Cryptography and Society Flashcards
Cryptography Definition
“Secret writing” (crypto + graphy).
* Secures digital information, systems, and computations from adversarial attacks.
Key Concepts
- Encryption: Transforming plaintext into ciphertext.
- Decryption: Reversing ciphertext to plaintext using a key.
- Kerckhoffs’ Principle:
- The security of a system should not rely on secrecy of the algorithm, only the key.
- Key-Space Principle:
- The key space must be large enough to resist brute-force attacks.
Symmetric Cryptography
Same key for encryption and decryption.
Examples
Stream Cipher:
* Encrypts data bit-by-bit.
* Based on One-Time Pad (OTP) using pseudo-random key streams.
* XOR operation for encryption/decryption.
Block Cipher:
* Encrypts fixed-size data blocks (e.g., AES).
Asymmetric Cryptography
Different keys: Public (encryption) and Private (decryption).
Example: RSA Algorithm (based on modular exponentiation)
Notable Ciphers
- Caesar Cipher:
- Simple substitution cipher shifting letters by 3 places.
- Mono-Alphabetic Substitution Cipher:
- Maps plaintext to a substitution alphabet.
Digital Signature
Provides: Authentication, Integrity, Non-repudation(accountability)
Often paired with hashing for integrity verification
Digital Certificate
Issued by a Certificate Authority (CA) to verify ownership of public keys.
Potential Threats
- Brute Force:
* Systematically trying all keys. - Differential Cryptanalysis:
* Exploits relationships between plaintext and ciphertext. - Side-Channel Attacks:
- Observes physical implementation (e.g., timing, power usage).
Future Challenges
Quantum Computing:
* Shor’s Algorithm could break RSA by efficiently factoring large numbers.
Heartbleed Bug (Attack on Cryptographic Systems)
Exploited OpenSSL’s implementation flaw
* Affected major websites: Yahoo!, Imgur, Stack Overflow, Reddit, etc.
* Impacted systems: Debian, Red Hat Linux, and Android.
* Users were asked to reset passwords due to potential data exposure.
DROWN Attack (Decrypting RSA with Obsolete and Weakened eNcryption):
(Attack on Cryptographic Systems)
- Exploits obsolete SSLv2 protocol.
- Highlights risks of using outdated cryptographic protocols.
Privacy Tools and Protocols
- Tor (The Onion Router):
- Protects user privacy and combats censorship.
- Enables anonymous communication through multiple encryption layers.
- HTTP and HTTPS:
- HTTP:
- Unencrypted protocol, vulnerable to interception.
- HTTPS:
- Adds encryption for secure communication.
- Not immune to implementation flaws.
- Combination: Using HTTPS with Tor enhances privacy.
- HTTP:
Access to Strong Encryption Pros
- Empowers individuals against government control.
- Facilitates secure communication for law-abiding users.
Access to Strong Encryption Cons
Enables malicious actors to operate covertly.
* Difficult to regulate criminal activity.
Pretty Good Privacy (PGP)
Created by Phil Zimmermann in 1991 for secure email communication.
* Promoted widespread adoption of personal encryption.
