# CSE316 review **Note: I found the course material for 19/20 is copied from** [**an online course**](https://github.com/xjtlu-lug/ics-notes/tree/dd31c96347b1f378de7a856dbeb03837ad51054e/year4/www.coursera.org/learn/cryptography/README.md) **so if you are interested and want to learn better, you should check it** ## Lecture 1 Some import definitions: * Security * Protection * Vulnerabilities * Exploits * Trust Security Goals: * Confidentiality < ---related to--- > Interception Threat * Intergrity < ---related to--- > Modification Threat, Fabriction Threat * Avilability < ---related to--- > Interruption Threat Threats: * Theft * Privacy * Destruction * Interruption or interference with computer-controlled services Design principles for secure systems: * Economy * Complete mediation * Open design * Kerckhoff principle: A cryptographic system should be secure even if everything about the system, except the key, is public knowledge. * Separation of privileges * Least privilege * Least common mechanism * Acceptability * Fail-safe defaults Tools for security: * Access control * Encryption * Authentication * Intrusion detection * Common sense ## Lecture 2 Classical and Modern Cryptography 1. Classical Cryptography: 2. Private-key encryption * secure communication * secure storage 3. The shift cipher 4. Modular arithmetic 5. The Vigenere cipher Sufficient key space principle: * The key space should be large enough to prevent "brute-force" exhausticve-search attacks 1. Modern Cryptography: 2. Crypto definitions: * Threat Model * Security guarantee/goal 3. Assumptions 4. Proofs of security 5. Perfect secrecy: The goal for security encryption is "impossible for the attacker to learn the key" -> "Regardless of any prior information the attacker has about the plaintext, the ciphertext should leak no additional information about the plaintext" * Ciphertext-only attack * Known-plaintext attack * Chosen-plaintext attack * Chosen-ciphertext attack * Attacker’s information about the plaintext = attacker known distribution of the plaintext * Perfect secrecy means that observing the ciphertext should not change the attacker’s knowledge about the distribution of the plaintext. * One-time pad * Computational secrecy --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://xjtlu-lug.gitbook.io/ics-notes/year-iv/cse316-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.