Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Cryptography and Network SecurityNetwork Security

Chapter 7Chapter 7

Fourth EditionFourth Edition

by William Stallingsby William Stallings

Lecture slides by Lawrie BrownLecture slides by Lawrie Brown

Chapter 7 – Chapter 7 – Confidentiality UsingConfidentiality UsingSymmetric EncryptionSymmetric Encryption

John wrote the letters of the alphabet under the letters in John wrote the letters of the alphabet under the letters in its first lines and tried it against the message. its first lines and tried it against the message. Immediately he knew that once more he had broken the Immediately he knew that once more he had broken the code. It was extraordinary the feeling of triumph he had. code. It was extraordinary the feeling of triumph he had. He felt on top of the world. For not only had he done it, He felt on top of the world. For not only had he done it, had he broken the July code, but he now had the key to had he broken the July code, but he now had the key to every future coded message, since instructions as to the every future coded message, since instructions as to the source of the next one must of necessity appear in the source of the next one must of necessity appear in the current one at the end of each month.current one at the end of each month.——Talking to Strange Men, Talking to Strange Men, Ruth RendellRuth Rendell

Confidentiality using Symmetric Confidentiality using Symmetric EncryptionEncryption

traditionally symmetric encryption is used traditionally symmetric encryption is used to provide message confidentialityto provide message confidentiality

Placement of EncryptionPlacement of Encryption

have two major placement alternativeshave two major placement alternatives link encryptionlink encryption

encryption occurs independently on every linkencryption occurs independently on every link implies must decrypt traffic between linksimplies must decrypt traffic between links requires many devices, but paired keysrequires many devices, but paired keys

end-to-end encryptionend-to-end encryption encryption occurs between original source encryption occurs between original source

and final destinationand final destination need devices at each end with shared keysneed devices at each end with shared keys

Placement of EncryptionPlacement of Encryption

Placement of EncryptionPlacement of Encryption

when using end-to-end encryption must when using end-to-end encryption must leave headers in clearleave headers in clear so network can correctly route informationso network can correctly route information

hence although contents protected, traffic hence although contents protected, traffic pattern flows are notpattern flows are not

ideally want both at onceideally want both at once end-to-end protects data contents over entire end-to-end protects data contents over entire

path and provides authenticationpath and provides authentication link protects traffic flows from monitoringlink protects traffic flows from monitoring

Placement of EncryptionPlacement of Encryption

can place encryption function at various can place encryption function at various layers in OSI Reference Modellayers in OSI Reference Model link encryption occurs at layers 1 or 2link encryption occurs at layers 1 or 2 end-to-end can occur at layers 3, 4, 6, 7end-to-end can occur at layers 3, 4, 6, 7 as move higher less information is encrypted as move higher less information is encrypted

but it is more secure though more complex but it is more secure though more complex with more entities and keyswith more entities and keys

Encryption vs Protocol LevelEncryption vs Protocol Level

Traffic AnalysisTraffic Analysis

is monitoring of communications flows is monitoring of communications flows between partiesbetween parties useful both in military & commercial spheresuseful both in military & commercial spheres can also be used to create a covert channelcan also be used to create a covert channel

link encryption obscures header detailslink encryption obscures header details but overall traffic volumes in networks and at but overall traffic volumes in networks and at

end-points is still visibleend-points is still visible traffic padding can further obscure flowstraffic padding can further obscure flows

but at cost of continuous trafficbut at cost of continuous traffic

Key DistributionKey Distribution

symmetric schemes require both parties to symmetric schemes require both parties to share a common secret keyshare a common secret key

issue is how to securely distribute this keyissue is how to securely distribute this key often secure system failure due to a break often secure system failure due to a break

in the key distribution scheme in the key distribution scheme

Key DistributionKey Distribution

given parties A and B have various given parties A and B have various key key distributiondistribution alternatives: alternatives:

1.1. A can select key and physically deliver to BA can select key and physically deliver to B

2.2. third party can select & deliver key to A & Bthird party can select & deliver key to A & B

3.3. if A & B have communicated previously can if A & B have communicated previously can use previous key to encrypt a new keyuse previous key to encrypt a new key

4.4. if A & B have secure communications with a if A & B have secure communications with a third party C, C can relay key between A & Bthird party C, C can relay key between A & B

Key HierarchyKey Hierarchy

typically have a hierarchy of keystypically have a hierarchy of keys session keysession key

temporary keytemporary key used for encryption of data between usersused for encryption of data between users for one logical session then discardedfor one logical session then discarded

master keymaster key used to encrypt session keysused to encrypt session keys shared by user & key distribution centershared by user & key distribution center

