Create IT-Security.md

ObsidianNotes/.obsidian/workspace.json

@@ -14,7 +14,7 @@
               "type": "markdown",
               "state": {
                 "file": "elemlds lecture 8.md",
-                "mode": "source",
+                "mode": "preview",
                 "source": false
               },
               "icon": "lucide-file",
@@ -201,8 +201,8 @@
   },
   "active": "d74c0c464422592b",
   "lastOpenFiles": [
-    "elemlds lecture 8.md",
     "elemlds lecture 9.md",
+    "elemlds lecture 8.md",
     "Elements of Machine Learning and Data Science.md",
     "Welcome.md"
   ]

ObsidianNotes/IT-Security.md

@@ -0,0 +1,275 @@
+# It Security
+
+## Security Goals - CIA
+
+- Confidentiality
+  - only authorized entities can access assets in a system
+  - Attacks:
+    - Eavesdropping - inteception of data during transfer
+    - Traffic Analysis - analyze address information or timings to deduce who communicatos with whom
+- Integrity
+  - only authorized entities can change assets in a system
+  - Attacks:
+    - Modification - intercept and modify data in transfer
+    - Masquerading - modify SCR address information of a data packet in transfer
+    - Replay - intercept a data packet in transfer and later replay it
+    - Repudiation - deny an action such as having sent a specific data packet
+- Availability
+  - authorized entities can access assets in a system as intended
+  - Attack: Denial of Service- flooding a server with fake requests, jam signal with stronger singal on the same frequency, enter password wrongly to get the account blocked
+
+ 
+
+## Encryption Scheme definition
+
+Noted as a tuple (P, C, K, E, D):
+
+- P = plaintexts
+- C = ciphertexts
+- K = keys
+- E = encryption functions
+- D = decryption functions
+
+ 
+
+For any K_1 in K, there is a K_2 in K such that for all p in P, D_K_2(E_K_1(p)) = p
+
+For symmetric encryption, K_1 = K_2
+
+This definition doesn't cover any notion of security
+
+## Symmetric Encription scheme
+
+Properties:
+
+- Bob and Alice share the same key in advance
+- Decription is *difficult* without the key
+
+ 
+
+## Caesar Cipher
+
+= Letter shift by k amount  
+vulnerable to Brute force attacks (exhaustive search attacks) 
+
+ 
+
+## Monoalphabetic Substitution Cipher
+
+= replace each letter by a fixed permutation of the alphabet
+
+key space is very large -> No brute force, however:
+
+vulnerable to frequency analysis, as Monoaplhabetic Substitution preservers letter frequencies
+
+ 
+
+## Perfect Secrecy
+
+Defintion:
+
+> An encryption scheme is said to provide **perfect secrecy** iff given a probability distribution Pr on P, and Pr(P) > 0 for all plaintexts p and for each p in P, c in C and k in K chosen uniformly at random Pr(p|c) = Pr(p)
+
+Meaning: Whether or not c is observed, p is as likely as its occurrence in the plaintext space
+
+A cipher providing perfect secrecy cannot be broken by an attacker. Not even by one with infinite computational resources and infinite time. (Shannon'S Theorem)
+
+ 
+
+## One-Time-Pad (OTP)
+
+*aka Vernam Cipher or Vernam's One-Time-Pad*
+
+for each encryption, chose a key uniformly at random. 
+
+Encryption: C = P xor K
+
+Decryption: C xor K = P xor K xor K = P
+
+- Advantages:
+  - Easy to compute (XOR is cheap computation)
+  - As secure as theoretically possible
+  - -> Security independent of the attacker's resources
+  - garantees confidentiality
+- Disadvantages
+  - Key must be as long as plaintext
+    - impractical
+  - does not guarantee **integrity**
+  - insecure if keys are reused
+
+ 
+
+**Learn the Prove for perfect secrecy by heart!**
+
+## Computational Security
+
+= An encryption scheme is called computationally secure iff all known attacks against the cipher are computationally infeasible within any reasonable amout of time/resources
+
+ 
+
+## Attacker Models
+
+- Ciphertext only attack
+  - attacker knows only cipher text
+- known plaintext attack
