1/203 /203 Information Security Lab. Dept. of Computer Engineering PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement of Encryption Function 7.2 Traffic Confidentiality 7.3 Key Distribution 7.4 Random Number Generation
21
Embed
Information Security Lab. Dept. of Computer Engineering 182/203 PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
11/203/203
Information Security Lab.Dept. of Computer Engineering
PART I Symmetric CiphersCHAPTER 7 Confidentiality Using Symmetric Encryption
7.1 Placement of Encryption Function
7.2 Traffic Confidentiality
7.3 Key Distribution
7.4 Random Number Generation
22/203/203
Information Security Lab.Dept. of Computer Engineering
7.1 Placement of Encryption 7.1 Placement of Encryption FunctionFunction
Symmetric encryption is used to provide message confidentiality; We need to decide what to encrypt and where the encryption function should be located.
Potential Location for Confidentiality Attacks
Fig. 7.1 Point of Vulnerability
33/203/203
Information Security Lab.Dept. of Computer Engineering
7.1 Placement of Encryption 7.1 Placement of Encryption FunctionFunction
Link versus End-to-End Encryption Have two major placement alternatives link encryption
Encryption occurs independently on every link; Message is vulnerable at each node. Requires many encryption devices; many keys must
be provided
end-to-end encryption Encryption occurs between original source and final destination Need devices at each end with shared keys
44/203/203
Information Security Lab.Dept. of Computer Engineering
7.1 Placement of Encryption 7.1 Placement of Encryption FunctionFunction
Link versus End-to-End Encryption
Fig. 7.2 Encryption Across a Packet Switching Network
55/203/203
Information Security Lab.Dept. of Computer Engineering
7.1 Placement of Encryption 7.1 Placement of Encryption FunctionFunction
Table 7.1 Characteristic of Link and End-to-End Encryption
66/203/203
Information Security Lab.Dept. of Computer Engineering
7.1 Placement of Encryption 7.1 Placement of Encryption FunctionFunction
Fig. 7.4 Encryption Coverage Implementations of Store-and-Forward Communications
77/203/203
Information Security Lab.Dept. of Computer Engineering
7.2 7.2 Traffic Traffic ConfidentialityConfidentiality is monitoring of communications flows between parties
useful both in military & commercial spheres can also be used to create a covert channel
link encryption obscures header details but overall traffic volumes in networks and at end- points is still visible
traffic padding can further obscure flows but at cost of continuous traffic
88/203/203
Information Security Lab.Dept. of Computer Engineering
7.3 7.3 Key DistributionKey Distribution Symmetric schemes require both parties to share common secret key. Issue is how to securely distribute this key Often secure system failure due to a break in the key distribution scheme. Given parties A and B have various key distribution alternatives:
1) A can select key and physically deliver to B2) Third party can select & deliver key to A & B3) If A & B have communicated previously, They can
use previous key to encrypt a new key4) If A & B have secure communications with a third
party C, C can relay key between A & B
99/203/203
Information Security Lab.Dept. of Computer Engineering
7.3 Key Distribution7.3 Key Distribution Typically have a hierarchy of keys Session key
temporary key; used for encryption of data between users for one logical session then discarded.
Master key used to encrypt session keys shared by user & key distribution center
A Key Distribution Scenario The key distribution concept can be deployed in a number of ways. Popek, G. Kline, C. “Encryption and Secure Computer networks,” ACM Computer Surveys, Dec., 1979
1010/203/203
Information Security Lab.Dept. of Computer Engineering
7.3 Key Distribution7.3 Key Distribution
Fig. 7.9 Key Distribution Scenario
1111/203/203
Information Security Lab.Dept. of Computer Engineering
7.3 Key Distribution7.3 Key DistributionKey Distribution Issues Hierarchies of KDC’s required for large networks, but must trust each other.
Session key lifetimes should be limited for greater security
A Transparent Key Control Scheme Automatic Key distribution : useful for providing end-to-
end encryption at a network or transport level in a way that is transparent to end users.
See Fig. 7.10
1212/203/203
Information Security Lab.Dept. of Computer Engineering
7.3 Key Distribution7.3 Key Distribution
Fig. 7.10 Automatic Key Distribution for Connection-Oriented Protocol
1313/203/203
Information Security Lab.Dept. of Computer Engineering
7.3 Key Distribution7.3 Key DistributionDecentralizing Key Control
Controlling Key Usage
Need to be as many as n(n1)/2 master keys for a configuration with n end systems.
1414/203/203
Information Security Lab.Dept. of Computer Engineering
7.4 Random Number Generation7.4 Random Number GenerationThe Use of Random Numbers Many uses of random numbers in cryptography
nonces in authentication protocols to prevent replay attacks Session keys generation Keys for the RSA public key encryption algorithm. Keystream for a one-time pad
Requirement for a random numbers: randomness and unpredictability
1515/203/203
Information Security Lab.Dept. of Computer Engineering
7.4 Random Number Generation7.4 Random Number GenerationThe Use of Random Numbers Randomness : The following two criteria are used to validate that a sequence of numbers is random:
Uniform distribution : The frequency of occurrence of each of the numbers should be approximately the same. Independence : No one value in the sequence can be inferred from the other.
Unpredictability : With true random sequences, each number is statistically independent of other numbers in the sequence and therefore unpredictable.
1616/203/203
Information Security Lab.Dept. of Computer Engineering
7.4 Random Number Generation7.4 Random Number GenerationPseudorandom Number Generators (PRNGs) often use deterministic algorithmic techniques to create “random numbers”
although are not truly random can pass many tests of “randomness” ENT, DieHard
known as “pseudorandom numbers”; created by “Pseudorandom Number Generators (PRNGs)”
Linear Congruential Generators common iterative technique using:
Xn+1 = (aXn + c) mod m The selection of values for a, c, and m is critical in developing a good random number generator
1717/203/203
Information Security Lab.Dept. of Computer Engineering
7.4 Random Number Generation7.4 Random Number GenerationLinear Congruential Generators Given suitable values of parameters can produce a long
random-like sequence
Suitable criteria to have are: Function generates a full-period Generated sequence should appear random Efficient implementation with 32-bit arithmetic
Note that an attacker can reconstruct sequence given a small number of values
1818/203/203
Information Security Lab.Dept. of Computer Engineering
7.4 Random Number Generation7.4 Random Number Generation
Fig. 7.13 Pseudorandom Number Generation from a Counter
Cryptographically Generated Random Numbers Cyclic Encryption
DES Output Feedback Mode
Xi = EKm[Xi-1]
1919/203/203
Information Security Lab.Dept. of Computer Engineering
7.4 Random Number Generation7.4 Random Number GenerationCryptographically Generated Random Numbers ANSI X9.17 PRNG : One of the strongest PRNGs
Fig. 7.14 ANSI X9.17 PRNS
Data/time
ith seed value
DES keys
2020/203/203
Information Security Lab.Dept. of Computer Engineering
7.4 Random Number Generation7.4 Random Number GenerationBlum Blum Shub Generator (BBS) Based on public key algorithms. Use least significant bit from iterative equation:
X0 = s2 mod n for i = 1 to Xi = Xi1
2 mod n Bi = Xi mod 2where n = pq, and primes p and q = 3 mod 4
Unpredictable, passes next-bit test Cryptographically secure pseudorandom bit generator Security rests on difficulty of factoring N Slow, since very large numbers must be used Too slow for cipher use, good for key generation
2121/203/203
Information Security Lab.Dept. of Computer Engineering
SummarySummary
have considered: use and placement of symmetric encryption to protect
confidentiality need for good key distribution use of trusted third party KDC’s random number generation issues