This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Chap.18 Network Security 1
1. Security Requirements and Attacks
– computer security and network security andcryptography
• Encryption algorithms– the Data Encryption Standard(DES)
• block cipher
• NBS(National Bureau of Standards) adoptedDES as Federal Information ProcessingStandard 46(FIPS PUB 46) in 1977
• NIST(National Institute of Standards andTechnology) “reaffirmed” DES for federal usefor another five years in 1994
• block size = 64bits, key size = 56 bits
• overall encryption process– 1. 64-bit plaintext passes through an
initial permutation(IP)– 2. 16 iterations of the same function
– 3. The preoutput is passed through aninverse of the initial permutation
• decryption process– use the ciphertext as input to the DES
algorithm, but use the keys in reverseorder
Chap.18 Network Security 5
Chap.18 Network Security 6
Chap.18 Network Security 7
– the strength of DES
• level of security provided by DES– the nature of the algorithm
• eight substitution tables, or S-boxes
the design criteria for these boxes have never beenmade public -> trapdoor suspicion
• extensive scrutiny -> one of thestrongest encryption algorithms
– the key size
• 7x10^16 possible keys: a brute-forceattack appears impractical:
one DES encryption/microsecond would take more thana thousand years( Chinese radio attack )
• 1977
– Diffie and Hellman postulated– one million keys per second/ $20 million
in 1977 dollars• 1993
– Wiener used pipeline technique
– 50 million keys per second * 5760/$100,000 -> 35 hours
• the time has come to investigate alternativesfor conventional encryption -> triple DES
Chap.18 Network Security 8
– triple DES
• Tuchman proposed in 1979• two keys and three executions
– C=Ek1[Dk2[Ek1[p]]]
• allows users of triple DES to decryptdata encrypted by users of the older,single DES
• it turns out that there is a simple technique,known as a meet-in-the-middle attack, thatwould reduce a double DES system with twokeys to the relative strength of ordinary singleDES
• effective key length is 112 bits
Chap.18 Network Security 9
• Location of encryption devices– link encryption– end-to-end encryption
Chap.18 Network Security 10
• Key distribution– the strength of any cryptographic system rests
with the key distribution technique( Fig18.8 )• 1. A selects a key and delivers to B
– physically/using old key
• 2. a third party selects a key and delivers to Aand B
– physically/using old key
Chap.18 Network Security 11
• Traffic padding– assess the amount of traffic on a network– observe the amount of traffic entering and leaving
each end system
Chap.18 Network Security 12
3. Message Authenticationand Hash Functions
• Approaches to message authentication– two aspects
• the contents• the source
– authentication using conventional encryption
• simple• possible to use
– error detection code
– a sequence number– timestamp
– message authentication without messageencryption