Search
Browse
Create
Log in
Sign up
Log in
Sign up
Upgrade to remove ads
Only $2.99/month
Chapter 9, 11, 13 Terms For Quiz
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Terms in this set (60)
Asymmetric Keys
Two related keys, public and private, used to perform encryption and decryption or signature generation and signature verification.
Public Key Certificate
digital document issued and digitally signed by the private key of a Certification Authority that binds the name of a subscriber to a public key. Indicates that the subscriber identified in the certificate has sole control and access to the corresponding private key.
Public Key (Asymmetric) Cryptographic Algorithm
cryptographic algorithm that uses two related keys, public and private. Computationally unfeasible to derive private key from the public key.
Public Key Infrastructure (PKI)
set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates.
Public Key Encryption Scheme:
Six Ingredients:
1- Plaintext
2- Encryption Algorithm
3(&4)- Public and Private Keys
5- Ciphertext
6- Decryption Algorithm
Plaintext
original message, used as input
Encryption Algorithm
performs various transformations on the plaintext
Public and Private Keys
pair of keys. One performs encryption, the other performs decryption.
Ciphertext
This is the scrambled message produced as output. It depends on the plain text and the key. For any given message, two different keys will produce two different ciphertexts.
Decryption Algorithm
This algorithm accepts the ciphertext and the matching key and produces the original plaintext.
Essential Steps of Public Key Cryptography
1- Each user generates a pair of keys to be used for the encryption and decryption of messages.
2- Each user places one of the two keys in a public register or other accessible file. This is the public key. The companion key is kept private. Each user maintains a collection of public keys obtained from others.
3- If Bob wants to send a confidential message to Alice, Bob encrypts the message using Alice's public key.
4- When Alice receives the message, she decrypts it using her private key. No other recipient can decrypt the message because only Alice knows Alice's private key.
Secret Key
The key used in SYMMETRIC encryption.
3 Categories of Public Key Cryptosystems
1- Encryption/Decryption
2- Digital Signature
3- Key Exchange
Encryption/Decryption Public Key Cryptosystem
The sender encrypts a message with the recipient's public key.
Digital Signature Public Key Cryptosystem
The sender "signs" a message with its private key. Signing is achieved by a cryptographic algorithm applied to the message or to a small block of data that is a function of the message.
Key Exchange Public Key Cryptosystem
Two sides cooperate to exchange a session key. Several different approaches are possible, involving the private key(s) of one or both parties.
One-Way Function
maps a domain into a range such that every function value has a unique inverse, with the condition that the calculation of the function is easy, whereas the calculation of the inverse in infeasible.
Trap-Door One-Way Function
is easy to calculate in one direction and infeasible to calculate in the other direction unless certain additional information is known.
R.S.A
Rivest-Shamir-Adelman. 1977 @ MIT. RSA scheme has reigned supreme as the most widely accepted and implemented general-purpose approach to public-key encryption.
R.S.A. Scheme
cipher in which the plaintext and ciphertext are integers between 0 and n-1 for some n. Typical size for n is 1024 bits, or 309 decimal digits. So, n < 2^1024.
Five Approaches to attacking R.S.A. Algorithm Security
1- Brute Force
2- Mathematical Attacks
3- Timing Attacks
4- Hardware Fault-Based Attack
5- Chosen Ciphertext Attacks
Brute Force Attack
This involves trying all possible private keys
Mathematical Attacks
There are several approaches, all equivalent in effort to factoring the product of two primes.
Timing Attacks
These depend on the running time of the decryption algorithm. Like a burglar guessing the combination of a safe by observing how long it takes for someone to turn the dial from number to number.
Hardware Fault-Based Attack
This involves inducing hardware faults in the processor that is generating digital signatures.
Chosen Ciphertext Attack
This type of attack exploits properties of the RSA Algorithm. Adversary chooses a number of ciphertexts and is then given the corresponding plaintexts, decrypted with the target's private key. So they could select a plaintext, encrypt it with the target's public key, and then be able to get the plaintext back by having it decrypted with the private key.
Countermeasures for Timing Attacks
1- Constant Exponentiation of Time
2- Random Delay
3- Blinding
Constant Exponentiation of Time
ensure that all exponentiations take the same amount of time before returning a result. This is a simple fix but does degrade performance.
Random Delay
adds random delay to exponentiation algorithm to confuse timing attack.
Blinding
multiply ciphertext by a random number before performing exponentiation. Preents the attacker from knowing what ciphertext bits are being processed inside the computer, preventing the bit-by-bit analysis essential to the timing attack.
