES algorithm?
168 bits
What is the key size for the RC4 algorithm?
40-2048 bits
What is the key size for the AES algorithm?
128, 192 or 256 bits
What is the block size for the DES algorithm?
64 bits
What is the block size for the 3DES algorithm?
64 bits
What is the block size for the RC4 algorithm?
8 bits (1 byte)
What is the block size for the AES algorithm?
128 bits
What is the status of the DES algorithm?
Not secure; do not use
What is the status of the 3DES algorithm?
Secure but slow; not widely used
What is the status of the RC4 algorithm?
Was widely used in SSL and WEP; increasingly deprecated
What is the status of the AES algorithm?
Widely used; generally thought to be secure
What are cryptographic modes of operation?
Techniques for combining repeated invocations of block algorithms so that they can be used on more data
List 4 common cryptographic modes of operation
Electronic codebook (ECB) Cipher block chaining (CBC) Counter mode (CTR) Authenticated encryption (AE)
Describe the Electronic codebook (ECB) cryptographic mode of operation
- Simplest
- Least secure
- Uses the same key for each block of data
Describe the Cipher block chaining (CBC) cryptographic mode of operation
- Encrypting each block as a function of the block’s plaintext and the previous block’s cyphertext
- Same block of plaintext will be encrypted differently each time
- Because the first block of the message doesn’t have a previous block, it is encrypted by combining the plaintext and a randomly generated block of data called the initialization vector (IV)
- Must begin decrypting from the first block in the sequence
Describe the Counter mode (CTR) cryptographic mode of operation
- Similar to CBC, except that the IV is replaced with a counter
- Possible to start decrypting at any point in the encrypted data
- Popular choice for disk encryption algorithms
- Errors in the cipher text do not propagate, and CTR encryption and decryption can be parallelized
- Despite these advantages, not widely used
Describe the Authenticated encryption (AE) cryptographic mode of operation
- Family of modes that provide for both confidentiality and authentication
- Rely on additional information that is injected into the ciphertext so that the decrypting program can verify that decryption was performed using the correct key
- Authenticated encryption modes have been patented and, as a result, they are not widely used
What are the 2 hard and fast rules for strong encryption keys?
Truly random
Used as infrequently as possible (ideally just to protect a single message)
How can microprocessors be built to provide randomness?
Many microprocessors have a hardware random number generator that acquire entropy from thermal noise
List 8 uses of symmetric (secret-key) encryption
Documents with passwords Block-level disk encryption Persistent VPNs TLS Wireless networks Encrypted databases Cryptographic erasure and retention rules Secret sharing
Describe symmetric encryption applied to Documents with passwords
One of the most common uses
Microsoft and Adobe use it
Describe symmetric encryption applied for Block-level disk encryption
At the driver layer, separately encrypting each disk sector
Typically use a variant of counter mode so that any disk block can be decrypted without decrypting the adjacent block
Describe symmetric encryption applied for Persistent VPNs
System administrator would create a random encryption key and program it into all systems that require access to the VPN
Describe symmetric encryption applied for TLS
After a cryptographic session is established using asymmetric cryptography, symmetric encryption algorithms are used for bulk data encryption
Describe symmetric encryption applied in Wireless networks
WPA2 encryption system requires that all units be programmed with the same passphrase or key
This passphrase or key is then used to derive a specific symmetric encryption key used to secure data sent over the wireless network
Describe symmetric encryption applied to Encrypted databases
The entire database file can be encrypted with a single key; individual rows or columns can be encrypted; rows, columns or cells can be encrypted with keys stored in other rows, columns or cells; the database can be encrypted but the index left unencrypted to allow for rapid searching; and so on
Describe symmetric encryption applied for Cryptographic erasure and retention rules
If the drive is encrypted with a key, the entire contents of the hard drive can be rendered indecipherable by erasing the key
Describe symmetric encryption applied for Secret sharing
A single document can be encrypted with a single key that is then split into multiple shares using a mathematical approach called secret sharing
For example, if an organization has seven auditors, the key could be split so that any three auditors, working together, can recover the encrypted data
What are hash algorithms?
