Unit 3 Information Theory for Cybersecurity Notes | HTCS401 Notes | Aktu Notes
Information-Theoretic Security and Cryptography
- Information-theoretic security focuses on the fundamental limits of secure communication and cryptography.
- It aims to achieve provable security against all possible computational attacks, not just those known today.
Example:
- One-time pads achieve information-theoretic security by using a key that is as long as the message itself, making it impossible for an adversary to extract any information from the ciphertext without the key.
Basic Introduction to Diffie-Hellman
- Diffie-Hellman key exchange is a cryptographic protocol that allows two parties to securely exchange a secret key over a public channel.
Steps:
1. Initialization: Both parties agree on public parameters, including a prime number \( p \) and a base \( g \).
2. Key Generation:
- Each party generates a private key \( a \) (for party A) or \( b \) (for party B).
- They compute their public keys as \( A = g^a \mod p \) and \( B = g^b \mod p \).
3. Key Exchange:
- Party A sends \( A \) to party B, and party B sends \( B \) to party A.
- They compute the shared secret key as \( K = A^b \mod p \) (computed by party A) or \( K = B^a \mod p \) (computed by party B).
Example:
Alice and Bob use Diffie-Hellman to agree on a shared secret key to encrypt their messages over an insecure network without directly exchanging the key.
AES (Advanced Encryption Standard)
- AES is a symmetric encryption algorithm widely used to secure sensitive data.
- It operates on fixed-size blocks of data (128 bits) and supports key sizes of 128, 192, or 256 bits.
Process:
1. SubBytes: Non-linear substitution step where each byte in the block is replaced with another according to a lookup table.
2. ShiftRows: Permutation step where rows of the block are shifted cyclically.
3. MixColumns: Transformation step where each column of the block is mixed with the others.
4. AddRoundKey: XOR operation with a round key derived from the encryption key.
Example:
Encrypting a file using AES-256 ensures that only authorized parties with the correct key can decrypt and access its contents, protecting confidentiality.
Side-Channel Attacks
- Side-channel attacks exploit unintended information leakage from physical implementations of cryptographic systems.
- They analyze power consumption, timing variations, or electromagnetic emissions to extract sensitive information.
Examples:
- Timing attacks measure the time taken to perform cryptographic operations and infer information about secret keys.
- Power analysis attacks monitor power consumption patterns to deduce cryptographic keys used in smart cards or hardware security modules.
These notes provide a foundational understanding of information-theoretic security, cryptographic protocols like Diffie-Hellman key exchange, the AES encryption standard, and vulnerabilities posed by side-channel attacks in cybersecurity. Understanding these concepts is crucial for designing and implementing secure communication systems and protocols.
No comments:
Post a Comment