# TTM4135: Information Security

# Definitions

These are definitions found in course material (mostly exercises) which may prove useful for the exam

## Chapter 1

- Conﬁdentiality
- preventing unauthorised disclosure of information
- Integrity
- preventing unauthorised (accidental or deliberate) modification or destruction of information
- Availability
- ensuring resources are accessible when required by an authorised user
- Entity authentication
- provides confirmation of the claimed identity of an entity
- Data origin authentication
- provides confirmation of the claimed source (origin) of a data unit (message)
- Non-repudiation
- Ensures that you cannot hide the source (origin) of a data unit (message).
- Cipher
- See own section
- Kerckhoffs’ principle
- the cryptanalyst has complete knowledge of the cipher. The only unknown part is the decryption key.
- Transposition
- the characters in the plaintext are mixed up with each other (permuted)
- Substitution
- each character (or set of characters) is replaced by a different character (or set of characters)

## Chapter 2

- Confusion
- This involves substitution to make the relationship between the key and ciphertext as complex as possible.
- Diffusion
- This involves transformations that dissipate the statistical properties of the plaintext across the ciphertext. (A small change in plaintext should give a completely different ciphertext)
- Product cipher
- A product cipher is a cryptosystem in which the encryption function is formed by applying (or composing) several sub-encryption functions.
- Iterated cipher
- Most modern ciphers in this category, read more below.
- Feistel cipher
- An iterated cipher in which the round function swaps the two halves of the block and forms a new right hand half
- Substitution-permutation network
- An iterated cipher. Takes a block of the plaintext and the key as inputs, and applies several rounds of permutations, known as substitution boxes(S-box) and permutation boxes (P-box). A
**S-box**substitutes sub-blocks of size l bits (its input) by another block of bits (its output). It can be thought of as a substitution cipher. A**P-box**takes the output from the S-boxes of one round, permutes the bits and feed them into the S-boxes in the next round. It can be thought of as a transposition cipher. At each round, the**round key**is combined with some operation such as XOR. - Group generator
- A group generator is a group element g that in the operation
represents all the elements that are relatively prime to p. Consider for example the group G$g^k \mod p$ $\mathbb{Z}_5$ . G consists of the elements {1, 2, 3, 4}. One or several of these group elements may be a group generator for G. A way to check this is to usefor the k group elements and see if they represent all the group elements.$g^k \mod 5$

Example:

2 is a group generator for

- Finite ﬁeld
- placeholder

## Chapter 3

- Electronic Code Book (ECB) Mode
- The basic mode of a block cipher. Plaintext block
$P$ is encrypted with key$K$ to produce ciphertext block$C_t$ . Ciphertext block$C$ is decrypted with key$K$ to produce plaintext block$P_t$ . - Cipher Block Chaining (CBC) Mode
- A random initialization vector (IV) is chosen and sent together with the ciphertext blocks.
$C_t=E(P_t\oplus C_{t-1},K)$ where$C_0=IV$ $P_t=D(C_t,K)\oplus C_{t-1}$ where$C_0=IV$ - CTR Mode
- CTR is a synchronous stream cipher. The keystream is generated by encrypting successive values of a "counter", initialised using a nonce (randomly chosen value) N:
$O_t=E(T_t,K)$ , where$T_t=N||t$ is the concatenation of the nonce and block number t. Encryption:$C_t=O_t\oplus P_t$ . Decryption:$P_t=O_t\oplus C_t$ . - True Random Number Generator (TRNG)
- is a physical process which outputs each valid string independently with equal probability
- Pseudo Random Number Generator (PRNG)
- is a deterministic algorithm which approximates a TRNG.
- Message Authentication Code (MAC)
- A message authentication code (MAC) is a cryptographic mechanism used for ensuring message integrity. A MAC tag should at least be of length
$\log_2{I/R}$ where$I$ is a limit on how many invalid messages are detected before the key is changed and$R$ is the acceptable probability that a false message is accepted. - Stream Cipher
- Stream ciphers are characterised by the generation of a keystream using the short key and an initialisation value as input. Each element of the keystream is used successively to encrypt one or more ciphertext characters. Stream ciphers are usually symmetric key ciphers: sender and receiver share the same key and can generate the same keystream given the same initialisation value.
- Synchronous stream ciphers
- The keystream is generated independently of the plaintext. Both sender and receiver need to generate the same keystream and synchronise on its usage.
- One Time Pad
- The key is a random sequence of characters, all of them independently generated. Each character in the key is used one time only. The one-time pad provides perfect secrecy.
- Linear Feedback Shift Register
- A LFSR is a common component in design of stream ciphers.

