IAO 201c file tong - iao thi fe pe
Internet Assurance Online (Trường Đại học FPT)
Scan to open on Studocu
Studocu is not sponsored or endorsed by any college or university
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
- The operation of Schema 1:
+ First, a secret key K and a seed value S are generated and shared between the
sender and receiver.
+ The sender computes the hash value of the plaintext message M using a hash
function H, i.e., H(M).
+ The sender then encrypts the hash value using a symmetric encryption scheme
with the secret key K and seed value S, i.e., E(K,S)(H(M)).
+ The sender appends the encrypted hash value to the plaintext message to form the
authenticated message, i.e., M || E(K,S)(H(M)).
+ The authenticated message is sent to the receiver.
+ Upon receiving the authenticated message, the receiver separates the plaintext
message and the encrypted hash value.
+ The receiver decrypts the encrypted hash value using the same secret key K and
seed value S used by the sender, i.e., D(K,S)(E(K,S)(H(M))) = H(M).
+ The receiver computes the hash value of the plaintext message M using the same
hash function H, i.e., H(M).
+ The receiver compares the computed hash value with the decrypted hash value. If
the two values match, then the message is authenticated; otherwise, it is not.
- The advantages of Schema 1:
+ It provides message authentication that detects any unauthorized modifications to
the plaintext message, such as insertion, deletion, or substitution of data.
+ It uses a hash function to generate a fixed-size message digest, which makes the
authentication code compact and efÏcient to compute.
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
+ It uses a symmetric encryption scheme, which is faster than public-key encryption
schemes and suitable for messages that require fast processing.
- The disadvantages of Schema 1:
+ It relies on a shared secret key between the sender and receiver, which must be
securely distributed to prevent an attacker from generating a valid MAC (message
authentication code).
+ It is vulnerable to key compromise attacks, where an attacker can obtain the secret
key by compromising either the sender or the receiver's system.
+ It does not provide non-repudiation, which means that the sender can deny having
sent the message since the same secret key is used for both encryption and
decryption.
- The operation of Schema 2:
+ The received message and MAC are split into ciphertext and seed value.
+ The seed value is used to regenerate the secret key K.
+ The ciphertext is decrypted using the secret key K to produce the message digest.
+ The received message is hashed using the same hash function H to generate a
message digest.
+ The message digests are compared, and if they match, the message is considered
authentic and has not been tampered with during transmission.
- The advantages:
+ Provides both integrity and authenticity of the message.
+ The secret key is shared between the sender and receiver, making it more secure
than a hash-only scheme.
+ The use of encryption makes it more difÏcult for an attacker to manipulate the
message without being detected.
- The disadvantages:
+ The use of encryption adds computational overhead, making it slower than a hashonly scheme.
+ The key and seed values must be securely distributed and managed to prevent an
attacker from compromising the system.
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
- The operation of Schema 3:
+ The plaintext message M is hashed using a hash function H.
+ The resulting hash value is encrypted using a symmetric encryption algorithm with
a secret key K.
+ The encrypted hash value is sent along with the plaintext message to the receiver.
+ The receiver decrypts the encrypted hash value using the same secret key K.
+ The receiver then hashes the plaintext message M using the same hash function H.
+ The receiver compares the decrypted hash value with the newly calculated hash
value. If they are the same, the message is authenticated.
- The advantages:
+ Provides strong message authentication as the hash value is encrypted with a
secret key, which ensures that only authorized parties can verify the integrity of the
message.
+ The use of a hash function provides a way to verify that the message has not been
tampered with during transmission.
- The disadvantages:
+ Requires the use of a secret key, which must be securely shared between the
sender and receiver.
+ This schema does not provide confidentiality because the plaintext message is sent
in the clear along with the ciphertext hash value.
1.2:
- The operation for my schema:
+ Sender encrypts the plaintext message with a symmetric key encryption algorithm
using a shared secret key.
+ Sender computes the HMAC of the encrypted message using a hash function and a
secret key known only to the sender and receiver.