Fast mathematical functions that take an input of any length and produce a small output (typically 16-64 characters) that looks random
What makes a strong hash algorithm?
The output cannot be predicted from the input without running the algorithm
Changing any bit in the input will change, on average, half of the bits in the output
Many people call hash algorithms digital fingerprints. Why is this incorrect?
- Different hash functions will produce different outputs for the same document, so in addition to knowing a document’s hash, it is important to know the algorithm that was used to produce the hash. Some hash functions can also be keyed, so that the document’s cryptographic hash depends on the algorithm, the document and the key.
- Even though no two people have been found to have the same fingerprints, it is possible for many different documents to have the same hash value
- People’s fingerprints change over time and each set of fingerprints from the same individual is slightly different. Human fingerprints must be matched with a comparison function that allows for slight variations. Cryptographic hashes, by contrast, are precisely matched bit for bit.
- Latent prints left at the scene of a crime are typically partial prints and can sometimes match many different people. Only an expert can determine whether or not two prints actually match. File hashes, on the other hand, are always complete and can be matched by anyone, or any program—no special training is required.
What is a hash collision and what does it mean?
Multiple documents having the same hash value
They are the mark of a hash that is no longer secure
How do digital signatures work?
Digital signatures combine hash functions with public key cryptography in a way that makes it possible to certify that a document has not been changed since it was digitally signed
SHA-256, SHA-384 and SHA-512 are all variants of which hash algorithm?
SHA-2
List 9 hash algorithms
MD5 SHA-1 SHA-256 SHA-384 SHA-512 SHA3-224 SHA3-256 SHA3-384 SHA3-512
What is the output size for the MD5 hash algorithm?
128 bits
What is the output size for the SHA-1 hash algorithm?
160 bits
What is the output size for the SHA-256 hash algorithm?
256 bits
What is the output size for the SHA-384 hash algorithm?
384 bits
What is the output size for the SHA-512 hash algorithm?
512 bits
What is the output size for the SHA3-224 hash algorithm?
224 bits
What is the output size for the SHA3-256 hash algorithm?
256 bits
What is the output size for the SHA3-384 hash algorithm?
384 bits
What is the output size for the SHA3-512 hash algorithm?
512 bits
When was the MD5 hash algorithm first published?
1992
When was the SHA-1 hash algorithm first published?
1995
When were the SHA-256/384/512 hash algorithms first published?
2001
When were the SHA3-224/256/384/512 hash algorithms first published?
2015
As of 2019, what was the status of the MD5 hash algorithm?
Deprecated; should not be used in applications that require confidentiality or integrity
As of 2019, what was the status of the SHA-1 hash algorithm?
Being phased out; should not be used for new applications
As of 2019, what was the status of the SHA-256/384/512 hash algorithm?
Widely used
As of 2019, what was the status of the SHA3-224/256/384/512 hash algorithms?
Chosen by NIST through an open competition in 2013; significantly slower than SHA-256 without hardware support
List 3 applications for hash functions
Converting pass phrases to cryptographic keys
Identifying versions of documents
Digitally signing documents
Although it’s common to derive an encryption key by simply taking a person’s passphrase and hashing it, why is this not secure?
Attackers have compiled lists of billions of hashes of popular passwords and passphrases
How can you securely use a hashed passphrase as an encryption key?
Combine the provided passphrase and a random number, called a nonce, and to hash the two together many thousands of times
Which algorithms are typically slower, symmetric or asymmetric?
Asymmetric
Are symmetric or asymmetric keys of the same length easier to crack? Why?
