Term
|
Definition
| C=E(K,m) also m=D(K, c) m=plian text, K=Key, E=XOR, c=ciphertext |
|
|
Term
|
Definition
| c≔E(Prer, m) m≔D(Srec,c) where m=plian text, P=private Key, D=XOR, c=ciphertext |
|
|
Term
|
Definition
| d ≔ h(m) where d=digest, h=hash function, m=standard message |
|
|
Term
| SKE 100% guaranteed secure if: |
|
Definition
1. Only the sender and receiver know the key.
2. The key is used only once. |
|
|
Term
| To decrypt XOR, need to know: |
|
Definition
– Encryption was by the XOR method.
– The key string. |
|
|
Term
| Encryption and Decryption |
|
Definition
| Generally,you need to understand the process and have the key. |
|
|
Term
|
Definition
| Using the same key for both encryption and decryption |
|
|
Term
|
Definition
Genuine security lies in keeping the key secret, not in keeping the process secret.
Why?
– Public algorithms have public analysis.
– Weaknesses are publicly exposed. |
|
|
Term
|
Definition
| Brute Force and Analytic Attacks. |
|
|
Term
|
Definition
– I know the algorithm, so I just try different keys until I get the right one.
– Highly dependent on machine power.
» The bigger the “key space” the more tries it takes to get lucky. |
|
|
Term
|
Definition
| The key space is the set of all possible keys usable with the encryption and decryption algorithms |
|
|
Term
|
Definition
Instead of systematically trying all the keys, we attempt to determine the key based on:
– The ciphertext
– What we know about the plaintext
– What we know about the algorithm
– What we know about the sender & receiver
– What we know about people in general |
|
|
Term
|
Definition
| A dictionary attack is an effort to shortcut brute force by systematically trying keys/passwords that are thought to be likely choices by the victim. |
|
|
Term
|
Definition
| The problem, then, is to get the key to the recipient. |
|
|
Term
| Key Distribution Solutions |
|
Definition
• “Onetimepads.”
– Run out eventually.
• Keepusingthesamekey.
– Every transmission provides data for
crackers.
• Algorithmic key construction
• Special hardware for key construction |
|
|
Term
|
Definition
– SSL/TLS for secure web pages
– SSH for secure telnet
– FTPS/SFTP for secure file transfer
– IPsec for secure tunneling of all traffic – WiFi for secure wireless transmission
» WPA, WPA2
– Kerberos for secure authentication |
|
|
Term
|
Definition
PSK - Pre-Shared Keys – Small scale
» SOHO WiFi, for instance • PKE - Public Key Encryption
• Diffie-HellmanKeyExchange
– Mathematical process for key creation on the fly. |
|
|
Term
| PKE - Public Key Encryption |
|
Definition
The public key is public – – Hand it out freely
– Post it on web
– Email it to your friends
• The private key is private – – Guard it closely.
• aka Asymmetric Key Encryption |
|
|
Term
| In real implementation of PKE, the pairs can be used in two ways: |
|
Definition
1. Encrypt with public key, decrypt with private key.
2. Encrypt with private key, decrypt with public key. |
|
|
Term
| PKE Key Distribution Problem |
|
Definition
| PKE: “How can I be sure this public key is really from who I think it is?” |
|
|
Term
| Useful Solution to SKE Key Distribution Problem |
|
Definition
| Use PKE to distribute SKE key |
|
|
Term
| Hash Functions Desirable traits |
|
Definition
– Output is same size regardless of input
– Irreversible, aka one-way
– Collisions rare, difficult to achieve
– Similar input produces dissimilar output |
|
|
Term
| Hash Function: Collisions |
|
Definition
| A collision is when two distinct (i.e. different) inputs have the same hash |
|
|
Term
|
Definition
• The result of applying a hash function to an entire data file is called a Message Digest.
• There are many possible hash functions.
One use: to check the integrity of a file
Compare its message digest with a trusted source |
|
|
Term
|
Definition
• •
•
Consider the case where authentication is important but confidentiality is not.
The author of a doc – Alice – could use RSA – or some other PKE – to encrypt the entire doc.
– Slow, inconvenient. |
|
|
Term
|
Definition
Alice uses a good hash function to produce the
message digest. |
|
|
Term
|
Definition
What threats are we mitigating against? – Hardware failure?
– Vandalism or theft?
– Building disaster, e.g. fire?
Data Backups
• Why?
• How(strategically)? • How(physically)?
• Where?
• When?
•
– Major regional disaster, e.g. earthquake? – Accidental deletion?
» “Oops!” and/or “Didn’t expect to need.” Different threats/risks suggest/require different backup strategies. |
|
|
Term
|
Definition
Full – Copy all files to backup destination
Differential – Copy every file that has changed since last full
Incremental–Copyeveryfilethathas changed since last incremental or full
Delta – Copy changed portions of files |
|
|
Term
|
Definition
– Cost of HW/SW/employee time – Time to back up
– Bandwidth
– Storage media
– Off-site / cloud storage expense |
|
|
Term
|
Definition
| – Time to restore, among others |
|
|
Term
|
Definition
RAID/Mirroring
– Redundant Array of Independent Disks
• Removable media:tapes,CDs,floppies,etc.
– Off-site media storage |
|
|
Term
|
Definition
Data is spread over several disks in such a way that failure of a single disk does not cause data loss.
– Implies redundancy. |
|
|
Term
|
Definition
– Next to server
– Locked cabinet
– Bank safe-deposit box
– CIO’s home office
– Highly secure 3rd party data storage facility |
|
|
Term
|
Definition
| – Very common: periodic full backups (say, weekly) with intermediate incrementals. |
|
|
Term
|
Definition
• KDC – Key Distribution Center
• EveryonetruststheKDC.
– And has KDC’s public key built into software.
– KDC creates an SKE key |
|
|
Term
|
Definition
• Advantage
– Could use SKE.
• Disadvantages
– No single universally trusted entity! – Single source of failure.
– Single target for attack.
– Economic / commercial / financial? |
|
|
Term
| Conceptually,a digital certificate is a data structure that includes: |
|
Definition
– A public key
» Safe, trusted distribution of this is goal of
the certificate.
– A name and other id information
» i.e. metadata
– Stamp of approval from trusted party
»Providedbysignatureof1sttwoitems with trusted party’s private key |
|
|
Term
|
Definition
• Public Key Infrastructure
• In general, a PKI is a mechanism for:
– Managing key distribution – Managing certificates
– Establishing trust |
|
|
Term
|
Definition
|
|
