update

content/CSE4303/CSE4303_L10.md

@@ -0,0 +1,175 @@
+# CSE4303 Introduction to Computer Security (Lecture 10)
+
+## MACs
+
+### MACs from Hash Functions
+
+Construction:
+
+$S_{big}(k, m) = S(k, H(m))$  
+$V_{big}(k, m, t) = V(k, H(m), t)$
+
+If:
+- $S$ is secure MAC for short messages
+- $H$ is collision resistant
+
+Then $S_{big}$ is secure MAC.
+
+If collision exists:
+If $H(m_0) = H(m_1)$,
+query tag for $m_0$,
+forge $(m_1, t)$.
+
+### HMAC
+
+$HMAC(k, m) = H((k \oplus opad) \| H((k \oplus ipad) \| m))$
+
+Used in:
+- TLS
+- IPsec
+- SSH
+
+Properties:
+- Built from hash function (for example SHA-256)
+- Provably secure under PRF assumptions
+
+### Timing Attacks on MAC Verification
+
+Problem:
+Byte-by-byte comparison leaks timing information.
+
+Attack:
+1. Send random tag.
+2. Guess first byte.
+3. Detect timing increase.
+4. Repeat per byte.
+
+Defense 1:
+Constant-time comparison loop.
+
+Defense 2:
+Double-HMAC comparison:
+Compare $HMAC(k, mac)$ with $HMAC(k, sig)$.
+
+### Authenticated Encryption (AE)
+
+AE provides:
+1. Confidentiality (CPA security)
+2. Ciphertext integrity
+
+Cipher:
+
+$E : K \times M \times N \to C$  
+$D : K \times C \times N \to M \cup \{\bot\}$
+
+Ciphertext integrity:
+Attacker cannot produce new valid ciphertext.
+
+Theorem:
+AE implies CCA security.
+
+Implication:
+If $D(k, c) \neq \bot$,  
+receiver knows sender had key.
+
+### Encrypt-then-MAC
+
+Correct construction:
+
+1. Compute $c = E(k_E, m)$
+2. Compute $tag = S(k_I, c)$
+3. Send $(c, tag)$
+
+Encrypt-then-MAC is always secure ordering.
+
+### AE Standards
+
+- GCM: CTR mode encryption then polynomial MAC
+- CCM: CBC-MAC then CTR mode encryption
+- EAX: CTR mode encryption then CMAC
+
+All support AEAD:
+Authenticated Encryption with Associated Data.  
+Example: authenticate packet headers but do not encrypt them.
+
+## Asymmetric Crypto Authentication: Digital Signatures
+
+### Motivation
+
+Goal:
+Bind document to author.
+
+Digital problem:
+Anyone can copy a visible signature from one document to another.
+
+Solution:
+Make signature depend on document contents.
+
+### Digital Signature Scheme
+
+Components:
+- Secret signing key $sk$
+- Public verification key $pk$
+- $Sign(sk, m) \to signature$
+- $Verify(pk, m, sig) \to$ accept or reject
+
+Property:
+Anyone can verify.  
+Only signer can produce valid signature.
+
+### Signing a Certificate
+
+Process:
+1. Compute hash of data.
+2. Sign hash with secret key.
+3. Attach signature to data.
+
+Verification:
+1. Compute hash of received data.
+2. Verify signature using public key.
+3. Accept if hashes match.
+
+### Software Signing
+
+Software vendor:
+- Signs update with secret key.
+- Publishes update and signature.
+
+Clients:
+- Use vendor public key.
+- Verify signature.
+- Install only if valid.
+
+Allows distribution via untrusted hosting site.
+
+## Review: Three Approaches to Data Integrity
+
+1. Collision resistant hashing  
+   Requires secure read-only public space.  
+   No secret keys.  
+   Suitable for public verification.
+
+2. MACs  
+   Requires shared secret key.  
+   Must compute new MAC per user.  
+   Suitable when one signs and one verifies.
+
+3. Digital signatures  
+   Requires long-term secret key.  
+   Public verification.  
+   Suitable when one signs and many verify.
+
+## Crypto Summary
+
+Cryptographic goals:
+- Confidentiality
+- Data integrity
+- Authentication
+- Non-repudiation
+
+Primitives:
+- Hash functions
+- MACs
+- Digital signatures
+- Symmetric ciphers
+- Public key ciphers

content/CSE4303/CSE4303_L9.md

@@ -218,6 +218,8 @@ Public verifiability works if read-only space is trusted.
 
