Mark Stamp - Information Security
Здесь есть возможность читать онлайн «Mark Stamp - Information Security» — ознакомительный отрывок электронной книги совершенно бесплатно, а после прочтения отрывка купить полную версию. В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Жанр: unrecognised, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.
- Название:Information Security
- Автор:
- Жанр:
- Год:неизвестен
- ISBN:нет данных
- Рейтинг книги:3 / 5. Голосов: 1
-
Избранное:Добавить в избранное
- Отзывы:
-
Ваша оценка:
- 60
- 1
- 2
- 3
- 4
- 5
Information Security: краткое содержание, описание и аннотация
Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Information Security»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.
Provides systematic guidance on meeting the information security challenges of the 21st century, featuring newly revised material throughout Information Security: Principles and Practice
Information Security
Information Security: Principles and Practice, Third Edition
Information Security — читать онлайн ознакомительный отрывок
Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Information Security», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.
Интервал:
Закладка:
Trudyś chances of success might improve if she has access to known plaintext. That is, it could be to Trudyś advantage if she knows some of the plaintext and observes the corresponding ciphertext. These matched plaintext‐ciphertext pairs might provide information about the key. Itś often the case that Trudy has access to (or can guess) some of the plaintext. For example, many kinds of data include stereotypical headers (email being a good example). If such data is encrypted, the attacker can likely guess some of the plaintext that corresponds to some of the ciphertext.
Surprisingly often, Trudy can actually choose the plaintext to be encrypted and see the corresponding ciphertext. Such a scenario is known as a chosen plaintext attack. How is it possible for Trudy to choose the plaintext? Weĺl see that some security protocols encrypt anything that is sent and return the corresponding ciphertext. Itś also possible that Trudy could have limited access to a cryptosystem, allowing her to encrypt plaintext of her choice. For example, Alice might forget to log out of her computer when she takes her lunch break. Trudy could then encrypt some selected messages before Alice returns. This type of “lunchtime attack″ takes many forms.
Potentially more advantageous for the attacker is an adaptively chosen plaintext attack. In this scenario, Trudy chooses the plaintext, views the resulting ciphertext, and chooses the next plaintext based on the observed ciphertext. In some cases, this can make Trudyś job significantly easier.
Related key attacks are also relevant in some applications. The idea here is to look for a weakness in the system when the keys are related in some special way.
There are other types of attacks that cryptographers occasionally worry about—mostly when they feel the need to publish another academic paper. In any case, a cipher can only be considered secure if no potentially useful shortcut attack is known.
Finally, there is one particular attack scenario that applies to public key cryptography, but not the symmetric key case. Suppose Trudy intercepts a ciphertext that was encrypted with Aliceś public key. If Trudy suspects that the plaintext message was either “yes″ or “no,″ then she can encrypt both of these putative plaintexts with Aliceś public key. If either matches the ciphertext, then the message has been broken. This is known as a forward search. Although a forward search attack is not applicable to symmetric ciphers, weĺl see that this approach can be used to attack hash functions in some applications.
We've previously seen that the size of the keyspace must be large enough to prevent an attacker from trying all possible keys. The forward search attack implies that in public key crypto, we must also ensure that the size of the plaintext message space is large enough so that the attacker cannot simply encrypt all possible plaintext messages. As weĺl see in Chapter 4, this is easy to achieve in practice.
2.8 Summary
In this chapter we covered several classic cryptosystems, including the simple substitution, the double transposition, codebooks, and the one‐time pad. Each of these illustrates some important points that weĺl return to again in later chapters. We also discussed some elementary aspects of cryptography and cryptanalysis.
In the next chapter weĺl turn our attention to modern symmetric key ciphers. Subsequent chapters cover public key cryptography, and hash functions. Cryptography will appear again in later parts of the book. In particular, crypto is a crucial ingredient in security protocols. Contrary to some author's misguided efforts, the fact is that thereś no avoiding cryptography in information security.
2.9 Problems
1 In the field of information security, Kerckhoff's principle is like motherhood and apple pie, all rolled up into one.Define Kerckhoff's principle in the context of cryptography.Give a real‐world example where Kerckhoff's principle has been violated. Did this cause any security problems?Kerckhoff's principle is sometimes applied more broadly than its strict cryptographic definition. Give a definition of Kerckhoff's principle that could apply more generally.
2 Edgar Allan Poeś 1843 short story, “The Gold Bug,″ features a cryptanalytic attack.What type of cipher is broken and how?What happens as a result of this cryptanalytic success?
3 Given that the Caesarś cipher was used, find the plaintext that corresponds to the ciphertext
4 Find the plaintext and the key, given the ciphertextHint: The message was encrypted with a simple substitution, where the key is a shift of the alphabet.
5 Suppose that we have a computer that can test keys each second.What is the expected time (in years) to find a key by exhaustive search if the keyspace is of size ?What is the expected time (in years) to find a key by exhaustive search if the keyspace is of size ?What is the expected time (in years) to find a key by exhaustive search if the keyspace is of size ?
6 The weak ciphers used during the election of 1876 employed a fixed permutation of the words for a given length sentence. To see that this is weak, find the permutation of that was used to produce the scrambled sentences below, where “San Francisco″ is treated as a single word:first try try if you and don't again at succeedonly you you you as believe old are are aswinter was in the I summer ever San Francisco coldest spentNote that the same permutation was used for all three sentences, i.e., the three sentences are in depth.
7 This problem deals with the concepts of confusion and diffusion.Define “confusion″ and “diffusion″ as used in cryptography.Which classic cipher discussed in this chapter employs only confusion?Which classic cipher discussed in this chapter employs only diffusion?Which cipher discussed in this chapter employs both confusion and diffusion?
8 Recover the plaintext and key for the simple substitution example that appears in 2.2on page .
9 Determine the plaintext and key for the ciphertext that appears in the quote at the beginning of this chapter. Hint: The message was encrypted with a simple substitution cipher and the plaintext contains no spaces or punctuation.
10 Decrypt the following message, which was encrypted using a simple substitution cipher:
11 Write a program to help an analyst decrypt a simple substitution cipher. Your program should accept the ciphertext as input, compute letter frequency counts, and display these for the analyst. Your program should then allow the analyst to guess a key and display the results of the putative decryption using the specified putative key. Of course, you may add other features to your program that you consider useful. Use your program to help solve Problem 10, and comment on the usefulness of your program, as compared to working only with pencil and paper.
12 Extend the program described in Problem 11 so that it includes the following features:Make an initial decryption of the message. The recommended way to proceed is to use monograph (i.e., individual letter) frequencies to make an initial guess for the key. Call this the “best key.″Use digraph frequencies to compute a score for any putative key.Generate new putative keys by swapping each pair of letters in the best key—if the score from ii) improves for a given swap, update the best key; if not, leave the best key unchanged.Iterate the process in iii) until the score does not improve for an entire pass through the key (i.e., all pairs have been swapped). The best key is your putative solution.Some errors in the key will likely remain, so your program must also include all of the functionality of the program in Problem 11. Use your program to solve Problem 10 and give the fraction of the key that is correctly recovered automatically, and the fraction of plaintext letters that are determined correctly.
Читать дальшеИнтервал:
Закладка:
Похожие книги на «Information Security»
Представляем Вашему вниманию похожие книги на «Information Security» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.
Обсуждение, отзывы о книге «Information Security» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.