Written by 2.5.2 Entity authentication Entity authentication is the ability to assure one communicating party – using corroborative evidence – of both the identity of a second communicating party involved, and that the second party was actually active at the time the evidence was created or acquired [117]. This authentication type is also referred to as identification. […]
1.5 Example attacks The combination of these two trends – increase in complexity and increase in connectivity – results in an attack surface explosion. The following examples shall serve to illustrate this point. 1.5.1 The Mirai botnet In late 2016, the internet was hit by a series of massive Distributed Denial-of-Service (DDoS) attacks originating from […]
2.6 Secure channels and the CIA triad So far, we have discussed three important cryptographic goals: confidentiality, integrity, and authentication. For the purposes of this book, the term secure system can be defined as a system that provides a combination of those three goals. Taken together, confidentiality, integrity, and authentication are oftentimes referred to as […]
3.1 Secret keys and Kerckhoffs’s principle Let’s assume a plaintext m is mapped onto a ciphertext c. Earlier, we formalized this situation in the equation c = fK(m). You may have wondered why there is a parameter K. In cryptography, we distinguish between the encryption algorithm f and the key K. We can think of […]
3.2 Cryptographic keys We saw in the last section that keys are extremely important because they are the only things that are supposed to be secret in a cryptosystem. But what exactly is a key? A cryptographic key K comes from a large (but finite) set 𝒦. This large set is called the key space. […]
3.2.1 One key for each task In addition to the three basic requirements, it is a good practice in cryptography to have a unique key for each unique task. As an example, if Alice and Bob first authenticate each other (entity authentication) and then use message authentication to ensure their communication is not being manipulated […]
2.5 Authentication Authentication is the ability to identify the source of the communication, both for the communicating parties and for the information itself. In other words, authentication refers to a cryptographic mechanism ensuring that the identity of communicating entities can be verified and that the source of a received message can be verified. Any two […]
3.4 Key length The key space 𝒦 is large but finite. So, in principle, it is possible to search through it completely until the correct key K has been found. Such an attack is called a brute-force attack. Whether a brute-force attack is possible within a reasonable time frame, that is, within the time span […]
3.5 Crypto-agility and information half-life Because fundamental advances in cryptanalysis cannot be reliably predicted, especially for prolonged periods of time, it is desirable to design security systems in such a way that the transition to longer keys (or stronger cryptographic mechanisms) is possible and, ideally, easy to do. This concept is called crypto-agility. It is […]
3.6 Key establishment To communicate securely, Alice and Bob need to share the secret key in advance. According to [117], Def. 1.63, ”key establishment is any process whereby a shared secret key becomes available to two or more parties for subsequent cryptographic use”. In principle, Alice and Bob might meet in person in a cafe […]