CMSC 414 Computer and Network Security Lecture 3 - PowerPoint PPT Presentation

About This Presentation
Title:

CMSC 414 Computer and Network Security Lecture 3

Description:

We would like to show you a description here but the site won t allow us. – PowerPoint PPT presentation

Number of Views:127
Avg rating:3.0/5.0
Slides: 13
Provided by: jka9
Learn more at: http://www.cs.umd.edu
Category:

less

Transcript and Presenter's Notes

Title: CMSC 414 Computer and Network Security Lecture 3


1
CMSC 414Computer and Network SecurityLecture 3
  • Jonathan Katz

2
Private-key encryption
  • Alice and Bob share a key K
  • Must be shared securely
  • Must be completely random
  • Must be kept completely secret from attacker
  • We dont discuss (for now) how they do this
  • Plaintext - encryption - ciphertext - decryption
  • Decryption must recover the message!

3
Security through obscurity?
  • Always assume full details of crypto protocols
    and algorithms are public
  • Only secret information is a key
  • Security through obscurity is a bad idea

4
Shift cipher
  • Attacks?
  • Key space is too small!
  • Insecure against ciphertext-only attack
  • Frequency analysis
  • Index of coincidence
  • If an attacker can recover the key, a scheme is
    clearly insecure
  • What about the converse?
  • Multiple other attacks and problems

5
Substitution cipher
  • Attacks?
  • Much larger key space
  • Definitely not secure against known-plaintext
    attack
  • Also not secure against ciphertext-only attack
    (frequency analysis, digrams, trial and error)
  • Having a large key space is necessary, but not
    sufficient, to guarantee security
  • (Note that adversary can still recover the key)

6
Attacks
  • A typical standard is security against
    chosen-plaintext attacks
  • Security against chosen-ciphertext attacks is
    increasingly required
  • Note that the one-time pad is insecure against
    known-plaintext attack

7
Moral of the story?
  • Dont use simple schemes
  • Thoroughly analyze schemes before using
  • Better yet, use schemes that other, smarter
    people have already analyzed
  • A good definition of security is critical

8
Re-thinking the problem
  • What do we mean by security?
  • I.e., not being able to determine the key??
  • Types of attacks
  • Perfect security
  • One-time pad
  • Computational security
  • Block ciphers and modes of encryption
  • DES and AES

9
Notions of Security
  • What constitutes a break?
  • What kind of attacks?
  • Note always assume adversary knows full details
    of the scheme (except the key)
  • Never aim for security through obscurity

10
Security goals?
  • Adversary unable to recover the key
  • Necessary, but meaningless on its own
  • Adversary unable to recover entire plaintext
  • Good, but is it enough?
  • Adversary unable to determine any information at
    all about the plaintext
  • Sounds great!
  • Can we achieve it?

11
One-time pad
  • (One-time pad)

12
Properties of one-time pad?
  • Achieves perfect secrecy
  • No eavesdropper (no matter how powerful) can
    determine any information whatsoever about the
    plaintext
  • (Essentially) useless in practice
  • Long key length
  • Can only be used once (hence the name!)
Write a Comment
User Comments (0)
About PowerShow.com