Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Confidentiality Cryptography & Network Security H. Yoon Confidentiality Using Conventional Encryption Where should cryptographic functionality be located?

Published byAlban Wilkins Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Confidentiality Cryptography & Network Security H. Yoon Confidentiality Using Conventional Encryption Where should cryptographic functionality be located?"— Presentation transcript:

1 1 Confidentiality Cryptography & Network Security H. Yoon Confidentiality Using Conventional Encryption Where should cryptographic functionality be located? How can we make communications confidential? How do we distribute keys? What is the role of random numbers?

2 2 Confidentiality Cryptography & Network Security H. Yoon Placement of Encryption Function Networks are vulnerable to active and passive attacks –Many potential locations for confidentiality attacks »By network tapping or other means »Passive inductive attacks on electrical signaling »Phone and wiring closets may be accessible to outsiders »Satellite links are easy to monitor »etc Placement of encryption function Points of Vulnerability

3 3 Confidentiality Cryptography & Network Security H. Yoon Link vs. End-to-End Encryption Placement of encryption function The most powerful and most common approach to securing the points of vulnerability is encryption If encryption is to be used to counter these attacks, need to decide what to encrypt and where the encryption should be located Two fundamental alternatives: –Link encryption –End-to-end encryption

4 4 Confidentiality Cryptography & Network Security H. Yoon Link vs. End-to-End Encryption Placement of encryption function

5 5 Confidentiality Cryptography & Network Security H. Yoon Logical Placement of E2E Encryption Function Link encryption occurs at either the physical or link layers For end-to-end encryption, several choices are possible At the lowest practical layer, the encryption function could be performed at network layer All the user processes and applications within each end system would employ the same encryption scheme with the same key With this arrangement, front-end processor may be used to off-load the encryption function Placement of encryption function

6 6 Confidentiality Cryptography & Network Security H. Yoon Logical Placement of E2E Encryption Function X.25 or TCP provide end-to-end security for traffic within a fully integrated internetwork. However, such a scheme cannot deliver the necessary service for traffic that crosses internetwork boundaries, such as E-Mail, EDI, and file transfer In this case, the only place to achieve end-to-end encryption is at the application layer A drawback of application-layer encryption is that the number of entities to consider increases dramatically Many more secret keys need to be generated and distributed Placement of encryption function

7 7 Confidentiality Cryptography & Network Security H. Yoon Logical Placement of E2E Encryption Function Placement of encryption function

8 8 Confidentiality Cryptography & Network Security H. Yoon Logical Placement of E2E Encryption Function Placement of encryption function

9 9 Confidentiality Cryptography & Network Security H. Yoon Traffic Confidentiality Security from traffic analysis attack –Knowledge about the number and length of messages between nodes may enable an opponent to determine who is talking to whom Types of information derivable from traffic analysis –Identities of communicating partners –Frequency of communication –Message patterns, e.g., length, quantity, (encrypted) content –Correlation between messages and real world events Can (sometimes) be defeated through traffic padding Traffic Confidentiality

10 10 Confidentiality Cryptography & Network Security H. Yoon Countermeasure to Traffic Analysis Link encryption approach –Link encryption hides address information –Traffic padding is very effective End-to-End encryption approach –Leaves addresses in the clear –Measures available to the defender are more limited »Pad out data units to a uniform length at either the transport or application level »Null message can be inserted randomly into the stream Traffic Confidentiality

11 11 Confidentiality Cryptography & Network Security H. Yoon Covert Channel Essentially, the dual of traffic analysis A means of communication in a fashion unintended by the designers of the communication facility Usually intended to violate or defeat a security policy Examples –Message length –Message content –Message presence Traffic Confidentiality

12 12 Confidentiality Cryptography & Network Security H. Yoon Key Distribution For conventional encryption to work, the two parties must share the same key and that key must be protected from access by others Alice’s options in establishing a shared secret key with Bob include –Alice selects a key and physically delivers it to Bob –Trusted third party key distribution center (T3P or KDC) selects a key and physically delivers it to Alice and Bob –If Alice and Bob have previously and recently used a key, it can be used to distribute a new key –If Alice and Bob have keys with the T3P, rekeying can be accomplished similarly Key Distribution

13 13 Confidentiality Cryptography & Network Security H. Yoon Key Distribution Manual delivery is a reasonable requirement with link encryption, challenging with E2E encryption –The number of keys grows quadratically with the number of endpoints T3P key(s) constitute a rich target of opportunity Initial (master) key distribution remains a challenge

