confidentialy using conventional encryption – chapter 7
DESCRIPTION
CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7. Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation. - PowerPoint PPT PresentationTRANSCRIPT
CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7
• Historically – Conventional Encryption• Recently – Authentication, Integrity,
Signature, Public-key • Link• End-to-End• Traffic-Analysis• Key Distribution• Random Number Generation
2
Points of Vulnerability
L A N
C omm sSer ver
W orkstation
W ir ingC loset
F r ame R elayor A T MN etwor k
T elcoC entr alO ffice
F igur e 7.1 P oints of V ulner abil ity
3
Link / End-to-End
P acket-switchingnetwork
P SN P SN
P SN
P SN
= end-to-end encryption device
= link encryption device
P SN = packet sw itching node
F igur e 7.2 E ncr yption A cr oss a P ack et-Sw itching N etwork
• Link - both ends of link - many encryps / decryps - all links use it - decrypt at packet switch (read addr.) - unique key / node pair• End- to-End - only at ends - data encrypted, not address (header) - one key pair - traffic pattern insecure - authentication from sender
Confidentiality
Table 7.1
Characteristics of Link and End-to-End
- Data secure at nodes - Authentication
• LINK – low level (physical/link)• END-TO-END – network (X.25) End0
End1 (ends separately End2
protected)
Cannot service internet traffic
Both Link and End-to-End
Front-End Processor Function
E-mail Gateway
F igur e 7.4 E ncr yption C over age I mplications of Stor e-and-F or war d C ommunications
E mail
P resentation
Session
T ranspor t
N etwor k
Data L ink
P hysical
P resentation
Session
T ranspor t
N etwor k
Data L ink
P hysical
Scope of link -levelencryption
Scope of end-to-end encryption below application layer
E mail
T C P
I P
Data L ink
P hysical
E mail
T C P
I P
Data L ink
P hysical
E mail
O SI E ndSystem
M ail G ateway T C P /I P E ndSystem
Scope of A pplication-L ayer E nd-to-E nd E ncryption
I nternetwork Internetwork
OSI email gateway TCP
• no end-to-end protocol below appl. layer• networks terminate at mail gateway• mail gateway sets up new transport/network connections• need end-to-end encryp. at appl. Layer - disadvantage: many keys
E-mail Gateway
Various Encryption StrategiesL ink -H Net-H I P -H T C P -H Data L ink -T
(a) A pplication-L evel E ncryption (on link s and at routers and gateways)
F igur e 7.5 R elationship between E ncr yption and P r otocol L evels
T C P -HShading indicates encryption. = T C P headerIP-H = IP headerN et-H = N etw ork- level header (e.g., X .25 packet header, L L C header)L ink-H = D ata link control protocol headerL ink-T = D ata link control protocol trailer
O n links and at routers
In gateways
(b) T C P -L evel E ncryption
O n links
In routers and gateways
(c) L ink -L evel E ncryption
L ink -H Net-H I P -H T C P -H Data L ink -T
L ink -H Net-H I P -H T C P -H Data L ink -T
L ink -H Net-H I P -H T C P -H Data L ink -T
L ink -H Net-H I P -H T C P -H Data L ink -T
Traffic Confidentiality• Identities• Message Frequency• Message Pattern• Event Correlation• Covert ChannelLink• Headers encrypted• Traffic padding (Fig 7.6)End-to-End• Pad data• Null messages
Traffic Padding
E ncr yptionalgorithm
C ontinuousr andom-data
gener ator
D iscontinuousplaintext input
K ey
