쥐스킨트의 작은 서재

Searchable Encryption

Suppose user Alice wishes to read her email on a number of devices: laptop, desktop, pager, etc. Alice's mail gateway is supposed to route email to the appropriate device based on the keywords in the email. For example, when Bob sends email with the keyword "urgent" the mail is routed to Alice's pager. When Bob sends email with the keyword "lunch" the mail is routed to Alice's desktop for reading later. One expects each email to contain a small number of keywords. For example, all words on the subject line as well as the sender's email address could be used as keywords. The mobile people project provides this email processing capability. Now, suppose Bob sends encrypted email to Alice using Alice's public key. Both the contents of the email and the keywords are encrypted. In this case the mail gateway cannot see the keywords and hence cannot make routing decisions. As a result, the mobile people project is unable to process secure email without violating user privacy. Our goal is to enable Alice to give the gateway the ability to test whether "urgent" is a keyword in the email, but the gateway should learn nothing else about the email. More generally, Alice should be able to specify a few keywords that the mail gateway can search for, but learn nothing else about incoming mail.

Timing Attack

In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execure, and the time can differ based on the input; with precise measurements of the time for each operation, an attacker can work backwards to the input.

Side-Channel Attack

In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather then weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs).

Timing information, power consumption, eletromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system. Some side-channel attacks require technical knowledge of the internal opeartion of the system, although others such as differential power analysis are effective as black-box attacks.

Attempts to break a cryptosystem by deceiving or coerching people with legitimate access are not typically considered side-channel attacks.

General

General classes of side channel attack include:

- Cache attack - attacks based on attacker's ability to monitor cache accesses made by the victim in a shared physical system as in virtualized environment or a type of cloud service.

- Timing attack - attacks based on measuring how much time various computations (such as, say, comparing an attacker's given password with the victim's unknown one) take to perform.

- Power-monitoring attack - attacks that make use of varying power consumption by the hardware duting computation.

- Electromagnetic attack - attacks based on leaked electromagnetic radiation, which can directly provide plaintexts and other information. Such measurements can be used to infer cryptographic keys using techniques equivalent to those in power analysis or can be used in non-cryptographic attack.

In all cases, the underlying principle is that physical effects caused by the operation of a cryptosystem (on the side) can provide useful extra information about secrets in the system, for example, teh cryptographic key, partial state infomation, full or partial plaintexts and so forth.

Syskey

Syskey is a utility that encrypts the hashed password information in a SAM database in a Windows system using a 128-bit RC4 encryption key that, by default, is stored in the Windows registry. Syskey can optionally be configured to require the user to enter the key at boot time as a startup password or load it on removable storage media.

HPFS (High Performance File System)

HPFS (High Performance File System) is the file system introduced with IBM’s OS/2 version 1.2. HPFS is noted for handling large file (2 gigabytes) across multiple hard disk volumes (addressable up to 2 terabytes) and long file names (up to 256 bytes). HPFS was designed to get around several limitations at the time in MS-DOS, among them its eight-character name restriction. HPFS uses a centrally-located root directory and B-tree lookup to speed access. HPFS can coexist with the MS-DOS file system, File Allocation Table (FAT), or run independently.

Access control list

An access control list (ACL), with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject and an operation. For instance, if a file object has an ACL that contains (Alice: read, write; Bob: real), this would give Alice permission to read and write the file and Bob to only read it.

Wi-Fi Protected Access

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access 2 (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

WPA (sometimes referred to as the draft IEEE 802.11i standard) became available I 2003. The Wi-Fi Alliance intended it as an intermediate measure in anticipation of the availability of the more secure and complex WPA2. WPA2 became available in 2004 and is common shorthand for the full IEEE 802.11i standard.

Temporal Key Integrity Protocol

Temporal Key Integrity Protocol or TKIP was a stop gap security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as an interim solution to replace WEP without requiring there placement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware. TKIP is no longer considered secure and was deprecated in the 2012 revision of the 802.11 standard.

Security

TKIP uses the same underlying mechanism as WEP, and consequently is vulnerable to a number of similar attacks. The message integrity check, per-packet key hashing, broadcast key rotation, and a sequence counter discourage many attacks. The key mixing function also eliminates the WEP key recovery attacks.

CCMP

Counter Mode Cipher Block Chaining Message Authentication Code Protocol, Counter Mode CBC-MAC Protocol or simply CCMP (CCM mode Protocol) is an encryption protocol designed for Wireless LAN products that implements the standards of the IEEE 802.11i amendment to the original IEEE 802.11 standard. CCMP is an enhanced data cryptographic encapsulation mechanism designed for data confidentiality and based upon the Counter Mode with CBC-MAC (CCM) of the AES standard. It was created to address the vulnerabilities presented by WEP, a dated, insecure protocol.

Replay attack

A replay attack (also known as play back attack is a form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. This is carried out either by the originator or by an adversary who intercepts the data and re-transmits it, possibly as part of a masquerade attack by IP packet substitution.