What have we learnt so far

1
What have we learnt so far?
2
Building block One-way functions

• Examples of one-way functions graphs, hash
  functions, modular exponentiation
• What to do with them design signature schemes,
  broadcast authentication, design medium-hard
  functions, make commitments, devise pseudo-random
  generators.

3
Building blockModular arithmetic

• What operations are easy? Which ones are believed
  to be infeasible?
• What we can use modular arithmetic for
  Diffie-Hellman Key Exchange, El Gamal encryption
  (and there is much more)

4
Building blockSecret sharing

• How is this done? Give out points on a graph,
  insufficient number does not determine graph.
• What to use it for? Require a threshold of
  knowledge/consent for an action.

5
Important properties we want

• Fairness (pay first or get delivery first?)
• Privacy (do not leak activities and contents to
  eavesdroppers and.)
• Efficiency (computation, storage, interaction)
• Security (can an attacker cheat?)

6
Adversarial modeling

• Rational attackers (only cheat for a benefit) vs.
  malicious attackers (ok to hurt oneself as long
  as others also get hurt)
• Assumptions on what the attacker knows, can
  guess, who he can corrupt, how many?

7
Important attacksDenial of Service

• Goal block service by making many many requests
• How? Send in random information that has to be
  checked. Make others send information or
  requests.
• Why? Terrorism, hurt competitors, lock enemies
  out from resources.
• Countermeasures puzzles, CATCHAs

8
Important attacksImpersonation/Man-in-the-middle

• Why? Obtain access to some resource, eavesdrop on
  conversations, change contents of conversations.
• How? Claim to be somebody. Insert fake
  transcripts, e.g., during key exchange.
• How to avoid? Authentication, use shared
  passwords, second communication channel.

9
Important attacksPhishing

• Gain access to somebodys resources using
  technology and social engineering.
• Why? Steal money, perform money laundry, obtain
  insider information, hack into a system.
• How to avoid? Understand vulnerabilities (by
  thinking like the attacker), change protocols to
  give out less information.

10
Important settingsWireless / computationally
limited

• How is information sent? What information does an
  attacker get?
• How is information stored and processed? Is it
  efficient enough?
• How can an attacker drain resources?
• What can be done? Help from trusted party,
  light-weight cryptography.

11
Important applicationsPayments

• Unforgeability (you cant mint)
• Privacy (for the good guys)
• Traceability (when something goes wrong).
• Efficiency (computation, storage).

12
Important applicationsLogin

• Passwords Wow does login work? How is data
  stored? What if you forget it? What is a
  dictionary attack?
• Login tokens how do they work? What are
  benefits?
• Biometric methods (such as voice).

13
Important lessons

• Know how things can fail. (Impersonation,
  spoofing, denial of service, man-in-the-middle.)
• Notice when things do fail. (Be suspicious. How
  could you cheat?)
• Propose things that will not fail. (But how can
  we be sure?)

14
What is next?

• More about zero-knowledge proofs of knowledge
  (how can I convince you that I performed the
  right computation, without giving you my secret
  information?)
• Practical digital signatures (Schnorr and RSA)
• Mix networks, electronic elections, digital
  payments with privacy, cryptovirology, and more.