Cryptography Basics Quiz

Aspects of Security based on ITU-T X.800

Security Attacks

• Any action that compromises the security of information owned by an organization
• Threat: possible danger that might exploit an attack
• Types of attacks:
  • Passive attacks: attempts to learn or make use of information from the system but does not affect system resources
    • Eavesdropping/Sniffing/Snooping
    • Traffic Analysis
  • Active attacks

Security Mechanism

• A process designed to detect, prevent, and recover from security attacks
• X.800 process

Security Service

• A process or communication service that provides a specific kind of protection to system resources
• Uses one or more security mechanisms to provide the service
• Types of security services:
  • Authentication: assurance that the communicating entity is the one claimed
  • Access Control: prevention of unauthorized use of a resource
  • Data Confidentiality: protection of data from unauthorized disclosure
  • Data Integrity: assurance that data received is as sent by an authorized entity

Introduction to Cryptology

Overview of Secret Communications using Cryptography

• Cryptology: branch of applied mathematics encompassing both cryptography and cryptanalysis
• Cryptography: the art and science of keeping messages secure
• Cryptanalysis: the science of recovering the plaintext of a message without access to the key

Principles of Cryptography

• Brute-Force Attack: trying every possible key on a piece of ciphertext until an intelligible translation into plaintext is obtained
• Statistical Attack: estimating the occurrence frequency of letters in a text
• Algebraic Attack: trying to find equivalent representation of the encryption algorithm to simplify it
• Linear Cryptanalysis: linear approximation of the encryption algorithm
• Differential Cryptanalysis: studying how the plaintexts difference propagates and affects the ciphertext difference to find unbalanced output

Dimensions of Cryptography

• Non-Repudiation: protection against denial by one of the parties in a communication
• Cryptosystem: combination of an algorithm, plus all possible plaintexts, ciphertexts, and keys
• Types of Cipher Security:
  • Unconditionally Secure: theoretically impossible to break, e.g., One-Time Pad (OTP)
  • Computationally Secure: the cost of breaking the cipher exceeds the value of the encrypted information, and the time required to break the cipher exceeds the useful lifetime of the information

Basic Terminologies

• Plaintext: any simple message
• Encryption: the process of disguising a message to hide its contents
• Ciphertext: an encrypted message
• Decryption: the process of turning ciphertext back into plaintext
• Cryptographic Algorithm: mathematical function used for encryption and decryption
• Key: denoted by K, might be any one of a large number of values
• Keyspace: range of possible values of the key

Players

• Alice: sender of an encrypted message
• Bob: intended receiver of encrypted message
• Eve: passive attacker
• Mallory: active attacker

Simplified Model of Symmetric Encryption

• General approaches to cryptanalysis:
  • Cryptanalytic attack: exploiting the characteristics of the algorithm to attempt to deduce a specific plaintext or to deduce the key being used
  • Schemes were designed in an ad-hoc manner and then evaluated based on their perceived complexity/cleverness

Historical Perspective

• Historical: based on secrecy of protocols
• Modern: based on scientific foundations, used for more than just data confidentiality, can protect data integrity, enable user authentication, etc.
• Quantum: field of study that utilizes the principles of quantum mechanics to develop cryptographic schemes that are theoretically impossible to break using classical computing methods

Steganography

• Definition: hiding information within another medium so its existence is concealed
• Difference from cryptography: cryptography obscures content, while steganography hides the very existence of the message
• Common mediums: images, audio, video, text, and network