+ Sender sends both the encrypted message and the HMAC to the receiver.
+ Receiver decrypts the encrypted message using the shared secret key.
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
+ Receiver computes the HMAC of the decrypted message using the same hash
function and secret key as the sender.
+ Receiver compares the computed HMAC with the received HMAC. If they match, the
message is considered authentic and not tampered with.
- Advantages:
+ The combination of symmetric-key encryption and HMAC provides both
confidentiality and authenticity of the message, ensuring that the message is not only
private but also comes from a trusted sender.
+ HMAC provides message integrity, ensuring that the message has not been
tampered with during transmission.
+ Symmetric-key encryption is faster and more efÏcient than asymmetric-key
encryption, making it suitable for real-time communication.
- Disadvantages:
+ The shared secret key must be kept secure, which can be a challenge in some
situations.
+ The symmetric key encryption algorithm is vulnerable to attacks such as brute-force
attacks, so the secret key must be strong enough to withstand such attacks.
+ The sender and receiver must agree on the hash function and secret key used for
HMAC.
2.1:
b) PB
- Alice should use Bob's public key to encrypt the message. This is because Bob's
public key is known to everyone and can be used by Alice to encrypt the message in a
way that only Bob, who has the corresponding private key, can decrypt and read the
message. This ensures that the message is kept confidential and secure from any
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
external entity on the internet. By encrypting the message with PB requires decryption
with SB, which only Bob possesses.
So to find the perfect key for Alice to send an encrypted message to Bob, by
encrypting the data and passing it on to the receiver, the correct answer is public key
of Bob: Alice performs the transfer { m } to Bob by PB -> Bob has SB -> decrypt { m }
succeeds -> only Bob can read what is contained.
- Using Alice's private key to encrypt the message would not be secure, as Alice's
private key is not known to anyone except Alice, and any external entity on the
internet could potentially intercept and decrypt the message if they were able to
obtain Alice's private key.
- Using Bob's private key to encrypt the message would not provide confidentiality, as
Bob's private key is known only to Bob and anyone who has access to it, and the
message could potentially be decrypted by someone other than Bob.
2.2:
Box 1: SA, Box 2: PB
- In the DifÏe-Hellman Key Exchange, Alice and Bob agree on a shared secret key that
can be used for encryption and decryption of their messages. In order to achieve
authentication and secrecy, Alice can use a combination of both the public and private
keys.
- Specifically, Alice should use her private key for generating the shared secret key
during the key exchange process with Bob, and then use Bob's public key for
encrypting the message. Bob will then use his private key to decrypt the message, and
can use Alice's public key to verify the authenticity of the message.
- Therefore, Alice would best use her private key for the key exchange, and Bob's
public key for encrypting the message. This approach provides both authentication and
secrecy, as only Bob can decrypt the message with his private key, and he can verify
that the message was indeed sent by Alice using her public key.
- By encrypting the message with SA and then PB, Alice ensures digital signature and
then secrecy. Bob would decrypt with SB and then PA.
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
Box 1: SA attaches signature -> verify is Alice
Box 2: PB encrypts data -> people who catch data along the way will not be able to
use it
=> Encrypted data that includes authentication and secrecy
- So Alice will choose (SA) in Box 1 and (PB) in Box 2 to be able to establish a shared
secret key with Bob. The result of the DifÏe-Hellman key exchange will generate a
secret public key between Alice and Bob to encrypt and decrypt the message.
C) SA
If Alice wants to send a message to Bob with a signature to authenticate her identity,
she will use her private key (SA) to sign the message.
1. **Signing the Message**: Alice wants to send a message to Bob and authenticate
her identity. To do this, she uses her **private key (SA)** to sign the message. The
digital signature is created by applying a cryptographic algorithm to the message and
her private key. This process ensures that the signature is unique to the combination of
the message and Alice's private key.
2. **Verification by Bob**: When Bob receives the message, he can use Alice's **public
key (PB)** to verify the digital signature. If the verification is successful, it confirms two
important things:
- The message has not been altered since Alice signed it. If the message were
modified in any way, the signature would not match.
