Computer Security Chapter 2: Cryptographic Tools

Questions and Answers

What is a characteristic of symmetric encryption?

It relies on the same key for both encryption and decryption. (correct)

It uses a pair of keys for encryption and decryption.

It encrypts data at random locations on the disk.

It is less secure than public-key encryption.

What can typically be a method to encrypt stored data?

Library based tape encryption. (correct)

Recovery of data through physical destruction only.

Data should only be encrypted during transmission.

Using hardware-based encryption only.

Which statement about public-key encryption is true?

It requires users to share a secret key.

It is inherently slower than symmetric encryption.

It uses a pair of keys: a public key and a private key. (correct)

It can only encrypt small amounts of data.

What is a common feature of hash functions?

They produce a fixed-size output from variable-size inputs.

What does the term 'non-repudiation' refer to in digital signatures?

The assurance that the sender cannot deny sending the message.

Which is a common application of pseudorandom numbers?

Generating keys for symmetric encryption.

Which approach is NOT a typical method for archiving stored data securely?

Using public forums to share files.

What does symmetric block encryption primarily achieve?

Breaking data into chunks for efficient processing.

What is often the primary purpose of encryption for transmitted data?

To securely transmit information over networks.

Why is it essential to use randomly generated keys in encryption?

To maintain the secrecy and security of the encryption process.

Study Notes

Symmetric Encryption

• Provides confidentiality for transmitted or stored data, also known as conventional encryption or single-key encryption.
• Requires a strong encryption algorithm and secure sharing of a secret key between sender and receiver.

Attacking Symmetric Encryption

• Brute-Force Attacks:

  • Involves trying all possible keys on ciphertext to find intelligible plaintext.
  • On average, half of all possible keys must be tried for success.

• Cryptanalytic Attacks:

  • Exploits algorithm characteristics and knowledge of plaintext attributes to deduce plaintext or key.
  • Success compromises all messages encrypted with that key.

Popular Symmetric Encryption Algorithms

• Data Encryption Standard (DES):

  • A 64-bit block size with a 56-bit key, produces a 64-bit ciphertext block.
  • Considered insecure due to key length and has been extensively studied.

• Triple DES:

  • Enhances DES by applying the algorithm three times with either two or three keys.
  • Key length of 168-bits increases security against brute-force attacks but is slower in software.

• Advanced Encryption Standard (AES):

  • Developed as a replacement for 3DES, using 128-bit data blocks with key sizes of 128, 192, or 256 bits.
  • Selected Rijndael as the standard for its superior efficiency and security.

Practical Security Issues

• Symmetric encryption commonly applied to larger data sets rather than single blocks.
• Electronic Codebook (ECB) Mode: Simplest form of block encryption but can expose regularities in plaintext, risking cryptanalysis.

Types of Symmetric Encryption

• Block Ciphers:

  • Process input in fixed-size blocks, providing an output block for each input.
  • More common in applications.

• Stream Ciphers:

  • Encrypt data continuously, outputting one element at a time, generally faster and more efficient.

Message Authentication

• Protects against alterations and verifies the authenticity and sequence of received messages.
• Can occur without confidentiality; combining both is recommended for stronger security.

Hash Function Requirements for Authentication

• Can process data of any size with a fixed-length output.
• Must be one-way resistant (pre-image resistant) and collision resistant.

Security of Hash Functions

• Attacks include cryptanalysis and brute-force methods.
• SHA is the most popular hash algorithm utilized.

Public-Key Encryption

• Proposed by Diffie and Hellman, operating on the basis of asymmetric keys (public and private).
• Public key encryption allows anyone with the public key to decrypt messages.

Applications of Public-Key Cryptosystems

• RSA: Widely used algorithm for encryption and digital signatures.
• Diffie-Hellman: Primarily for key distribution, not suitable for direct encryption or signatures.
• DSS (Digital Signature Standard): Allows for signatures but not encryption of data.
• Elliptic Curve: Supports signatures and encryption key distribution.

Requirements for Public-Key Cryptosystems

• Easy key pair creation and utilization for encryption/decryption.
• Computationally difficult for adversaries to derive private keys from public keys or recover original messages without the private key.

Asymmetric Encryption Algorithms

• RSA (Rivest, Shamir, Adleman):
  • Developed in 1977, the most accepted public-key encryption method, works with integers for plaintext and ciphertext.### Diffie-Hellman Key Exchange
• Enables secure agreement on a shared secret key for symmetric encryption between two users.
• Primarily focused on key exchange without providing encryption capabilities.

Asymmetric Encryption Algorithms

• Digital Signature Standard (DSS)

  • Provides functionalities for digital signatures using SHA-1.
  • Not suitable for encryption or key exchange.

• Elliptic Curve Cryptography (ECC)

  • Delivers security comparable to RSA but requires significantly smaller keys.

Digital Signature Definition

• Defined by NIST FIPS 186-4 as a cryptographic transformation mechanism that verifies:
  • Origin authentication.
  • Data integrity.
  • Signatory non-repudiation.
• Functions as a data-dependent bit pattern generated from a data block.

Digital Signature Algorithms

• FIPS 186-4 specifies three algorithms:
  • Digital Signature Algorithm (DSA).
  • RSA Digital Signature Algorithm.
  • Elliptic Curve Digital Signature Algorithm (ECDSA).

Random Numbers and Their Role

• Random Number Requirements

  • Must exhibit uniform distribution for statistical fairness.
  • Should be unpredictable to prevent future number prediction.
  • Independence is key; no single number should be inferred from others.

• Pseudorandom Number Generation

  • Often utilizes algorithmic methods, producing non-statistically random sequences.
  • Pseudorandom numbers may pass randomness tests but remain predictable.

• True Random Number Generator (TRNG)

  • Draws from nondeterministic sources, such as physical phenomena (e.g., radiation).
  • Often included in modern processors for enhanced randomness.

Encryption Applications

• Commonly encrypts transmitted data, while encryption for stored data is less prevalent.
• Historical data can be recoverable until disk sectors are reused, even after erasure.
• Various approaches exist for encrypting stored data:
  • Commercial encryption solutions.
  • Back-end appliances.
  • Library-based tape encryption.
  • Background encryption for laptops/PCs.

Summary Insights

• Confidentiality and Symmetric Encryption

  • Includes symmetric block encryption algorithms and stream ciphers.

• Message Authentication and Hash Functions

  • Discusses authentication using symmetric encryption and secure hash functions.

• Public-Key Encryption

  • Covers structure, applications, and requirements of public-key cryptography and asymmetric encryption algorithms.

• Key Management

  • Involves digital signatures, public-key certificates, and symmetric key exchanges using public-key encryption.

• Random and Pseudorandom Numbers

  • Highlights the importance of random number use in cryptographic applications.

• Practical Application of Encryption

  • Focuses on the encryption of stored data and the mechanisms to protect it effectively.

Description

Explore the key concepts of symmetric encryption in chapter 2 of 'Computer Security: Principles and Practice'. Understand the requirements for secure encryption and the importance of a strong encryption algorithm. This quiz will test your knowledge on essential cryptographic tools.