Revision Guideline for IY2760

Priority 1: Must-Know Concepts (Short Answers)

  1. Kerckhoffs’ Principle

A: “A cryptosystem should remain secure even if everything about it (except the key) is publicly known.”
Core idea: Security relies on key secrecy, not algorithm obscurity.

  1. CIA Triad
  • Confidentiality: Prevent unauthorized info disclosure.
  • Integrity: Ensure data isn’t tampered with.
  • Availability: Authorized users access resources when needed.
  1. Stream Cipher vs Block Cipher
Stream Cipher Block Cipher
Encrypts bit-by-bit/byte-by-byte Encrypts fixed-size blocks (e.g., 64/128 bits)
Minimal error propagation (errors affect single bits) Error propagation depends on mode (e.g., CBC propagates errors to entire block)
Fast, ideal for real-time (e.g., VoIP) Slower, suits stored data
MODES OF OPERATION (Block Ciphers): ECB, CBC, CFB. Understand CBC error propagation!
  1. MAC (Message Authentication Code)
    Purpose: Ensures integrity + authenticity (CIA triad: Integrity).
    CBC-MAC Process: Encrypt blocks in CBC mode → Final ciphertext block = MAC.
  1. Diffie-Hellman Key Exchange
    Steps:
  • Alice and Bob agree on public primes p and g.
  • Alice sends A = gᵃ mod p; Bob sends B = gᵇ mod p.
  • Shared secret: s = Bᵃ mod p = Aᵇ mod p.
    Vulnerability: Man-in-the-middle attacks (no authentication).
  1. Access Control
  • Access Control Matrix: Rows = subjects, columns = objects. Grant access if cell contains permission.
  • Implementation issue: Matrices are sparse → use ACLs (per-object lists) or Capability Lists (per-subject).
  1. GDPR (General Data Protection Regulation)
  • Protects personal data in the EU.
  • Email addresses are considered personal data if identifiable (e.g., john.smith@company.com).

Priority 2: Common Long-Answer Structures

  1. Security Protocol Analysis (e.g., TLS)

  • TLS Handshake Goals:
    (i) Authenticate server (and client, optionally).
    (ii) Negotiate cipher suite (e.g., AES-GCM).
    (iii) Establish shared secret key.

  • MAC-Encode-Encrypt (TLS Record Protocol):

    1. Compute MAC of plaintext.
    2. Concatenate plaintext + MAC.
    3. Encrypt the entire payload.
  1. Biometric Authentication
  • 5 Modules: Sensor (capture), Feature Extractor, Database, Matcher, Decision.
  • Fingerprint Recognition:
    Pros: High accuracy, low cost.
    Cons: Privacy concerns, spoofing via latent prints.
  1. Software Vulnerabilities
  • Example causes:
    • Poor input validation → SQL injection.
    • Memory mismanagement → buffer overflows.

Priority 3: Common Mistakes to Avoid

  • Caesar Cipher vs Substitution Cipher:
    Caesar: Fixed shift (e.g., +3).
    Substitution: Arbitrary permutations → 26! keys (NOT 25).

  • Key Sizes:
    DES: 56-bit key (insecure).
    2TDES: 112 bits (still vulnerable).

  • Password Weaknesses vs Enhancements:
    Weak: Easily guessed, reused.
    Enhance: Multi-factor auth (e.g., OTP, biometrics).

Quick Drill (Test Yourself)

  • Encrypt “BROKE” using a substitution cipher (Doc 1 Q1b): RLPV?
  • MAC ensures which CIA property? Integrity.
  • Which firewall type blocks ports? Packet-filtering.

STOP HERE AND WRITE ANSWERS! Then verify below:

  • Q1b(i): If substitution mapping isn’t clear, check pattern (A→I, B→Y, etc.).
  • Access Matrix → If (s,o,a) is in matrix, grant.
  • TLS uses random nonces (not timestamps) for freshness (avoids clock sync issues).
Revision
#IY2760
Revision Guideline for IY2760
https://blog.pandayuyu.zone/2025/05/07/Revision_Guideline_for_IY2760/
Author
Panda
Posted on
May 7, 2025
Licensed under