4.3.1 A first example Let’s construct an example of a perfectly secret encryption scheme based on these requirements. It will also help you get a grip on the ingredients of a symmetric cryptosystem given in the previous section. We want to encrypt the roman letters a,b,g by mapping them onto their counterparts in the greek…
4.5.3 Pseudorandom functions and chosen-plaintext attacks Being secure against passive eavesdropping is oftentimes not enough in practice. Encryption schemes must also be secure against so-called chosen-plaintext attacks. In a nutshell, a chosen-plaintext attack describes the situation where Eve can ask Alice or Bob to encrypt multiple messages of Eve’s choice, and do so in an…
5.1.2 Basic factors for identification In information security, there are three basic ways for a legitimate party, say Alice, to prove their identity: Often, these factors are combined in what is called multi-factor authentication. For example, to withdraw money from an ATM, you need your credit card (something you have), but you also need your…
5.4 Password-based authentication Password-based authentication is arguably the most common way used to authenticate humans to electronic devices. An average internet user has about 70 to 80 passwords to identify themself to websites they visit and services they use [130]. Most existing password schemes use time-invariant passwords. The user initially chooses a string of characters,…
5.4.1 Brief history of password-based authentication Password-based authentication was introduced in the early 1960s when the first time-sharing systems, such as the famous Compatible Time-Sharing System (CTSS) and, later on, Multics, were developed at the Massachusetts Institute of Technology. A key problem the designers of these systems faced is that they – unlike earlier mainframe…
5.4.3 Disadvantages of password-based authentication In the previous section, we learned of several disadvantages of password-based authentication related to password storage. It turns out that passwords have even more drawbacks related to usability, time invariance, and human psychology. From a usability perspective, the user must be able to correctly enter the password and, thus, successfully…
5.5.2 Challenge-response using symmetric keys In challenge-response protocols using symmetric keys, the claimant and the verifier share a (typically high-entropy) secret K. An obvious approach to entity authentication is to send a nonce as a challenge RAND to the claimant and to expect the encrypted challenge as a response: RES = EK(RAND) (see Figure 5.6)….
6.1 Birth of the World Wide Web Conseil Européen pour la Recherche Nucléaire, the European Organization for Nuclear Research, better known by its acronym CERN, is a European research organization operating the world’s largest particle physics laboratory as well as the Large Hadron Collider, the world’s largest high-energy particle collider [184]. CERN, which is located…
The very first SSLv1 draft had no integrity protection at all. In subsequent revisions of that draft, a Cyclic Redundancy Check (CRC) was added. This, however, didn’t solve the message integrity problem because CRC was originally designed as an error-detection code to detect accidental bit flips in communication messages. Unlike cryptographic hash functions, CRCs are…
6.4 TLS overview The main task of the TLS protocol is to create a secure communication channel between two parties: server Alice and client Bob. The only thing that RFC 8446 assumes is a reliable, in-order data stream on the underlying transport layer. The two most widely used transport layer protocols are the Transport Control…
