aboutsummaryrefslogtreecommitdiff
path: root/en_GB/Introduction to Information Security
diff options
context:
space:
mode:
Diffstat (limited to 'en_GB/Introduction to Information Security')
-rw-r--r--en_GB/Introduction to Information Security/introduction_to_information_security.md56
1 files changed, 56 insertions, 0 deletions
diff --git a/en_GB/Introduction to Information Security/introduction_to_information_security.md b/en_GB/Introduction to Information Security/introduction_to_information_security.md
index 67dd769..0dbca95 100644
--- a/en_GB/Introduction to Information Security/introduction_to_information_security.md
+++ b/en_GB/Introduction to Information Security/introduction_to_information_security.md
@@ -95,6 +95,22 @@ As a user, you can be authenticated on the basis of
Makes dictionary attacks difficult.
- Limit number of failed password attempts
+### Challenge Response Authentication
+
+1. Authenticator knows the password.
+2. User identifies himself and requests authentication.
+3. Authenticator sends *nonce* (random, temporary number) to the user (challenge).
+4. User computes the one-way-function result of the concatenation of password and nonce, sends the result to the authenticator.
+5. Authenticator computes the same.
+6. Authenticator compares his computed value with the users computed value. If they match, authentication is successful.
+
+### HTTP Digest Authentication
+
+Same as *Challenge Response Authentication*, but the compare value is computed as:
+$$
+\text{digest} = \text{h}(\text{h}(\text{username}:\text{realm}:\text{password}):\text{nonce}:\text{h}(\text{method}:\text{digest-uri}))
+$$, $\text{h}$ being a one-way-function, $\text{:}$ being the concatenation operator.
+
### Biometrics
#### Use cases
@@ -174,6 +190,46 @@ $\text{FPIR} = (1 - \text{FTA}) \times (1 - (1 - \text{FMR})^{n})$
Using a biometric scheme with $\text{FMR} = 0.01\%$ and a database of size $\text{n} = 80000$ results in $\text{FPIR} = (1 - 0) \times (1 - (1 - 0.0001)^{80000}) = 99.97\%$.
+## Encryption
+
+### Cipher
+
+#### Block Cipher
+
+*Block Cipher* encrypts long sequences of data with the same key. Single bit errors in ciphertext cause bit errors on half of the cleartext on average.
+
+#### Stream Cipher
+
+*Stream cipher* encrypts short sequences of data with a changing key per sequence, coming from a *key stream*, generated by a *key generator*.
+Security of ciphertext depends on the security of the *key generator*. Single bit errors in ciphertext cause single bit errors in cleartext.
+This is commonly used in noisy channels.
+
+### Public Key Encryption
+
+*A* encrypts message with public key of *B* (publicly available via *Public Key Infrastructure* (PKI)).
+This message is only decryptable with the private key of *B* (only available to *B*).
+Public keys need to be bound to the actual receiver! You have to make sure the public key you have is actually the key of the receiver
+and not somebody you think is the receiver (receiving machine being used by many users, spoofing).
+
+### Message Authentication Codes (MAC)
+
+*Message Authentication Codes* are used to verify the integrity of a message (proof, that the message has not been modified between sender and receiver).
+
+1. Sender and receiver share a common secret key *k*.
+2. Sender computes $\text{MAC}_\text{sent} = \text{h}(\text{k}, \text{x})$, *h* being a one-way-function, *x* being the message.
+3. Sender sends message *x* with $\text{MAC}_\text{sent}$.
+4. Receiver receives the message and $\text{MAC}_\text{sent}$ and $\text{MAC}_\text{received} = \text{h}(\text{k}, \text{x'})$ with *x'* being the received message.
+5. Receiver compares $\text{MAC}_\text{sent}$ and $\text{MAC}_\text{received}$. If they match, the message is considered not modified.
+
+### Digital Signatures
+
+*Digital Signatures* are used to verify the integrity of a message, same as *MAC*.
+Compared to *MAC*, it does not rely on shared secret keys. Instead, it uses *Private Key* for signing, and *Public Key* to verify.
+
+1. Sender computes $\text{sig} = \text{h}(\text{private}, \text{message})$.
+2. Sender sends message and appends signature $\text{sig}$.
+3. Receiver verifies signature $\text{sig}$ using *Public Key* of the sender.
+
## Threat scenarios
No security issues without threat models! E.g. a password is considered safe without any provided threat model.