SE 4472b / ECE 9064, Information Security

Study Guide (Fall 2017)

Security Notions


Attack Games

Attack games are a way to qualitatively addressing the following question: how much information can about a plaintext by seeing its associated ciphertext.

Features common to all games

Games involve two players A and B. The game begins with B generating an independent random secret encryption key (n.b., every time the game is played, B picks a fresh key). A chooses two messages m1 and m2 and sends them to B. B flips a coin and chooses one of the messages, mb, and encrypts it. This value c=Enc(mb) is called the challenge. Challenge c is returned to A. The game concludes with A guessing if b=1 or b=2, i.e., if c=Enc(m1) or c=Enc(m2). If A guesses correctly, she is said to win the game. The encryption scheme is said be indistinguishable if A has negligible advantage over a random guess of guessing b.

Game types / Security levels

  1. Eavesdropping attack (EAV)
  2. Chosen plaintext attack (CPA)
  3. Chosen ciphertext attack (CCA1)
  4. Adaptive chosem ciphertext attack (CCA2)

Implications of Security Levels

How to achieve security levels (informal)

Symmetric-key Primitives

Block Ciphers

Used for efficient bulk encryption of data. Encryption takes message (plaintext) and key and produces encryption (ciphertext). Decryption takes a ciphertext and key and produces a plaintext. One secret key used for both encryption and decryption.

Sample Problems

Hash Functions

Used for producing a "fingerprint" or "digest" of a message. Hashing accepts a message and produces a hash (doesn't use a key in its basic form). Used for checking file integrity, storing passwords, and for making certain public-key operations more efficient.

Sample Problems

Message Authentication Codes (MACs)

Used for verifying the integrity of data by associating a fixed-length value called a 'tag' with a given message. The tag is derived from a message and a secret key.

Authenticated Encryption (AE)

A means of securely packaging a cipher with a MAC under one common interface. Simplifies (i.e., protects developers from themselves) by preventing the plaintext from being returned if the MAC tag was invalid. Uses the encrypt-then-mac strategy.

Sample Problems

Asymmetric-key (Public-key) Primitives

Asymmetric-key primitives have two keys: one key is for performing public operations (called the public key), the other is for performing private operations (called the private key). Anyone can perform public operations, but only the key holder can perform the private operation.


Diffie-Hellman Exchange (DHE)

Sample Problems

RSA Encryption


Used to link an identity to a message. Consists of two keys: a signing key and a verification key. The signing key is private: only the key holder should be able to sign messages associated with their key pair. The verification key is public: anyone should be able to verify that a signature is valid relative to a party's verification key.

Unpadded RSA Signatures

Padded RSA (PKCS 1.5)

Padding prevents existential forgeries by making the signature non-malleable, i.e., by preventing linear operations on ciphertexts from having linear affects on the plaintext.

Sample Problems


Elliptic Curve Cryptography

An alternative means of implementing a prime order cyclic groups. Elliptic curve crypto (ECC) can be used as a drop-in replacement for cryptosystems based on the hardness of solving the discrete logarithm problem.

Practical Applications

Key Lengths

NIST requires a minimum security level of 112-bits, meaning an attacker must have to do at least 2^112 operations to break a particular primitive. The implications for various primitives:

Sample Problems

Certificates and PKI

A document used to authenticate a signature verification key. Used to prevent man-in-the-middle attacks. Includes:

Sample Problems


Sample Problems


Sample Problems