Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Exam 1 ReviewCS461/ECE422 Fall 2007Exam guidelinesA single page of supplementary notes is allowedClosed bookA calculator is allowed. (and strongly suggested for this exam)Students should show work on the exam. They can use supplementary sheets of paper if they run out of room.Students can use scratch paper if desired.Exam logisticsExam will be given in the evening (7-8:15pm) in 112 and 114 of the Transportation Buildinghttp://webtools.uiuc.edu/ricker/CampusMap?target=search&building=42Students will be split by last nameTopicsIntroductory definitionsRisk AnalysisHistorical CryptographySymmetric CryptographyPublic or Asymmetric CryptographyKey ManagementSecurity PoliciesRisk AnalysisUnderstandAssetsVulnerabilitiesThreatsRiskQualitative vs Quantitative AnalysisQuantitative identifies absolute numbers for risk probability and asset value, so can calculate risk exposure, risk leverageSecurity PolicyDefines what needs to be done, not howHow is mechanism or controlOrganizational or natural language policiesFormal policy languagesControl mechanism operationIn theory policy language could be applied to multiple types of mechanismsHistorical CiphersTranspositionN-columnar transpositionSubstitutionCaesar, vigenere, book, one-time pad, enigmaLanguage-based statistical attacksSymmetric EncryptionBlock vs stream encryptionP = b0, b1, .. bnE(P,k) = E(b0, k0) || E(b1, k1) || ....If all ki's are equal and sizeof(bi) generally > 1, E(P,k) is a block cipherDESFeistel networkCombination of p-boxes and s-boxes56 bit key and 64 bit blockSymmetric EncryptionAESIterative encryptionMultiple key sizes: 128, 192, 256Block size: 1281 S box and various permutationsBlock Encryption ModesDescribed in section 7.2.2 of the Handbook of Applied Cryptography http://www.cacr.math.uwaterloo.ca/hac/about/chap7.pdfElectronic Codebook (ECB)Cipher Block Chaining (CBC)Output Feedback (OFB)CounterCipher Feedback (CFB)11 Mode ?EkEkPi-1PiPi+1Ci-1CiCi+1Ri-112Mode ? init. vectorm1DESc1m2DESc2sentsent………13Mode ?kEk(r)r…E…mici14 Mode ?EkEkPi-1PiPi+1Ci-1CiCi+1EkCtri-1CtriCtri+1Multiple EncryptionsDouble Encryption doesn't gain muchMeet-in-the-middleBoth decrypt and encrypt with test keySave both and check against the other for middle values as you check new keysPublic/Asymmetric EncryptionTwo keysOne key public, eases some bootstrap issuesBased on “hard problems”RSA – factoring composites of large primesDiffie Hellman – computing discrete logarithmsKnow equations for RSA and DHWhat values are public and what are privateBe able to compute with calculator for small valuesDivide and Conquer exponentiationCryptographic hashesDifference from regular checksumsKeyed and keylessWhen is each appropriateBrute force attackFind another message with the same hash valueBirthday attackStandard algorithmsSHA, MD5, block ciphers in CBC modeHMAC to make keyless hash keyedKey ManagementLong lived vs session keysRandomness and pseudo randomBasic key distributionTrusted third party, public keyCertificatesHierarchical and web of trustDigital signaturesSeveral reasons why it is bad to encrypt firstKey managementKey storageKey escrowShould be integrated in to the user's crypto system, authenticated to access escrow system, time bounded message access on unescrowESS/Clipper exampleGood