cheatsheet for mid term.docx - Confidentiality...

This preview shows page 1 - 2 out of 2 pages.

Confidentiality — Prevent/detect/deter improper disclosure of information. • Integrity — Prevent/detect/deter improper modification of information. • Availability — Prevent/detect/deter improper denial of access to services provided by the system. Prevention • Example: Access control – Detection • Example: Auditing and intrusion detection – Tolerance • Example: Byzantine agreement. Authentication: assurance that an entity of concern or the origin of a communication is authentic - it’s what it claims to be or from. Non-repudiation: offer of evidence that a party is indeed the sender or a receiver of certain information • Access control: • Monitor & response: Threat-Vulnerability-Risk: Cryptography conceals the contents of communication between two parties • Plaintext: a message in its original form.• Ciphertext: a message in the transformed, unrecognized form. • Encryption: the process that transforms a plaintext into a ciphertext. • Decryption: the process that transforms a ciphertext to the corresponding plaintext. Cipher: algorithm that performs encryption or decryption. Cryptanalysis: the art of revealing the secret and it defeat cryptographic security systems. We call the party that performs cryptanalysis the attacker. Known Plaintext Attacks : An attacker has samples of both the plaintext and its encrypted version, the Ciphertext.. Ciphertext Only Attacks: e.g attacker can intercept encrypted communications. Breaking the cipher: analyze patterns in the ciphertext. Provides clues about the encryption method/key. Computationally Secure Ciphers = costs and time. Number of keys: – Hash functions: no key. – Secret key cryptography: one key. – Public key cryptography: two keys - public, private. Applications of Secret Key Cryptography : Block Cipher: DES, IDEA, AES-- • Transmitting over an insecure channel. – Challenge: How to share the key? • Secure Storage on insecure media. • Authentication – Challenge-response – To prove the other party knows the secret key – Must be secure against chosen plaintext attack • Integrity check – Message Integrity Code (MIC) • a.k.a. Message Authentication Code (MAC ). Applications of Public Key Cryptography: Data transmission:– Alice encrypts ma using Bob’s public key eB, Bob decrypts ma using his private key dB.• Storage:– Can create a safety copy: using public key of trusted person. • Authentication : – No need to store secrets, only need public keys. – Secret key cryptography: need to share secret key for every person to communicate with. Properties of hash functions:– Performance: Easy to compute H(m) – One-way property: Given H(m) but not m, it’s difficult to find m – Weak collision free: Given H(m), it’s difficult to find m’ such that H(m’) = H(m). – Strong collision free: Computationally infeasible to find m1, m2 such that H(m1) = H(m2). Applications of Hash Functions: • Password hashing – Doesn’t need to know password to verify it. – Store H(password+salt) and salt, and compare it with the user-entered password. – Salt makes dictionary attack more difficult. • Message integrity : – Agree on a secrete key

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture