— Prevent/detect/deter improper disclosure of information. •
— Prevent/detect/deter improper modification of information. •
improper denial of access to services provided by the system.
• Example: Access control –
• Example: Auditing and intrusion detection –
assurance that an entity of concern or the origin of a communication is authentic - it’s what it claims to be or from.
evidence that a party is indeed the sender or a receiver of certain information •
Access control: • Monitor & response: Threat-Vulnerability-Risk:
conceals the contents of
communication between two parties •
a message in its original form.•
a message in the transformed, unrecognized form. •
the process that transforms
a plaintext into a ciphertext. •
the process that transforms a ciphertext to the corresponding plaintext.
algorithm that performs encryption or decryption.
the art of revealing the secret and it defeat cryptographic security systems. We call the party that performs cryptanalysis the
attacker. Known Plaintext Attacks
attacker has samples of both the plaintext and its encrypted version, the Ciphertext..
Ciphertext Only Attacks:
e.g attacker can intercept encrypted communications. Breaking the cipher:
analyze patterns in the ciphertext. Provides clues about the encryption method/key.
Computationally Secure Ciphers =
costs and time.
Number of keys:
– Hash functions: no key. – Secret
key cryptography: one key. – Public key cryptography: two keys - public, private.
Applications of Secret Key Cryptography
Block Cipher: DES, IDEA, AES-- • Transmitting over an insecure
channel. – Challenge: How to share the key? • Secure Storage on insecure media. •
Authentication – Challenge-response
– To prove the other party knows the secret key – Must be secure
against chosen plaintext attack •
– Message Integrity Code (MIC) • a.k.a. Message Authentication Code (MAC
). Applications of Public Key Cryptography:
Alice encrypts ma using Bob’s public key eB, Bob decrypts ma using his private key dB.•
Can create a safety copy: using public key of trusted person. •
: – No need to store secrets, only need public keys. – Secret key cryptography: need to share secret key for every person to communicate with.
Properties of hash
Performance: Easy to compute H(m) – One-way property: Given H(m) but not m, it’s difficult to find m – Weak collision free: Given H(m), it’s difficult to find m’ such that H(m’)
= H(m). – Strong collision free: Computationally infeasible to find m1, m2 such that H(m1) = H(m2).
Applications of Hash Functions:
• Password hashing
– Doesn’t need to know password
to verify it. – Store H(password+salt) and salt, and compare it with the user-entered password. – Salt makes dictionary attack more difficult. •
: – Agree on a secrete key