Chapter 7

7.1 History, definitions and concepts of Cryptography

Start around 2000 B.C.in Egypt:"atbash" ("security" is encrypted into "hvxfurgb")

Cryptography: plain-text ==> encryption ==> cipher-text ==> decryption ==> plaint-text

Cryptography-system includes software, protocols, algorithms,and keys at least.

Services of Cryptography-system: confidentiality, integrity, authentication, authorization, and non-repudiation.


7.2 Ciphers and encryption methods

Ciphers: One-time pad (message + one-time key = cipher text), running key cipher (has long running key), concealment cipher (hides a secret message in open message), transposition (shifts values), Caesar cipher (shifts 3 values)

Encryption: Symmetric (same key both side) and asymmetric (different key, one is public and other one is private); block cipher (encrypts one piece of date at a time) and stream cipher (using key-team); hybrid (mix above methods)



7.3 Types of symmetric and asymmetric systems

Symmetric: DES (65-bit true key, 64-bit block, and 16 round computation), ECB (64-bit data block is entered into algorithm with key), CBC (cipher block chaining), CFB (Cipher feedback mode), OFB (output feedback mode), CTR (counter mode), Tripe-DES (3 keys, 48 round computation, double-DES security =  DES security), AES (128-bit block sizes and various key lengths), IDEA (128-bit key and 64-bit block sizes, international), RC4~6.

Asymmetric: Diffie-Hellman(first, based upon logarithms in finite fields);RSA, El Gamal, Elliptic curve ecosystem, Knapsack


7.4 Internet security and attacks

Online transaction: 1. customers online shopping 2. customers completes order form 3. order summary sent to customers 4. customer reviews order and submits 5. credit card information is sent to merchant bank through payment gateway 6. merchant bank sends credit card info to customer bank through payment gateway 7.customer bank verifies credit card and clears request 8. customer bank verifies credit card and clears request 9. notification of order is sent to merchant 10. customer receives confirmation of order.

HTTPS: combination of HTTP and SSL\TLS that use to secure internet connections and e-commerce standard developed.

coolie: protect web information

IPSec: protect IP

Attacks: passive, active, cipher-text-only, known-plain-text, chosen-plain-text, chosen-cipher-text, side-channel, replay, algebraic, analytic, statistical, social engineering, meet-in-the-middle.