CpSc 433, Data Security and Encryption Techniques
Midterm Exam Review
The only thing you won't need to know from Chapter 1 is the specifics of the X.800 Security Architecture (i.e., don't bother memorizing Tables 1.4-1.6), but read Section 1.2 and the tables at least once and make sure that you understand them. Make sure that you're familiar with each of the kinds of attack listed in Table 1.2.
You need to know the symmetric cipher model of Section 2.1 and be familiar with the notation. Know the kinds of cryptanalytic attacks listed in Table 2.1, and why, for example, a chosen plaintext attack might yield more information than one using known plaintext. Understand the difference between being unconditionally and computationally secure.
You do not need to know the details of the "classical" techniques such as the Caesar Cipher or Rotor Machines, but you do need to understand the cryptanalytic attacks based on relative frequency described on pp. 33-37. Know the One-Time Pad technique (pp. 43-44) and its advantages and disadvantages.
You do not need to know the details of the "Simplified DES" algorithm in Section 3.1 unless it helps you to understand the regular DES algorithm.
Know the entire contents of Section 3.2, including the difference between stream and block ciphers and the techniques of diffusion and confusion. Know the structure of the Feistel Cipher, and be able to list the parameters that might vary between encryption algorithms (p. 69).
Understand the structure of DES (Figure 3.7) and be able to describe its external features (e.g., key size, plaintext block size, number of rounds). Make sure that you understand the Avalanche Effect in general, not just for DES. Read Section 3.4 completely, understand why DES is obsolete, and understand the idea of a timing attack.
Read Section 3.5 and make sure that you understand the basic ideas of Differential and Linear Cryptanalysis. Know that Differential Cryptanalysis is based on the idea that watching how changes to the plaintext affect the value of the ciphertext might allow you to make conclusions about the key, and that Linear Cryptanalysis attempts to find linear approximations to the transformations performed by the cipher.
Know each of the design criteria described in Section 3.6, and be able to describe them. (For example, what makes for a good S-box?). Know each of the block cipher modes in Section 3.7 and their characteristics, specifically Table 3.6.
Read Section 6.1, understand why the meet-in-the-middle attack on Double DES results in a cipher that is only slightly stronger than DES, and understand why Triple DES is not vulnerable to the same attack.
Section 6.4 should be largely a review of parts of Section 3.2. Understand the possibilities for variation of the basic Feistel structure.
For Section 7.2, be able to describe the ideas of traffic analysis and covert channels, and how traffic padding can make analysis more difficult.
In Section 7.3, Understand the problems posed by key distribution, the options for delivering keys, the idea of session keys, and of a KDC and key hierarchy (pp. 211-214). Understand how the lifetime of a session key affects its security (p. 216). Understand the issues addressed in the key distribution scenarios on pp. 214-215 and 217-218, and what a nonce is used for.
Make sure that you understand Section 9.1 completely, including both the encryption and authentication functions performed by public-private key pairs (e.g., know how Alice can be sure that only Bob reads her message, and how Bob knows the message came from Alice.) Understand how you can use public and private keys to exchange a session key, and why you might want to use a session key instead of relying solely on asymmetric encryption. Make sure that you are comfortable with the KR and KU notation used in this section. Know what a trap-door one-way function is.
In Section 9.2, you really just need to understand that the RSA encryption algorithm consists of taking the plaintext to a power, and that the decryption function is just taking the cryptext to a different power, and that the exponents are chosen to be related in such a way that the operations are yield the same value. Understand the requirements listed at the top of p. 269, and the possible avenues of attack described on pp. 274-278.
Understand how the key distribution problem changes for public-key encryption, and how it stays the same (e.g., why a KDC still needs to be trusted). Understand how certificates work, and the role of the Certificate Authority (pp. 289-290). If you understood Section 7.3, the subsection "Public-Key Distribution of Secret Keys" (pp. 291-293) should be a straightforward application of public-key algorithms to the same problems.
Diffie-Hellman Key Exchange is the one public-key algorithm straightforward enough that you should be able to memorize its derivation (bottom of p. 294, or Figure 10.7)
Review the specific attacks on message integrity listed in Section 11.1. In Section 11.2, know the three types of authenticator function, and know the difference between an authenticator and an authentication protocol. Understand the requirements for cryptographic hash functions (p. 329). Understand the consequences of the Birthday Attack (pp. 332-333).
Know the two most common cryptographic hash functions (Sections 12.1 and 12.2) and their external characteristics (i.e., the size of the hash values they produce). Be able to describe some practical uses for cryptographic hashes (e.g., comparing files, detecting file changes, authentication without storing passwords)
You do not need to know the internals of the algorithms (i.e., the subsections "MD5 Logic" and "MD5 Compression Function" and the corresponding sections for SHA-1), nor do you need to know anything about MD4.
You need to understand the idea of an HMAC (pp. 372 and 373) and why you would need an HMAC instead of a hash function (e.g., to avoid man-in-the-middle attacks), but you do not need to know the implementation details.
Read Section 13.1, understand the problems with digital signatures (e.g., repudiation), and how they can be addressed by using an arbiter (Table 13.1). Understand how public-key encryption can keep the arbiter from seeing the original message, but know the remaining functions for which the arbiter must still be trusted (p. 383).
In Section 13.2, understand the replay attacks described in Section 13.2 (p. 384) and the approaches for coping with them (p. 385).
In Section 14.1, understand the problems that Kerberos is trying to solve (pp. 402-404). You may read the rest of Section 14.1 if you like, but your time would be better spent on "Designing an Authentication Scheme" and "The Moron's Guide to Kerberos."