Lecture 3: 25th September 2019 Flashcards
Crypto hashes & PKI
What are cryptographic hashes?
A mathematical function or algorithm which takes an input of arbitrary size and returns an output (digest) of a fixed size. It is used to implement mechanisms that transform communications to make them hard to decipher to aid confidentiality and privacy.
What are the properties of cryptographic hashes?
pre-image resistance: can’t easily find an input that produces a given output
weak collision resistance: given one (fixed) input and its hash, can’t easily find another input that gives the same hash
strong collision resistance: can’t find any (variable) pair of inputs that give the same hash
What are one-way hash functions?
A mathematical function or algorithm which takes an input of arbitrary size and returns an output (digest) of a fixed size for which it is hard to find an input for a given output, nor an input whose hash is the same as another given input (pre-image resistance and weak collision resistance).
What is a message authentication code?
A short piece of data attached to messages to authenticate them generated from a keyed hash function using the message data and a symmetric key known to the sender and receiver.
How are message authentication codes made?
A keyed hash function combines the message data with a symmetric key known to the sender and receiver to generate a MAC.
What is the Digital Signature Algorithm?
A mathematical process that generates public and private keys with prime numbers and modular arithmetic to facilitate the use of digital signatures.
How does the Digital Signature Algorithm work?
Make keys:
Choose two primes, p (large) and q and choose a random number x between 0 and q. Let g be the result of a math equation on p and q. Let y = (g ^ x) mod p.
private key is {p, q, g, x} and public key is {p, q, g, y}
Then to sign a message:
Take a hash function H (often one of the SHA series) Let h = the hash of the message Choose random k, 0 < k < q Compute r = ((g ^ k) mod p) mod q Compute i such that k ∗ i mod q = 1 Compute s = i ∗ (h + r ∗ x) mod q = 1 Package the signature as {r,s}
What is a certificate?
A digital code generated using public-key encryption and a one-way hash function that is authenticated by a trusted third party or certificate authority to verify a message’s integrity and authenticate the sender’s claimed identity.
What is a certificate aka?
Certificates are aka digital signatures.
What are certificates made from?
Certificates are formed from the digest of a message through a hash function (integrity) encrypted by the sender’s private encryption key (authenticity), along with a label to show the claimed identity of the sender.
What is a digital fingerprint?
The output of a one-way fingerprinting (hash) function applied to a message used to verify the integrity of the message.
How do digital signatures work? Give the concept, not the algorithm.
The digital fingerprint (hash digest) is encrypted with the sender’s private key to form the digital signature and sent with message. The receiver uses the sender’s public key to decrypt to find the digital fingerprint. The receiver then independently hash the original message themselves. Authenticity and integrity verified iff the two hash digests are the same.
Confidentiality can also be added. The sender can generate a random key and use it to encrypt the message. They can then encrypt the key with the receiver’s public key and send it with the message. The receiver can decrypt the key with their private key to view the original message and perform the same above integrity and authenticity verification checks.
What do digital signatures, message digests, and cryptographic protocols give in terms of the original aims of security?
A digital signature gives authenticity
A message digest gives integrity
Cryptographic protocols give confidentiality
What is PGP?
Pretty Good Privacy is a protocol and set of software that uses encryption for privacy and authentication based on validity assessed by the trust in another party, which propagates in a web and increases for users over time, without relying on any certificate authorities.
How does PGP work?
Users sign documents with their keys. Trust networks built up, with users trusting those who they trust also trust. Users go through the multiple levels of trust over time as their trust is established.