Read the text and speak about the types of cryptoanalysis.

Text C

Types of cryptoanalysis.

There are several distinct types of cryptoanalytic attack. The type used depends on the type of cipher and how much information the cryptoanalyst has.

Types of cryptoanalytic attacks. A standard cryptoana­lytic is to determine the key which maps a known plaintext to a known ciphertext. This plaintext can be known because it is standard or because it is guessed. If the plaintext segment is guessed it is unlikely that its exact position is known however a message is generally short

enough for a cryptoanalyst to try all possible positions in parallel. In some systems a known cipher-text-plaintext pair will compromise the entire system however a strong encryption algorithm will be unbreakable under this type of attack.

A brute force attack requires a large amount of computing power and a large amount of time to run. It consists of trying all possibilities in a logical manner until the correct one is found. For the majority of the encryption algorithms a brute force at­tack is impractical due to the large number of possibilities.

Another type of brute force attack is a dictionary attack. This essentially involves running through a dictionary of words in the hope that the key (or the plaintext) is one of them. This type of attack is often used to determine passwords since people usually use easy to remember words.

In a ciphertext only attack the cryptanalyst has only the encoded message from which to determine the plaintext, with no knowledge whatsoever of the actual message. A ciphertext only attack is presumed to be possible, if not easy. In fact, an encryption techniques resistance to a ciphertext only attack is considered the basis for its cryptographic security.

Supplementary reading.

Text D

Public Key Criptography.

Since the invention of public key cryptography in 1976 by Whitfield Diffie and Martin Hellman, numerous public-key cryptographic systems have been proposed. All of these systems rely on the difficulty of a mathematical problem for the security.

Before cryptographic systems and the corresponding math­ematical problems can be discussed, the difficulty of a problem must be defined. What does it mean for a mathematical problem to be difficult? To explain this concept, the notion of an algo­rithm is required. An algorithm is a process which describes the steps to take to solve a problem. For example, in high school everyone is taught an algorithm for adding two numbers — sim­ply a sequence of steps which takes as input two numbers a and b, to be added, and outputs their sum a+b. Now mathematical problem is difficult if the fastest algorithm to solve the problem takes a long time relative to the input size.

To analyze how long an algorithm takes, computer sci­entists introduced the idea of polynomial time algorithms and exponential time algorithms. Roughly speaking, an algorithm runs quickly relative to the size of its input if it is a polynomial time algorithm, and slowly if it is an exponential time algo­rithm. Therefore, easy problems equate with polynomial time algorithms, and difficult problems equate with exponential time algorithms.

It is important to notice the words "relative to the input size" in the definition of polynomial time and exponential time algorithms. All problems are straightforward to solve if the input size is very small, but we are interested in how much harder a problem gets as the size of the input grows. For exam­ple, adding 2 and 12 to get 14 is straightforward, as is factor­ing 15 as 3x5.

However, addition is an example of an easy problem, because there is an algorithm to add numbers which runs in polynomial time, meaning that it would not take very long to add two enor­mous numbers. On the other hand, factoring is a hard problem be­cause, in general, factoring i\ large number takes a very long lime. Thus, when looking for a mathematical problem on which to base a public-key cryptographic system, cryptographers are searching for a problem for which the fastest algorithm takes exponential time. In broad terms, the longer it takes to compute the best algorithm for a problem, the more secure a public-key cryptosystem based on that problem will be.

The use of public-key cryptography is quite simple. Sup­pose Alice wants to communicate with Bob. Rather than Bob and Alice sharing a single secret key (as the case of symmetric key systems), Bob (the recipient of Alice's messages) instead has two keys —- a public key that is available to everyone in the world (including Trudy the intruder!) and a private key that is known only to Bob. In order to communicate with Bob, Alice first fetches Bob's public key. Alice then encrypts her message to Bob using Bob's public key and a known (e.g., standardized) encryption algorithm. Bob receives Alice's encrypted message and uses his private key and a known (e.g., standardized) de­cryption algorithm to decrypt Alice's message. In this manner, Alice can send a secret message to Bob without either of them having to have to distribute any secret keys!

 

GLOSSARY

The following glossary provides, for reference, brief definitions for several terms as used in this paper in the context of protecting information in computers.

Access

The ability to make use of information stored in a computer system. Used frequently as a verb, to the horror of grammarians.

Access control list

A list of principals that are authorized to have access to some object.

Authenticate

To verify the identity of a person (or other agent external to the protection system) making a request.

Authorize

To grant a principal access to certain information.

Capability

In a computer system, an unforgeable ticket, which when presented can be taken as incontestable proof that the presenter is authorized to have access to the object named in the ticket.

Certify

To check the accuracy, correctness, and completeness of a security or protection mechanism.

Complete isolation

A protection system that separates principals into compartments between which no flow of information or control is possible.

Confinement

Allowing a borrowed program to have access to data, while ensuring that the program cannot release the information.

Descriptor

A protected value which is (or leads to) the physical address of some protected object.

Discretionary

(In contrast with nondiscretionary.) Controls on access to an object that may be changed by the creator of the object.

Domain

The set of objects that currently may be directly accessed by a principal.

Encipherment

The (usually) reversible scrambling of data according to a secret transformation key, so as to make it safe for transmission or storage in a physically unprotected environment.

Grant

To authorize (q. v.).

Hierarchical control

Referring to ability to change authorization, a scheme in which the record of each authorization is controlled by another authorization, resulting in a hierarchical tree of authorizations.

List-oriented

Used to describe a protection system in which each protected object has a list of authorized principals.

Password

A secret character string used to authenticate the claimed identity of an individual.

Permission

A particular form of allowed access, e.g., permission to READ as contrasted with permission to WRITE.

Prescript

A rule that must be followed before access to an object is permitted, thereby introducing an opportunity for human judgment about the need for access, so that abuse of the access is discouraged.

Principal

The entity in a computer system to which authorizations are granted; thus the unit of accountability in a computer system.

Privacy

The ability of an individual (or organization) to decide whether, when, and to whom personal (or organizational) information is released.

Propagation

When a principal, having been authorized access to some object, in turn authorizes access to another principal.

 

 

СПИСОК ЛИТЕРАТУРЫ

1. Арбекова Е. И. Я хочу и буду знать английский. - М., Телер,1993

2. Krylova I.P. An English Practice Book. – М., Высшая школа, 1978

3. A Practical English Grammar. – M., Высшая школа, 1978

4. Сальная Л. К. английский язык для специалистов в области информационной безопасности. –М., Гелиос-АРВ 2008

5. JEROME H. SALTZER,MICHAEL D. SCHROEDERThe Protection of Information in Computer Systems. -University of Virginia, Fall 2000

 

 

UNIT 1