👀 Overview
- Security Requirements
- Cryptography and Cryptanalysis
- Cryptographic Tools
🔖 words
- temper with : to change in a way that it should not to cause damage or harm
정보손해의 우려가 있는 방식으로 바뀜
👊 Cryptographic Objectives
| Threats | Goal | .. |
|---|---|---|
| exposure of data | Confidentiality | - ability to keep information unavaliable and private to unathorized / cryptography is a tool to achieve confidentiality / not only content but also meta data(phonecall content <-> records) is important |
| tempering with data | Intergrity 무결성 | ascertain that imformation has not been subject to addition·deletion·modification·undue delay / e.g. SHA, MAC / intentional or accidental data changes should be detectable |
| Impersonation | Authentication 인증 | ascertain the indentity of others / e.g. digital signiture |
| 사기..?오리발? | Non-Repudiation | prevent an authorized party from denying the existence or contes of a communication session (일이 일어났다는 사실을 부정하는거 막음) / e.g. Digital signature+notarization(from third party) |
| exposure of personal information | Privacy | 어디까지 오픈할건지 degree to which entity(user, device) is willing to share info about itself / vs Auth. non-repudiation / the right of entity acting in its own behalf / e.g. encryption |
| Identification of individual | Anonymity | Being not identifiable within a set / diffrent with privacy (anonymity : action may be public, but actor's indentity remain privacy) / e.g. randomization, k-anonymity, I-diversity, TOR |
| Denial of service | Availability | prevent an unauthorized entity from making resources unavaliable / resource(computing, networking..) / e.g. prevent DoS attack / Cryptography isn't enough to deal with Dos Attack -> also other techniques(backup, redundancy, redirection ,,,) |
| Forbidden access | Authorization(Access control) | verify proper privileges to access resorce (접근권한) / authentication(e.g. ID) -> authentication / relate : Access control (IEE 802.1X, firewall...) |
Cryptology
🛡Cryptography
- study of secret writing
- transform plaintext -> ciphertext by encryption (reverse : decryption)
🗡Cryptanalysis
- study of breaking ciphers
- determing ciphertext->plaintext
Sometimes you win, sometimes you learn 🏃♀️