Einführung Flashcards
Security Goals
- Confidentiality
- Integrity
- Availability
- Authentication
- Data Authenticity
- Non-Repudiation
- Anonymity
- Unlinkability
- Deniability
Confidentiality Definition
The practice of keeping secrets, maintaining privacy, or concealing valuables
Integrity Definition
The integrity of the data is the fact that the data has not been modified
Availability Definition
The property that legitimate principals are able to access a service within a timely manner whenever they may need to do so
Entity authentication Definition
The process by which one entity (verifier) is assured of the identity of a second entity (the claimant) that is participating in a protocol
Data authenticity Definition
The ability to determine the origin of data. Includes integrity.
Non-repudiation Definition
Reduce the ability of a party to repudiate (ablehnen, nicht anerkennen, “leugnen”) an electronic transaction
Anonymity Definition
Anonymity is the concept of being indistinguishable from others who perform the same or similar actions as oneself
Properties of cryptographic hash functions
- One way
- Collision-resistant
Hybride Verschlüsselung
Symmetrische Verschlüsselung der Daten mit zufällig generiertem Session-Key. Anschließend asym. Verschlüsselung des Session Keys.
Provable security
Relate security of a cryptographic scheme to the hardness assumption
Approaches to defining security
- Game-based: Security defined as a game between an adversary and a challenger
- Simulation-based/Universal Composability: Security defined as the indistinguishability between ideal and real world
Key exchange problem
- Symmetric cryptography
- n * (n-1)/2 keys = O(n^2)
-> Use central party (key server) which knows all secret keys
Symmetric crypto problems
- Key agreement
- Key management
- Key attribution
Asymmetric crypto problems
- Performance
- Public key availability
- Public key ownership
- Public key validity