 Week 1: Chapters 2,3, and 4;

 Week 2: Chapters 5, 6, and 7;

 Week 3: Chapters 8,9, and 10;
 Week 4: Chapters 11,12, and 13;
 Week 5: Chapters 14,15,16, and 17;
 Week 6: Chapters 18,19, 20, and 21

A security system is only as strong as its weakest link.

 Chapter 1:
1st rule: Critical mind => Professional paranoia
-Role of cryptography:
Crypto = Lock => useless alone, part of larger system, which can be:
*door of building, wall + people accessing it
Crypto: part of system that gives access to system to some people and not to others
distinguish between good and bad access
Crypto: only truly useful if the rest of the security system is also sufficiently secure
(attackers may find buffer overflow vulnerabilities to exploit and not even bother breaching
crypto)
Crypto needs to be robust: Many modes of attack leave traces, or disturb the system in
some way. An attack on the cryptography can be fleeting and invisible, allowing the
attacker to come back again and again (accessing as a good guy)
-Weakest link property:
A security system is only as strong as its weakest link/part
Describe security system using: hierarchical tree structure
=> 1st-level: principal parts of the whole system + interconnections
2nd-level: each part looked at as another system, described
etc.
Attack tree: to be looked for
Strengthening anything but the weakest link is useless
which link is the weakest depends on the situation
=> strengthen any link that could in a situation be the weakest
=> strengthen multiple links so that if one link fails, remaining links still provide security =
defense in depth (redundancy)
 Chapter 2:
Encryption:

Kirchhoff’s Principle:
The security of the encryption scheme must depend only on the secrecy of the key
K, and not on the secrecy of the algorithm
Digital Signature:

PKI:
Make sure B is the one that publish (Pb, Sb) and not someone usurping his identity
AES :

AES alone (block cipher alone) must be used on data which length is exactly = block size =
16 bytes per aes-key (for enc and dec)
Expanding keys for encryption != Expanding keys for decryption
For variable-length input, block cipher modes
*ECB and CBC: use aes_encrypt() function => need padding (either manually obligatory for
ECB, possible for CBC, or integrated in algo of CBC)
IV can either be randomly generated (Pseudorandom generators) or nonce-generated (from
a unique nonce)
If random, the whole IV should be sent
If nonce-generated, only need to send nonce info to enable other to generate same iv

To use CFB to make a self-synchronizing stream cipher that will synchronize for any multiple
of x bits lost, start by initializing a shift register the size of the block size with the initialization
vector. This is encrypted with the block cipher, and the highest x bits of the result are XOR'ed
with x bits of the plaintext to produce x bits of ciphertext. These x bits of output are shifted
into the shift register, and the process repeats with the next x bits of plaintext. Decryption is
similar, start with the initialization vector, encrypt, and XOR the high bits of the result with x
bits of the ciphertext to produce x bits of plaintext. Then shift the x bits of the ciphertext into
the shift register. This way of proceeding is known as CFB-8 or CFB-1 (according to the size of
the shifting).[15]
In notation, where Si is the ith state of the shift register, a << x is a shifted up x bits, head(a,
x) is the x highest bits of a and n is number of bits of IV:

If x bits are lost from the ciphertext, the cipher will output incorrect plaintext until the shift
register once again equals a state it held while encrypting, at which point the cipher has
resynchronized. This will result in at most one blocksize of output being garbled.
Like CBC mode, changes in the plaintext propagate forever in the ciphertext, and encryption
cannot be parallelized. Also like CBC, decryption can be parallelized. When decrypting, a
one-bit change in the ciphertext affects two plaintext blocks: a one-bit change in the
corresponding plaintext block, and complete corruption of the following plaintext block.
Later plaintext blocks are decrypted normally.
CFB shares two advantages over CBC mode with the stream cipher modes OFB and CTR: the
block cipher is only ever used in the encrypting direction, and the message does not need to
be padded to a multiple of the cipher block size (though ciphertext stealing can also be used
to make padding unnecessary).