Asymmetric - symmetric keys are simply random collections of bits, while asymmetric keys are numbers with specific mathematical properties Public keys (asymmetric) are public, so an attacker who is targeting a public key system can create any number of chosen plaintext/ciphertext pairs
List 3 asymmetric (public key) systems
RSA
The Digital Signature Algorithm (FIPS-186)
Elliptic Curve Cryptography
Describe the RSA public key system
- Relies on the fact that it is easy to multiply two prime numbers together to create a composite, but it is relatively difficult to take a composite number and decompose it into its prime factors
- Private and public keys are interchangeable; that is, messages encrypted with the RSA public key can be decrypted with the private key, and messages encrypted with the private key can be decrypted with the public key
- Can be used both for message secrecy and for digital signatures
Describe The Digital Signature Algorithm
Public key algorithm created by the U.S. government in the 1990s as an alternative to RSA
Was not covered by the RSA patent
Could be used for digital signature but not for encryption
Required significantly more computational effort to verify signatures than does RSA
Describe Elliptic Curve Cryptography
Both the RSA and DSA algorithms make use of mathematical properties that arise from performing mathematics
It is possible to perform the same kinds of operations in a different kind of mathematical range called an elliptic curve
Has the advantage of making it dramatically harder to factor numbers and, thus, crack a public key
Public key cryptography performed in elliptic curves can achieve the same security with much smaller keys, making the resulting cryptography faster and more energy efficient
Many other public key algorithms exist but why should we not use them?
Even though they work, they do not provide compelling advantages compared to existing standards, and their lack of widespread adoption means that any implementations are more likely to have significant security vulnerabilities
Why are digital signatures more powerful than physical signatures?
- Certify that a document has not been modified
- Physical signatures can be forged
- You can’t lift a digital signature and put it on another document
- Digital signatures can be stores separately from the document
What property do digital signature provide?
Integrity - they certify that a document has not been modified
What is the property of nonrepudiation?
Non-repudiation is the assurance that someone cannot deny the validity of something
How do digital signatures provide nonrepudiation?
The only way to dispute the authenticity of a digital signature is by making a claim that the private key was compromised or by asserting the digital signature scheme it itself mathematically broken
Provide an example of how digital signatures may be used as a form of commitment
The document is stored separate from the signature
Commitments can be used to implement closed-bid auctions in a manner that not even the auctioneer knows the identities of the bidders
How do digital signatures work?
By combining 2 mathematical techniques:
• A program first computes a hash value
• It then encrypts the hash value with an asymmetric signing key
How are digital signatures verified?
The signature is decrypted with the verification key (the public key)
The document is hashed and that value is compared to the decrypted hash to confirm they are identical
What do you call a person or program that verifies a digital signature?
Relying party (RP)
Digital signatures are distributed as digital certificates that are themselves signed by organizations called…
Certificate authorities
What does PKI stand for?
Public Key Infrastructure
What is Public Key Infrastructure?
A set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption
These days, who uses today’s public keys?
Today’s public keys are mostly used to certify the identity of organizations—and in particular, their web servers—not individuals
Why is Public Key Infrastructure trusted?
They are digitally signed by an organization trusted to certify that the public key belongs to the organization
Provide examples of where PKI is used today
PKI operates mostly behind the scenes, securing web servers, mobile phones, secure chat and even chip-based credit cards
Why is PKI not widely used to identify people?
Today’s PKI implementations have proven to be too complicated for most computer users to comprehend and too technical for them to care much about it
What is a certificate authority (CA)?
An entity that a particular public key belongs to
For example, Equifax Security CA
What is a digital certificate?
On a web server, it’s a promise made by a third party, the certificate authority, that the public key on the certificate really does belong to the organization that operates a web server
What is contained within a digital certificate?
Server’s public key
Server’s domain name system (DNS) name
Name of the company
How does an organization get a digital certificate?
The organization fills in a document called a certificate signing request (CSR)
The Certificate Authority: • verifies the information • puts it on the certificate • signs the certificate with their private key • Gives it back to the organization
The organization puts the certificate on their web server
How are digital certificates verified?
The browser:
• computes the cryptographic hash of all the information on the certificate other than the signature
• takes the signature that’s on the certificate and decrypts the signature with the CA’s public key
• checks that the 2 values match
What 2 assumptions must be true for digital certificate verification to succeed?
The browser must have a copy of the CAs public key
The CA must have behaved in a trustworthy manner
What is client-side PKI?
PKI applied to individuals rather than organizations
What does client-side PKI require?
