Question

In: Computer Science

Part II: What is security and security in the NIST standard (HD tasks) The importance of...

Part II: What is security and security in the NIST standard (HD tasks)

The importance of defining security is that, if you don’t know what security means, then you never know whether you have achieved your security goal or not in real applications. Let’s work through the strict definitions of security under different attack assumptions gradually and then see how the NIST standard applies the definitions (implicitly). From a high-level-point of view, any private key cryptosystem Π (for example, AES) can be defined as a collection of three algorithms (Gen, Enc, Dec) over the message space M (the symbol means “belong to”):

Gen (key-generation algorithm): an algorithm produces the key k;

Enc (encryption algorithm): takes key k and message mM as input; outputs

ciphertext c (c C, C is the ciphertext space);

Dec (decryption algorithm): takes key k and ciphertext c as input; outputs m or “error”.

The correctness of Enc and Dec indicates that, for all mM and k output by Gen, Deck(Enck(m)) = m.

First, let’s consider the case of security definition under Ciphertext-Only-Attack (in short as COA, and COA is also called eavesdropping attack). It starts with a game between the adversary A and a Challenger C. The Challenger C is in charge of Π, so he can do encryptions and decryptions. And all the technique details of Π are known to the Adversary A but the key, A wants to learn the information about plaintext as much as he can through interaction with C. In the case of COA, the interactions can be captured by this game: COA-Game:

The attacker A chooses two message m0 and m1 of equal length, say n bits, and sends them both to C.

The challenger C tosses a coin and determines a random bit b (say for example, “head” as “1” and “tail” as “0”). Then he set cb = Enck(mb) and sends cb to A.

The attacker tries his best to work out b and outputs another bit b’. If b’ = b, then A wins this game.

We say the cryptosystem Π= (Gen, Enc, Dec) is perfect indistinguishable under the COA attack if the probability that A wins the above COA-Game is ½, formally, we denote this as

Prob(ACOA(b’= b)) = ½.

  1. Prove that the one-time-pad (OTP) is perfect secure under COA attack, i.e., the challenge ciphertext cb could come from either m0 or m1 with equal probability from the best of the attacker’s knowledge.

The definition of perfect indistinguishable is too strong to be applied in real life, and so does the OTP. So, we need to relax it to a more realistic definition, and it is called computational   indistinguishable   in   the   literature.   Informally,   computational indistinguishable means that we allow a tiny chance (for example, ½^128) that the attacker A can tell the cb is from m0 or m1 better than random guessing. That is, the cryptosystem Π= (Gen, Enc, Dec) is computational indistinguishable under the COA attack if the probability that A wins the above COA-Game is ½ + neg. Formally, we denote it as

Prob(ACOA(b’= b)) = ½ + neg.,

where neg. is a negligible probability (say for example, ½^128). In short, we write computational indistinguishable under the COA-Game as COA-IND.

Solutions

Expert Solution

The problem refers to the COA-Game and indistinguishability under the COA Game.

Let us first understand some terms to properly answer the question if One Time Pad is secure under a COA attack.

(1) What is COA?

-> COA is known as Cipher Text Only attack or Known cipher text attack in which the attacker is assumed to only know the set of cipher texts.

(2) What is COA - Game and COA - IND?

-> A COA-Game refers to a protocol in which an interaction between an attacker and a challenger takes place. In COA-IND game the attacker sends two messages M1 and M2 to the challenger to encrypt the messages. The challenger randomly chooses one of the Message to encrypt and then sends the encrypted message to the attacker. Now the attacker has to choose by doing some polynomial bound operations that which of the message M1 or M2 corresponds to the received encrypted message from the challenger.

If the attacker correctly chooses the message with probabilty = 1/2 then the attacker wins the game.

(3) What is OTP (One Time pad)?

One Time pad is a type of Vignere Cipher that enforces encryption technique on a given plain text.

Now lets us prove that OTP cipher is completely secure under any attack including Cipher Text Only attack.

  1. One Time pad uses a random key to encrypt a message that is same in length as the message.
  1. The key is only known to the sender and receiver.
  1. The key is used only one time and then destroyed by both the sides.
  1. Key are completely random bearing no relation to any of the plan text or cipher text.

So in case of Cipher text only attack, it doesnt matter if the attacker has a set of cipher text because as long as the key remains a secret the attacker will not to be able to break the encryption using any cryptanalysis or brute-force attack. So playing the COA game using OTP encryption, the attacker will never be able to come up with an outcome where the probability is < = 1/2.

