









Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Information Security, Ground Rules, symmetric Key Encryption, Public Key Encription, Private Key Encription, Hash Tables Digital Signatures.
Typology: Study notes
1 / 17
This page cannot be seen from the preview
Don't miss anything!










E. Oswald and N.P. Smart Department of Computer Science,University Of Bristol, Merchant Venturers Building,Woodland Road, Bristol, BS8 1UBUnited Kingdom. April 8, 2010
The Course Outline
Crypto Overview
Always check out the web-site Always check out the forum I (^) Fellow students might struggle with similar questions. I (^) Co-operate in your learning Prepare for lectures, and recap after them I (^) We will not slow down just because some people dont work between lectures. This is unfair to those who want to keep up. Come and see me if you are really stuck
General Computer Security I (^) Anderson I (^) Security Engineering This is available online! I (^) Bishop I (^) Computer Security : Art and Science I (^) Gollmann I (^) Computer Security
Security is mainly about I (^) Integrity I (^) Authenticity I (^) Access Control Much of this is done by showing current or prior knowledge of some secret piece of data; I (^) Usually a password or a key.
We shall mainly cover I (^) How is access control enabled in big systems? I (^) How can keys be distributed? I Needed if keys are to control access etc I (^) How one can replace confidential key distribution with authentic key distribution. I (^) What goes wrong if cryptography is implemented carelessly I (^) Various aspects of general computer security I I (^) Your contribution is needed!...
There are two forms of encryption Symmetric Key Encryption I (^) Fast I (^) Both parties need to know a shared secret key Public Key Encryption I (^) Slow I (^) Only one party needs to keep a key private
Two communicating parties, Alice and Bob, require knowledge of some shared secret so as to encrypt and decrypt data. Example Algorithms : I (^) DES, 3DES, Rijndael Usually encryption is performed in blocks and is generally very fast Keys Sizes: I (^) 56 for DES I (^) 168 for 3DES I (^) 128 for Rijndael (usually)
The basic idea is Message + Alice’s Public Key = CipherText CipherText+Alice’s Private Key = Message Hence anyone with Alice’s public key can send Alice a secretmessage Only Alice can decrypt the message I (^) Only Alice has the private key All they need do is look up Alice’s public key in some directory Every user generates a key pair of encryption and decryption keys. I (^) Each user makes their encryption key public Everyone can send the user a message, I (^) But only the user can decrypt it.
Cryptographic hash functions are crucial in many operations When unkeyed they are often called an MDC, when keyed often called a MAC MDC : Manipulation Detection Code I (^) Allows one to detect whether something has been altered MAC : Message Authentication Code I (^) Allows one to detect whether something has been altered and where it came from I (^) A MAC uses a symmetric key I Both sender and receiver must have the same key
User Alice chooses two transformations I I S a signing transformV a verification transform Alice sending a message m, I I calculates s = S(m)s is the digital signature on the message m Recipient applies V to s I I The output is m and v v indicates valid or invalid, i.e. whether signature is good or not. If v is valid the recipient gets guarantee of message I I integrityorigin I (^) non-repudiation : Not given by MACs
We will use cryptography to prove I (^) You are who you say you are I (^) Data has not been tampered with I (^) You have the rights to do something I (^) You are committing to something Simple idea: I (^) Knowledge of a secret can be demonstrated by encrypting something with a symmetric key cipher or decrypting somethingwith a public key cipher. I (^) Then we tie knowledge of this secret to having some access rights or being someone.