Lecture 1 - Basic Concepts Flashcards
What are the three Main Security Issues?
- Confidentiality: keeping information secret
- Example: prevent people reading data on your disk, or intercept messages transmitted over the network
- Integrity: ensure information is intact (not modified)
- Example: a program you download is not modified to include malware
- Authentication: check people are really who they claim to be
- Example: someone sends hostile email to professors in your name
What is Cryptography, Cryptanalysis, Cryptology & Cipher?
- Cryptography: the science of secret writing
- Cryptanalysis: the science of code-breaking
- Cryptology = Cryptography + Cryptanalysis
- A cipher is an algorithm that turns readable messages (plaintext) into unreadable messages (ciphertext). This process is called encryption. The reverse process is called decryption
Part 1: What is Rot13 and why is it not a good cipher?
Part 2: What about Rot-n (shift n positions)?
Part 1:
- Replace every letter with the letter 13 places down the alphabet
- If an attacker knows Rot13 is being used, the message can easily be decoded
Part 2:
- Better however still easy to decode (try all 26 values of n)
- Also even if the attacker does not know Rot-n is being used, it can still be decoded by letter frequency remains
What are the Two types of “security” of a cipher?
- Unconditionally secure: the ciphertext does not contain enough information to determine uniquely the plaintext (impossible to break)
- Computationally secure: cost of breaking is greater than the value of encrypted info
- Or time to break is greater than the useful lifetime of encrypted info (takes a lot of money/time to break)
What is Kerckhoff’s Principle?
- Everything (algorithms) are publicly known, only keys are secret
- Security does not depend on the secrecy of the algorithm
- Everyone can implement the algorithm
- Everyone can study potential weaknesses of the algorithm
- We can make sure there is no “hidden backdoor”
What is a key called in Secret Key Cryptography and what does it mean?
- Symmetric cryptography
- Same key for encryption and decryption (to be kept secret)
What are some examples of Secret Key (symmetric) Cryptography and some drawbacks to it?
- Examples: Rot-n, DES (Data Encryption Standard)
- Drawbacks:
- How to distribute the key secretly?
- Keys are usually shorter than the message, and can be reused. Still, it is difficult to distribute keys securely
- Solutions: key agreement protocols; public key cryptography
- In a system with many components:
- Using one key for everything: risk the whole system collapsing upon a security breach
- Use a (different) key for each pair: distribution headache
- How to distribute the key secretly?
What is a key called in Public Key Cryptography and what does it mean?
- Asymmetric cryptography
- Depends on computationally-difficult mathematical problems
- A public key and a private key for each party
- Public key: freely available
- Private key: secret (keep to oneself)
- Public and private keys always come in pairs (Keypairs); they are mathematically related
- Successful decryption requires using the matching key
What is an example of Public Key (asymmetric) Cryptography and one advantage and one drawback to it?
- Example: RSA
- Advantage: No need for distributing a secret key
- Drawback: slow
What are the mathematical properties of Public and Private Keys?
- Easy to generate a pair of public/private keys
- Easy to encrypt knowing the public key
- Easy to decrypt knowing the private key
- Computationally difficult to get the private key from the public key
- Computationally difficult to decrypt without knowing the private key
- (preferably) can encrypt with private key and decrypt with public key (i.e. key roles exchanged)
What is an Hybrid System?
- Combines symmetric and asymmetric ciphers
- First, the two parties use an asymmetric cipher to negotiate a session key (a secret key for this conversation)
- Then, encrypt the conversation using the session key as a secret key of a symmetric cipher
- Combines virtues of both kinds of ciphers:
- Use the slow asymmetric cipher to exchange a small amount of data only
- The conversation can then be encrypted using a fast symmetric cipher
What are Concepts of Cipher Attacks?
- “Breaking” a cipher: decrypt without the key
- It is important that the plaintext has some “meaning” for attacks to be possible
- e.g. English sentences, excel file, exe program, …
- Otherwise, no way to distinguish correct or incorrect decryption
What are the two types of Attacks on Ciphers?
- Brute-force: try all possible keys
- Strength of cipher can be increased by using longer keys
- E.g. Rot-n having only 26 possible keys is too small
- An n-bit key length gives 2n different possible keys
- Cryptanalysis: exploit the mathematical properties of the algorithm
- Strength of cipher depends on design of algorithm
- Secret key ciphers: cryptanalysis is possible if structure (statistical properties) of plaintext remains in ciphertext
- Public key ciphers: cryptanalysis usually focuses on the mathematical relationships between public and private keys
What are the 3 types of Types of Cryptanalysis Attacks?
1) Ciphertext-only: only have (a large amount of) encrypted data
* Example: Sgd pthbj aqnvm enw itlor nudq sgd kzyx cnf = ?
2) Known plaintext: in addition, some plaintext-ciphertext pairs are known
- Example: Sgd = The, cnf = dog, pthbj aqnvm enw = ?
- Email headers, guessed keywords in message, etc
3) Chosen plaintext: attacker can choose to encrypt a few plaintext
* Example: Encrypt “Example”? => Dwzlokd
It becomes increasingly easy to attack / difficult to defend (as the attacker has more information)