14 14 Confidentiality Cryptography & Network Security H. Yoon Use of a Key Hierarchy Use of a key distribution center is based on the use of a hierarchy of keys –Session keys –Master keys Key Distribution

15 15 Confidentiality Cryptography & Network Security H. Yoon A Key Distribution Scenario Assume each principal shares a unique master key with the KDC Alice desires a one-time session key to communicate with Bob Alice issues a request to the KDC for a session key to be used with Bob. Alice’s request includes a nonce to prevent replay attack KDC responds with a message encrypted under Alice’s key. The message contains the session key, the nonce, and the session key along with Alice’s identity encrypted under Bob’s key Alice forwards the data encrypted under Bob’s Key to Bob Alice and Bob mutually authenticate under the session key –Alice sends a nonce to Bob encrypted under the session key –Bob applies a transformation to the nonce and sends the result back to Alice Key Distribution

16 16 Confidentiality Cryptography & Network Security H. Yoon A Key Distribution Scenario Key Distribution

17 17 Confidentiality Cryptography & Network Security H. Yoon Hierarchical Key Control Instead of a single KDC, a hierarchy of KDCs can be established; local KDCs and a golbal KDC Local KDCs exchange keys through a global KDC Can be extended to three or more layers (hierarchy) Key Distribution

18 18 Confidentiality Cryptography & Network Security H. Yoon Session Key Lifetime Tradeoffs in the session key lifetime The more frequent session keys, the more secure, but the less performance (the more network load and delay) For connection-oriented protocols, one option is to associate a session with a connection For long-lived connections, must periodically rekey For connectionless protocols, rekey at intervals Key Distribution

19 19 Confidentiality Cryptography & Network Security H. Yoon A Transparent Key Control Scheme Key Distribution

20 20 Confidentiality Cryptography & Network Security H. Yoon Decentralized Key Distribution Key Distribution 1.A issues a request to B for a session key and includes a nonce, N 1 2.B responds with a message encrypted using the shared master key. Response includes the session key selected by B, an identifier of B, the value of f(N 1 ), and another nonce, N 2 3.Using the new session key, A returns f(N 2 ) to B

21 21 Confidentiality Cryptography & Network Security H. Yoon Controlling Key Usage It is desirable to impose some control on the way in which keys are used –e.g. we may wish to define different types of session keys on the basis of use, such as »Data-encrypting key »PIN-encrypting key »File-encrypting key One technique is to associate a tag with each key –Tag is a bit-vector representing the key’s usage or type –e.g. the extra 8 bits in each 56-bit DES key can be used as a tag –Limited flexibility and functionality due to the limited tag size –Because the tag is not transmitted in clear form, it can be used only at the point of decryption, limiting the ways in which key use can be controlled A more flexible scheme is to use a control vector Key Distribution

22 22 Confidentiality Cryptography & Network Security H. Yoon Control Vector Scheme Key Distribution –Each session key has an associated control vector –Control vector consists of a number of fields that specify the uses and restrictions for that session key –The length of control vector may vary –Control vector is cryptographically coupled with the at the time of key generation at the KDC –Hash value = H = h(CV) –Key input = K m  H –Encrypted session key = E Km  H [K s ] –When a session key is delivered to a user from the KDC, it is accompanied by the control vector in clear form –The session key can be recovered only by using both the master key and the control vector –K s = D Km  H [E Km  H [K s ]] –Advantages (over the 8-bit tag) –No restriction on length of control vector (arbitrarily complex controls to be imposed on key sue) –Control vector is available in clear form at all stage of operation  Key control can be exercised in multiple locations CV: control vector K m : master key K s : session key

23 23 Confidentiality Cryptography & Network Security H. Yoon Controlling Key Usage Key Distribution

24 24 Confidentiality Cryptography & Network Security H. Yoon Random Number Generation Use of random numbers (in cryptography) –As key stream for a one-time pad –For session keys –For public key –For nonces (random numbers) in protocols to prevent replays –Good cryptography requires good random numbers Random number requirements –Statistically random (uniform distribution, etc) –Unpredictable (independent)

