2018 SUMMER

INTERNSHIP
BY ROWAN BRIGGS
CYBERSECURITY AND ITS TEN DOMAINS

• By University System of Georgia

• With Dr. Humayun Zafar
WEEK 1

• Importance of Cybersecurity
• Aspects of our lives rely on the Internet and computers
• It is important that we protect information and systems we rely on

• Examples of Threats
• Phishing scams
• Data theft
BITCOIN AND CRYPTOCURRENCY TECHNOLOGY

• By Princeton University
• With:
• Dr. Joseph Bonneau
• Dr. Ed Felten
• Dr. Arvind Narayanan
• And his PhD student: Andrew Miller
WEEK 1: TERMINOLOGY

• Hash Function
• Takes any string
• Fixed size output
• Efficiently computable
WEEK 1: TERMINOLOGY

• Security Properties
• Collision-free
• Hiding
• Puzzle Friendly
WEEK 1: SECURITY PROPERTIES

• Collision-free
• Cannot find x and y such that x != y AND H(x) = H(y)

• However, no H is proven collision free

• 2^130 randomly chosen inputs gives a 99.8% chance of finding a collision

WEEK 1: SECURITY PROPERTIES

• Hiding
• Given H(x), it is difficult to find x
• Assuming r is chosen from a random distribution then given: H(r|x), x is not findable
• This creates: Commitment
WEEK 1: HIDING-COMMITMENT

• Given a commitment, we cannot find the message

• Binding:
• Cannot find a committed message that is changeable later

• Essentially:
• H(key|msg) != H(key|msg’)
WEEK 1: SECURITY PROPERTIES

• Puzzle-friendly
• For every possible y:
• If k is chosen from a distribution then it is infeasible to find x such that:
• H(k|x) = y
WEEK 1: DATA STRUCTURES

• Cryptocurrencies use Data Structures

• Hash pointers are pointers to where some information is located

• Using hash pointers, we can get info back and verify it

• Any pointer based data structure can use hash pointers

WEEK 1: DIGITAL SIGNATURES

• 2 things needed for digital signatures

• Only YOU can sign but anyone can verify
• So a valid signature will verify
• Signature cannot be cut and pasted
• In other words, signatures cannot be forged
CRYPTOGRAPHY I

• By Stanford University
• Dr. Dan Boneh
WEEK 1: CRYPTOGRAPHY

• Two main ways to ensure no eavesdropping/modifying of data

• Handshake Protocol
• Establish a shared secret key using Cryptography
• Record Layer
• Transmit data using shared secret key
WEEK 1: CRYPTOGRAPHY

• Steps in Cryptography
• Precisely specify threat model

• Propose a construction

• Prove that breaking construction under threat mode will solve an underlying hard problem
WEEK 1: CRYPTOGRAPHY

• What about xor?

• XOR involves adding together two strings (K, M) and then %2
• Examples:
• X: 0 y: 0 X⊕Y: 0
• X: 0 y: 1 X⊕Y: 1
• X: 1 y: 0 X⊕Y: 1
• X: 1 y: 1 X⊕Y: 0
WEEK 1: CRYPTOGRAPHY

• OTP (One Time Pad)

• A cipher defined over(K, M, C)
• K: all possible keys
• M: all possible messages
• C: all possible ciphers
• E: Encrypt (randomized)
• D: Decrypt (deterministic)
• E: K x M = C D: K x C = M
WEEK 1: CRYPTOGRAPHY

• Rules for Secrecy

• Perfect Secrecy if |K| >= |M|

• Cipher Text should reveal no information about plain text

WEEK 1: CRYPTOGRAPHY

• Advantages of OTP
• First example of a “secure” cipher
• Fast

• Disadvantages of OTP
• Long keys
• Hard to Use
• Message can be modified

• This makes OTP impractical

WEEK 1: CRYPTOGRAPHY

• How can we make OTP practical?

• Replace r, random numbers, with pseudorandom number

• How Do you make a pseudo random generator?

• Make sure that your PRG is unpredictable
• Pr[A(G(k))] – Pr[A(r)] = ?
WEEK 1: CRYPTOGRAPHY

• What about a Two Time Pad?

• A Two Time Pad is insecure
• If same pad is used two encrypt to different texts, then someone could figure out how to
decrypt the two time pad
• A good example of Two Time Pad not working is WEP
WEEK 1: REVIEW

• Cybersecurity is important

• XOR

• Data Structures and Hash Pointers