C ontinuouscipher text output
F igur e 7.6 T r affic-P adding E ncr yption Device
KEY DISTRIBUTION1. Physically deliver2. Third party physically select/deliver3. EKold
(Knew) →4. End-to-End(KDC): A EKA(Knew) C EKB(Knew) B
N hosts → (N)choose(2) keys – Fig 7.7
KDC – Key hierarchy – Fig 7.8 Session Key – temporary : end ↔ end
Only N master keys – physical delivery
#End-to-End Keys
106
107
108
109
Nu
mb
er o
f k
ey
s
5 6 7 8 9
103
2 3 4 5 6 7 8 9
104
2 3 4 5 6 7 8 9
105
Number of endpoints
F igur e 7.7 N umber of K eys R equir ed to Suppor t A rbitrar yC onnections B etween E ndpoints
Key Hierarchy
D ata C r yptogr aphicP r otection
Session K eys C r yptogr aphicP r otection
M aster K eys N on-C r yptogr aphicP r otection
F igur e 7.8 T he U se of a K ey H ier ar chy
16
KEY DISTRIBUTION SCENARIO
(1) R equest || N 1
K ey distributionsteps
A uthenticationsteps
F igur e 7.9 K ey D istr ibution Scenar io
I nitiatorA
R esponderB
K eyD istr ibution
C enter (K D C )
(2) E K a[K s || R equest || N 1] || E K b(K s, ID A )]
(4) E K s[N 2]
(5) E K s[f(N 2)]
(3) E K b[K s || ID A ]
KEY DISTRIBUTIONUser shares Master Key with KDCSteps 1-3 : Key DistributionSteps 3,4,5 : Authentication
Key Distribution Centre (KDC) Hierarchy
LOCAL KDCs KDCX KDCA KDCB A B
Key selected by KDCA, KDCB, or KDCX
LIFETIMEShorter Lifetime → Highter Security
→ Reduced Capacity
Connection-oriented: - change session key periodically
Connectionless: - new key every exchange
or #transactions or after time period
Key Distribution (connection-oriented)
End-to-End (X.25,TCP), FEP obtains session keys
H O ST H O ST
K D C
network
F E P
FEP
FEP
1
2 3
4
1. H ost sends pack et requesting connection
2. F r ont end buffer s pack et; ask s K D C for session key
3. K D C distr ibutes session key to both fr ont ends
4. B uffer ed pack et tr ansm itted
F E P = fr ont end pr ocessorK D C = key distr ibution center
F igur e 7.10 A utomatic K ey D istr ibution for C onnection-O r iented P r otocol
Decentralised Key Control
Not practical for large networks - avoids trusted third party
(1) R equest || N 1
F igur e 7.11 D ecentralized K ey D istr ibution
I nitiatorA
R esponderB
(2) E M K m[K s || R equest || ID A || f(N 1) || N 2 ]
(3) E K s[ f(N 2) ]
KEY USAGE
key types : Data, PIN, Filekey tags : Session/Master/Encryp/Decryp
Control Vector:associate session key with control vector
(Fig 7.12)
Control Vector Encryp. and Decryp.C ontrolV ector
M asterK ey
SessionK ey
H ashingF unction
K eyinput
P laintextinput
E ncryptionF unction
E ncr yptedSession K ey
(a) C ontrol V ector E ncryption
C ontrolV ector
M asterK ey
E ncr yptedSession K ey
H ashingF unction
K eyinput
P laintextinput
DecryptionF unction
Session K ey
(b) C ontrol V ector Decryption
F igur e 7.12 C ontrol V ector E ncr yption and D ecr yption
» »
PRNG From Counter
C
C + 1
C ounter w ithP er iod N
E ncryptionA lgor ithm
M aster K eyK m
X i = E K m[C + 1]
F igur e 7.13 P seudor andom N umberG eneration F rom a C ounter
ANSI X9.17 PRNG
E D E
E D E
E D E
K 1, K 2
D T i
V i
R i
V i+1
F igur e 7.14 A N SI X 9.17 P seudor andom N umber G enerator
Random Number Generation
• Linear Congruential Generator Xn+1 = (aXn + c) mod m
• Encryption : DES (OFB) – (Fig 7.14)
• Blum Blum Shub (BBS) X0 = s2 mod n for i = 1 to infinity Xi = (Xi-1)2 mod n Bi = Xi mod 2