Class Notes (839,245)
Canada (511,223)
CS 458 (13)
Lecture

Summaries These are some summaries for module 4 Encryption and module 5 network

7 Pages
197 Views

Department
Computer Science
Course Code
CS 458
Professor
Ian Goldberg

This preview shows pages 1 and half of page 2. Sign up to view the full 7 pages of the document.
Description
Module 4 - Summary Cryptology: science that studies both - Cryptography: Making Secret Messages - Cryptanalysis: breaking secret Messages Cryptography major components 1- Confidentiality: prevent eve from reading Alice’s messages 2- Integrity: prevent Mallory from modifying Alice’s messages 3- Authenticity: prevent Mallory form impersonating Alice Kerckhoffs’ Principle : the security of a cryptosystem should not rely on a secret that’s hard ( or expensive ) to change Note: - A strong cryptosystem is one where the most eve can do is try all the keys used to specify which encryption method was used ( “computation” security ) - Assumptions of what eve might know o Know the algorithm ( aka the class of the encryption method ) o Know part of the plain text o Know a number of corresponding plaintext/ciphertext o Have access to an encryption or decryption oracle - Goal of cryptography is to make sure the information transfer is not the weakest link ( send secure messages over an insecure medium ) Symmetric-key Encryption - Simplest and used for years , but hard part is exchanging keys One-Time Pad - Unbreakable, simple idea, hard to use correctly , “information-theoretic” security - Description: o The key is random bitstring of the same length as the message o The encrypt and decrypt functions are just XOR - Note: o Key must be truly random not pseudorandom o Key must never be used more than once Types of Symmetric Ciphers 1- Stream Ciphers - Description: o Same as One-Time Pad but with pseudorandom keystream , operate on the message one bit a time - Pro o Very fast, used to send a lot of data securely - Con o Tricky to use, using the same key to encrypt two different messages might be used to exploit the encryption - Example: RC4 ( bad examples WEP and PPTP ) 2- Block Ciphers - Description: o Operate on the message one block at a time ( 64/128 bit long) - Mode of operation: the choice of what to do with multiple blocks o Electronic Code Book: encrypt each successive block separately, but if there were repeated blocks in the plain text, you’ll see repeating patterns in the cipher text o Cipher Block Chaining (CBC) Counter (CTR) modes, needs an initial Value ( IV ) which acts as a salt no patterns will be exposed - Example: AES Public-Key Cryptography - its asymmetric, one key for locking, another key for unlocking - examples: RSA , ElGamal , ECC all public key methods have shortcuts that eve can use to read the message much easily, weaker than symmetric key AES of same bit size. Also it takes a longer time to calculate Hybrid Cryptography (most used) 1- Pick a random 128-key for symmetric key cryptosystem 2- Encrypt the large message with that symmetric key 3- Encrypt the 128-key with the public key cryptosystem 4- Send the symmetric-encrypted message and the public encrypted key to bob Note: - this doesn’t protect against Mallory modifying the encrypted messages, bit- flipping attack Integrity component - Checksum o Add up all the bytes of a message, and the last digit is the checksum. Alice o Steps: computers the checksum and sticks it to the end of the message before encrypting it to bob. Bob receives the message and verifies that the checksum is correct o Problem: Mallory can still change the message in a way that will have the same checksum, need to use cryptographic checksums - Hash functions: ( cryptographic checksums ) o Properties  One-Way (Pre-Image): given a hash value; its hard to find a message which hashes to that value  Collision-Resistant (collision): its hard to find two messages which hash to the same value o Problem: easy to find collisions due to the birthday paradox o Example: MD5, SHA-1, SHA-256 Module 5- Network Security Threats: - Port scan: o Description: Attacker sends queries to ports on target machine and tries to identify whether and what kind of application is running on a port o Reason: find an application with remotely exploitable flaw o Keywords: loose-lipped systems ( reveal non-confidential info about system), nmap tool ( used to identify many applications ) - Social Engineering o Description: pretend to be somebody else to exploit people willing to help o Reason: attackers gather sensitive information from a person o Keywords: dumpster diving ( look through the garbage to know more about the person ) - Eavesdropping and wiretapping o Description:  Passive wiretapping (eavesdropping): Node owner monitors communication flowing through node  Active wiretapping: involves modification pr fabrication of communication o Keywords: assume that your communication is wiretapped - Packet Sniffer o Description: attacker can capture packets sent by mistake to other nodes beside the receiver in a LAN network, by changing the behavior of the network card - Impersonation o Impersonate a person by stealing their password  Done by: guessing, default password, sniff password, social engineering o Exploit trust relationship between machines/accounts  Rhost/rlogin: example SSL - Spoofing o Description: object masquerades as another one o Reason: used for session hijacking, man-in-the-middle attacks, phishing attacks o Keywords: URL spoofing, page spoofing - Session Hijacking o Description: attacker hijacks a session which is set up between sender and receiver to exchange packets, or sniff/steal cookies used to re-identify clients for future visits o Reason: mascaraed as one of the end nodes or specifically as client , becomes stealth intermediate node -
More Less
Unlock Document

Only pages 1 and half of page 2 are available for preview. Some parts have been intentionally blurred.

Unlock Document
You're Reading a Preview

Unlock to view full version

Unlock Document

Log In


OR

Join OneClass

Access over 10 million pages of study
documents for 1.3 million courses.

Sign up

Join to view


OR

By registering, I agree to the Terms and Privacy Policies
Already have an account?
Just a few more details

So we can recommend you notes for your school.

Reset Password

Please enter below the email address you registered with and we will send you a link to reset your password.

Add your courses

Get notes from the top students in your class.


Submit