25 25 Confidentiality Cryptography & Network Security H. Yoon Sources of Randomness Natural random noise (Natural real randomness) –Radiation counters, radio noise, thermal noise in diodes, leaky capacitors, mercury discharge tubes, etc –Generally need special H/W for this –Starting to see this in new CPU’s (Pentium III) Almost random sources –Keystroke timing –Mouse tracking –Disk latency, etc Published lists –e.g., Rand Co. in 1955 published a book of 1 million numbers generated using an electronic roulette wheel –Predictable In practice, pseudorandom numbers are algorithmically derived from a deterministic PRNG (Pseudorandom Number Generator) Random Number Generation

26 26 Confidentiality Cryptography & Network Security H. Yoon Lehmer’s algorithm Most widely used technique for PRNG Also known as linear congruential method Four parameters –m modulusm > 0 –a multiplier 0  a < m –c increment0  c < m –X 0 seed 0  X 0 < m X n+1 = (aX n + c) mod m Generates numbers in the range {0, …, m-1} “Good” and “bad” choices for m, a, and c –Lots of obvious bad choices Random Number Generation

27 27 Confidentiality Cryptography & Network Security H. Yoon Lehmer’s algorithm - 2 Choose a very large m, e.g., 2 31 –Provides for a long series –Usually the maximum integer value for a given computer Criteria for good RNG: –Generate the entire range (full period) –Pass statistical tests –Efficient implementation Good choices –m = 2 31 -1, a prime value –a = 7 5 = 16807 –c = 0 Useful for applications requiring statistical randomness (Monte Carlo simulation) Not so useful for cryptography (easy cryptanalysis) –X i, X i+1, X i+2 gives solution for m, a, and c Random Number Generation

28 28 Confidentiality Cryptography & Network Security H. Yoon Cryptographically Generated RNs Cyclic encryption –Generate session keys from a master key –A counter with period N is input to the encryption logic –e.g. 56-bit counter for 56-bit DES –X 0  X 1  …  X n-1 –X i ’s can not be deduced since the master key is protected –Full-period PRNG can be used instead of a simple counter DES OFB mode –Can be used as a PRNG (IV is the seed) –Successive 64-bit outputs constitute a sequence of pseudorandom numbers with good statistical properties Random Number Generation

29 29 Confidentiality Cryptography & Network Security H. Yoon ANSI X9.17 PRNG Random Number Generation One of the (cryptographically) strongest PRNG Used in financial security applications and PGP –DT i is date/time value at the beginning of i th stage –V i is seed value at the beginning of i th stage –R i is output (PRN) of i th stage –K 1, K 2 are 3DES keys –R i = EDE K1,K2 (V i  EDE K1,K2 (DT i )) –V i+1 = EDE K1,K2 (R i  EDE K1,K2 (DT i ))

30 30 Confidentiality Cryptography & Network Security H. Yoon Blum Blum Shub (BBS) PRNG Choose large primes p and q, s.t. p  q  3 (mod 4) Let n = p  q Choose s relatively prime to n BBS produces a sequence of bits B i X 0 = s 2 mod n; for (i = 1; i++; ) { X i = (X i-1 ) 2 mod n; B i = X i & 1; } BBS is referred to as a cryptographically secure pseudorandom bit generator (CSPRBG) Random Number Generation

31 31 Confidentiality Cryptography & Network Security H. Yoon Blum Blum Shub PRNG- Example Random Number Generation N=383 x 503 = 192649, s = 101355 ii

32 32 Confidentiality Cryptography & Network Security H. Yoon CSPRBG Cryptographically secure pseudorandom bit generator (CSPRBG) is defined as one that pass the next-bit test Next-bit test –Given k bits of output from a PRBG, there is no polynomial time algorithm that can predict the k+1 st bit with probability greater than ½ +  For all practical purposes, the sequence is unpredictable The security of BBS is based on the difficulty of factoring n (i.e., given n, determining two prime factors p and q) Random Number Generation

33 33 Confidentiality Cryptography & Network Security H. Yoon HW P. 5.3 P. 5.4 P. 5.5 P. 5.9 P. 5.10 (For P.5.3 and P. 5.10, please look up the errata sheet) Random Number Generation

Download ppt "1 Confidentiality Cryptography & Network Security H. Yoon Confidentiality Using Conventional Encryption Where should cryptographic functionality be located?"

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.

Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Data & Network Security

Data & Network Security
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Stream cipher diagram + + Recall: One-time pad in Chap. 2.

Stream cipher diagram + + Recall: One-time pad in Chap. 2.
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.

Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.

Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings.
Cryptography and Network Security (CS435)

Cryptography and Network Security (CS435)

Similar presentations

Ads by Google