Presentation is loading. Please wait.

Presentation is loading. Please wait.

V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.

Published byLionel Curtis Modified over 8 years ago

Similar presentations

Presentation on theme: "V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3."— Presentation transcript:

1 v0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3

2 v0.0CPSC415 Biometrics and Cryptography2 Points of Vulnerability Adversary can eavesdrop from a machine on the same LAN Adversary can eavesdrop by dialing into communication server Adversary can eavesdrop by gaining physical control of part of external links –twisted pair, coaxial cable, or optical fiber –radio or satellite links

3 v0.0CPSC415 Biometrics and Cryptography3

4 v0.0CPSC415 Biometrics and Cryptography4 Confidentiality using Symmetric Encryption have two major placement alternatives link encryption –encryption occurs independently on every link –All traffic over all communication links is secured –implies must decrypt traffic between links because the switch must read the address in the packet header –Each pair of nodes that share a unique key, with a different key used on each link, many keys. –Message is vulnerable at each switch –If working with a public network, the user has not control over the security of the nodes

5 v0.0CPSC415 Biometrics and Cryptography5 Confidentiality using Symmetric Encryption end-to-end encryption –encryption occurs between original source and final destination –need devices at each end with shared keys –Secure the transmission against attacks on the network links or switches –“end-to-end principle” –What part of each packet will the host encrypt? Header or user data? –A degree of authentication, only alleged sender shares the relevant key

6 v0.0CPSC415 Biometrics and Cryptography6

7 v0.0CPSC415 Biometrics and Cryptography7 Placement of Encryption Can place encryption function at various layers in OSI Reference Model –link encryption occurs at layers 1 or 2 –end-to-end can occur at layers 3, 4, 6, 7 If move encryption toward higher layer –less information is encrypted but is more secure –application layer encryption is more complex, with more entities and need more keys

8 v0.0CPSC415 Biometrics and Cryptography8 Scope of Encryption

9 v0.0CPSC415 Biometrics and Cryptography9 Traffic Analysis is monitoring of communications flows between parties –useful both in military & commercial spheres –can also be used to create a covert channel link encryption obscures header details –but overall traffic volumes in networks and at end-points is still visible traffic padding can further obscure flows –but at cost of continuous traffic

10 v0.0CPSC415 Biometrics and Cryptography10 Traffic Analysis when using end-to-end encryption must leave headers in clear –so network can correctly route information hence although contents protected, traffic pattern flows are not ideally want both at once –end-to-end protects data contents over entire path and provides authentication –link protects traffic flows from monitoring

11 v0.0CPSC415 Biometrics and Cryptography11 Key Distribution Center

12 v0.0CPSC415 Biometrics and Cryptography12 Symmetric Cryptographic System key encryptiondecryption M K cryptanalysis MKMK C M Secure channel Alice Bob Eve Ciphertext C = E K (M); Plaintext M = E K -1 (C) One of the greatest difficulties: key management Algorithms: DES, CAST, IDEA, RC2/4/5 (Rivest’s Code), AES, … Alice: sender Bob: receiver Eve: eavesdropper / Oscar : opponent Alice and Bob are the celebrities in cryptography.

13 v0.0CPSC415 Biometrics and Cryptography13 Symmetric Key Management Each pair of communicating entities needs a shared key –Why? –For a n-party system, there are n(n-1)/2 distinct keys in the system and each party needs to maintain n-1 distinct keys. How to reduce the number of shared keys in the system –Centralized key management –Public keys K1K1 K4K4 K2K2 K3K3 K5K5 K6K6 K7K7 K8K8 K9K9 K 10

14 v0.0CPSC415 Biometrics and Cryptography14 Centralized Key Management Online Central Server Only n keys, instead of n(n-1)/2 in the system. Central server may become the single-point-of-failure of the entire system and the performance bottleneck. AliceBob K1K1 K2K2 session key

15 v0.0CPSC415 Biometrics and Cryptography15 Key Distribution symmetric schemes require both parties to share a common secret key issue is how to securely distribute this key often secure system failure due to a break in the key distribution scheme

16 v0.0CPSC415 Biometrics and Cryptography16 Key Distribution given parties A and B have various key distribution alternatives: 1.A can select key and physically deliver to B 2.third party can select & deliver key to A & B 3.if A & B have communicated previously can use previous key to encrypt a new key 4.if A & B have secure communications with a third party C, C can relay key between A & B

17 v0.0CPSC415 Biometrics and Cryptography17 Key Distribution Scenario

18 v0.0CPSC415 Biometrics and Cryptography18 Key Distribution Issues hierarchies of KDC’s required for large networks, but must trust each other session key lifetimes should be limited for greater security controlling purposes keys are used for –lots of keys to keep track of –binding management information to key

19 v0.0CPSC415 Biometrics and Cryptography19 Key Distribution Center (KDC) Alice knows R1 Bob knows to use R1 to communicate with Alice Alice and Bob communicate: using R1 as session key for shared symmetric encryption Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) )

Download ppt "V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
By Md Emran Mazumder Ottawa University Student no: 6282845.

By Md Emran Mazumder Ottawa University Student no:
Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.

Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CS470, A.SelcukKerberos1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukKerberos1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 07 Enkripsi Simetrik Kontemporer Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie.

Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie.
Network Security – Part 1 Spring 2005 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 1 Spring 2005 V.T. Raja, Ph.D., Oregon State University.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.

Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.

Security Module – Part 1 Spring 2006 V.T. Raja, Ph.D., Oregon State University.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.

Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.

Similar presentations

Ads by Google