Notes for October 25, 1999

1. Greetings and Felicitations!
   1. Bibliography: I'll have copies made for Monday or Wednesday of next week
   2. Program hints: see newsgroup. Should I extend homework due date to Wednesday?
2. Puzzle of the Day
3. Specification Detection
   1. Look for violations of specifications
   2. Basis: need a representation of specifications
   3. Issues: similar to misuse detection
   4. Advantage: can detect attacks you don't know about.
4. Cryptography
   1. Ciphers v. Codes
   2. Attacks: ciphertext-only, known plaintext, known ciphertext
5. Classical
   1. monoalphabetic (simple substitution): f(a) = (a + k) mod n
   2. example: Cæsar with k = 3, RENAISSANCE -> UHQDLVVDQFH
   3. polyalphabetic: Vigenère, f_i(a) = (a + k_i) mod n
   4. cryptanalysis: first do index of coincidence to see if it's monoalphabetic or polyalphabetic, then Kasiski method.
   5. problem: eliminate periodicity of key
6. Long key generation
   1. Running-key cipher: M=THETREASUREISBURIED; K=THESECONDCIPHERISAN; C=MOILVGOFXTMXZFLZAEQ; wedge is that (plaintext,key) letter pairs are not random (T/T, H/H, E/E, T/S, R/E, A/O, S/N, etc.)
   2. Enigma/rotor systems; wheels, 3 rotors and a reflecting one. Go through it; UNIX uses this for crypt(1) command.
   3. Perfect secrecy: when the probability of computing the plaintext message is the same whether or not you have the ciphertext
   4. Only cipher with perfect secrecy: one-time pads; C=AZPR; is that DOIT or DONT?
7. DES
   1. Go through the algorithm
8. Public-Key Cryptography
   1. Basic idea: 2 keys, one private, one public
   2. Cryptosystem must satisfy:
      1. given public key, CI to get private key;
      2. cipher withstands chosen plaintext attack;
      3. encryption, decryption computationally feasible [note: commutativity not required]
   3. Benefits: can give confidentiality or authentiction or both
9. Use of PKC
   1. Normally used as key interchange system to exchange secret keys (cheap)
   2. Then use secret key system (too expensive to use PKC for this)