Hash Function
H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M). Results of applying the function to a large set of inputs will produce outputs that are evenly distributed and apparently random.
Cryptographic Hash Function
Type of hash function needed for security applications, an algorithm for which it is computationally infeasible to find either a) a data object that maps to a pre-specified hash result (the one way property) or b) two data objects that map to the same hash result (the collision free property).
Message Digest
When a hash function is used to provide message authentication, the hash function value is often referred to as a message digest.
Message Authentication Code (MAC) (aka Keyed Hash Function)
used between two parties that share a secret key to authenticate information exchanged between those parties.
One-Way Password File
when a user enters a password, the hash of that password is compared to the stored hash value for verification.
Preimage
For a hash value h=H(x), we say x is the preimage of h. X is a data block whose hash function, using the function H, is h.
Collision
occurs when we have x != y and H(x) = H(y)
Requirements for a Cryptographic Hash Function H
1- Variable Input Size
2- Fixed Output Size
3- Efficiency
4- Preimage Resistant (one-way property)
5- Second Preimage Resistant (weak collision resistant)
6- Collision Resistant (strong collision resistant)
7- Pseudorandomness
Variable Input Size (in terms of Hash)
H can be applied to a block of data of any size
Fixed Output Size (in terms of Hash)
H produces a fixed-length output
Efficiency (in terms of Hash)
H(x) is relatively easy to compute for any given x, making both hardware and software implementations practical.
Preimage Resistant (one way property) (in terms of Hash)
For any given hash value h, it is computationally infeasible to find y such that H(y) = h
Second Preimage Resistant (weak collision resistant) (in terms of Hash)
For any given block x, it is computationally infeasible to find y != x with H(y) = H(x)
Collision Resistant (strong collision resistant) (in terms of Hash)
It is computationally infeasible to find any pair (x,y) such that H(x) = H(y)
Pseudorandomness (in terms of Hash)
Output of H meets standard tests for pseudorandomness
Compression Function
hash algorithm involves repeated use of a compression function, f, that takes two inputs (an n-bit input from the previeus step, called the chaining variable, and a b-bit block) and produces an n-bit output.
S.H.A.
Secure Hash Algorithm
Meet-In-The-Middle-Attack
opponent intercepts a message with a signature in the form of an encrypted hash code and that the unencrypted hash code is m bits long.
Digital Signature Properties
1- Mary may forge a different message and claim that is came from John. Mary would simply have to create a message and append an authentication code using the key that John and Mary share.
2- John can deny sending the message. Because it is possible for Mary to forge a message, there is no way to prove that John did in fact send the message.
Key-Only Attack
attacker knows user's public key
Known Message Attack
attacker is given access to a set of messages and their signatures.
Generic Chosen Message Attack
attacker chooses a list of messages before attempting to break user's signature scheme, independent of user's public key. Attacker then obtains from user the valid signatures for the chosen messages. The attack is generic, because it does not depend on user's public key; the same attack is used against everyone.
Directed Chosen Message Attack
Similar to the generic attack, except that the list of messages to be signed is chosen after attacker knows user's public key but before any signatures are seen.
Adaptive Chosen Message Attack
Attacker is allowed to use user as an "oracle". This means that attacker may request from user signature of messages that depend on previously obtained message-signature pairs.
Adaptive Chosen Message Attack
Attacker is allowed to use user as an "oracle". This means that attacker may request from user signature of messages that depend on previously obtained message-signature pairs.
Total Break
Attacker determines user's private key
Universal Forgery
Attacker finds an efficient signing algorithm that provides an equivalent way of constructing signatures on arbitrary messages.
Selective Forgery
Attacker forges a signature for a particular message chosen by attacker
Existential Forgery
Attacker forges a signature for at least one message. Attacker has no control over the message. Consequently, this forgery may only be a minor nuisance to user.
Direct Digital Signature
digital signature scheme that involves only the communicating parties (source, destination)
THIS SET IS OFTEN IN FOLDERS WITH...
SIT182 - Chapter 1
34 terms
CS 4235 - Security Protocols
10 terms
CS 4235 - Security Law Management Policy
10 terms
Security Concept
62 terms
YOU MIGHT ALSO LIKE...
Chapter 9
34 terms
Chapter 2
50 terms
Public Key Cryptography and RSA
32 terms
IS 672: Chapter 03
8 terms
OTHER SETS BY THIS CREATOR
Cyber Security Chap 4: Basic Concepts in Number Th…
34 terms
Cyber Security Chapter 1
65 terms
Expectations
5 terms
Variance and Covariance
6 terms