- The message indeed originated from someone who possesses the private key
corresponding to the public key used for verification (Alice's private key in this case).
3. **Protection of Private Key**: Alice's private key (SA) is crucial to the security of this
process. It must be kept confidential and not shared with anyone. It's the possession of
this private key that allows Alice to create a unique signature that only she can
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
generate. If her private key were compromised, an attacker could forge messages and
pretend to be Alice.
By using the private key (SA) to sign the message, Alice ensures the authenticity and
integrity of the message. Bob, by verifying the signature using Alice's public key, can
be confident that the message did indeed come from Alice, provided that her private
key is adequately protected. This process is fundamental in establishing trust and
authenticity in digital communication.
a) The public key of Amazon.com
According to the DifÏe-Hellman Key Exchange, we can understand the following. When
two parties exchange data, each party generates its own private (The secret key of
Amazon.com & The secret key of CA) and public key (The public key of Amazon.com &
The public key of CA). The private key is kept secret, while the public key is shared with
the other party. Therefore, “The certificate issued by the CA to Amazon.com will be
encrypted with the CA's private key and will include the Amazon.com public key(The
public key of Amazon.com)”.
The certificate will include the public key of Amazon.com so that customers can
request it and decrypt using the CA’s public key to then obtain the Amazon.com public
key which would then be used to encrypt credit card information via the SSL protocol.
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
Cipher text: MWA-PH: Kv fvb ilsplcl pu yhukvtulzz?
Plaint text: F**-**: ** *** ******* ** **********?
A
1
B
2
C
3
D
4
E
5
F
6
G
7
H
8
I
9
J
1
0
K
1
1
L
1
2
M
1
3
N
1
4
O
1
5
P
1
6
Q
1
7
R
1
8
S
1
9
-
We have M = 13 and F = 6
So we can Decryt cipher text with a shift of 7. (13-6)
o M: D(M) = 13-7 Mod 26 = 6 -> F
o W: D(W) = 23-7 Mod 26 = 16 -> P
o A: D(A) = 1-7 Mod 26 = 20 -> T
o P: D(P) = 16-7 Mod 26 = 9 -> I
o H: D(H) = 8-7 Mod 26 = 1 -> A
o K: D(K) = 11-7 Mod 26 = 4 -> D
o v: D(v) = 22-7 Mod 26 = 15 -> o
o f: D(f)
= 6-7 Mod 26 = 25 -> y
o v: D(v) = 22-7 Mod 26 = 15 -> o
o b: D(b) = 2-7 Mod 26 = 21 -> u
o i: D(i)
= 9-7 Mod 26 = 2 -> b
o l: D(l)
= 12-7 Mod 26 = 5 -> e
o s: D(s)
= 19-7 Mod 26 = 12 -> l
o p: D(p) = 16-7 Mod 26 = 9 -> i
o l: D(l)
= 12-7 Mod 26 = 5 -> e
o c: D(c)
= 3-7 Mod 26 = 22 -> v
o l: D(l)
= 12-7 Mod 26 = 5 -> e
o p: D(p) = 16-7 Mod 26 = 9 -> i
o u: D(u)
= 21-7 Mod 26 = 14 -> n
o y: D(y)
= 25-7 Mod 26 = 18 -> r
o h: D(h)
= 8-7 Mod 26 = 1 -> a
o u: D(u)
= 21-7 Mod 26 = 14 -> n
o k: D(k)
= 11-7 Mod 26 = 4 -> d
o v: D(v)
= 22-7 Mod 26 = 15 -> o
o t: D(t)
= 20-7 Mod 26 = 13 -> m
o u: D(u) = 21-7 Mod 26 = 14 -> n
o l: D(l)
= 12-7 Mod 26 = 5 -> e
T
2
0
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
U
2
1
V
2
2
W
2
3
X
2
4
Y
2
5
Z
2
6
o z: D(z) = 26-7 Mod 26 = 19 -> s
o z: D(z) = 26-7 Mod 26 = 19 -> s
⇨ Finally we have:
FPT-IA: Do you believe in randomness?
