WEEK 2: CYBERSECURITY

BY: ROWAN BRIGGS

CYBERSECURITY AND ITS TEN DOMAINS

• Recap of Week 1:
• Cybersecurity is important
• Very introductory course
CYBERSECURITY AND ITS TEN DOMAINS

• Week 2: Passwords
• Passwords are commonly used
• Two Main types of Attack
• Dictionary Attack
• Brute Force Attack
CYBERSECURITY AND ITS TEN DOMAINS

• Dictionary Attacks
• Attempts to identify words that may be used in a password
• Names
• Sequence of numbers
• A unique date
• Uses a trial-and-error basis to test multiple passwords
CYBERSECURITY AND ITS TEN DOMAINS

• Different Types of threats

• Wi-fi security
• Email scams
• Mobile security
• Fight against malware
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• Recap of week 1
• Covered some issues faced in Cryptocurrency
• How cryptocurrencies work
• Goals for Cryptocurrency
• Collision-free
• Hiding
• Puzzle Friendly
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• Scroogecoin
• Everyone reports transactions to Scrooge
• Scrooge verifies transactions
• Scrooge creates a ledger to mark all transactions
• Scrooge outputs a list of all transactions for all to see
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• Scroogecoin is bad because it is centralized

• This means that we all need to trust in Scrooge
• It also means that if Scrooge makes a mistake, it is transmitted to all
• So, how do we decentralize Scroogecoin?
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• Aspects of Decentralization in Bitcoin

• Peer to peer Network:
• Open to anyone
• Mining:
• Open to anyone, but inevitable concentration of power
• Updates to software:
• Core developers trusted by community to have great power
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• Bitcoin is a peer to peer system

• Distributed consensus:
• The protocol terminates and all correct nodes decide on the same value
• Value must be proposed by a correct node
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• Consensus is Hard
• Nodes may crash
• Nodes may be malicious
• Network is imperfect
• Not all nodes may be connected
• Faults in the network
• Latency
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• What could a malicious node do?

• It cannot steal bitcoin
• Can try double spending
• Even if someone had 51% of nodes in the network, these rules still apply
• It would defeat trust in bitcoin however, hurting public opinion
• It can deny service to someone
• However, this will fail if the other nodes do not accept
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• What does Bitcoin do differently?

• Introduces Incentives for Nodes to not be malicious
• Block reward
• Transaction Fee
• Embraces randomness
• Lets nodes compete
• Avoids free-for-alls
• Prevents Sybil attacks
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• What is a block reward?

• The creator of a block will get to:
• include a special coin-creation transaction
• Choose recipient of this coin (usually themselves)
BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• There is a set amount of bitcoin, 21 million

• The reward for creating a block is 25 Bitcoin, it use to be 50

• The reward for creating a block halves every 4 years

BITCOIN AND CRYPTOCURRENCY TECHNOLOGIES

• What are transaction fees?

• Whoever creates the block that accurately reports gets to collect the transaction fee
• Not super prevalent now, but will grow in popularity
• Transaction fees are similar to tips
CRYPTOGRAPHY I

• Recap of Week 1
• One Time Pad
• secure
• Psuedo Random Generators
• Must be unpredictable
• Two Time Pad
• Insecure
CRYPTOGRAPHY I

• Stream Ciphers vs Block Ciphers

• Stream Ciphers were covered in week 1
• Stream Ciphers are faster than block ciphers
• Block Ciphers let us do things that stream ciphers cannot do
CRYPTOGRAPHY I

• We can make a Psuedo Random Function

• Defined over (K, X, Y)
• We can make a Psuedo Random permutation
• Defined over (K, X)
• One to one
• Must have an efficient inversion function
CRYPTOGRAPHY I

• PRP is a PRF
• X=Y
• PRF is secure if:
• Funs[X,Y] is indistinguishable from a random function in S(f)
CRYPTOGRAPHY I

• Data Encryption Standard (DES)

• Became federal standard in 1976
• Key length of 56 bits
• Has been broken several times in the 90’s
• Broken in 2006 using relatively cheap hardware
CRYPTOGRAPHY I

• Exhaustive Search for block cipher-key

• Given a few input and output pairs, you can find key k
• Side Channel attacks
• Measure time to do encryption/decryption and power needed
• Fault Attacks
• Look for errors in last round that expose the secret key
CRYPTOGRAPHY I

• Linear and Differential attacks

• Given many input/output pairs, you can recover the key
• Quantum attacks
• Find XeX such that f(x) = 1
• Requires building a quantum computer however, so unreasonable for now
CRYPTOGRAPHY I

• Can we make DES secure again?

• Yes!
• We can use 3DES
• 2DES is not secure, but 3DES does make DES secure for the time being
CRYPTOGRAPHY I

• AES
• If a secure PRP then a secure PRF
• Uses OTP so we do not reuse keys
• Good if |CT| > |PT|
• CT-cipher text
• PT-plain text
CRYPTOGRAPHY I

• Nonce – based Encryption

• M1 – Nonce is a counter
• M2 – encryptor chooses a random nonce
• IV [nonce|counter]
• 64bits 64bits
CRYPTOGRAPHY I

• Overall, ctr is better than CBC in almost every way

• Neither of these ensure data integrity
WEEK 2 RECAP

• Cybersecurity
• Passwords are susceptible
• It is important to use different tricks to try to safeguard your passwords
• There are many different types of attacks on users
WEEK 2 RECAP

• Cryptocurrencies
• They are actually very sophisticated
• There are many safeguards
• Bitcoin has a strong incentive system to reward honest nodes
WEEK 2 RECAP

• DES is secure
• It really built a lot more on week 1 knowledge