Posts

Wired Equivalent Privacy (WEP)

Image
Wired Equivalent Privacy (WEP)  is a security protocol, now obsolete, introduced to secure wireless networks, most precisely IEEE 802.11. The naming illustrates the main goal, as thought of at the time: to reach a similar security level in wireless networks as in wired networks (for which, by construction, the security is easier to implement, as the adversary does not have access by default to the communication medium, as it normally happens in wireless communications). The IEEE 802.11, first introduced on the market in 1999, represents the basics for the later versions. WEP was replaced by Wi-Fi Protected Access (WPA) in 2008. A history of the evolution of Wi-Fi standards is available at [1]. A  station  (e.g., computer, laptop) associates with an  Access Point (AP)  via a  challenge-response protocol . In such a protocol, the station initiates an authentication request. The AP responds with an authentication challenge, normally a  nonce  ( numb...
Post a Comment
Read more

Stream Ciphers

Image
   Stream ciphers are symmetric-key ciphers (i.e., encryption and decryption use the same key) that perform bit-by-bit encryption. In a stream cipher, any bit of the ciphertext depends on a single bit of the plaintext (and the encryption key). Stream ciphers differ from the other big class of symmetric ciphers - the  block ciphers,  which encrypt block-by-block. In a block cipher, the bits in a ciphertext block depend on (ideally) all bits in the corresponding plaintext block. To the extreme, a stream cipher is a particular type of block cipher with the block's length equal to 1. Compared to block ciphers, stream ciphers are usually faster, but the test of time shows them less secure in general. A stream cipher can be seen as the analog of the One Time Pad (OTP) (see Perfect Secrecy and the One Time Pad (OTP) ) in computational security. Recall OTP, for which encryption is simply a bitwise XOR between the plaintext and the encryption key. The same holds for the str...
Post a Comment
Read more

Cryptographic Hash Functions

Image
  The cryptographic hash functions are well-known cryptographic primitives. They are widely used, either as stand-alone or as a building block in other, more complex constructions. Their applicability covers a wide area, some popular examples being password storage, electronic signatures, and blockchain. Please note that cryptographic hash functions must satisfy some (of the) security notions I will discuss later on, while non-cryptographic hash functions do not necessarily have to. Therefore, not all hash functions are cryptographically strong. Non-cryptographic hash functions are also valuable, e.g., in data structures. However, for simplicity, I will sometimes refer to cryptographic hash functions as simply  hash functions . As a note, there are also hash functions with a secret key , known as keyed hash functions. I will not refer to these keyed hash functions here; I will only explain the keyless (or unkeyed ) hash functions.   Cryptographic hash function...
Post a Comment
Read more

Perfect Secrecy and the One Time Pad (OTP)

Image
I have explained unconditional  (or  information-theoretical)  security in my previous post (see Unconditional vs. Conditional Security ). As I have mentioned there, we can refer to unconditional security in the context of various cryptographic primitives, among which the  encryption schemes (see Symmetric vs. Asymmetric Encryption ). An encryption scheme that is information-theoretically secure provides  perfect secrecy (see, e.g., [1]) ,  because the  ciphertext  perfectly  hides  the  plaintext.  In other words, the adversary has the same probability to correctly indicate the message  m  regardless if he/she knows the corresponding ciphertext  c.  Hence, the knowledge of the ciphertext gives no new information about the plaintext. We ignore the length of the message - which, of course, is exposed - and assume that all the possible messages are equally long. More rigorously, the  a-posteriori ...
Post a Comment
Read more