* Reading*: text, §6.4, §9.1–9.3

- Greetings and felicitations!
- Puzzle of the day

- Clark-Wilson Certification and enforcement rules
- C1. All IVPs must ensure that all CDIs are in a valid state when the IVP is run.
- C2. All TPs must be certified to be valid, and each TP is assocated with a set of CDIs it is authorized to manipulate.
- E1. The system must maintain these lists and must ensure only those TPs manipulate those CDIs.
- E2. The system must maintain a list of User IDs, TP, and CDIs that that TP can manipulate on behalf of that user, and must ensure only those executions are performed.
- C3. The list of relations in E2 must be certified to meet the separation of duty requirement.
- E3. The sysem must authenticate the identity of each user attempting to execute a TP.
- C4. All TPs must be certified to write to an append-only CDI (the log) all information necessary to resonstruct the operation.
- C5. Any TP taking a UDI as an input must be certified to perform only valid transformations, else no transformations, for any possible value of the UDI. The transformation should take the input from a UDI to a CDI, or the UDI is rejected (typically, for edits as the keyboard is a UDI).
- E4. Only the agent permitted to certify entities may change the list of such entities associated with a TP. An agent that can certify an entity may not have any execute rights with respect to that entity

- Cryptography
- Codes vs. ciphers
- Attacks: ciphertext only, known plaintext, chosen plaintext
- Types: substitution, transposition

- Classical Cryptography
- Monoalphabetic (simple substitution):
*f*(*a*) =*a*+*k*mod*n* - Example: Caesar with
*k*= 3, RENAISSANCE Þ UHQDLVVDQFH - Polyalphabetic: Vigenère,
*f*_{i}(*a*) =*a*+*k*_{i}mod*n* - Cryptanalysis: first do index of coincidence to see if it’s monoalphabetic or polyalphabetic, then Kasiski method.
- Problem: eliminate periodicity of key

- Monoalphabetic (simple substitution):
- Long key generation
- Running-key cipher:
*M*= THETREASUREISBURIED;*K*= THESECONDCIPHERISAN;*C*= MOILVGOFXTMXZFLZAEQ; wedge is that (plaintext, key) letter pairs are not random (T/T, H/H, E/E, T/S, R/E, A/O, S/N, etc.) - Perfect secrecy: when the probability of computing the plaintext message is the same whether or not you have the ciphertext
- Only cipher with perfect secrecy: one-time pads;
*C*= AZPR; is that DOIT or DONT?

- Running-key cipher:
- DES
- Public-Key Cryptography
- Basic idea: 2 keys, one private, one public
- Cryptosystem must satisfy:
- Given public key, computationally infeasible to get private key;
- Cipher withstands chosen plaintext attack;
- Encryption, decryption computationally feasible [note: commutativity not required]

- Benefits: can give confidentiality or authentication or both

Version of February 16, 2006 at 6:55 PM

You can also obtain a PDF version of this.