Tom/RWTH-Notizen
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cleanup of itsec md

Browse Source
This commit is contained in:
Tom Zuidberg
2026-02-19 19:47:59 +01:00
parent e6e974f3df
commit fd986c324b
2 changed files with 14 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
ObsidianNotes/IT-Security.md
View File

@@ -1,7 +1,6 @@
# It Security
## Security Goals - CIA
- Confidentiality
- only authorized entities can access assets in a system
- Attacks:
@@ -18,72 +17,45 @@
- authorized entities can access assets in a system as intended
- Attack: Denial of Service- flooding a server with fake requests, jam signal with stronger singal on the same frequency, enter password wrongly to get the account blocked
 
## Encryption Scheme definition
Noted as a tuple (P, C, K, E, D):
- P = plaintexts
- C = ciphertexts
- K = keys
- E = encryption functions
- D = decryption functions
 
For any K_1 in K, there is a K_2 in K such that for all p in P, D_K_2(E_K_1(p)) = p
For symmetric encryption, K_1 = K_2
This definition doesn't cover any notion of security
## Symmetric Encription scheme
Properties:
- Bob and Alice share the same key in advance
- Decription is *difficult* without the key
 
## Caesar Cipher
= Letter shift by k amount
vulnerable to Brute force attacks (exhaustive search attacks)
 
## Monoalphabetic Substitution Cipher
= replace each letter by a fixed permutation of the alphabet
key space is very large -> No brute force, however:
vulnerable to frequency analysis, as Monoaplhabetic Substitution preservers letter frequencies
 
## Perfect Secrecy
Defintion:
> An encryption scheme is said to provide **perfect secrecy** iff given a probability distribution Pr on P, and Pr(P) > 0 for all plaintexts p and for each p in P, c in C and k in K chosen uniformly at random Pr(p|c) = Pr(p)
Meaning: Whether or not c is observed, p is as likely as its occurrence in the plaintext space
A cipher providing perfect secrecy cannot be broken by an attacker. Not even by one with infinite computational resources and infinite time. (Shannon'S Theorem)
 
## One-Time-Pad (OTP)
*aka Vernam Cipher or Vernam's One-Time-Pad*
for each encryption, chose a key uniformly at random.
Encryption: C = P xor K
Decryption: C xor K = P xor K xor K = P
- Advantages:
@@ -97,18 +69,13 @@ Decryption: C xor K = P xor K xor K = P
- does not guarantee **integrity**
- insecure if keys are reused
 
**Learn the Prove for perfect secrecy by heart!**
==**Learn the Prove for perfect secrecy by heart!**==
## Computational Security
= An encryption scheme is called computationally secure iff all known attacks against the cipher are computationally infeasible within any reasonable amout of time/resources
 
## Attacker Models
- Ciphertext only attack
- attacker knows only cipher text
- known plaintext attack
@@ -119,38 +86,26 @@ Decryption: C xor K = P xor K xor K = P
- can obtain plaintext for ciphertexts of his choice before target ciphertext is known
Security in a chosen-ciphertext setting is hardest to achieve
Ciphertext-only setting is more difficult for the attacker -> easier to achieve
 
## Stream Ciphers
Idea:
- Replace K with PRBG:
- Seed of PRBG with a truly random key K
- PRBG should be cryptographically secure, though there is no proof
- new initialization vector for each P
 
> For each plaintext P select a fresh IV and set C = E_K(P) = IV || P xor PRBG(IV, K)
>
> PRBG(IV, K) is referred to as *key stream*. The same key K is used for multiple plaintexts
 
Weakness:
If IV is reused with the same key, Stream Cipher is vulnerable to known-plaintext attacks (cf Chap 2 slide 32)
E.g. used to attack WPA2 (KRACK attack)
 
examples:
- broken
-
- A5/1
- E0
- unbroken
@@ -158,118 +113,78 @@ examples:
- CHACHA20
- blockciphers in CTR mode
 
## Block Ciphers
Operate on plaintext blocks of a specific length
- called the block length b of the cipher
- plaintext space P = ciphertext space C = {0,1}^b
 
Examples:
- broken
- DES
- IDEA
- unbroken
- KASUMI
- AES
Camellia
 
- Camellia
## Advanced Encryption Standard (AES)
more scure and efficient than 3DES, block length of 128 bit, regardless of key length
 
more secure and efficient than 3DES, block length of 128 bit, regardless of key length
Operates on rounds:
input and output of each round represented as 4x4 byte matrices
Operations:
- Substitute Byte(SB) - substitutes one byte
- Substitute Byte (SB) - substitutes one byte
- Round Key Addition (KA) - XOR byt with corresponding key
- Shift Row (SR) - Shift a row by different amounts
- Mix Column (MC) - Multiplication of a column by a given matrix
 
Overall Operation:
plaintext -> KA -> SB -> SR -> MC* -> KA -> ciphertext & next round continuing after first KA operation
*MC not done in the last round!
Number of rounds depends on key size:
- 128 bit key -> 10 rounds
- 192 -> 12
- 256 -> 14
 
Modes of encryption:
- Electronic Code Book (ECB)
- Cipher Block Chaining (CBC)
- Counter (CTR)
- Output Feedback (OFB) -> covered exercises
 
### Electronic Codebook Mode (ECB)
- Encryption: C_i = E_k(P_i) for i = 1, ..., n
- Decryption: P_i = D_k(C_i) for i = 1, ..., n
- Requires padding of P_n to b bit
 
Problem:
- Same P_i leads to same C_i -> Patterns are visible
-> ECB should not be used!
 
### Cipher Block Chaining Mode (CBC)
- IV = C_0
- Encryption: C_i = E_k(P_i xor C_i-1) for i = 1, ..., n
- Decryption: P_i = D_k(C_i) xor C_i-1 for i = 1, ..., n
- Requires padding of P_n to b bit
 
- Requires a fresh IV for each plaintext to encrypt!
Requires a fresh IV for each plaintext to encrypt!
If same IV is reused on P and P*, then C_1 and C_1* reveal whether P_1 = P_1*
- Vulnerable to a padding-oracle attack
Should not be used anymore
 
### Counter Mode (CTR)
- IV public, fresh for each plaintext
- Encryption: C_i = E_k(IV+i) xor P_i for i = 1, ..., n
- Decryption: P_i = C_i xor E_k(IV+i) for i = 1, ..., n
 
Properties:
- CTR does not require padding
- Ciphertext has the same size as plaintext
- CTR turns a block cipher into stream cipher
- CTR encryption and decryption can be parallelized