From fd986c324b4ac509a88a4185c9d2387cb56cc3bc Mon Sep 17 00:00:00 2001 From: Tom Zuidberg Date: Thu, 19 Feb 2026 19:47:59 +0100 Subject: [PATCH] cleanup of itsec md --- ObsidianNotes/.obsidian/workspace.json | 33 +++------ ObsidianNotes/IT-Security.md | 95 ++------------------------ 2 files changed, 14 insertions(+), 114 deletions(-) diff --git a/ObsidianNotes/.obsidian/workspace.json b/ObsidianNotes/.obsidian/workspace.json index 83ea178..fec2373 100644 --- a/ObsidianNotes/.obsidian/workspace.json +++ b/ObsidianNotes/.obsidian/workspace.json @@ -4,39 +4,24 @@ "type": "split", "children": [ { - "id": "cc5c72d968983eef", + "id": "f7e064c4f2a5d36d", "type": "tabs", "children": [ { - "id": "6a0dffa8b674a58d", + "id": "e46cc7fa9866d84d", "type": "leaf", "state": { "type": "markdown", "state": { - "file": "elemlds lecture 8.md", - "mode": "preview", - "source": false - }, - "icon": "lucide-file", - "title": "elemlds lecture 8" - } - }, - { - "id": "d74c0c464422592b", - "type": "leaf", - "state": { - "type": "markdown", - "state": { - "file": "elemlds lecture 9.md", + "file": "IT-Security.md", "mode": "source", "source": false }, "icon": "lucide-file", - "title": "elemlds lecture 9" + "title": "IT-Security" } } - ], - "currentTab": 1 + ] } ], "direction": "vertical" @@ -93,8 +78,7 @@ } ], "direction": "horizontal", - "width": 300, - "collapsed": true + "width": 300 }, "right": { "id": "7e5fb0cf1f329d1d", @@ -199,10 +183,11 @@ "bases:Create new base": false } }, - "active": "d74c0c464422592b", + "active": "e46cc7fa9866d84d", "lastOpenFiles": [ - "elemlds lecture 9.md", "elemlds lecture 8.md", + "elemlds lecture 9.md", + "IT-Security.md", "Elements of Machine Learning and Data Science.md", "Welcome.md" ] diff --git a/ObsidianNotes/IT-Security.md b/ObsidianNotes/IT-Security.md index 2d4f679..84e78c0 100644 --- a/ObsidianNotes/IT-Security.md +++ b/ObsidianNotes/IT-Security.md @@ -1,7 +1,6 @@ # It Security ## Security Goals - CIA - - Confidentiality - only authorized entities can access assets in a system - Attacks: @@ -18,72 +17,45 @@ - authorized entities can access assets in a system as intended - Attack: Denial of Service- flooding a server with fake requests, jam signal with stronger singal on the same frequency, enter password wrongly to get the account blocked -  - ## Encryption Scheme definition - Noted as a tuple (P, C, K, E, D): - - P = plaintexts - C = ciphertexts - K = keys - E = encryption functions - D = decryption functions -  - For any K_1 in K, there is a K_2 in K such that for all p in P, D_K_2(E_K_1(p)) = p - For symmetric encryption, K_1 = K_2 - This definition doesn't cover any notion of security ## Symmetric Encription scheme - Properties: - - Bob and Alice share the same key in advance - Decription is *difficult* without the key -  - ## Caesar Cipher - = Letter shift by k amount vulnerable to Brute force attacks (exhaustive search attacks) -  - ## Monoalphabetic Substitution Cipher - = replace each letter by a fixed permutation of the alphabet - key space is very large -> No brute force, however: - vulnerable to frequency analysis, as Monoaplhabetic Substitution preservers letter frequencies -  - ## Perfect Secrecy - Defintion: - > An encryption scheme is said to provide **perfect secrecy** iff given a probability distribution Pr on P, and Pr(P) > 0 for all plaintexts p and for each p in P, c in C and k in K chosen uniformly at random Pr(p|c) = Pr(p) Meaning: Whether or not c is observed, p is as likely as its occurrence in the plaintext space A cipher providing perfect secrecy cannot be broken by an attacker. Not even by one with infinite computational resources and infinite time. (Shannon'S Theorem) -  - ## One-Time-Pad (OTP) - *aka Vernam Cipher or Vernam's One-Time-Pad* for each encryption, chose a key uniformly at random. - Encryption: C = P xor K - Decryption: C xor K = P xor K xor K = P - Advantages: @@ -97,18 +69,13 @@ Decryption: C xor K = P xor K xor K = P - does not guarantee **integrity** - insecure if keys are reused -  - -**Learn the Prove for perfect secrecy by heart!