Tom/RWTH-Notizen

Fork 0

Files

Tom Zuidberg fd986c324b cleanup of itsec md

2026-02-19 19:47:59 +01:00

6.1 KiB

Raw Blame History

It Security

Security Goals - CIA

Confidentiality
- only authorized entities can access assets in a system
- Attacks:
  - Eavesdropping - inteception of data during transfer
  - Traffic Analysis - analyze address information or timings to deduce who communicatos with whom
Integrity
- only authorized entities can change assets in a system
- Attacks:
  - Modification - intercept and modify data in transfer
  - Masquerading - modify SCR address information of a data packet in transfer
  - Replay - intercept a data packet in transfer and later replay it
  - Repudiation - deny an action such as having sent a specific data packet
Availability
- authorized entities can access assets in a system as intended
- Attack: Denial of Service- flooding a server with fake requests, jam signal with stronger singal on the same frequency, enter password wrongly to get the account blocked

Encryption Scheme definition

Noted as a tuple (P, C, K, E, D):

P = plaintexts
C = ciphertexts
K = keys
E = encryption functions
D = decryption functions

For any K_1 in K, there is a K_2 in K such that for all p in P, D_K_2(E_K_1(p)) = p For symmetric encryption, K_1 = K_2 This definition doesn't cover any notion of security

Symmetric Encription scheme

Properties:

Bob and Alice share the same key in advance
Decription is difficult without the key

Caesar Cipher

= Letter shift by k amount
vulnerable to Brute force attacks (exhaustive search attacks)

Monoalphabetic Substitution Cipher

= replace each letter by a fixed permutation of the alphabet key space is very large -> No brute force, however: vulnerable to frequency analysis, as Monoaplhabetic Substitution preservers letter frequencies

Perfect Secrecy

Defintion:

An encryption scheme is said to provide perfect secrecy iff given a probability distribution Pr on P, and Pr(P) > 0 for all plaintexts p and for each p in P, c in C and k in K chosen uniformly at random Pr(p|c) = Pr(p)

Meaning: Whether or not c is observed, p is as likely as its occurrence in the plaintext space

A cipher providing perfect secrecy cannot be broken by an attacker. Not even by one with infinite computational resources and infinite time. (Shannon'S Theorem)

One-Time-Pad (OTP)

aka Vernam Cipher or Vernam's One-Time-Pad

for each encryption, chose a key uniformly at random. Encryption: C = P xor K Decryption: C xor K = P xor K xor K = P

Advantages:
- Easy to compute (XOR is cheap computation)
- As secure as theoretically possible
- -> Security independent of the attacker's resources
- garantees confidentiality
Disadvantages
- Key must be as long as plaintext
  - impractical
- does not guarantee integrity
- insecure if keys are reused

==Learn the Prove for perfect secrecy by heart!==

Computational Security

= An encryption scheme is called computationally secure iff all known attacks against the cipher are computationally infeasible within any reasonable amout of time/resources

Attacker Models

Ciphertext only attack
- attacker knows only cipher text
known plaintext attack
- knows some pairs of plaintext and ciphertext
chosen plaintext attack
- can obtain ciphertext for plaintexts of his choice
chosen ciphertext attack
- can obtain plaintext for ciphertexts of his choice before target ciphertext is known

Security in a chosen-ciphertext setting is hardest to achieve Ciphertext-only setting is more difficult for the attacker -> easier to achieve

Stream Ciphers

Idea:

Replace K with PRBG:
- Seed of PRBG with a truly random key K
- PRBG should be cryptographically secure, though there is no proof
new initialization vector for each P

For each plaintext P select a fresh IV and set C = E_K(P) = IV || P xor PRBG(IV, K)

PRBG(IV, K) is referred to as key stream. The same key K is used for multiple plaintexts

Weakness:
If IV is reused with the same key, Stream Cipher is vulnerable to known-plaintext attacks (cf Chap 2 slide 32)
E.g. used to attack WPA2 (KRACK attack)

examples:

broken
- A5/1
- E0
unbroken
- SNOW 3G
- CHACHA20
- blockciphers in CTR mode

Block Ciphers

Operate on plaintext blocks of a specific length

called the block length b of the cipher
plaintext space P = ciphertext space C = {0,1}^b

Examples:

broken
- DES
- IDEA
unbroken
- KASUMI
- AES
- Camellia

Advanced Encryption Standard (AES)

more secure and efficient than 3DES, block length of 128 bit, regardless of key length

Operates on rounds:
input and output of each round represented as 4x4 byte matrices

Operations:

Substitute Byte (SB) - substitutes one byte
Round Key Addition (KA) - XOR byt with corresponding key
Shift Row (SR) - Shift a row by different amounts
Mix Column (MC) - Multiplication of a column by a given matrix

Overall Operation: plaintext -> KA -> SB -> SR -> MC* -> KA -> ciphertext & next round continuing after first KA operation *MC not done in the last round!

Number of rounds depends on key size:

128 bit key -> 10 rounds
192 -> 12
256 -> 14

Modes of encryption:

Electronic Code Book (ECB)
Cipher Block Chaining (CBC)
Counter (CTR)
Output Feedback (OFB) -> covered exercises

Electronic Codebook Mode (ECB)

Encryption: C_i = E_k(P_i) for i = 1, ..., n
Decryption: P_i = D_k(C_i) for i = 1, ..., n
Requires padding of P_n to b bit

Problem:

Same P_i leads to same C_i -> Patterns are visible -> ECB should not be used!

Cipher Block Chaining Mode (CBC)

IV = C_0
Encryption: C_i = E_k(P_i xor C_i-1) for i = 1, ..., n
Decryption: P_i = D_k(C_i) xor C_i-1 for i = 1, ..., n
Requires padding of P_n to b bit

Requires a fresh IV for each plaintext to encrypt!
If same IV is reused on P and P*, then C_1 and C_1* reveal whether P_1 = P_1*

Vulnerable to a padding-oracle attack

Should not be used anymore

Counter Mode (CTR)

IV public, fresh for each plaintext
Encryption: C_i = E_k(IV+i) xor P_i for i = 1, ..., n
Decryption: P_i = C_i xor E_k(IV+i) for i = 1, ..., n