Chapter 14 Network Encryption

Communications Security Physical protection works for local networks Impractical for long-distance communications Types of attacks Passive – eavesdropping or sniffing Active – maliciously create or modify data Crypto techniques protect data when outside our physical control Confidentiality, Integrity Authenticity, Nonrepudiation

Crypto by Layers

Applying Crypto Layers We get different results when we apply crypto at different layers Different key distribution requirements Data protected in different places and ways Transparency – does crypto interfere? Network transparency: can the network still carry our traffic with the crypto applied? Application transparency: is crypto applied without affecting the application?

Layer 2: Link Encryption

Layer 3: Network Encryption

Layer 4: Transport Encryption

Layer 7: Application Encryption

Administrative and Policy Issues Scope of sniffing protection Traffic filtering – does the crypto interfere? Automatic encryption – must we rely on the end user to enable crypto for sensitive data? Access to Internet sites – full, automatic encryption makes Internet access impossible End-to-end crypto – do we need to associate crypto operations with end users? Keying – do end users need to manage keys? We will review all of these at the end

Crypto Keys on the Network The key management problem Ensure that the right people have keys Prevent attackers from uncovering keys Key distribution objectives Ensure that keys are changed periodically Change keys when access rights change The default keying risk: keys installed by vendor Default keys work “out of the box” Attackers also have copies of the default keys

Key Distribution Strategies One big cryptonet – share the same secret key with everyone who must communicate safely Groups of cryptonets – share the same key among smaller communities of users Pairwise key sharing – one per endpoint pair Key distribution center – a shared server that distributes working keys to approved users Public key distribution – use public key techniques to distribute keys

Key Distribution Techniques Manual keying Distribute all keys ‘by hand’ in person or via trustworthy couriers – often a starting point Simple rekeying Unreliable tricks to replace an existing key Secret-key techniques Wrapping, KDCs, hashing Public-key techniques Diffie-Hellman, RSA

Simple Rekeying: Weak Self-rekeying Use a PRNG to transform the current key into a new one Separate endpoints can apply the same PRNG to yield the same key New keys encrypted with old Generate a new, random key Use previous key to encrypt it for distribution Both techniques may leak all traffic if old keys are disclosed

Stronger Secret Key Building Blocks Key Wrapping Use wrapping technique from Chapter 8 to protect keys carried in network messages Traffic encrypting Key (TEK) wrapped by KEK Key Distribution Center (KDC) The center distributes wrapped keys Authorized users share a secret with the KDC Shared Secret Hashing Generate a new key using a one-way hash

Key Wrapping

Key Distribution Center

Shared Secret Hashing

Public Key Building Blocks Anonymous Diffie-Hellman secret sharing D-H inherently constructs a shared secret We can use it to construct a temporary shared secret for any two endpoints RSA key wrapping (encapsulation) One endpoint (the client) creates a secret key shared with the other endpoint (the server) Only the server needs a public key pair Client needs a copy of the server’s public key

Anonymous Diffie-Hellman

RSA Key Wrapping

Trade-Off: Public and Secret Keys Limited resources Clearly defined user community Revocation must be timely and reliable Small user community Trustworthy servers are available Public Key User community can’t be identified ahead of time Large community, and Untrustworthy server computer Inefficient revocation is an acceptable risk

Application Layer Encryption

Email key wrapping and encryption [Insert figure 14.16]

Transport Layer Security: SSL/TLS Secure Sockets Layer (SSL) Developed by Netscape in 1994 Part of commercial client/server Web package First really successful public-key application Inherited by the IETF Now called Transport Layer Security (TLS) Three-part protocol Handshake protocol – key exchange Record protocol – data exchange Alert protocol – errors and session shutdown

SSL Handshake Protocol

SSL Key Construction

SSL Record Transmission

Network Layer Encryption Provides both application transparency and network transparency Primary use: Virtual Private Networks (VPNs) Network carries plaintext inside a site VPN gateway encrypts data between sites “proxy encryption” Remote users use VPN crypto to access site IPsec – IP Security Protocol Used for Internet VPNs

Example VPN

Encryption by an IPsec Gateway

IPsec Encrypted Packet

Internet Key Exchange (IKE) Protocol

Wireless LAN Encryption Wireless Equivalent Privacy (WEP) Introduced with early Wi-Fi products Used RC4 and 40-bit keys Later increased to 128-bit keys (WEP 2) Successful attacks in early 2000s Wireless Protected Access (WPA, WPA2) First WPA designed to work with existing Wi-Fi hardware (still used RC4) WPA2 uses AES, improved integrity protection, and improved key exchange

WPA2 Crypto Format

Crypto Policy: Sniffing

Crypto Policy: Automatic Encryption

Crypto Policy: Others

End of Chapter 14