Key Distribution ScenarioKey Distribution Scenario

Key Distribution IssuesKey Distribution Issues

hierarchies of KDC’s required for large hierarchies of KDC’s required for large networks, but must trust each othernetworks, but must trust each other

session key lifetimes should be limited for session key lifetimes should be limited for greater securitygreater security

use of automatic key distribution on behalf use of automatic key distribution on behalf of users, but must trust systemof users, but must trust system

use of decentralized key distributionuse of decentralized key distribution controlling key usagecontrolling key usage

Random NumbersRandom Numbers

many uses of many uses of random numbersrandom numbers in cryptography in cryptography nonces in authentication protocols to prevent replaynonces in authentication protocols to prevent replay session keyssession keys public key generationpublic key generation keystream for a one-time padkeystream for a one-time pad

in all cases its critical that these values be in all cases its critical that these values be statistically random, uniform distribution, independentstatistically random, uniform distribution, independent unpredictability of future values from unpredictability of future values from previous valuesprevious values

Pseudorandom Number Pseudorandom Number Generators (PRNGs)Generators (PRNGs)

often use deterministic algorithmic often use deterministic algorithmic techniques to create “random numbers”techniques to create “random numbers” although are not truly randomalthough are not truly random can pass many tests of “randomness”can pass many tests of “randomness”

known as “pseudorandom numbers”known as “pseudorandom numbers” created by “created by “Pseudorandom Number Pseudorandom Number

Generators (PRNGs)”Generators (PRNGs)”

Linear CongruentialLinear CongruentialGeneratorGenerator

common iterative technique using:common iterative technique using:XXnn+1+1 = ( = (aXaXnn + + cc) mod ) mod mm

given suitable values of parameters can produce a given suitable values of parameters can produce a long random-like sequencelong random-like sequence

suitable criteria to have are:suitable criteria to have are: function generates a full-periodfunction generates a full-period generated sequence should appear randomgenerated sequence should appear random efficient implementation with 32-bit arithmeticefficient implementation with 32-bit arithmetic

note that an attacker can reconstruct sequence note that an attacker can reconstruct sequence given a small number of valuesgiven a small number of values

have possibilities for making this harderhave possibilities for making this harder

Using Block Ciphers as PRNGsUsing Block Ciphers as PRNGs

for cryptographic applications, can use a block for cryptographic applications, can use a block cipher to generate random numberscipher to generate random numbers

often for creating session keys from master keyoften for creating session keys from master key Counter ModeCounter Mode

XXii = E = EKmKm[i][i]

Output Feedback ModeOutput Feedback ModeXXii = E = EKmKm[[XXi-1i-1]]

ANSI X9.17 PRGANSI X9.17 PRG

Blum Blum Shub GeneratorBlum Blum Shub Generator

based on public key algorithmsbased on public key algorithms use least significant bit from iterative equation:use least significant bit from iterative equation:

xxii = x = xi-1i-122 mod n mod n

where where n=p.qn=p.q, and primes , and primes p,q=3 mod 4p,q=3 mod 4 unpredictable, passes unpredictable, passes next-bitnext-bit test test security rests on difficulty of factoring N security rests on difficulty of factoring N is unpredictable given any run of bits is unpredictable given any run of bits slow, since very large numbers must be usedslow, since very large numbers must be used too slow for cipher use, good for key generation too slow for cipher use, good for key generation

Natural Random NoiseNatural Random Noise

best source is natural randomness in real world best source is natural randomness in real world find a regular but random event and monitor find a regular but random event and monitor do generally need special h/w to do this do generally need special h/w to do this

eg. radiation counters, radio noise, audio noise, eg. radiation counters, radio noise, audio noise, thermal noise in diodes, leaky capacitors, mercury thermal noise in diodes, leaky capacitors, mercury discharge tubes etc discharge tubes etc

starting to see such h/w in new CPU's starting to see such h/w in new CPU's problems of problems of biasbias or uneven distribution in signal or uneven distribution in signal

have to compensate for this when sample and use have to compensate for this when sample and use best to only use a few noisiest bits from each sample best to only use a few noisiest bits from each sample

Published SourcesPublished Sources

a few published collections of random numbers a few published collections of random numbers Rand Co, in 1955, published 1 million numbers Rand Co, in 1955, published 1 million numbers

generated using an electronic roulette wheel generated using an electronic roulette wheel has been used in some cipher designs cf Khafre has been used in some cipher designs cf Khafre

earlier Tippett in 1927 published a collection earlier Tippett in 1927 published a collection issues are that:issues are that:

these are limitedthese are limited too well-known for most uses too well-known for most uses

SummarySummary

have considered:have considered: use and placement of symmetric encryption to use and placement of symmetric encryption to

protect confidentialityprotect confidentiality need for good key distributionneed for good key distribution use of trusted third party KDC’suse of trusted third party KDC’s random number generation issuesrandom number generation issues