Welcome to Unit 5. The main topic for Unit 5 is cryptographic protocols.
We're going to look at ways to use the things that we've seen in the previous 4 units
to solve problems.
So we'll be using symmetric encryption, we'll be using cryptographic hash functions,
and we'll be using asymmetric encryption to solve problems.
And the main problem we're going to solve is how to authenticate
between a client and a server.
Any time we talk about cryptographic protocols, we have to think about what our threat model is.
If we want to argue that a protocol is secure, we need to understand the threat model,
which means knowing the capabilities of the adversary.
In order to argue the protocol is secure, we need to argue that an adversary
with only those capabilities will not be able to break the protocol.
So what are the kinds of things we need to assume?
The first main assumption is that the adversary has limited computational power.
And that generally means that we're assuming that our encryption primitives work
and the attacker who intercepts a message encrypted with some key k
is not able to decrypt it unless they know k
or have some other advantage for decrypting that message.
We also assume that hash functions have the properties they should--
that it's preimage resistant,
so an adversary who has the hash of x cannot figure out what x was,
and that they also have strong collision resistance--
that an adversary can't find 2 values that hash to the same output.
We might also make assumptions about what the attacker can do to the network.
If the attacker is passive, that would mean that they can only eavesdrop.
They can listen in on messages on the network, but they can't modify them
and they can't inject their own messages into the network.
A more powerful adversary would be an active attacker.
An active attacker controls the network.
They can modify data and messages. They can replay messages.
That means they can record messages on the network
and then at some later time replay a message that they heard previously.
They can also do attacks like we saw against Diffie-Hellman
where they act as a middleman intercepting traffic between 2 parties
and replacing it with their own traffic.
So let's have a quiz to see if you understand threat models.
Which of these threat models would be a good model for an adversary
who controls a router on the Internet?
