Information Security Notes Summary 1-5

Here is some concept summary of my mid-term. Those maths and case is excluded.

Type of Attack

I should understand how the following attack happen:

• Brute-force Attack
• Differential Attack
• Length extension attacks
  • Hash using Merkle-Damgard construction
• Second pre-image attack(2^(n-1))(fixed message)
• Birthday attack(2^n/2)(any two message)
• Meeting in the middle attack
• Man in the middle attack
• Replay attack
• Offline dictionary attack

Symetric

Symetric has no hard problem, all depands on the key size. When we talk about symetric, We usually use AES. DES and 3DES should not be use anymore. Symetric is much faster than Asymmetric(10-100times).

Avalanclve effect: Small change in bit will lead to big change of the output.

• Stream -> one bi
• Block -> one block (normally 64bit)
  • More secure

Asymmetric

Asymmetric is a Trapdoor function, everyone can lock but only private key can unlock.

RSA

• We need at least 2048bit
• Starting from TLS1.3, RSA is no more included

ECC

• aP and bP is impossible to compute abP
• Diffle hellman algorithm
• 256 ECC is as strong as 3072RSA
• Legacy software does not support

Hash

Famous Hash:

• MD5
• SHA1
• SHA256

Aim:

• impossible hard to modify a message without changing the hash
• impossible hard to Generate a messate that a given hash
• impossible hard to Find two different message with the same hash

MD construction (collision)

大集合映射到小集合, collision必然會發生

H(P||s) for salt

• Hash chain: one time password
• Hash list: hash big file
• Hash tree: only verify root hash

MAC message Authentication code

Goal:

• Computable(very fast)
• Unforgeable
• one-wayness

MAC requies a key to verify

Digital Signature

Make Message can be publity verfiable

• MAC? key is shared
• Public Key? everyone can send an encrypted message

Example of Digital Signatures:

• RSA-PSS
• DSA
• ECDSA - fastest and more secure

Mac is faster than DS, MAC only need a hash function.

Secure Public Key Distibution

Ways to distibution a key:

1. Manual
2. Certuficate
3. Public KEY infarstructure
4. PGP
5. ID-base

Certificate:

• Issued by CA (Certificate Authority)
• Certificate Revocation List(CRL)

Symmetric key distribution

• Use dellit-hellman Algorithms

• Key agreement: both parties contribute some information

• Perfect forward secrecy

• Session Key: session key per each commanication session

• Authenticated: is able to confirm the identity of the partner

• Absent of Secure channel: do not need pre-share secure channel

Requirement of an AKE protocol

1. Soundness
2. Completeness
3. Key establishment
4. Mutual authentical
5. Secure against replay attack
6. Secure against offline dictionary attack
7. Perfect forward secrecy
8. Secure against Denning-Sacco attacks