4.3.1 A first example Let’s construct an example of a perfectly secret encryption scheme based on these requirements. It will also help you get a grip on the ingredients of a symmetric cryptosystem given in the previous section. We want to encrypt the roman letters a,b,g by mapping them onto their counterparts in the greek…
4.5 Pseudorandomness Computational security is built on the concept of pseudorandomness, the idea that bit strings (that is, ciphertexts) can look completely random even though they are not. Pseudorandomness enables us to build (computationally) secure symmetric encryption schemes where a relatively short key, let’s say 128 bits long, is used to securely encrypt multiple terabytes…
5.1.1 Basic principles of identification protocols The simple exchange of a question and an answer between Alice and Bob described previously can be seen as a rudimentary identification protocol. We touched on this subject in Section 2.5, Authentication in Chapter 2, Secure Channel and the CIA Triad, and will now provide some more details. But…
5.3 Message authentication versus entity authentication What happens if message authentication or entity authentication fails? We can answer this question by looking at Figure 5.2 again. There are two ways in which Eve can manipulate messages sent from Bob to Alice. Eve’s first option, illustrated on the left-hand side in Figure 5.2, is to break…
Modern operating systems such as Linux use hash functions to store the hash values of passwords rather than the passwords themselves. The rationale is that even if an attacker gets hold of a hashed password, they cannot use it to log in as the victim because the password system requires the plaintext password. Moreover, because…
5.4.1 Brief history of password-based authentication Password-based authentication was introduced in the early 1960s when the first time-sharing systems, such as the famous Compatible Time-Sharing System (CTSS) and, later on, Multics, were developed at the Massachusetts Institute of Technology. A key problem the designers of these systems faced is that they – unlike earlier mainframe…
5.5 Challenge-response protocols The working principle of cryptographic challenge-response protocols is illustrated in Figure 5.5. Claimant Bob proves his identity to verifier Alice by demonstrating that he knows a secret that, by design, is known only to Bob (and, potentially, Alice). However, unlike with basic password-based authentication, as shown in Figure 5.3, Bob does not…
5.5.3 Challenge-response using (keyed) one-way functions The second option in a symmetric challenge-response protocol is to use one-way or hash functions to compute the responses. The shared secret K is hashed together with the random challenge RAND (see Figure 5.8). How this is done will be discussed in detail in Chapter 11, Hash Functions and…
6.1 Birth of the World Wide Web Conseil Européen pour la Recherche Nucléaire, the European Organization for Nuclear Research, better known by its acronym CERN, is a European research organization operating the world’s largest particle physics laboratory as well as the Large Hadron Collider, the world’s largest high-energy particle collider [184]. CERN, which is located…
The very first SSLv1 draft had no integrity protection at all. In subsequent revisions of that draft, a Cyclic Redundancy Check (CRC) was added. This, however, didn’t solve the message integrity problem because CRC was originally designed as an error-detection code to detect accidental bit flips in communication messages. Unlike cryptographic hash functions, CRCs are…
