Presentation is loading. Please wait.

Presentation is loading. Please wait.

A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

Published byJoan Gwen Neal Modified over 9 years ago

Similar presentations

Presentation on theme: "A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications."— Presentation transcript:

1 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 2 Physical Layer Security

2 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 2 Security Protocols for the OSI Stack Application layerPlatform Security, Web Application Security, VoIP Security, SW Security Transport layerTLSNetwork layerIPsecData Link layer[PPTP, L2TP], IEEE 802.1X, IEEE 802.1AE, IEEE 802.11i (WPA2) Physical layerQuantum CryptographyCommunication layersSecurity protocols

3 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 3 Layer 1 Security – Frequency Hopping f1f1 f2f2 f4f4 f5f5 f6f6 f7f7 f3f3 f8f8 f Counter measures: e.g. n parallel receivers t f8f8 f1f1 f2f2 tt f4f4 f1f1 f3f3 f2f2 f7f7 f5f5 f7f7 f6f6 f3f3 Standardized (public) or secret (military) hopping sequence Frequency band divided into n hopping channels

4 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 4 Information Security 2 (InfSi2) 2.1 Quantum Cryptography

5 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 5 Quantum Cryptography using Entangled Photons Nicolas Gisin et al. University of Geneva Compact source emitting entangled photon pairs Quantum correlation over more than 10 km Founding of ID Quantique

6 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 6 4. Quantum Key Distribution using Entangled Photons Photon Source 1. Alice Bob 3.7.2.6. 0 0 - - 1 1 1 1 - - 0 0 5. Eve (eavesdropping) - - E91 protocol: Arthur Ekert, 1991

7 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 7 Quantum Key Distribution using the BB84 Protocol Polarization Modulated Photon Source Alice Bob 1. 0 0 2. - - 3. 1 1 4. 1 1 6. - - 7. 0 0 BB84 protocol: Charles Bennett & Gilles Brassard, 1984 5. - - Eve (eavesdropping)

8 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 8 Decoy States against Multi-Photon Splitting Attacks Single photon lasers are nearly impossible to build. The natural Poisson distribution of practical laser sources causes multi-photon pulses to occur which can be split by Eve. In order to compensate for the stolen photons, Eve might inject additional photons. As a counter measure Alice randomly inserts a certain percentage of decoy states transmitted at a different power level. Later Alice reveals to Bob which pulses contained decoy states. If Eve was eavesdropping, the yield and bit error rate statistics for the signal and decoy states are modified which can be detected by Alice and Bob. The use of decoy states extends the rate of secure key exchange to over 140 km.

9 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 9 Photon Yield versus Power Level Power Level 0.80 photons/pulse 0.12 photons/pulse 449 pulses 360 pulses 144 pulses 38 pulses 8 pulses 887 pulses 106 pulses 7 pulses 0 pulses 0 photons/pulse 1 photon /pulse 2 photons/pulse 3 photons/pulse 4 photons/pulse Signal statesDecoy states Poisson distribution of the number of photons in a pulse, measured over 1000 pulses: 1 pulse0 pulses5 photons/pulse 551 of 1000 pulses113 of 1000 pulsesYield

10 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 10 Photon Yield versus Transmission Distance Attenuation in a monomode fiber with =1550nm: 0.2 dB/km 50 km:10dB  1 out 10 photons survive 100 km: 20dB  1 out of 100 photons survive 150 km: 30dB  1 out of 1000 photons survive

11 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 11 Photon Yield in 50 km (10 dB Attenuation) Power Level 0.80 photons/pulse 0.12 photons/pulse 0 pulses 36 pulses 28 pulses 10 pulses 3 pulses 0 pulses 10 pulses 2 pulses 0 pulses 77 of 1000 pulses12 of 1000 pulses 0 photons/pulse 1 photon /pulse 2 photons/pulse 3 photons/pulse 4 photons/pulse Signal statesDecoy states Yield Received pulses containing at least one photon, measured over 1000 pulses: 0 pulses 5 photons/pulse

12 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 12 Layer 2 Encryption with Quantum Key Distribution 10 Gbit/s Ethernet Encryption with AES-256 in Counter Mode QKD: RR84 and SARG protocols, up to 50 km (100 km on request) Key Management: 1 key/minute up to 12 encryptors

13 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 13 Cerberis QKD Server and Centauris Encryptors

14 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 14 Information Security 2 (InfSi2) 2.2 Key Material and Random Numbers

15 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 15 Cryptographical Building Blocks Block Ciphers Stream Ciphers Symmetric Key Cryptography AuthenticationPrivacy Encryption Hash Functions Challenge Response IVs MACs MICs Message Digests Nonces Pseudo Random Random Sources Secret Keys Smart Cards DH RSA Public Key Cryptography Elliptic Curves Digital Signatures Data Integrity Secure Network Protocols Non- Repudiation

16 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 16 HMAC Function (RFC 2104) Document Key Inner Key 64 bytes MD5 / SHA-1 Hash Function Hash MD5 / SHA-1 Hash Function 0x36..0x36 XOR Outer Key 64 bytes 0x5C..0x5C XOR Pad 64 bytes MAC 16/20 bytes

