前言:
本文是PPT内容整理+复制+翻译(有机翻有我翻),笔者挑选了一些自认为有可能考的东西,或者比力重要的东西。当然,做个期末复习突击照旧OK的,但是即使是我本身复习,我也更推荐一边看PPT一边看这个总结,PPT照旧真原理。
本文跟随课程进度及时更新,如有谬误,欢迎指正。不要喷我,谢谢了。
那我们开始吧
Week 2
Asymmetric encryption
- Conventional encryption (symmetric encryption): Encryption and decryption share the same key.
- Asymmetric encryption: also called public-key encryption. Encryption and decryption use different keys.
- One way function: A one-way mathematical function is very easy to do, but very difficult to reverse.
- Diffie-Hellman key exchange
- Based on mathematical functions and is used in confidentiality, key distribution and authentication.
- The algorithm was developed to enable two users to exchange a secret key securely. The algorithm itself is limited to the exchange of keys.
- Some attacks on key exchange should be considered, such as the Man-in-the-middle attack. This can hurt the Diffie-Hellman key exchange.
RSA public key algorithm
- A trapdoor one-way function is a one-way function f, together with a secret y, such that, given f(x) and y, it is easy to compute x. The private key here is our trapdoor.
- Relatively prime numbers: Relative primes are two numbers that do not have a common divisor.
- Euler’s Totient function: This function gives the number of positive integers less than n and relatively prime to n. If n = pq where p and q are prime and are not equal, then ø(n) = ø(pq) =ø(p)ø(q) = (p - 1) (q - 1)
- A congruence relation (or simply congruence) is an equivalence relation on an algebraic structure. If a and b satisfy a mod n = b mod n, then a º b mod n.
- Euler’s theorem: Euler’s Theorem states that for every a and n that are relatively prime a f(n) º 1 (mod n).
- RSA algorithm
- RSA is a block cipher in which the plaintext and ciphertext are integers between 0 and n-1.
- Possible approaches to attacking RSA are
- Brute force key search - infeasible given size of numbers
- Mathematical attacks - based on difficulty of computing ø(n), by factoring modulus n
- Timing attacks - on running of decryption
- Chosen ciphertext attacks - given properties of RSA
- Problem with Public-key Encryption本身去看ppt!
Message Authentication (Data integrity)
- Authentication: Prove or show to be true or genuine.
- Data Integrity
- Definition: an assurance that data has not been altered in an unauthorised (which includes accidental) manner.
- Nature: It just provides a means for detecting whether data has been manipulated in an unauthorised way.
- Data integrity can be done by using conventional encryption.
- If it is not always desirable to encrypt a message to provide authentication, what else can be done?
- Broadcasting a message to many destinations with an authentication tag.
- Due to heavy load in the system, decryption cannot be afforded, so it is better to check the authentication of the message in a random basis.
- Authentication of a computer program. The program can be checked when assurance about its integrity is needed.
- Longitudinal redundancy check (LRC)—an example for data integrity
5. A hash function accepts a variable-size message m and produces a fixed-size message digest h(m) as output. It is possible to use a hash without using encryption.
- Practical properties
- h can be applied to a block of data of any size.
- h produces a fixed-length output.
- h(m) is easy to compute for any m.
- Security properties
- Given a code c it is computationally infeasible to find m such that h(m) = c
- Given m it is computationally infeasible to find n ≠ m such that h(m) = h(n)
- It is computationally infeasible to find any pair (m,n) such that h(m) = h(n)
- Preimage Resistance, Second Preimage Resistance, Collision Resistance
- Application
- Application Requiring Preimage Resistance
- Application Requiring Second Preimage Resistance
- Application Requiring Collision Resistance
6. Authentication
- The receiver concatenates the secret value & received message.
- The receiver evaluates the hash function and compares it with the senders hash function. If equal, the message is authentic.
7. Secure Hash Algorithm (SHA)
- SHA1: The processing consists of: Append padding bits. Append length. Initialise MD buffer. Process message in 512-bit blocks. Output: 160 bits.
- The output: Every bit of hash code is a function of every bit of the input. It is unlikely that two messages chosen at random will have the same hash code. It is infeasible to produce two different messages having the same message digest.
- Revised SHS
- Adds 3 additional versions of SHA : SHA-256, SHA-384, SHA-512.
- Designed for compatibility with increased security provided by the AES cipher structure & detail is similar to SHA-I.
- SHA-3: Cryptographic hash function to complement SHA-2.
- Replace SHA-2 with SHA-3 in any use: Same hash sizes
- Preserve the online nature of SHA-2: Must process small blocks (512 / 1024 bits)
- Evaluation criteria: Security close to theoretical max for hash sizes. Cost in time & memory. Flexibility & simplicity.
8. Attacks on Hash functions
- Both brute-force attacks and cryptanalysis
- A preimage or second preimage attack
- Collision resistance attack
9. 生日悖论 (the birthday attack),又称生日问题,是一个经典的概率问题。它描述了在一个特定巨细的群体中,存在两个人生日雷同的概率。悖论之处在于,这个概率随着群体巨细的增长而灵敏增长,远高于人们的直觉预期。
10. Message Authentication Code (MAC)
- Message Authentication involves generating a small block of data (the MAC) that is appended to the message.
- If the received MAC matches the calculated MAC, then the receiver is assured that the message has not been altered (integrity of the message). It is from the alleged sender (originator identity validation). If the message has a sequence number, the receiver can check it has a proper sequence.
- Security:
- Brute-force attacks exploiting
- Strong collision resistance hash have cost 2m/2
- MACs with known message-MAC pairs: Can either attack keyspace (key search) or MAC. At least 128-bit MAC is needed for security.
- Cryptanalytic attacks exploit structure: More variety of MACs so harder to generalise about cryptanalysis
11. HMAC: HMAC is a MAC derived from a cryptographic hash code, that is, it incorporates a secret key into an existing hash algorithm.
12. Digital signature scheme provides:
- Data origin authentication of the signer & Non-repudiation
- A digital signature on some data will need to be computed from: The data. A secret parameter known only by the signer.
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。 |