+  - knows some pairs of plaintext and ciphertext
+- chosen plaintext attack
+  - can obtain ciphertext for plaintexts of his choice
+- chosen ciphertext attack
+  - can obtain plaintext for ciphertexts of his choice before target ciphertext is known
+
+Security in a chosen-ciphertext setting is hardest to achieve
+
+Ciphertext-only setting is more difficult for the attacker -> easier to achieve
+
+ 
+
+## Stream Ciphers
+
+Idea:
+
+- Replace K with PRBG:
+  - Seed of PRBG with a truly random key K
+  - PRBG should be cryptographically secure, though there is no proof
+- new initialization vector for each P
+
+ 
+
+> For each plaintext P select a fresh IV and set C = E_K(P) = IV || P xor PRBG(IV, K)
+>
+> PRBG(IV, K) is referred to as *key stream*. The same key K is used for multiple plaintexts
+
+ 
+
+Weakness:  
+If IV is reused with the same key, Stream Cipher is vulnerable to known-plaintext attacks (cf Chap 2 slide 32)  
+E.g. used to attack WPA2 (KRACK attack)
+
+ 
+
+examples:
+
+- broken
+- 
+  - A5/1
+  - E0
+- unbroken
+  - SNOW 3G
+  - CHACHA20
+  - blockciphers in CTR mode
+
+ 
+
+## Block Ciphers
+
+Operate on plaintext blocks of a specific length
+
+- called the block length b of the cipher
+- plaintext space P = ciphertext space C = {0,1}^b
+
+ 
+
+Examples:
+
+- broken
+  - DES
+  - IDEA
+- unbroken
+  - KASUMI
+  - AES  
+Camellia
+
+ 
+
+## Advanced Encryption Standard (AES)
+
+more scure and efficient than 3DES, block length of 128 bit, regardless of key length
+
+ 
+
+Operates on rounds:  
+input and output of each round represented as 4x4 byte matrices
+
+Operations:
+
+- Substitute Byte(SB) - substitutes one byte
+- Round Key Addition (KA) - XOR byt with corresponding key
+- Shift Row (SR) - Shift a row by different amounts
+- Mix Column (MC) - Multiplication of a column by a given matrix
+
+ 
+
+Overall Operation:
+
+plaintext -> KA -> SB -> SR -> MC* -> KA -> ciphertext & next round continuing after first KA operation
+
+*MC not done in the last round!
+
+Number of rounds depends on key size:
+
+- 128 bit key -> 10 rounds
+- 192 -> 12
+- 256 -> 14
+
+ 
+
+Modes of encryption:
+
+- Electronic Code Book (ECB)
+- Cipher Block Chaining (CBC)
+- Counter (CTR)
+- Output Feedback (OFB) -> covered exercises
+
+ 
+
+### Electronic Codebook Mode (ECB)
+
+- Encryption: C_i = E_k(P_i)  for i = 1, ..., n
+- Decryption: P_i = D_k(C_i) for i = 1, ..., n
+- Requires padding of P_n to b bit
+
+ 
+
+Problem:
+
+- Same P_i leads to same C_i -> Patterns are visible
+
+-> ECB should not be used!
+
+ 
+
+### Cipher Block Chaining Mode (CBC)
+
+- IV = C_0
+- Encryption: C_i = E_k(P_i xor C_i-1) for i = 1, ..., n
+- Decryption: P_i = D_k(C_i) xor C_i-1 for i = 1, ..., n
+- Requires padding of P_n to b bit
+
+ 
+
+- Requires a fresh IV for each plaintext to encrypt!  
+If same IV is reused on P and P*, then C_1 and C_1* reveal whether P_1 = P_1*
+- Vulnerable to a padding-oracle attack
+
+Should not be used anymore
+
+ 
+
+### Counter Mode (CTR)
+
+- IV public, fresh for each plaintext
+- Encryption: C_i = E_k(IV+i) xor P_i for i = 1, ..., n
+- Decryption: P_i = C_i xor E_k(IV+i) for i = 1, ..., n
+
+ 
+
+Properties:
+
+- CTR does not require padding
+- Ciphertext has the same size as plaintext
+- CTR turns a block cipher into stream cipher
+- CTR encryption and decryption can be parallelized
+
+ 
+
+ 

ObsidianNotes/elemlds lecture 9.md

@@ -5,3 +5,18 @@ Goal: predict output class $\mathcal{C}$ from measurements $\text{x}$ by minimiz
 >$$p(X,Y)=\frac{p(X|Y)p(Y)}{p(X)}$$
 
 
+---
+
+$posterior = \frac{likelihood \cdot prior}{normalization factor}$
+
+
+==NOTE: Learn Normal/Gaussian Distribution by heart!== 
+univariate:
+$$
+\mathcal{N} (x|\mu, \sigma^2) = \frac{1}{\sqrt{2\pi}\sigma}\exp\left(-\frac{(x-\mu)^2}{2\sigma^2}\right)
+$$
+multivariate:
+$$
+\mathcal{N}(\text{x}|\mu, \Sigma) = \frac{1}{(2\pi)^{D/2}|\Sigma|^{1/2}}\exp\left(-\frac{1}{2} (\text{x}-\mu)^\top \Sigma^{-1}(\text{x}-\mu) \right)
+$$
+