Outline for February 17, 2006
Reading: text, §6.4, §9.1–9.3
- Greetings and felicitations!
- Puzzle of the day
- Clark-Wilson Certification and enforcement rules
- C1. All IVPs must ensure that all CDIs are in a
valid state when the IVP is run.
- C2. All TPs must be certified to be valid, and
each TP is assocated with a set of CDIs it is authorized to
- E1. The system must maintain these lists and must
ensure only those TPs manipulate those CDIs.
- E2. The system must maintain a list of User IDs,
TP, and CDIs that that TP can manipulate on behalf of that
user, and must ensure only those executions are performed.
- C3. The list of relations in E2 must be certified
to meet the separation of duty requirement.
- E3. The sysem must authenticate the identity of
each user attempting to execute a TP.
- C4. All TPs must be certified to write to an
append-only CDI (the log) all information necessary to
resonstruct the operation.
- C5. Any TP taking a UDI as an input must be
certified to perform only valid transformations, else no
transformations, for any possible value of the UDI. The
transformation should take the input from a UDI to a CDI, or
the UDI is rejected (typically, for edits as the keyboard is
- E4. Only the agent permitted to certify entities
may change the list of such entities associated with a TP.
An agent that can certify an entity may not have any execute
rights with respect to that entity
- Codes vs. ciphers
- Attacks: ciphertext only, known plaintext, chosen
- Types: substitution, transposition
- Classical Cryptography
- Monoalphabetic (simple substitution):
a + k
- Example: Caesar with k = 3,
RENAISSANCE Þ UHQDLVVDQFH
- Polyalphabetic: Vigenère,
= a +
- Cryptanalysis: first do index of coincidence to
see if it’s monoalphabetic or polyalphabetic, then Kasiski
- Problem: eliminate periodicity of key
- Long key generation
- Running-key cipher: M = THETREASUREISBURIED;
K = THESECONDCIPHERISAN;
C = MOILVGOFXTMXZFLZAEQ; wedge is that
(plaintext, key) letter pairs are not random (T/T, H/H, E/E,
T/S, R/E, A/O, S/N, etc.)
- Perfect secrecy: when the probability of computing
the plaintext message is the same whether or not you have
- Only cipher with perfect secrecy: one-time pads;
C = AZPR; is that DOIT or DONT?
- Public-Key Cryptography
- Basic idea: 2 keys, one private, one public
- Cryptosystem must satisfy:
- Given public key, computationally
infeasible to get private key;
- Cipher withstands chosen plaintext attack;
- Encryption, decryption computationally feasible
[note: commutativity not required]
- Benefits: can give confidentiality or authentication
Version of February 16, 2006 at 6:55 PM
You can also obtain a PDF version of this.