Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement.

Published byBenjamin Williams Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement."— Presentation transcript:

1 Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement of Encryption Function 7.2 Traffic Confidentiality 7.3 Key Distribution 7.4 Random Number Generation

2 Information Security Lab. Dept. of Computer Engineering 183/203 7.1 Placement of Encryption Function  Symmetric encryption is used to provide message confidentiality; We need to decide what to encrypt and where the encryption function should be located. Potential Location for Confidentiality Attacks Fig. 7.1 Point of Vulnerability

3 Information Security Lab. Dept. of Computer Engineering 184/203 7.1 Placement of Encryption Function Link versus End-to-End Encryption  Have two major placement alternatives  link encryption Encryption occurs independently on every link; Message is vulnerable at each node. Requires many encryption devices; many keys must be provided  end-to-end encryption Encryption occurs between original source and final destination Need devices at each end with shared keys

4 Information Security Lab. Dept. of Computer Engineering 185/203 7.1 Placement of Encryption Function Link versus End-to-End Encryption Fig. 7.2 Encryption Across a Packet Switching Network

5 Information Security Lab. Dept. of Computer Engineering 186/203 7.1 Placement of Encryption Function Table 7.1 Characteristic of Link and End-to-End Encryption

6 Information Security Lab. Dept. of Computer Engineering 187/203 7.1 Placement of Encryption Function Fig. 7.4 Encryption Coverage Implementations of Store-and-Forward Communications

7 Information Security Lab. Dept. of Computer Engineering 188/203 7.2 Traffic Confidentiality  is monitoring of communications flows between parties useful both in military & commercial spheres can also be used to create a covert channel  link encryption obscures header details but overall traffic volumes in networks and at end- points is still visible  traffic padding can further obscure flows but at cost of continuous traffic

8 Information Security Lab. Dept. of Computer Engineering 189/203 7.3 Key Distribution  Symmetric schemes require both parties to share common secret key.  Issue is how to securely distribute this key  Often secure system failure due to a break in the key distribution scheme.  Given parties A and B have various key distribution alternatives: 1) A can select key and physically deliver to B 2) Third party can select & deliver key to A & B 3) If A & B have communicated previously, They can use previous key to encrypt a new key 4) If A & B have secure communications with a third party C, C can relay key between A & B

9 Information Security Lab. Dept. of Computer Engineering 190/203 7.3 Key Distribution  Typically have a hierarchy of keys  Session key temporary key; used for encryption of data between users for one logical session then discarded.  Master key used to encrypt session keys shared by user & key distribution center A Key Distribution Scenario  The key distribution concept can be deployed in a number of ways.  Popek, G. Kline, C. “Encryption and Secure Computer networks,” ACM Computer Surveys, Dec., 1979

10 Information Security Lab. Dept. of Computer Engineering 191/203 7.3 Key Distribution Fig. 7.9 Key Distribution Scenario

11 Information Security Lab. Dept. of Computer Engineering 192/203 7.3 Key Distribution Key Distribution Issues  Hierarchies of KDC’s required for large networks, but must trust each other.  Session key lifetimes should be limited for greater security A Transparent Key Control Scheme  Automatic Key distribution : useful for providing end-to- end encryption at a network or transport level in a way that is transparent to end users.  See Fig. 7.10

12 Information Security Lab. Dept. of Computer Engineering 193/203 7.3 Key Distribution Fig. 7.10 Automatic Key Distribution for Connection-Oriented Protocol

13 Information Security Lab. Dept. of Computer Engineering 194/203 7.3 Key Distribution Decentralizing Key Control Controlling Key Usage  Need to be as many as n(n  1)/2 master keys for a configuration with n end systems.

14 Information Security Lab. Dept. of Computer Engineering 195/203 7.4 Random Number Generation The Use of Random Numbers  Many uses of random numbers in cryptography nonces in authentication protocols to prevent replay attacks Session keys generation Keys for the RSA public key encryption algorithm. Keystream for a one-time pad  Requirement for a random numbers: randomness and unpredictability

15 Information Security Lab. Dept. of Computer Engineering 196/203 7.4 Random Number Generation The Use of Random Numbers  Randomness : The following two criteria are used to validate that a sequence of numbers is random: Uniform distribution : The frequency of occurrence of each of the numbers should be approximately the same. Independence : No one value in the sequence can be inferred from the other.  Unpredictability : With true random sequences, each number is statistically independent of other numbers in the sequence and therefore unpredictable.

16 Information Security Lab. Dept. of Computer Engineering 197/203 7.4 Random Number Generation Pseudorandom Number Generators (PRNGs)  often use deterministic algorithmic techniques to create “random numbers” although are not truly random can pass many tests of “randomness” ENT, DieHard  known as “pseudorandom numbers”; created by “Pseudorandom Number Generators (PRNGs)” Linear Congruential Generators  common iterative technique using: X n+1 = (aX n + c) mod m  The selection of values for a, c, and m is critical in developing a good random number generator

17 Information Security Lab. Dept. of Computer Engineering 198/203 7.4 Random Number Generation Linear Congruential Generators  Given suitable values of parameters can produce a long random-like sequence  Suitable criteria to have are: Function generates a full-period Generated sequence should appear random Efficient implementation with 32-bit arithmetic  Note that an attacker can reconstruct sequence given a small number of values

18 Information Security Lab. Dept. of Computer Engineering 199/203 7.4 Random Number Generation Fig. 7.13 Pseudorandom Number Generation from a Counter Cryptographically Generated Random Numbers  Cyclic Encryption  DES Output Feedback Mode X i = E Km [X i-1 ]

19 Information Security Lab. Dept. of Computer Engineering 200/203 7.4 Random Number Generation Cryptographically Generated Random Numbers  ANSI X9.17 PRNG : One of the strongest PRNGs Fig. 7.14 ANSI X9.17 PRNS Data/time ith seed value DES keys

20 Information Security Lab. Dept. of Computer Engineering 201/203 7.4 Random Number Generation Blum Blum Shub Generator (BBS)  Based on public key algorithms.  Use least significant bit from iterative equation: X 0 = s 2 mod n for i = 1 to  X i = X i  1 2 mod n B i = X i mod 2 where n = pq, and primes p and q = 3 mod 4  Unpredictable, passes next-bit test  Cryptographically secure pseudorandom bit generator  Security rests on difficulty of factoring N  Slow, since very large numbers must be used  Too slow for cipher use, good for key generation

21 Information Security Lab. Dept. of Computer Engineering 202/203 Summary  have considered: use and placement of symmetric encryption to protect confidentiality need for good key distribution use of trusted third party KDC’s random number generation issues

Download ppt "Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement."

Similar presentations

Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.

Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.
Applied Cryptography (Public key) Part I. Let’s first finish “Symmetric Key” before talking about public key John wrote the letters of the alphabet under.

Applied Cryptography (Public key) Part I. Let’s first finish “Symmetric Key” before talking about public key John wrote the letters of the alphabet under.
CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos
Data & Network Security

Data & Network Security
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Stream cipher diagram + + Recall: One-time pad in Chap. 2.

Stream cipher diagram + + Recall: One-time pad in Chap. 2.
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie.

Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.

Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.

Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
1 Confidentiality Cryptography & Network Security H. Yoon Confidentiality Using Conventional Encryption Where should cryptographic functionality be located?

1 Confidentiality Cryptography & Network Security H. Yoon Confidentiality Using Conventional Encryption Where should cryptographic functionality be located?
Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 7 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google