Week 3

Question 1

Explain Encryption

Answer 1

Encryption is the process of transforming information (plain text) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key: the result of encryption is termed cipher text

Question 2

Explain hash function

Answer 2

Hash function: generate unique number; easy; non-traceable

• e.g. Hash(m) = mod(m, n), remainder after dividing by n, for n prime Hash(‘hello’) = mod(8 5 12 12 15, 127) = 100
• If message changes, so does the hash. E.g. Hash(‘hallo’) = 92

Question 3

Explain Symmetric Key Cryptography

Answer 3

• Symmetric key algorithms*: parties have the same key
• symmetric key (like DES, 3DES, AES)

In conventional cryptography, key k is used both for encryption (E) of plain text m and for decryption (D) of cipher text c.

Question 4

Explain Asymmetric Key Cryptography (public key cryptography)

Answer 4

Uses a pair of two related keys (PK,SK)

Public key (PK): published and distributed (Alice, or others) Secret key (SK): private and unique (only Bob)

where the private key SK cannot be derived from the public key PK and the private key SK cannot be found by a ‘chosen plaintext attack’

It does not matter if someone intercepts PKB. It is public.

Question 5

What are the advantages of PK cryptography?

Answer 5

• Communication partners who do not know each other can send secure messages to each other, provided
• the secret key is really kept secret by its owner
• the public key is unambiguously linked to its owner.
• This can be established by a chain of trust (compare procedures for collecting a passport)
• Messages can be electronically signed enabling implementation of authentication and non-repudiation

Question 6

Explain confidentiality, authentication and integrity in the context of PK cryptography

Answer 6

• Confidentiality*: Only Bob has SKB to decrypt cipher text C
• Authentication*:
• (1) Use secure key distribution to link PKB to Alice. (e.g. chain of trust, using certificate authorities (CA)).
• (2) Use SKA to encrypt. Anyone with PKA can test.

Integrity:

• Alice makes a unique ‘hash’ of the message, encrypts that with PKB and sends it securely along.
• Bob decrypts and recalculates the hash;
• Bob compares to find differences (SHA-1 algorithm)

Question 7

Explain Key management and the problem of it

Answer 7

Key management refers to mechanisms to bind a person to a key and mechanisms for generation, maintenance and revocation of keys.

Problems with key management:

• key distribution: make sure only authorized people have key (e.g. installing WIFI at home) Tip: Establish a secure chain of trust
• secrecy: how to keep keys secret and do not forget
• storage: on special device (smart card), store encrypted. (what you have (smart card), what you know (password), what you are (biometrics))

Question 8

Name the 4 symmetric algorithms

Answer 8

• AES (preferred standard)
• DES (insecure)
• 3DES (still widely used)
• IDEA, Twofish, Serpent: variants designed to replace DES

Question 9

name the 4 Asymmetric algorithms

Answer 9

• Diffie-Hellman (theoretical)
• RSA (preferred standard)
• Elliptical Curve (sometimes used)

Question 10

Conclusions of algorithms (=summary)

Answer 10

Hash functions: unique code Symmetric key encryption:

• sender and receiver share the same key
• security relies on key distribution procedure.

Public key encryption:

• Sender has a public key; only receiver has private key.
• Public key is allowed to be intercepted!
• Use of keys to ensure security concerns*:
• Confidentiality, integrity, authenticity
• Key management* and governance are crucial (Diginotar).