** +==**Learn the Prove for perfect secrecy by heart!**== ## Computational Security = An encryption scheme is called computationally secure iff all known attacks against the cipher are computationally infeasible within any reasonable amout of time/resources -  - ## Attacker Models - - Ciphertext only attack - attacker knows only cipher text - known plaintext attack @@ -119,38 +86,26 @@ Decryption: C xor K = P xor K xor K = P - can obtain plaintext for ciphertexts of his choice before target ciphertext is known Security in a chosen-ciphertext setting is hardest to achieve - Ciphertext-only setting is more difficult for the attacker -> easier to achieve -  - ## Stream Ciphers - Idea: - - Replace K with PRBG: - Seed of PRBG with a truly random key K - PRBG should be cryptographically secure, though there is no proof - new initialization vector for each P -  - > For each plaintext P select a fresh IV and set C = E_K(P) = IV || P xor PRBG(IV, K) > > PRBG(IV, K) is referred to as *key stream*. The same key K is used for multiple plaintexts -  Weakness: If IV is reused with the same key, Stream Cipher is vulnerable to known-plaintext attacks (cf Chap 2 slide 32) E.g. used to attack WPA2 (KRACK attack) -  - examples: - - broken -- - A5/1 - E0 - unbroken @@ -158,118 +113,78 @@ examples: - CHACHA20 - blockciphers in CTR mode -  - ## Block Ciphers - Operate on plaintext blocks of a specific length - - called the block length b of the cipher - plaintext space P = ciphertext space C = {0,1}^b -  - Examples: - - broken - DES - IDEA - unbroken - KASUMI - AES -Camellia - -  + - Camellia ## Advanced Encryption Standard (AES) - -more scure and efficient than 3DES, block length of 128 bit, regardless of key length - -  +more secure and efficient than 3DES, block length of 128 bit, regardless of key length Operates on rounds: input and output of each round represented as 4x4 byte matrices Operations: - -- Substitute Byte(SB) - substitutes one byte +- Substitute Byte (SB) - substitutes one byte - Round Key Addition (KA) - XOR byt with corresponding key - Shift Row (SR) - Shift a row by different amounts - Mix Column (MC) - Multiplication of a column by a given matrix -  Overall Operation: - plaintext -> KA -> SB -> SR -> MC* -> KA -> ciphertext & next round continuing after first KA operation - *MC not done in the last round! Number of rounds depends on key size: - - 128 bit key -> 10 rounds - 192 -> 12 - 256 -> 14 -  - Modes of encryption: - - Electronic Code Book (ECB) - Cipher Block Chaining (CBC) - Counter (CTR) - Output Feedback (OFB) -> covered exercises -  - ### Electronic Codebook Mode (ECB) - - Encryption: C_i = E_k(P_i) for i = 1, ..., n - Decryption: P_i = D_k(C_i) for i = 1, ..., n - Requires padding of P_n to b bit -  - Problem: - - Same P_i leads to same C_i -> Patterns are visible - -> ECB should not be used! -  - ### Cipher Block Chaining Mode (CBC) - - IV = C_0 - Encryption: C_i = E_k(P_i xor C_i-1) for i = 1, ..., n - Decryption: P_i = D_k(C_i) xor C_i-1 for i = 1, ..., n - Requires padding of P_n to b bit -  - -- Requires a fresh IV for each plaintext to encrypt! +Requires a fresh IV for each plaintext to encrypt! If same IV is reused on P and P*, then C_1 and C_1* reveal whether P_1 = P_1* - Vulnerable to a padding-oracle attack Should not be used anymore -  - ### Counter Mode (CTR) - - IV public, fresh for each plaintext - Encryption: C_i = E_k(IV+i) xor P_i for i = 1, ..., n - Decryption: P_i = C_i xor E_k(IV+i) for i = 1, ..., n -  - Properties: - - CTR does not require padding - Ciphertext has the same size as plaintext - CTR turns a block cipher into stream cipher - CTR encryption and decryption can be parallelized -  -  \ No newline at end of file