Sự khác nhau giữa mã hóa đối xứng và mã hóa bất đối xứng
Symmetric encryption and asymmetric encryption are two fundamental techniques
used to secure data and communications. They differ in terms of the way keys are
used, the complexity of operations, and their applications. Let's compare these two
encryption methods:
**1. Key Usage:**
- **Symmetric Encryption:**
- Uses a single secret key for both encryption and decryption.
- Both parties involved in communication must have access to the same key.
- Key distribution and management can be challenging, especially in large networks.
- **Asymmetric Encryption:**
- Uses a pair of keys: a public key for encryption and a private key for decryption.
- The public key can be openly shared, while the private key must be kept secret.
- Eliminates the need for secure key distribution, making it suitable for various
scenarios.
**2. Security:**
- **Symmetric Encryption:**
- Faster and more efÏcient than asymmetric encryption for data encryption and
decryption.
- Vulnerable to key distribution issues, as securely sharing the key can be difÏcult.
- If the key is compromised, all data encrypted with that key is at risk.
- **Asymmetric Encryption:**
- More secure for key distribution as the private key never leaves the owner's
possession.
- Slower and computationally more intensive than symmetric encryption.
- Offers a higher level of security, especially for secure data exchange and
authentication.
**3. Use Cases:**
- **Symmetric Encryption:**
- Typically used for encrypting large volumes of data due to its speed.
- Suitable for scenarios where key distribution is managed securely, such as within a
closed network.
- **Asymmetric Encryption:**
- Primarily used for secure communication, data exchange, and authentication.
- Enables secure establishment of shared secret keys between parties who have
never communicated before.
**4. Performance:**
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
- **Symmetric Encryption:**
- Faster and requires less computational resources, making it ideal for bulk data
encryption.
- **Asymmetric Encryption:**
- Slower due to the complexity of mathematical operations involved.
- Used mainly for exchanging session keys or securing critical communications.
**5. Key Management:**
- **Symmetric Encryption:**
- Requires careful management of shared keys to ensure security.
- Changing keys regularly is important to maintain security.
- **Asymmetric Encryption:**
- Easier key management since private keys are never shared.
- Keys don't need to be changed as frequently.
**6. Hybrid Approaches:**
- In many real-world scenarios, hybrid encryption is used, combining the strengths of
both symmetric and asymmetric encryption. For example, asymmetric encryption is
used for secure key exchange, and then a symmetric key is used for the actual data
encryption to achieve better performance.
In summary, symmetric encryption is faster and more efÏcient but requires secure key
distribution, while asymmetric encryption offers better security and eliminates key
distribution issues but is computationally more demanding. The choice between these
methods depends on the specific security requirements and use cases of the
application.
From a service perspective, an important difference between a symmetric-key system
and a public-key system is the way key management is handled:
In a **symmetric-key system**:
- Both parties communicating need to share the same secret key.
- The challenge lies in securely distributing and managing the secret key between the
communicating parties.
- If the secret key is compromised, all encrypted data is vulnerable.
- Changing the secret key frequently is essential to maintain security.
- Key management becomes more complex as the number of parties involved
increases.
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)
In a **public-key system**:
- Each user has a pair of keys: a public key and a private key.
- The public key is openly available and can be shared with anyone.
- The private key is kept secret and never shared.
- Key distribution is simplified, as parties can freely share their public keys.
- Users can encrypt data using the recipient's public key, and only the recipient with
the corresponding private key can decrypt it.
- Public-key systems are more suitable for scenarios involving secure communication
and digital signatures.
In summary, the key management process is a significant service-related difference
between symmetric-key and public-key systems. Public-key systems offer a more
convenient way to share encryption capabilities without the need to share the private
key, while symmetric-key systems require secure key distribution and management to
maintain security.
Downloaded by C??ng Ph?m (phamduccuong2911@gmail.com)