A means for the individual to securely maintain their private key and to use it to prove their identity
List 2 ways an individual can maintain their private key
- Stored inside a smart card or another kind of physical token - this is the most secure means and may be combined with a PIN to further secure it
- Stored in an encrypted file on the user’s computer - typically requires a password
List 2 reasons why smart cards are significantly more secure than storing a private key in an encrypted file
- Key does not leave the card
* Card is normally removed when not in use
List 4 common uses for client-side PKI
- Alternative to usernames and passwords for website authentication
- Add signed name to a document
- Certify the contents of a digital document
- Digitally sign software
Why do we need a means to revoke public keys?
- They are valuable and can be stolen
- They can be destroyed
- Allows the CA a means to identify keys that should no longer be used or trusted
Name 3 approaches to certificate revocation
- When a certificate is issued, the certificate’s owner can also obtain a revocation certificate.to be published if the private key is compromised
- Most CAs operate a certificate revocation list (CRL)
- Most CAs operate an online certificate revocation service
Which protocol do most CAs use for online certificate revocation services
Online Certificate Status Protocol (OCSP)
Can Certificate Authorities be revoked?
No - companies (such as Microsoft, Google and Apple) need to publish patches for their browser software to remove a CA
Why is it important, when dealing with digital certificates, that the computer know the current time?
Because digital certificates have validity periods
How can computers reliably learn the correct time?
- Using the internet Network Time Protocol (NTP)
- Using a global positioning system (GPS) receiver
- Learning the time from a cellular network
- Using the Windows Time Service
Currently, can computers be sure they know the correct time?
No, none of the current protocols use cryptography to assure that the time provided is correct
What are the issues with today’s PKI system?
- Modern web browsers have more than 100 CAs built-in (some with suspicious names like AAA Certificate Services)
- No practical way for users to distinguish between high-quality CAs and bargain basement ones
- All CAs are equally trusted
- Different CAs use different security standards
What can organizations do to ensure their true digital certificates are used?
Publish Certification Authority Authorization (CAA) records with their DNS to inform web browsers to only trust certificates from a specific authority
What are Extended Valuation (EV) certificates?
- An attempt to create a high-quality certificate
- CAs are supposed to demand higher levels of assurance
- They provide more information about the provider
- More expensive
Why were Extended Valuation (EV) certificates not popular with security professionals?
They argued against the very premise of EV certificates, saying that the rigorous checking of identity and liability protection were supposed to be part of the original certificates
What are Extended Valuation (EV) certificates primarily used for today?
The provide additional branding, but they do not appear to provide the additional security hoped for by their creator
What is a hybrid cryptography system?
One that combined symmetric cryptography, cryptographic hash functions and asymmetric cryptography
Most systems nowadays are hybrid
List 2 common protocols used in email
S/MIME
Pretty Good Privacy (PGP)
How does S/MIME work?
Email messages are digitally signed to verify the sender and encrypted so that they can only be deciphered by their intended recipient
Why is S/MIME rarely used (outside of a few select organizations)?
Using S/MIME requires that email correspondents first obtain digital certificates
How have organizations that have been successful in using S/MIME implemented it?
They generally provide digital certificates to their users
Example, US government provides digital certificates stored on cards to their employees
How does Pretty Good Privacy (PGP) work in email?
Uses an alternative model for PKI called the Web of Trust
Instead of relying on CAs to certify an individual’s public key, individuals create their own PGP pubic keys and then publish those keys either on a web page or by uploading the key to the PGP key server
PGP deployment is generally limited to which group of users?
Small groups of technologists
What is Digital rights management (DRM) generally used for?
Encrypting movies and other kinds of digital media
Offers a cryptographic erasure function to block access to a document after a time period has expired
Why is there still a privacy risk when a database is encrypted?
Access patterns of reads and writes can still reveal privacy-sensitive information
What is Oblivious Random-Access Memory (Oblivious RAM, or simply ORAM)?
A system that has the property that monitoring reads or writes between the user, and the database reveals no side channel information
ORAM systems typically perform additional read-and-write operations to different parts of memory whenever any information is read or written
What is Private Information Retrieval (PIR)?
A range of protocols in which data can be retrieved from a database without revealing to the database or another observer the information that is retrieved
How do Oblivious RAM and Private Information Retrieval (PIR) relate?
PIR systems are a subset of ORAM systems, in that they provide for data access but not necessarily for data modification
