Written by 1.1 Evolution of cryptography Over the past four decades or so, cryptography has evolved from an exotic field known to a select few into a fundamental skill for the design and operation of modern IT systems. Today, nearly every modern product, from the bank card in your pocket to the server farm running your favorite […]
1.3 Increasing connectivity Connectivity allows designers to add novel, unique features to their products and enables new business models with huge revenue potential that simply would not exist without it. At the same time, connectivity makes it much harder to build secure systems. Similar to Ferguson and Schneier’s argument on security implications of complexity, one […]
2.1 Technical requirements This chapter introduces basic definitions, design principles, and goals and therefore requires no specific software or hardware. 2.2 Preliminaries The fundamental objective of cryptography and computer security in general is to enable two persons, let’s call them Alice and Bob, to communicate over an insecure channel so that an opponent, commonly called […]
2.5.2 Entity authentication Entity authentication is the ability to assure one communicating party – using corroborative evidence – of both the identity of a second communicating party involved, and that the second party was actually active at the time the evidence was created or acquired [117]. This authentication type is also referred to as identification. […]
1.5 Example attacks The combination of these two trends – increase in complexity and increase in connectivity – results in an attack surface explosion. The following examples shall serve to illustrate this point. 1.5.1 The Mirai botnet In late 2016, the internet was hit by a series of massive Distributed Denial-of-Service (DDoS) attacks originating from […]
2.6 Secure channels and the CIA triad So far, we have discussed three important cryptographic goals: confidentiality, integrity, and authentication. For the purposes of this book, the term secure system can be defined as a system that provides a combination of those three goals. Taken together, confidentiality, integrity, and authentication are oftentimes referred to as […]
2.5 Authentication Authentication is the ability to identify the source of the communication, both for the communicating parties and for the information itself. In other words, authentication refers to a cryptographic mechanism ensuring that the identity of communicating entities can be verified and that the source of a received message can be verified. Any two […]
3.4 Key length The key space 𝒦 is large but finite. So, in principle, it is possible to search through it completely until the correct key K has been found. Such an attack is called a brute-force attack. Whether a brute-force attack is possible within a reasonable time frame, that is, within the time span […]
3.5 Crypto-agility and information half-life Because fundamental advances in cryptanalysis cannot be reliably predicted, especially for prolonged periods of time, it is desirable to design security systems in such a way that the transition to longer keys (or stronger cryptographic mechanisms) is possible and, ideally, easy to do. This concept is called crypto-agility. It is […]
3.7.2 Entropy in cryptography So, why is entropy so fundamental to cryptography? If the source used to generate secrets (or unique values used in cryptographic protocols) has a poor entropy, the number of values that can be possibly drawn from that source will be limited, and some values will be (much) more likely than others. […]