Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Location of Encryption Devices2

advertisement 
S. Erfani, ECE Dept., University of Windsor
4.9
0688-590-18 Network Security
Location of Encryption Devices
As you should know by now, the most powerful and common approach to
countering the threats to network security is encryption. In using encryption, we
need to decide what to encrypt and where the encryption devices should be
located. There are two fundamental alternatives:


Link encryption
End –to-end encryption
There are shown in use over a packet – switching network in Fig. 3.
PSN
PSN
Packet-switching
network
PSN
PSN
=End-to-end encryption Device
=Link encryption device
PSN =Packet switching node
Figure 3 Encryption across a Packet-Switching Network
Link Encryption
In this scheme, each vulnerable communications link is equipped on both ends
with an encryption device. Thus all traffic over all communications links is
secured. Although, this requires a lot of encryption devices in a large network, it
provides a high level of security. One disadvantage of this approach is that the
message must be decrypted each time it enters a packet switch. This is necessary
because the packet switch must read the address (i.e., the virtual circuit number)
in the packet header to route the packet. Thus the message is vulnerable at each
Sep. 25, 2003
1
S. Erfani, ECE Dept., University of Windsor
0688-590-18 Network Security
switch. If this is a public packet-switching network (PSN), the user has no control over
the security of the modes.
End-to-End Encryption
In this approach, the encryption process is carried out at the two end systems.
The source host or terminal encrypts the data. The data, in encrypted form, are
then transmitted unaltered across the network to the destination terminal on host.
The destination shares a key with the source and so is able to decrypt the data.
This approach would seem to secure the transmission against attacks on the
network links on switches. However, the host may only encrypt the used data
position of the packet and must leave the header in the clear, so that it can be
read by the network.
Note 1 – With end-to-end encryption, the user data are secure. However, the
traffic pattern is not, because packet headers are transmitted in the.
Note 2 – To achieve greater security, both link and end-to-end encryption are
needed, as shown in Figure 3 (on page 10 of my notes).
4.10
Key Distribution
For symmetrical encryption systems to work, the two parties must have the same
key, and that key must be protected from access by others. Furthermore,
frequent key changes are usually desirable to limit the amount of data
compromised if an opponent, Oscar, leaves the key. Therefore, the strength of
any cryptographic system rests with the key distribution technique. That is, the means
of delivering a key to two parties that wish to exchange data securely.
Key distribution can be achieved in a number of ways. For two parties, Alice and
Bob:
1. A key could be selected by Alice and physically delivered to Bob:
2. A 3rd party could select the key and physically deliver it to Alice and Bob.
3. If Alice and Bob have previously and recently used a key, one party could
transmit the new key to the other, encrypted using the old key.
4. If Alice and Bob each have an encrypted connection to a trusted 3rd party,
named Casey, he could deliver a key on the encrypted links to Alice and Bob.
Note 3 – Option 1 and 2 call for manual delivery of a key. This is seasonal for link
encryption. However, for end-to-end encryption, manual delivery is awkward. In a
distributed system, any given host on terminal may need to engage in exchange
with many other hosts and terminal over time. Thus each device needs a number
Sep. 25, 2003
2
S. Erfani, ECE Dept., University of Windsor
0688-590-18 Network Security
of keys, supplied dynamically. The problem becomes quite difficult is a wide area
distributed system.
Note 4 – Option 3 is a possibility for either link encryption on end-to-end
encryption, but it an opponent, Oscar, ever succeeds in gaining access to one
key, then all subsequent keys are revealed.
Note 5 – To provide keys for end-to-end encryption, option 4 is preferable.
Key distribution Center(KDC)
Figure 4 shows an implementation that uses option 4 for end-to-end encryption.
The trusted third party (TTP) becomes known as a key distribution center (KDC).
The configuration consists of the following elements:
1. Host sends packet requesting
connection
2. Front end buffers packet: asks
KDC for session key
3. KDC distributes session key to
both front ends
4. Buffered packet transmitted
KDC
FEP
FEP =Front-end processor
KDC =key distribution center
2
3
1
F
E
P
Host
4
F
E
P
Host
Network
Figure 4 Automatic Key Distribution for Connection-Oriented Protocol
1.
KDC – Also known as key exchange authority or key exchange center,
determine which systems are allowed to communicate with each other
securely. When permission is granted, the KDC provides a one-time
session key for that connection. The session keys are used for the duration
of a session. At the conclusion of the session, or connection, the session
key is destroyed.
Sep. 25, 2003
3
S. Erfani, ECE Dept., University of Windsor
2.
0688-590-18 Network Security
FEP – The front-end procession (FEP) performs end-to-end encryption
and obtains session keys on behalf of its host on terminal.
The steps involved in establishing a connection are shown in Fig. 4.
Step 1 – When one host wishes to set up a connection to another host, it transmit
a connection sequent packet.
Step 2 – The FEP saves that packet and applies to the KDC for permission to
establish the connection. The communications between the FEP and the KDC is
encrypted using a master key shared only by the FEP and the KDC.
Step 3 – If the KDC approves the connection sequent, it generates the session
key and delivers it to the two appropriate FEPs, using a unique permanent key for
each FEP.
Step 4 – The requesting FEP can now release the connection sequent packet,
and a connection is set up between the two and systems. All used data
exchanged between the two end systems are encrypted by their respective FEPs
using the one-time session key.
Note 6 – The automated key distribution approach provides the flexibility and
dynamic characteristics needed to allow a number of terminal users to access a
number of hosts and for the hosts to exchange data with each other. Kerberos,
used extensively in Microsoft Windows 2000, is modeled on a KDC.
Note 7 – In general, a KDC supporting n sites, where each site needs a secret
key with every other site, must make almost n2/2 keys. This means that a KDC
supporting 1,000 sites must make almost 500,000 keys, an unmanageable
number of keys.
Note 8 – The KDC is often burdened with extensive key management and can
become a bottleneck. Additionally, if the KDC also acts as a key escrow agent,
the KDC itself is an attractive target (e.g., for a distributed denial-of-service
attack). For these reasons, the symmetrical encryption should be avoided
altogether. Another approach to security is the public-key encryption, which makes
key distribution much easier. We will discuss it in the next chapter.
Sep. 25, 2003
4
Related documents
Description
Description
VideoCase08:_Security
VideoCase08:_Security
Test 2
Test 2
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
Notes16
Notes16
Hwk #11
Hwk #11
here
here
CSCI4911 SPECIAL TOPICS: COMPUTER SECURITY FINAL EXAM
CSCI4911 SPECIAL TOPICS: COMPUTER SECURITY FINAL EXAM
Download
advertisement