So in ideal conditions, meaning the key remains a secret, OTP is pratically unbreakable.


Related Solutions

Assess the relationships between continuous monitoring for 1) NIST Systems Security Engineering, SP 800-160, Systems Security...
Assess the relationships between continuous monitoring for 1) NIST Systems Security Engineering, SP 800-160, Systems Security Engineering and 2) IETF SACM. Consider for your Analysis and Conclusions utilizing the NIST enterprise levels: • Level 1: Organization • Level 2: Mission/Business Processes • Level 3: System
FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA. To...
FIPS Publication 200 is a mandatory federal standard developed by NIST in response to FISMA. To comply with the federal standard, organizations first determine the security category of their information system in accordance with FIPS Publication 199. Thales e-Security can help you meet the FIPS 200 and FIPS 199 data security compliance standards. Identify the relevance of the FIPS 199 and FIPS 200 documents to non-government entities. Does the FIPS 199 document contain information relevant to non-government entities? Justify your...
Many standard statistical methods that you will study in Part II of this book are intended...
Many standard statistical methods that you will study in Part II of this book are intended for use with distributions that are symmetric and have no outliers. These methods start with the mean and standard deviation, x and s. For example, standard methods would typically be used for the IQ and GPA data here data457.dat. (a) Find x and s for the IQ data. (Round your answers to two decimal places.) x = s = (b) Find the median IQ...
Many standard statistical methods that you will study in Part II of this book are intended...
Many standard statistical methods that you will study in Part II of this book are intended for use with distributions that are symmetric and have no outliers. These methods start with the mean and standard deviation, x and s. For example, standard methods would typically be used for the IQ and GPA data here data215.dat. (a) Find x and s for the IQ data. (Round your answers to two decimal places.) X= s= Here are the numbers obs gpa iq...
10) . Use the principles that you learned in Part ii to calculate the standard reduction...
10) . Use the principles that you learned in Part ii to calculate the standard reduction potentials for each half-cell, given that the E° for Cu2+ + 2e-  Cu (s) is 0.34 V.Note that E° for a half-reaction is not dependent on the coefficients, provided of course that the reaction is balanced, i.e., E° for Ag+ + e- Ag (s) is the same as E° for Ag+ + 2e- 2 Ag (s) Refers to Procedures Part III Step 9...
i. NIST-traceable standard metal ion solutions are provided. The standard metal ion solutions are each 1000...
i. NIST-traceable standard metal ion solutions are provided. The standard metal ion solutions are each 1000 ppm. Compute how much of the NIST-traceable solution you will use to prepare 100 mL of a
Part II. Legal Counsel During the past eight weeks, we have discussed and emphasized the importance...
Part II. Legal Counsel During the past eight weeks, we have discussed and emphasized the importance of the Clean owners seeking business advice from TLG and the importance of Clean - and every business - seeking legal counsel from an attorney for various aspects of business operations. In Part II, you are to reflect on your experience in consulting with the Clean owners, your research and analysis, and make the following recommendations.   A. Evaluate and explain why you recommend that...
Part II: To be completed on Excel when indicated. Otherwise on standard paper and pencil (4...
Part II: To be completed on Excel when indicated. Otherwise on standard paper and pencil (4 Non - Excel Problems) (4 Excel Problems) Problem 1 (Excel-1) First-time patients at North Shore Family Practice are required to fill out a questionnaire that gives the doctor an overall idea of each patient’s health. The first question is: “In general, what is the quality of your health?” The patient chooses Excellent, Good, Fair, or Poor. Over the past month, the responses to this...
Part II: Revenue recognition Coffee House Part I should be completed before beginning Part II. Background:...
Part II: Revenue recognition Coffee House Part I should be completed before beginning Part II. Background: Day two: the same student goes into the Coffee House and orders a large coffee in a campus-branded, thermal coffee mug as part of a “welcome back to school” daily special. As the student is focused on sustainability, the student plans to use this mug daily for refills rather than using paper cups. The barista pours the coffee into the mug and delivers it...
What is the standard deviation of returns of an equally weighted portfolio made up of Security A and Security B?
Security Return(S1)   Return(S2)                       A                16%                 20%                                                B                12%                 25%                                           Risk-free asset return = 4%;                        S1 is State-1 and S2 is State-2;                                 Prob(S1) = 0.6; Prob(S2) = 0.4What is the standard deviation of returns of an equally weighted portfolio made up of Security A and Security B?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT