Information Theory for Cyber Security

HTCS401

UNIT 2
Secrecy, Authentication, Secret sharing
Optimistic results on perfect secrecy, Secret key agreement
Unconditional Security, Quantum Cryptography, Randomized Ciphers
Types of codes: block codes, Hamming and Lee metrics
Description of linear block codes, parity check Codes, cyclic code and
Masking techniques.
 Secrecy, Authentication and Secret sharing

Secrecy
Secrecy refers to the practice of keeping information confidential, ensuring that it is not accessible or disclosed to
unauthorized individuals.

Key points:

Confidentiality: Ensuring that information is accessible to authorized person only.

Encryption: A common method to achieve secrecy, where data is encoded so that only authorized parties can decode
and understand it.

Access Control: Implementing policies and procedures to restrict access to information.

 Secrecy, Authentication and Secret sharing

Authentication
It is the process of verifying the identity of a person . It ensures that entities are who they claim to be.

Key points:

Credentials: Common forms of authentication include something you know (passwords), something you have (smart
cards), and something you are (biometrics).

Multi-factor Authentication (MFA): Combining two or more authentication methods to enhance security.

Tokens and Certificates: Digital means to authenticate entities in various systems.

 Secrecy, Authentication and Secret sharing

Secret Sharing
It is a method used to distribute a secret among a group of participants, where each participant holds a piece of the
secret.

Key points:

Threshold Scheme: For example, in a (k, n) threshold scheme, the secret is divided into n shares, and any k of them
can be used to reconstruct the secret.

Shamir's Secret Sharing: A well-known algorithm for secret sharing based on polynomial interpolation.

Applications:
Used in scenarios like key management, secure voting systems, and distributed storage to ensure that no single entity
can compromise the entire secret.
 Perfect Secrecy

It is a concept in cryptography where a ciphertext provides no information about the original plaintext without knowledge
of the key. This means that even with infinite computational resources, an attacker cannot deduce any part of the plaintext
from the ciphertext alone.

Key Points of Perfect Secrecy:

Definition: A cryptographic scheme is perfectly secret if the probability distribution of the plaintext, given the
ciphertext, is the same as the probability distribution of the plaintext alone.
One-Time Pad: The only known cryptographic scheme that provides perfect secrecy. Each bit or character of the
plaintext is combined with a random bit or character from a one-time-use key of the same length as the plaintext.

Optimistic Results of Perfect Secrecy:

It includes the following:-
Unbreakable Encryption
Information-Theoretic Security
Secure Communication
 Secret key agreement

Secret key agreement is a method by which two or more parties can agree on a shared secret key, used for secure
communication, over an insecure channel. This shared key can then be used for encryption and decryption of messages.

Key Points:

Diffie-Hellman Key Exchange: A widely used method for secret key agreement. It allows two parties to generate a
shared secret key over a public channel without having to share the key itself over the channel.

Elliptic Curve Diffie-Hellman (ECDH): An enhancement of the Diffie-Hellman key exchange that uses elliptic curve
cryptography to provide similar security with smaller key sizes.

Authenticated Key Exchange: Protocols that combine key agreement with authentication, ensuring that the entities
involved in the key agreement are who they claim to be (e.g., authenticated Diffie-Hellman).
 Unconditional Security
It refers to the security that does not rely on any assumptions about the computational capabilities of an attacker. This
means that even with unlimited computational resources, an attacker cannot break the security of the system.

Key Points:

One-Time Pad: it is an encryption technique that cannot be cracked, but requires the use of a single-use key that is
equal to the size of the message being sent.

Quantum Key Distribution (QKD): it uses principles of quantum mechanics to securely distribute keys. It enables two
parties to generate a shared, secret key with provable security based on the laws of quantum physics.

Secret Sharing: Some secret sharing schemes provide unconditional security. For example, Shamir's Secret Sharing
ensures that an attacker cannot gain any information about the secret without obtaining a sufficient number of shares
 Quantum Cryptography
It uses the principles of quantum mechanics to secure the communication. It promises security based on the laws of
physics rather than computational complexity, providing a new pattern in cryptographic methods.

Key Concepts:
1. Quantum Key Distribution (QKD):
BB84 Protocol: The most well-known QKD protocol. It uses the polarization of photons to securely distribute a key
between two parties.
Security: QKD ensures that any eavesdropping attempt will disturb the quantum states, alerting the
communicating parties to the presence of an eavesdropper.
2. Quantum Entanglement:
Entangled States: Pairs of particles that remain connected so that the state of one particle instantaneously affects
the state of the other, no matter the distance between them.
Use in Cryptography: Entanglement can be used in QKD protocols (like E91) to detect eavesdropping.
3. No-Cloning Theorem:
Principle: It is impossible to create an identical copy of an unknown quantum state.
Implication: This ensures that an eavesdropper cannot make a perfect copy of the quantum information, providing
inherent security.
 Quantum Cryptography
Advantages of Quantum Cryptography:

Unconditional Security: Security is guaranteed by the laws of quantum mechanics, not by the assumed difficulty of
solving certain mathematical problems.
Detection of Eavesdropping: Any attempt to eavesdrop on the quantum channel disturbs the quantum states, which
can be detected by the legitimate parties.
Future-Proof: Resistant to potential future developments in computing power, such as quantum computers, which
could break classical cryptographic algorithms.

Challenges of Quantum Cryptography:

1. Cost: Quantum Cryptography is an expensive technology that requires specialized equipment and infrastructure,
making it difficult to implement on a large scale.
2. Distance limitations: The distance between the two parties is limited by the attenuation of the photons during
transmission, which can affect the quality of the communication channel.
3. Practical implementation: The implementation of Quantum Cryptography in real-world scenarios is still in its early
stages, and there is a need for more research and development to make it more practical and scalable.
 Randomized Ciphers
Randomized ciphers introduce randomness into the encryption process to enhance security. This randomness ensures
that encrypting the same plaintext multiple times results in different ciphertexts, making it more difficult for attackers to
deduce patterns or perform certain types of cryptographic attacks.

Key Concepts in Randomized Ciphers:

1.Initialization Vector (IV):
A non-secret, random value used along with the plaintext to produce unique ciphertexts.
Common in block cipher modes like CBC (Cipher Block Chaining) .

2.Nonce:
A number used once in the encryption process, similar to an IV but often with a broader scope.
Used in stream ciphers and authenticated encryption schemes .

3.Probabilistic Encryption:
An encryption scheme which uses randomness to produce different ciphertexts for the same plaintext.
Provides semantic security, ensuring that an attacker cannot learn anything about the plaintext from the ciphertext,
even if they see multiple ciphertexts of the same plaintext.
 Randomized Ciphers
Advantages of Randomized Ciphers:

Enhanced Security: Prevents patterns in ciphertexts, making cryptanalysis more difficult.

Semantic Security: Ensures that no information about the plaintext can be inferred from the ciphertext.
Resistance to Replay Attacks: Nonces and IVs ensure that replaying the same plaintext results in different ciphertexts
each time.

Challenges faced by randomized ciphers:

IV/Nonce Management: Proper generation, transmission, and management of IVs and nonces are crucial to
maintaining security.
Randomness Quality: The security of randomized ciphers depends on the quality of the randomness used. Poor
randomness can weaken security.
Performance Overhead: The use of additional randomness and IVs can introduce some performance overhead
compared to deterministic encryption methods.
 Types of Codes in Information Theory
Block Codes:
Block codes encode the data in fixed-size blocks, transforming k-bit messages into n-bit codewords.
Commonly used in error detection and correction to ensure data integrity in communication systems.

Linear Block Codes:

A block code where the codewords form a linear subspace, allowing linear combinations of codewords to produce
valid codewords.
Examples: Hamming codes

Hamming Codes:
Used in Error detection and correction.
A linear block code defined by parameters (n, k), where n=2^m−1 and k=n−m. The code can correct single-bit errors.
Example: The (7, 4) Hamming code encodes 4-bit messages into 7-bit codewords and can correct single-bit errors.
 Hamming and Lee Metrics
Hamming Metrics:

Measures the distance between two binary strings as the number of positions at which the corresponding bits are
different.
Applications: Used to determine error detection and correction capabilities in block codes.
Example: The Hamming distance between 1011101 and 1001001 is 3.

Lee Metrics:

A metric for non-binary codes, measuring the distance between symbols as the number of steps needed to transform
one symbol into another on a cyclic group.
Applications: Used for codes over non-binary alphabets, such as phase modulation schemes in digital
communication.
Example: For q-ary codes(error correcting codes), the Lee distance between symbols a and b is min⁡(∣a−b∣,q−∣a−b∣)
 Description of linear block codes, parity check Codes, cyclic code
Linear Block Codes:
Linear Block Codes are a type of error-correcting code used in digital communications and storage systems. They are
characterized by their linear properties, which allow for efficient encoding and decoding processes.

Key Features:

Linear Combination: The sum of any two codewords is also a valid codeword.
Matrix Representation: Often represented using generator matrices (G) and parity-check matrices (H).
Code Parameters: Defined by (n, k), where n is the length of the codeword and k is the length of the original
message. The code rate is k/n.

Encoding Process:

1. Generator Matrix (G): A k × n matrix used to generate codewords from message vectors.
2. Message Vector (m): A k-bit message.
3. Codeword (c): Obtained by multiplying the message vector by the generator matrix: c=m⋅Gc = m \cdot Gc=m⋅G.
 Description of linear block codes, parity check Codes, cyclic code
Decoding Process:

1. Parity-Check Matrix (H): An (n - k) × n matrix used to check the validity of codewords.

2. Syndrome Calculation: Multiply the received vector (r) by the transpose of the parity-check matrix: s=r⋅H^T.
The syndrome (s) indicates errors and (T) stands for transpose of matrix.
3.Error Correction: Use the syndrome to determine and correct errors in the received vector.

Parity-Check Codes:
Parity-Check Codes are a simple type of error-detecting code that can detect single-bit errors in transmitted data.

Key Features:

Single Parity Bit: Adds an extra bit to ensure the total number of 1's in the codeword is even (even parity) or odd (odd
parity).
Error Detection: Can detect any odd number of bit errors (including single-bit errors), but cannot correct errors.
 Description of linear block codes, parity check Codes, cyclic code
Encoding Process:

Message Vector: Original data bits.

Parity Bit Calculation: Compute the parity bit to make the total number of 1's even or odd.
Codeword: Append the parity bit to the message vector.

Example:
Message: 1101
Even Parity Bit: 0 (because 1101 has an odd number of 1's, adding a 0 makes it even)
Codeword: 11010

Cyclic Codes:
Cyclic Codes are a subclass of linear block codes with the additional property that cyclic shifts of codewords result in other
codewords. They are widely used due to their ease of implementation using shift registers.
 Description of linear block codes, parity check Codes, cyclic code
Key Features:
Cyclic Property: If c=(c0,c1,…,cn−1) is a codeword, then (cn−1,c0,c1,…,cn−2) is also a codeword.
Polynomial Representation: Codewords are represented as polynomials over a finite field.
Generator Polynomial (g(x)): A polynomial of degree n - k that generates all codewords.

Encoding Process:
1. Message Polynomial (m(x)): Represent the message as a polynomial.
2. Multiplication: Multiply the message polynomial by the generator polynomial: c(x)=m(x)⋅g(x).

Decoding Process:
1. Received Polynomial (r(x)): Represent the received vector as a polynomial.
2. Division: Divide the received polynomial by the generator polynomial to obtain the syndrome: r(x)=q(x)⋅g(x)+s(x).
If s(x) is zero, no error; otherwise, use the syndrome to detect and correct errors.
 Masking Techniques
Masking techniques are employed to protect sensitive data from being exposed to unauthorized users. These techniques
ensure that data remains secure while still allowing legitimate operations such as testing, development, and analysis. Here
are some common masking techniques used in cybersecurity.

Common Masking Techniques includes:

1.Data Substitution:
Replaces sensitive data with fictional, but realistic, data.
Application: Used in non-production environments to test applications with realistic data without exposing actual
sensitive information.
Example: Replacing real customer names with randomly generated names.

2.Shuffling:
Rearranges the data within a dataset so that the original data values are obscured.
Application: Maintains the data's statistical properties for analysis while protecting individual data points.
Example: Shuffling the order of social security numbers within a column.
 Masking Techniques
3.Encryption:
Converts data into a coded format that can only be read with a decryption key.
Application: Protects sensitive data during storage and transmission.
Example: Encrypting credit card numbers in a database using AES (Advanced Encryption Standard).

4.Tokenization:
Replaces sensitive data with unique tokens that reference the original data stored securely elsewhere.
Application: Often used in payment processing to protect credit card information.
Example: Replacing a credit card number with a token like "TKN-123456".

5.Generalization:
Replaces specific data points with broader categories.
Application: Protects specific details while allowing for broader analysis.
Example: Converting a precise address to just the city or zip code.
 Masking Techniques
Advantages:

Enhanced Security: Protects sensitive data from unauthorized access and breaches.
Compliance: Helps organizations comply with data protection regulations such as GDPR, HIPAA, and PCI-DSS.
Preserves Data Utility: Allows use of data for testing and analysis without exposing sensitive information.

Disadvantages:

Complex Implementation: Properly implementing masking techniques can be technically challenging and resource-intensive.
Performance Overhead: Techniques like encryption can introduce latency and processing overhead.
Data Utility Loss: Over-masking can reduce the usability of data for legitimate analysis and business processes.

Masking techniques in cybersecurity are crucial for protecting sensitive data from unauthorized access and ensuring compliance
with data protection regulations. By implementing appropriate masking methods, organizations can safeguard their data while still
enabling legitimate operations like testing, development, and analysis.