Unit 3 | HTCS401 Notes | Information Theory for Cybersecurity Notes | Aktu Notes

Unit 3 Information Theory for Cybersecurity Notes | HTCS401 Notes | Aktu Notes

Information-Theoretic Security and Cryptography

- Information-theoretic security focuses on the fundamental limits of secure communication and cryptography.

- It aims to achieve provable security against all possible computational attacks, not just those known today.

Example:

- One-time pads achieve information-theoretic security by using a key that is as long as the message itself, making it impossible for an adversary to extract any information from the ciphertext without the key.

Basic Introduction to Diffie-Hellman

- Diffie-Hellman key exchange is a cryptographic protocol that allows two parties to securely exchange a secret key over a public channel.

  

Steps:

1. Initialization: Both parties agree on public parameters, including a prime number \( p \) and a base \( g \).

2. Key Generation:

     - Each party generates a private key \( a \) (for party A) or \( b \) (for party B).

     - They compute their public keys as \( A = g^a \mod p \) and \( B = g^b \mod p \).

3. Key Exchange:

     - Party A sends \( A \) to party B, and party B sends \( B \) to party A.

     - They compute the shared secret key as \( K = A^b \mod p \) (computed by party A) or \( K = B^a \mod p \) (computed by party B).

Example:

Alice and Bob use Diffie-Hellman to agree on a shared secret key to encrypt their messages over an insecure network without directly exchanging the key.

AES (Advanced Encryption Standard)

- AES is a symmetric encryption algorithm widely used to secure sensitive data.

- It operates on fixed-size blocks of data (128 bits) and supports key sizes of 128, 192, or 256 bits.

Process:

1. SubBytes: Non-linear substitution step where each byte in the block is replaced with another according to a lookup table.

2. ShiftRows: Permutation step where rows of the block are shifted cyclically.

3. MixColumns: Transformation step where each column of the block is mixed with the others.

4. AddRoundKey: XOR operation with a round key derived from the encryption key.

Example:

Encrypting a file using AES-256 ensures that only authorized parties with the correct key can decrypt and access its contents, protecting confidentiality.

Side-Channel Attacks

- Side-channel attacks exploit unintended information leakage from physical implementations of cryptographic systems.

- They analyze power consumption, timing variations, or electromagnetic emissions to extract sensitive information.

Examples:

- Timing attacks measure the time taken to perform cryptographic operations and infer information about secret keys.

- Power analysis attacks monitor power consumption patterns to deduce cryptographic keys used in smart cards or hardware security modules.

These notes provide a foundational understanding of information-theoretic security, cryptographic protocols like Diffie-Hellman key exchange, the AES encryption standard, and vulnerabilities posed by side-channel attacks in cybersecurity. Understanding these concepts is crucial for designing and implementing secure communication systems and protocols.