Lecture 11 Flashcards
What does non-malleability refer to with regards to cryptography? Which cipher type is quite malleable?
An attacker usually shouldn’t be able to make any controlled changes to deciphered data, this could be a property of the cypher in use, or a property of how it is used (e.g a checksum in the data that has been ecrypted).
Stream ciphers are quite malleable, as xoring a string with an encrypted string will essnetially produce an encrypted version of the exclusive or of the decrypted string and the attack string.
What is Homomorphic encryption?
It is possible to perform useful computations on data by manipulating cypher text. There are two main categories: Partially homomorphic encrypting(PHE), where one type of operation can be computed without decryption (result is still encrypted), and fully homomorphic encryption(FHE), where general code can be translated to compute encrypted outputs form encrypted inputs.
What are some benefits and downsides of cloud computing? What can be done about it?
It allows for outsourcing of computation and storage, helping to avoid fixed costs of infrastructure, increase persistency, spread geographically, and scale up demand if needed. The main downside is security, because the cloud provider is not your organisation.
Homomorphic encryption can help, by allowing third parties to transport the encrypted data and perform work on it. though it does increase inefficiency elasticity reduces the problem.
What else can be done besides homomorphic encryption to allow useful work on encrypted data?
The encrypted data could be structured so that useful work can be done without decrypting it.
How can encrypted search occur? What about filtering?
If encryped data is not salted, in many schemes, if a=b then [a]k = b[k], this can be useful, as it allows third party searches even if the data is hidden. It involves encrypting the search key and the value. Most cases are limited to equality testing.
Filtering could also be done by encrypting an attribute to cluster the data instead.
How does a query tree for range queries work?
A range query can be expressed as a set of equality tests on constituent bits of a key, so just perform each query. However, the database can potentially learn a lot, this could be countered by adding noise, like making additional queries for data that isn’t wanted. or use rdundancy in coding of bit patterns (multiple ways to filter out same dataset.
What is the primary problem with cloud managed storage? What are some key management strategies?
Many staff need to access data, but each user shouldn’t have access to all data. Cloud storage typically encrypts data at rest, but ideally we want a system that encrypts data at the client side.
Keys could be held in escrow, meaning they are held by the cloud until needed by users. We could instead use a multi-stage cryptography process, where data is encrypted with a one-time symmetric key k, and the asymmetric cryptography is used to encrypt k for each principal.
What can Cloud storage do to ensure reliable storage?
Verify the data so that vit errors do not cause data loss., many file systems can ‘scrub’ disks and combined with RAID (combines multiple physical disk drives into one or more logical units) can keep the encrypted data safe.
What does repacking encrypted data involve?
packaging of encrypted date files into encrypted archives, e.g into .zip files.
