CS260 Study Guide: Unit 5: Signatures and Certificates | Saylor Academy

Unit 5: Signatures and Certificates

5a. Explain authentication, confidentiality, and non-repudiation

What is authentication?
What is confidentiality?
What is non-repudiation?

The goal of confidentiality is to ensure the contents of a message cannot be determined by unintended receivers. This course emphasizes encryption techniques to ensure confidentiality. Authentication means that a receiver can verify the source of a message. Here, the terminology has the potential to be confusing. Integrity refers to when a message can be verified that it has not been modified. To be sure, sender authentication attempts to verify the source of a message, and message integrity attempts to authenticate message content. Message authentication codes (MAC) are codes derived from a message that can be used to achieve integrity and authentication. Finally, non-repudiation means that a sender cannot deny sending a message (it can also mean a receiver cannot deny receiving a message). Digital signatures can be used to achieve non-repudiation. Make sure to understand the importance of these definitions in network security applications. Additionally, make sure you understand how hash functions, symmetric cryptography, and public key cryptography in various configurations can be used to achieve authentication, confidentiality, and non-repudiation.

To review, see:

Introduction to IT Security

5b. Apply architectures for message integrity

What is a message authentication code?
How are MACs used in practice?
How are MACs implemented?

With an understanding of how to implement hash functions, symmetric cryptography, and asymmetric cryptography, it is now sensible to apply them in a larger context. Given the definitions of confidentiality, integrity, and authentication, it is important to understand how to devise configurations (or "architectures") that can achieve these characteristics in network security applications. One major step to going beyond encryption for confidentiality is to understand how to implement a system to achieve message integrity and sender authentication. This is because messages need not always be confidential, but you would still like to be able to verify the message contents have not been altered. For example, you could send a message M along with an encrypted version E(K,M) using a symmetric system. Assuming the receiver has the key K, the decrypted contents D(K,M) can be compared with the received message. Thus, E(K,M) can be used as a message authentication code (MAC) where E(K,M) is the authenticator. This scheme authenticates the message and authenticates the sender (assuming only the sender and receiver have the key, K). You should understand how different architectures can be used to construct MACs.

To review, see:

Introduction to MAC Architectures and Configuration

5c. Explain keyed hash functions

What is a keyed hash function?
Why are keyed hash functions useful?
How are keyed hash functions implemented?

When designing MACs, the prevailing school of thought is that hash functions run faster than typical encryption methods for use as the authenticator. Furthermore, as you have already seen, libraries for implementing hash functions are readily available. Keyed hash functions are simply hash functions that require extra secret knowledge (such as a key) to encode the message hash. Such an approach can be as simple as encrypting the hash of a message. The HMAC is a standard devised by NIST for designing keyed hash functions. A popular example of a standard keyed hash function is HMAC RFC 2104. You should understand how keyed hash function implementations can be used to achieve authentication.

To review, see:

Hash Functions in Authentications

5d. Explain digital signatures

What is a digital signature?
How do digital signatures help to achieve non-repudiation?
How are digital signatures implemented?

Even if the sender of a message can be authenticated, the sender can still deny having sent the message. In other words, the message's source can be known, but the sender's actions must still be verified. Digital signatures are a way of achieving non-repudiation. A digital signature is a way of signing a message so that the sender cannot deny sending the message. One common way to achieve this is to use a public key cryptosystem. For example, a sender encrypting with their private key so that the public key can be used for decryption will not achieve confidentiality, but the private key can act as a digital signature because only the sender has the private key. You should be familiar with architectures that achieve non-repudiation.

To review, see:

Unit 5 Vocabulary

This vocabulary list includes terms you will need to know to successfully complete the final exam.

digital signature
HMAC
keyed hash function
message authentication code (MAC)
non-repudiation

COURSE INTRODUCTION

Course Syllabus

Unit 1: Introduction to Cryptography

Unit 1 Learning Objectives

1.1: Introduction to Encryption and Computational Security

Key Concepts of Cryptography

How Cryptography Works

Key Terms for Network Security

1.2: Block Ciphers vs. Stream Ciphers

Overview

More on Stream Ciphers

1.3: Substitution Cipher

Basic Techniques

Python Exercise

1.4: Transposition Cipher

Basic Techniques

1.5: Random Numbers

The Basics of PRNGs

Python Example

1.6: Perfect Secrecy and the One-Time Pad

Perfect Secrecy a La Shannon

The Main Idea behind the One-Time Pad

More on the One-Time Pad

Unit 1 Assessment

Unit 1 Assessment

Unit 2: Hash Functions

Unit 2 Learning Objectives

2.1: What Is a Hash Function?

Overview

One Way Functions

Hash Functions

Python Exercise

2.2: Collision Resistance

The Importance of Collision Resistance

The Vulnerabilities of MD5

2.3: Merkle-Damgard Construction

Overview

Recipes for Hash Functions

2.4: SHA (Secure Hash Algorithm)

Overview

The Security of SHA

Python Exercise

2.5: Application: Blockchain

Introduction to Blockchain

Proof of Work

Python Exercise

Unit 2 Assessment

Unit 2 Assessment

Unit 3: Symmetric Encryption

Unit 3 Learning Objectives

3.1: Introduction to Symmetric Encryption

Key Concepts

3.2: Feistel Cipher

Combining Transposition and Substitution

The Elegance of the Feistel Cipher

3.3: Data Encryption Standard (DES)

Overview

Applying the Feistel Cipher

3.4: Advanced Encryption Standard (AES)

Beyond DES

Python Implementations

3.5: Triple DES (3DES)

Introduction to 3DES

Contrasting 3DES with AES

A Performance Comparison of DES, AES, and DES

Unit 3 Assessment

Unit 3 Assessment

Unit 4: Asymmetric Encryption

Unit 4 Learning Objectives

4.1: Asymmetric Cryptosystems

Introduction to Public Key Cryptography

4.2: The RSA Cryptosystem

The RSA Cryptosystem

4.3: Integer Factorization

Prime Factorization

Factoring Techniques

Python Exercise

4.4: Congruences Modulo n

Modular Arithmetic

More Immersion into Congruences modulo n