## Chapter 4

- Factorisation problem
- Given an integer of
*m*bits, find its prime factors. Factorisation by trial division is an exponential time algorithm and is hopeless for numbers of a few hundred bits. A number of special purpose methods exist, which apply if the integer to be factorised has special properties. The best current general method is known as the number field sieve. The number field sieve is a sub-exponential time algorithm. - Discrete logarithm problem
- Let g be a generator of
$\mathbb{Z}_p^*$ for a prime p. The discrete log problem over$\mathbb{Z}_p^*$ is:**given y in**$\mathbb{Z}_p^*$ find x with y =$g^x$ mod p. - Big O-notation
- placeholder
- Fermat test
*if*a number p is prime then$a^{p−1}$ mod p = 1 for all a with gcd(a, p) = 1. If we examine a number n and find that$a^{n−1}$ mod n$\neq$ 1 then we know that n is not prime.- Miller-Rabin test
- placeholder
- RSA Encryption equation
- placeholder
- RSA Decryption equation
- placeholder
- RSA Padding
- placeholder
- Prime number theorem
- placeholder
- Håstad's attack
- placeholder

## Chapter 5

- Generator of
$\mathbb{Z}_p^*$ - placeholder
- Diffie-Hellman key exchange
- placeholder
- Elgamal cryptosystem
- placeholder
- Collision resistance
- placeholder
- Second preimage resistance
- placeholder
- One-wayness
- placeholder
- Birthday paradox
- placeholder
- HMAC
- placeholder
- GCM Mode
- placeholder

## Chapter 6

- Digital signature
- placeholder
- Existential forgery
- placeholder
- Selective forgery
- placeholder
- Digital Signature Algorithm (DSA)
- placeholder
- Key predistribution
- placeholder
- Session key distribution
- placeholder
- Key agreement
- placeholder
- Needham-Schroeder protocol
- placeholder
- Kerberos
- placeholder

TODO: Scrape definitions from all exercises (currently they are just from exercise 1-6)

# Ciphers

## Symmetric cipher

(secret key cipher) encryption and decryption keys known only to sender and receiver. (DES)

## Asymmetric cipher

(public key cipher) each participant has a public key and a private key, may allow both encryption and signatures. (RSA)

## Attacks

### Ciphertext only attack

the cryptanalyst has available only the intercepted cipher text.

### Known plaintext attack

the cryptanalyst knows a small amount of plaintext and its cipher text equivalent

### Chosen plaintext attack

The cryptanalyst can obtain the cipher text equivalent of some plaintext which can be selected by the attacker, i.e the attacker has an "inside encryptor” available

### Chosen cipher text attack

The cryptanalyst can obtain the plaintext equivalent of some cipher text which can be selected by the attacker, i.e. the attacker has an “inside decryptor” available.

## Historical ciphers

- Caesar
- Substitution
- Vigenère. Caesar, but also uses a key in order to choose how many steps to shift the alphabet for each letter

## Stream ciphers

## Block ciphers

### DES

#### Triple-DES

To increase the security of DES, the algorithm may be run multiple times.
Two times would be the simplest, but is vulnerable to a *meet-in-the-middle* attack.

To counter this, three runs are needed. This is often implemented as Encrypt-Decrypt-Encrypt. This allows backwards compatibility with normal DES, by using the same key for all three steps:

While 3DES takes three keys as parameters, using it with only two keys is enough to stop the meet-in-the-middle attack, and often good enough:

Some applications, like PGP and S/MIME, still use three keys with 3DES.

### AES

Consists of four stages:

- Substitute bytes
- Uses an S-box to perform a byte-by-byte substitution of the block
- ShiftRows
- A simple permutation
- MixColumns
- A substitution that makes use of arithmetic over
$GF(2^8)$ - AddRoundKey
- A simple bitwise XOR of the current block with a portion of the expanded key

Only the `AddRoundKey`

stage makes use of the key. The other three stages provides confusion, diffusion and non-linearity, but no security in themselves.

When decrypting with AES, the inverses of the three first stages are used. The `AddRoundKey`

stage is the same, because

#### Key expansion

- Input
- 16-byte key.
- Output
- 176 bytes (44 words)

The first four words are used in the initial AddRoundKey step. The next ten word-groups are used in the ten rounds of the cipher.

### RSA

# Iterated ciphers

- Encryption process divided into
*r*similar rounds - the sub encryption functions
*g*are the same for all rounds - Each key
$K_i$ is derived from the overall master key K. The keys$K_i$ are called round keys or subkeys and are derived from K using a process called the key schedule.

## Encryption

Given a plaintext block, P, a round function g and round keys

# Pseudorandom number generation

Generated numbers should be as random as possible. This is defined by two criteria:

- Uniform distribution
- The frequency of occurence of ones and zeros should be approximately equal.
- Independence
- It should not be possible to infer a subsequence from any other.