 ## Symmetric Crypto Authentication: MACs and AE
 
+This section can also be found here [CSE442T Introduction to Cryptography (Lecture 18)](https://notenextra.trance-0.com/CSE442T/CSE442T_L18/#chapter-5-authentication)
+
 ### Message Authentication Codes (MACs)
 
 Definition:
@@ -250,175 +252,3 @@ then derived MAC is secure.
 Condition:
 $1 / |Y|$ must be negligible.  
 Example: $|Y| = 2^{80}$.
-
-### MACs from Hash Functions
-
-Construction:
-
-$S_{big}(k, m) = S(k, H(m))$  
-$V_{big}(k, m, t) = V(k, H(m), t)$
-
-If:
-- $S$ is secure MAC for short messages
-- $H$ is collision resistant
-
-Then $S_{big}$ is secure MAC.
-
-If collision exists:
-If $H(m_0) = H(m_1)$,
-query tag for $m_0$,
-forge $(m_1, t)$.
-
-### HMAC
-
-$HMAC(k, m) = H((k \oplus opad) \| H((k \oplus ipad) \| m))$
-
-Used in:
-- TLS
-- IPsec
-- SSH
-
-Properties:
-- Built from hash function (for example SHA-256)
-- Provably secure under PRF assumptions
-
-### Timing Attacks on MAC Verification
-
-Problem:
-Byte-by-byte comparison leaks timing information.
-
-Attack:
-1. Send random tag.
-2. Guess first byte.
-3. Detect timing increase.
-4. Repeat per byte.
-
-Defense 1:
-Constant-time comparison loop.
-
-Defense 2:
-Double-HMAC comparison:
-Compare $HMAC(k, mac)$ with $HMAC(k, sig)$.
-
-### Authenticated Encryption (AE)
-
-AE provides:
-1. Confidentiality (CPA security)
-2. Ciphertext integrity
-
-Cipher:
-
-$E : K \times M \times N \to C$  
-$D : K \times C \times N \to M \cup \{\bot\}$
-
-Ciphertext integrity:
-Attacker cannot produce new valid ciphertext.
-
-Theorem:
-AE implies CCA security.
-
-Implication:
-If $D(k, c) \neq \bot$,  
-receiver knows sender had key.
-
-### Encrypt-then-MAC
-
-Correct construction:
-
-1. Compute $c = E(k_E, m)$
-2. Compute $tag = S(k_I, c)$
-3. Send $(c, tag)$
-
-Encrypt-then-MAC is always secure ordering.
-
-### AE Standards
-
-- GCM: CTR mode encryption then polynomial MAC
-- CCM: CBC-MAC then CTR mode encryption
-- EAX: CTR mode encryption then CMAC
-
-All support AEAD:
-Authenticated Encryption with Associated Data.  
-Example: authenticate packet headers but do not encrypt them.
-
-## Asymmetric Crypto Authentication: Digital Signatures
-
-### Motivation
-
-Goal:
-Bind document to author.
-
-Digital problem:
-Anyone can copy a visible signature from one document to another.
-
-Solution:
-Make signature depend on document contents.
-
-### Digital Signature Scheme
-
-Components:
-- Secret signing key $sk$
-- Public verification key $pk$
-- $Sign(sk, m) \to signature$
-- $Verify(pk, m, sig) \to$ accept or reject
-
-Property:
-Anyone can verify.  
-Only signer can produce valid signature.
-
-### Signing a Certificate
-
-Process:
-1. Compute hash of data.
-2. Sign hash with secret key.
-3. Attach signature to data.
-
-Verification:
-1. Compute hash of received data.
-2. Verify signature using public key.
-3. Accept if hashes match.
-
-### Software Signing
-
-Software vendor:
-- Signs update with secret key.
-- Publishes update and signature.
-
-Clients:
-- Use vendor public key.
-- Verify signature.
-- Install only if valid.
-
-Allows distribution via untrusted hosting site.
-
-## Review: Three Approaches to Data Integrity
-
-1. Collision resistant hashing  
-   Requires secure read-only public space.  
-   No secret keys.  
-   Suitable for public verification.
-
-2. MACs  
-   Requires shared secret key.  
-   Must compute new MAC per user.  
-   Suitable when one signs and one verifies.
-
-3. Digital signatures  
-   Requires long-term secret key.  
-   Public verification.  
-   Suitable when one signs and many verify.
-
-## Crypto Summary
-
-Cryptographic goals:
-- Confidentiality
-- Data integrity
-- Authentication
-- Non-repudiation
-
-Primitives:
-- Hash functions
-- MACs
-- Digital signatures
-- Symmetric ciphers
-- Public key ciphers