17 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 17 TLS Handshake Protocol Server Server Hello RSRS RSRS ServerHelloDone Client Client Hello RCRC RCRC Application Data° Certificate* ClientKeyExchange CertificateVerify* *optional ServerKeyExchange* Certificate* CertificateRequest* *optional Finished° ChangeCipherSpec Finished° ChangeCipherSpec °encrypted

18 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 18 Secret Key Stream Seed key stream = PRF_MD5(secret, seed) Pseudo Random Function (PRF) A(3) S HMAC-MD5 1..16 S Seed 17..32 S Seed 33..48 S Seed HMAC-MD5 A(2) S HMAC-MD5 A(2) 16 bytes A(1) 16 bytes HMAC-MD5 Seed

19 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 19 Computing the TLS 1.1 Master Secret Master Secret "master secret" 48 bytesPRF_MD5 60 bytesPRF_SHA-1 S1 S2 Pre-Master Secret RCRC RSRS labelseed labelseed key stream = TLS_PRF(secret, label, seed) TLS_PRF 48 bytes

20 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 20 Generating TLS 1.1 Key Material Key Material "key expansion"  n bytes PRF_MD5  n bytes PRF_SHA-1 S1 S2 Master Secret RSRS RCRC labelseed labelseed key stream = TLS_PRF(secret, label, seed) TLS_PRF n bytes

21 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 21 Generating True Random Numbers (RFC 1750) The security of modern cryptographic protocols relies heavily on the availability of true random key material and nonces. On standard computer platforms it is not a trivial task to collect true random material in sufficient quantities: Key Stroke Timing Mouse Movements Sampled Sound Card Input Noise Air Turbulence in Disk Drives RAID Disk Array Controllers Network Packet Arrival Times Computer Clocks Best Strategy: Combining various random sources with a strong mixing function (e.g. MD5 or SHA-1 hash) into an entropy pool (e.g. Unix /dev/random) protects against single device failures.

22 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 22 Hardware-based True Random Generators Quantum Sources or Radioactive Decay Sources Reliable, high entropy sources, but often bulky and expensive. Thermal Noise Sources Noisy diodes or resistors are cheap and compact but level detection usually introduces considerable skew that must be corrected. Free Running or Metastable Oscillators The frequency variation of a free running oscillator is a good entropy source if designed and measured properly. Used e.g in smart card crypto co-processors. The Intel Ivy Bridge processor family implements an on-chip metastable digital oscillator. Lava Lamps Periodic digital snapshots of a lava lamp exhibit a lot of randomness.

23 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 23 The Intel RDRAND Instruction Available with Intel Ivy Bridge Processors (XEON & Core i7) The RDRAND instruction reads a 16, 32 or 64 bit random value Throughput 500+ MB/s random data with 8 concurrent threads The random number generator is compliant with NIST SP800-90, FIPS 140-2, and ANSI X9.82

24 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 24 Quantum Random Number Generator www.idquantique.com Detection of single photons via a semi-transparent mirror High throughput: 4 – 16 Mbit/s Low cost (990…2230 EUR)

25 A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 25 Skew Corrections and Tests for Randomness Simple Skew Correction (John von Neumann) p(1) = 0.5+e, p(0) = 0.5-e, -0.5 < e < 0.5 Example with e = 0.20, i.e. p(1) = 0.7, p(0) = 0.3 Strong Mixing using Hash functions Hashing improves statistical properties but does not increase entropy. Statistical Tests for Randomness A number of statistical tests are defined in FIPS PUB 140-2 "Security Requirements for Cryptographic Modules" : Monobit Test, Poker Test, Runs Test, etc. Entropy Measurements The entropy of a random or pseudo-random binary sequence can be measured using Ueli Maurer's "Universal Statistical Test for Random Bit Generators" - 0 - - 1 1 - 0 1 - 1 0 - 1 0 - 0 - - 1 - 0 - - - - 0 0 11011111101011011000100111100111011111101101111111110101

Download ppt "A. Steffen, 22.09.2013, 02-PhysicalLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications."

Similar presentations

Web security: SSL and TLS

Web security: SSL and TLS
A. Steffen, 30.09.2013, 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.

A. Steffen, , 03-DataLinkLayer.pptx 1 Information Security 2 (InfSi2) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS 4362 - CIS 5357 Network Security.

1 Lecture 12 SSL/TLS (Secure Sockets Layer / Transport Layer Security) CIS CIS 5357 Network Security.
Lecture 6: Web security: SSL

Lecture 6: Web security: SSL
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.

17.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 17 Security at the Transport Layer: SSL and TLS.
Transport Layer Security (TLS) Bill Burr November 2, 2001.

Transport Layer Security (TLS) Bill Burr November 2, 2001.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.

1 SSL/TLS 2 Web security Security requirements Secrecy to prevent eavesdroppers to learn sensitive information Entity authentication Message authentication.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.

Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
ITA, 2.11.2011, 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.

ITA, , 8-TLS.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 8 Transport.
December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.

December 2006Prof. Reuven Aviv, SSL1 Web Security with SSL Prof. Reuven Aviv Dept. of Computer Science Tel Hai Academic College.
QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc 8230. Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.

QUANTUM CRYPTOGRAPHY ABHINAV GUPTA CSc Introduction [1,2]  Quantum cryptography is an emerging technology in which two parties can secure network.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Similar presentations

Ads by Google