6CCS3CIS: Cryptography

Ioana Sandu

Week 1:
Computer Security
Network Security
Information Security (=protecting inf. and inf.
systems from unauthorised access, use disclosure,
disruption, modification, or destruction)
Prevention and detection of:
 unauthorised actions
 authorised actions
Consists of:
 provisions made in an underlying computer
network infrastructure
 policies adopted by the network administrator
 the network-accessible resources from
unauthorised access
 effectiveness of all measures combined
Deals with:
 information independent of computer systems
 Inf. is more general than data
 Constitutes a basic right

Cryptology The study of secret writing

Steganography The science of secret writing
Cryptography (encrypt, encode, encipher) The science of secret writing
Cryptanalysis The science of recovering the plaintext from ciphertext
without the key

Steganography Code
(hidden) (replace words)
Secret Substitution
writing Cipher
(replace letters)
Cryptography
(encrypted)
Transposition
Agents (principals):
Honest Agents Agents communicating with each other

Dishonest Agents  An ears dropper (passive attacker who only

listens)
 Malicious, active attackers
Trusted and/or Neutral  Trusted servers
 Prover or verifier (zero-knowledge protocols)

Traditional Security Properties/Goals (CIA):

Confidentiality (Secrecy)  No improper disclosure of information
 No unauthorised access to information
Integrity  No improper modification of information
 No unauthorised modification of information
Availability  No improper impairment of functionality/service
 No unauthorised impairment of information

Confidentiality  Unauthorised reading of data when considering

access control
 Presumes a security policy saying who or what
can access your data
Privacy (sometimes anonymity)  Pertains to confidentiality for individuals
 You choose what you let other people know
 Confidentiality of information that you don’t
want to share
Secrecy  Pertains to confidentiality for organisations
Anonymity  Your true identity is unknown
 You are only anonymous within a group if your
actions cannot be distinguished from the actions
of anyone else in the group (anonymity set)

Possible Applications of Privacy and Anonymity:

Privacy
Untraceable Electronic Mail
Law Enforcement and Intelligence
Blockchain, Cryptocurrencies, Digital Cash
Anonymous Electronic Voting
Censorship-Resistant Publishing
Crypto-Anarchy
 Hide online transactions, web browsing from
intrusive governments, marketers and archivists
 Corporate whistle-blowers
 Political dissidents
 Socially sensitive communications
 Confidential business negotiations
 Sting operations or honeypots
 Secret communications
 Electronic currency with properties of paper
money
Attacks on Anonymity:
Passive Traffic Analysis  Infer from network traffic who is talking to
whom
 To hide your traffic, must carry other people’s
traffic
Active Traffic Analysis  Inject packets or put a timing signature on packet
flow
Compromise of Network Nodes (Router)  It isn’t obvious which nodes have been
compromised
 Better not trust any individual nodes

Anonymity, Unlinkability, Unobservability:

Anonymity
Unlinkability (of action and identity)
Unobservability (hard to achieve)
 The state of being not identifiable within a set of
subjects
 Sender and his email are no more related after
observing communication than they were before
 Observer cannot even tell whether a certain
action took place or not

Security Properties:
Integrity  We are concerned with preventing the possibly
- data has not been (maliciously) altered malicious alteration of data by smn who is not
authorised to do so
 In this sense, it can be characterised as the
unauthorised writing of data. This presumes a
security policy saying who or what is allowed to
alter the data
 Example violation: an on-line payment system
alters an electronic payment to read £ 10,000
instead of £ 100

Availability  Threats to availability cover many kinds of

- data/services can be accessed when desired
Accountability
external environmental events (e.g., fire, pulling
the server plug) as well as accidental or
malicious attacks in software (e.g., infecting a
system with a debilitating virus)
 Ensuring availability means preventing denial of
service (DoS) attacks, insofar as this is possible
 Example violations: the deadly distributed
DoS (DDoS) attacks against on-line services;
interfering with IP routing
 If prevention methods and access controls fail,
 - actions are recorded and can be traced to
responsible principals
Non-repudiation (a stronger form of accountability)
Authentication
- principals or data can be identified accurately
we may need to fall back to detection: keep a
secure audit trail so that actions affecting security
can be traced back to the responsible party
 If a system is compromise, the logs may also be
tempered with. Ways around are to send log
messages to an append-only file, a separate server
or even a physically isolated printer
 Actions cannot be denied
 Data or services available only to authorised
identities
 Is verification of a person or a system
 Some for of authentication is a pre-requisite if we
wish to allow access to services or data to some
people but deny access to others using an access
control system
 Examples of violation: purporting to be
somebody else (identity theft) by faking email,
IP spoofing, or stealing a private key and
signing documents

Methods of Authentication:
Something you have an entry card
Something you know a password or secret key
Something you are a fingerprint, signature, biometric

Security Mechanisms (or Protection Countermeasures):

Challenge  Employing adequate mechanisms and
demonstrating that the resulting system is secure
 Careful screening is not enough
Prevention  System design and employ security technologies
*most important as defences (e.g. using a firewall to prevent
external access to corporate intranets)
Detection  If a security breach occurs, we try to ensure that it
will be detected
 Particularly pertinent in computer security where
“theft” of a file does not imply denial of access
for the owner
 Logging and MACs (file hashes to detect
alteration) are primary methods of detection,
although intrusion detection systems are
becoming more common
Response  Should have some arrangement in place to
respond or recover assets (e.g. restoring backups
through informing appropriate concerned parties
or law-enforcement agencies)
Summary and Examples:

