Term
What are the principles of Asymetric Encryption? 

Definition
 Uses public and private key
 Public key decripts a message encrypted by the private key and viceversa



Term
What are the principles of Public Key Algorithms? 

Definition
 Public Key known by everyone
 Private key kept secret
 To send information, encrypt with public key and then it is decrypted by user at the other end with the private key
 Authentication: Encrypt something with your private key, we can be sure its coming from a specific person, then it can be decripted using the public key



Term
What are the principles of RSA? 

Definition
 The public key is e,N
 The private key is d,N
 Getting the numbers
 Pick 2 large prime numbers called p and q
 N = P*Q
 Z = (P1)*(Q1)
 e = any number relatively prime to Z
 e.d. mod Z = 1
 Encryption using public key
 Encryption with private key



Term
What are the principles of DiffieHellman Key Exchange? 

Definition
 Allows 2 parties to agree on a shared session key on an unsecured line
 Both parties do not give up their a and b values so it can't be evaesdropped



Term
What is the algorithm for the DiffieHellman Key Exchange? 

Definition
 Agree on 2 numbers, a large prime number m and an integer g
 Alice generates a large, random number a, and keeps it secret
 Alice computes X = g^{a} mod m sends X to Bob
 Bob generates a large, random number b, and keeps it secret
 Bob computes Y = g^{b} mod m and sends it to Alice
 Alice makes her session key = Y^{a} mod m
 Bob makes his session key = X^{b} mod m
 These keys are both equal



Term
What is the man in the middle attack? 

Definition
 Not the same as meet in the middle attack
 A person sits in the middle and intercepts all information before sending it on the other side
 Middle person negotiates 2 different secret keys with both sides



Term
What are message digests? 

Definition
Message digests are a way to represent data. Every time you hash a value with a hashing algorithm you will get the same digest, but it is not possible to work backwards from a hash to obtain the original value. The hashing function should also be collission recistant, it should be unlikely that two messages produce the same hash. 


Term
What are the principles of message signing? 

Definition
 Digests are useful as the message can be 'signed' by your private key without having to encrypt the entire message
 A sender gets the digest of a message
 They can then encrypt the digest with their private key
 The message is then sent with the digest
 The receiver will take a digest of the message they receive
 They will then decrypt the received message with the sender's public key
 If the two digests are the same then the message was sent by the correct person and the message hasn't been changed



Term
What is the algorithm for SHA1? 

Definition
 Split the message into 512bit chunks
 5 variables H0H4 are predefined with a 32bit number
 Repeat steps 417 for each 512bit chunk
 We take the 16 32bit words and make an 80word array 'w'
 We initialize variables AE with what's in H0H4
 Repeat steps 612 for each word in the array
 temp = (A left rotate 5) + fi(B, C< D) + E + ki + w[i]
 Every 20 words fi is made a different combination of B, C & D
 Every 20 words ki is a different constant
 E = D
 D = C
 C = (B left rotate 30)
 B = A
 A = temp
 H0 = H0 + A
 H1 = H1 + B
 H2 = H2 + C
 H3 = H3 + D
 H4 = H4 + E
 Final hash = H0+H1+H2+H3+H4



Term
What are the principles of Authentication protocols? 

Definition
 Shared Secret Key Process
 Public Key Process
 Key Distribution Centre
 X.509



Term
What is the Shared Secret Key process? 

Definition
 A and B share a key
 A unique nonce is used for each message
 A takes the hash of the message, the nonce and the secret key combined
 A sends the message, the hash and the nonce to B
 B takes the hash of the received message, the nonce and the secret key combined
 B compares it with the hash sent for validation
The nonce ensures the attacker cannot resend the same "Signaled" message because the nonce may only be used once 


Term
What is the Public Key Process? 

Definition
 A hashes their message
 A encrypts the hash with their private key to make a signature
 A sends their message and signature to B
 B decrypts the hash using A's public key
 B hashes the message from A
 B compares the two hashes for validation



Term
What is the K distribution centre? 

Definition
 Usually if N people need to communicate, N^{2} passwords are needed
 KDC allows for only N passwords to be needed
 A KDC is trusted if each user has a single secret shared with the KDC
 A passes a on sender(A), receiver(B) and the session key encrypted in A's secret key to the KDC
 The KDC then sends the message on to the receiver(B) with the sender(A) and the session key encrypted in B's secret key
 The sender and receiver can then communicate without the KDC
 This is vulnerable to replay attacks, but nonces or timestamps can be used to avoid this problem



Term
What are the principles of X.509? 

Definition
 Allows you to be sure that the public key is form the person you think it is
 A trusted certification authority certifies the public key for someone
 Public keys are distributed with certificates
 You append the message digest with the CA's private key
 This uses chain of trust, a CA can be signed by a parent CA etc
 You will eventually need to know the public key of a root CA
 There are multiple root CAs and these are preloaded into computers and browsers
 Root certificates sign themselves



Term
What are the principles of Electronic Contracts? 

Definition
 Agreeing on a contract and a hash function
 A and B both have a public and private key and a copy of the contract



Term
What is the process of signing in an Electronic Contract? 

Definition
 hash A is made of the contract
 A signs the contract
 B signs the contract
 A signs B's signature
 B signs A's signature
 The contract is stored with the doubly signed message digests



Term
What is the process of validating a contract? 

Definition
 Decrypt the two doubly signed message digests
 Compare to see if they are equal


