Exam 3

Authentication → Proves the identity of the sender or receiver

Types of Authentication

Passwords

Description

Very common, easy to remember, usually 6 to 16 characters, alphabet often includes letters (both cases), numbers, and some special symbols
Length: alphabet-size^(length)
Entropy (randomness) in number of bits: log2(alphabet-size) x Length
Break-in Strength / 2 attempts

Break-in Prevention

Can limit time to enter (say 3 seconds)
Can limit number of attempts
Stop or Slow down after number of attempts

Other Forms

Fingerprint
- Problem → can change over time and repudiate if leaked → if it is leaked, then there’s no way to change it (like a password), once it’s leaked, there’s no going back
Biological → Eye scan, face scan, blood, voice

Dictionary Attacks

Online dictionaries of most common words used in passwords
Rainbow Tables → a precomputed table of hash values used to efficiently crack hashed passwords. When an attacker obtains a hashed password (e.g., from a data breach), they search for the matching hash in the table to find the original password.
Defense → SALT → adding a few bits (used to be 8 bits, but now that’s too small, so the standard is around 32-64 bits. So we have a username, a hashed password, and salt
COLLISION? → hashing to the same password (would allow different passwords to work)

Digital Signatures

Steganography

Steganography → embedding some information inside other information (a picture in a picture, or text in music and so on) in such a manner that the presence of the concealed information would not be evident to an unsuspecting person's examination

Printer Dots

Printer Dots → a digital watermark which many color laser printers and photocopiers produce on every printed page that identifies the specific device that was used to print the document. Developed by Xerox and Canon in the mid-1980s, the existence of these tracking codes became public only in 2004.

The dots have a diameter of one-tenth millimetre (0.004 in) and a spacing of about one millimetre (0.04 in). Their arrangement encodes the serial number of the device, date and time of the printing, and is repeated several times across the printing area in case of errors.

Watermark

Watermark → an identifying image or pattern in paper that appears as various shades of lightness/darkness when viewed by transmitted light (or when viewed by reflected light, atop a dark background), caused by thickness or density variations in the paper. PROOF OF OWNERSHIP, ANTI-COUNTERFEIT

Watermarks have been used on postage stamps, currency, and other government documents to discourage counterfeiting.

Digital Watermark → a kind of marker covertly embedded in a noise-tolerant signal such as audio, video or image data.^[1] It is typically used to identify ownership of the copyright of such a signal. Digital watermarking is the process of hiding digital information in a carrier signal; the hidden information should,^[2] but does not need to, contain a relation to the carrier signal. Digital watermarks may be used to verify the authenticity or integrity of the carrier signal or to show the identity of its owners. It is prominently used for tracing copyright infringements and for banknote authentication.

Both steganography and digital watermarking employ steganographic techniques to embed data covertly in noisy signals. While steganography aims for imperceptibility to human senses, digital watermarking tries to control the robustness as top priority.

Integrity → The message hasn’t been tampered with or altered

Repudiation → The sender denies having sent the message

Non-repudiation → Prevents the sender from denying they sent the message

Keys → Used to encrypt and decrypt data for secure communication

Note