Confidentiality  Information is not learned by unauthorized

principals. Alice encrypts (e.g., with Bob’s public
key) the message for Bob, who decrypts it (e.g.,
with his private key). Eve (eavesdropper) and
Charlie (active attacker) can intercept and replay
the message but are not able to decrypt it.
 Several examples of violation are possible, e.g.,
your medical records are obtained by a potential
employer without your permission.
Privacy  You choose what you let other people know, i.e.,
confidentiality of information that you don’t want
to share.
 Several examples of violation are possible, e.g.,
somebody applies for a job and does not include
their date of birth in the application, but the
interview panel (somehow) finds out the date.
Anonymity  Confidentiality of your identity.
 Several examples of violation are possible, e.g., a
lecturer finding out the true identity of a student
when marking the exams.
Integrity  Data has not been (maliciously) altered. Alice
encrypts (e.g., with her private key or with a
MAC, sending also the message in the clear) the
message and sends it to Bob, who verifies that it
has not been altered (e.g., he decrypts it with
Alice’s public key and verifies the signature, or
he verifies the MAC). Eve and Charlie can read,
intercept and replay the message, but are not able
to alter it.
 Several examples of violation are possible, e.g.,
an on-line payment system alters an electronic
cheque to read £ 10,000 instead of £ 100.
Availability  Data/services can be accessed when desired.
Alice and Bob are able to exchange messages (or
Alice is able to access the resource provided by
Bob), and Eve and Charlie cannot disrupt the
service.
 Several examples of violation are possible, e.g., a
distributed DoS(DDoS) attack against some on-
line service.
Authentication  Principals or data origin can be identified
accurately. Alice encrypts (e.g., with her private
key or with a MAC, sending also the message in
the clear) the message and sends it to Bob, who
can verify that it really comes from Alice. Eve
and Charlie can read, intercept and replay the
message, but are not able to alter the identity of
 the sender. Using protocols for authentication is
also possible.
 Several examples of violation are possible, e.g.,
purporting to be somebody else (identity theft) by
faking email, IP spoofing, or stealing a private
key and signing documents.
Non-repudiation  Actions can be traced to responsible principals,
who cannot deny their actions. Alice and Bob
cannot deny having sent and received the
messages. In this case, the protection is more
against internal attackers than with respect to
external attackers such as Eve and Charlie.
 Several examples of violation are possible, e.g.,
the signer of an online contract denies having
signed it.
Accountability  Actions are recorded and can be traced to the
party responsible. If prevention methods and
access controls fail, we may fallback to detection:
keeping a secure audit trail is important so that
actions affecting security can be traced back to
the responsible party. Creating an audit trail with
machine logs is a tricky problem: if a system is
compromised, the logs may also be tampered
with. Ways around that problem are to send log
messages to an append-only file, a separate
server, or even a physically isolated printer.
 Example violation: an audit trail is tampered
with, lost, or cannot establish where a security
breach occurred.
Week 2:
A General Model For (Network) Security:
A Message Is to be transmitted from one principal (sender) to
another (recipient) across some sort of internet channel
A Logical Information Channel Is established by defining a route through the internet
from a source to destination and by principals
The two principals must cooperate for the exchange to take place.

All Techniques for Providing Security Have Two Components:

A Security-Related Transformation on Information  Encryption of the message, which ‘scrambles’ the
to Be Sent message so that it is unreadable by the opponent
 Addition of a code based on the contents of the
message, which can be used to verify the identity
of the sender
Some Secret Information  Encryption key used in conjunction with
(shared by the two principals and it is hoped to be transformation to ‘scramble’ message before
unknown to the opponent) transmission and unscramble it on reception
A Trusted Third Party  Responsible for distributing the secret
(may be needed to achieve a secure transmission) information to the two principals while keeping it
from any opponent, or
 Needed to arbitrate disputes between the two
principals concerning the authenticity of a
message transmission

This General Model Shows That There Are 4 Basic Tasks:

1. Design an algorithm for performing the security-related transformation. The algorithm should be such
that an opponent cannot defeat its purpose
2. Generate the secret information to be used with the algorithm
3. Develop methods for the distribution and sharing of the secret information
4. Specify a protocol to be used by the two principals that makes use of the security algorithm and the
secret information to achieve a particular security service
General Cryptographic Schema:
Plain Text Text that can be read and ‘understood’
Encryption Transformation (or function, process, procedure) E that
takes in input a plain text and a key and generates a
ciphertext
E ( Key 1 , P ) =C
Ciphertext Transformed (or scrambled) text that needs to be
‘processed’ to be ‘understood’
Decryption Transformation (or function, process, procedure) D that
takes in input a ciphertext and a key and generates a
plain text
D ( Key 2 , C )=P
Cipher A function (or algorithm) for performing
encryption/decryption
Symmetric Algorithms Key 1=Key 2
Or easily derived from each other
Asymmetric (or Public Key) Algorithms  Different keys which cannot be derived from
each other
 Public key can be published without
compromission private key
Encryption and decryption should be easy if the keys are known.
Security depends only on secrecy of the key, not on the algorithm.

A Mathematical Formalisation of Encryption/Decryption

Alphabet A : is a finite set
¿
Message Space M ⊆ A , where M ∈ M is a plaintext (message)
Cyphertext Space C , whose alphabet may differ from M
Key Space K , contains the keys
Encryption Function (Transformation) Ee : each e ∈ K determines a bijective function from M to
C
 We will write Ee ( P )=C or E ( e , P ) =C
Decryption Function For each d∈ K , Dd denotes a bijective function from C to
M
Encryption Applying Ee
Decryption Applying Dd