Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

end-to-end encryption

advertisement 
1
Information Security and
Management
7. Confidentiality Using Symmetric
Encryption (Chap14-Part1)
Chih-Hung Wang
Fall 2011
2
Confidentiality using Symmetric Encryption
• Traditionally symmetric encryption is used to provide message
confidentiality
• Consider typical scenario
▫ Workstations on LANs access other workstations & servers on
LAN
▫ LANs interconnected using switches/routers
▫ with external lines or radio/satellite links
▫ The wiring closet itself is vulnerable
• Consider attacks and placement in this scenario
▫ snooping from another workstation
▫ use dial-in to LAN or server to snoop
▫ use external router link to enter & snoop
▫ monitor and/or modify traffic one external links
3
Points of Vulnerability
4
Confidentiality using Symmetric Encryption
• Have two major placement alternatives
• link encryption
▫ encryption occurs independently on every link
▫ implies must decrypt traffic between links
▫ requires many devices, but paired keys
• end-to-end encryption
▫ encryption occurs between original source and
final destination
▫ need devices at each end with shared keys
5
Link vs. End-to-End Encryption
6
Link Encryption
• Each vulnerable communications link is equipped
on both ends with an encryption device.
▫ All traffic over all communications links is secure.
▫ Disadvantage: the message must be decrypted each time it
enters a packet switch.
▫ The message is vulnerable at each switch.
▫ Each pair of nodes that share a link should share a unique
key, with a different key used on each link. Thus, many
keys must be provided.
7
End-to-End Encryption
• The encryption process is carried out at the two end
systems.
▫ The data in encrypted form are then transmitted unaltered
across the network to the destination terminal or host.
▫ The destination shares a key with the source and so is able
to decrypt the data.
▫ The host may encrypt only the user data portion of the
packet and must leave the header in the clear.
▫ Provide a degree of authentication
▫ To achieve greater security, both link and end-to-end
encryption are needed.
8
Comparison
Link Encryption
End-to-End Encryption
Security within end systems and intermediate systems
Message exposed in sending host
Message exposed in intermediate nodes
Message encrypted in sending host
Message encrypted in intermediate nodes
Role of user
Applied by sending host
Transparent to user
Host maintains encryption facility
One facility for all user
Can be done in hardware
All or no message encrypted
Applied by sending process
Under applies encryption
User must determine algorithm
User selects encryption scheme
Software implementation
User chooses to encrypt, or not, for each
message
Implementation concerns
Require one key per hos/tintermediate node pair
Provides host authentication
Require one key per user pair
Provided user authentication
9
Logical Placement of End-toEnd Encryption
• Network-layer encryption
▫ Front-end processor function
10
Scope
11
Encryption Strategies
12
Traffic Analysis (1)
• When using end-to-end encryption must leave
headers in clear
▫ so network can correctly route information
• Hence although contents protected, traffic
pattern flows are not
• Ideally want both at once
▫ end-to-end protects data contents over entire
path and provides authentication
▫ link protects traffic flows from monitoring
13
Traffic Analysis (2)
• Is monitoring of communications flows between parties
▫ useful both in military & commercial spheres
▫ can also be used to create a covert channel
• Types of information that can be derived from a traffic analysis
attack
▫ Identities of partners
▫ How frequently the partners are communicating
▫ Message pattern, message length, or quantity of messages that
suggest important information is being exchanged
▫ The events that correlative with special conversations between
particular partners.
14
Traffic Analysis (3)
• Link encryption approach
▫ Network-layer headers are encrypted, reducing
the opportunity for traffic analysis.
▫ But it is still possible to access the amount of
traffic on a network and to observe the amount of
traffic entering and leaving each end system
• Countermeasure
▫ Traffic padding
15
Traffic Analysis (4)
Traffic-padding Encryption Device
16
Traffic Analysis (5)
• End-to-end encryption approach
▫ Encryption is implemented at the application: the
opponent can determine which transport entities are
engaged in dialogue.
▫ Encryption is housed at the transport layer: the networklayer address and traffic patterns remain accessible
• Countermeasure
▫ Pad out data units to a uniform length at either the
transport or application level.
▫ The tactics deny an opponent knowledge about the amount
of data exchanged between end users and obscure the
underlying traffic pattern.
17
Key Distribution
• Symmetric schemes require both parties to share
a common secret key
• Issue is how to distribute this key without
allowing others to see the key.
• Often secure system failure due to a break in the
key distribution scheme
18
Key Distribution
•
Given parties A and B have various key
distribution alternatives:
1.
2.
3.
4.
A can select key and physically deliver to B.
A third party can select the key and physically deliver it
to A and B.
If A and B have previously and recently used a key, one
party can transmit the new key to the other, encrypted
using the old key.
If A and B each has an encrypted connection to a third
party C, C can deliver a key on the encrypted links to A
and B.
19
Problems
• If end-to-end encryption is
done at a network or IP level,
then a key is needed for each
pair of hosts.
• If there are N hosts, the
number of required keys is
[N(N-1)/2].
20
The Use of Key Hierarchy
21
Key Distribution Scenario
22
Key Distribution Issues
• Hierarchical Key Control: Hierarchies of KDC’s
required for large networks, but must trust each
other
• Session Key Lifetime: session key lifetimes
should be limited for greater security
• Use of automatic key distribution on behalf of
users, but must trust system
• Use of decentralized key distribution
• Controlling Key Usage
23
A Transparent Key Control Scheme
24
Decentralized Key Control
• The use of a key distribution center imposes the requirement
that the KDC be trusted and be protected from subversion.
This requirement can be avoid if key distribution is fully
decentralized.
Disadvantage: Needs a large amount of Master key
25
Controlling Key Usage (1)
• Associate a tag with each key (8-bits)
▫ One bit indicates whether the key is a session key
or a master key.
▫ One bit indicates whether the key can be used for
encryption.
▫ One bit indicates whether the key can be used for
decryption.
▫ The remaining bits are spares for future use.
26
Controlling Key Usage (2)
Control Vector Technique
27
Controlling Key Usage (3)
• Encrypted session key
Hash value = H = h(CV)
Key input = Km  H
Ciphertext = Ekm  H[Ks]
• Decryption
Ks = Dkm  H[Ekm  H[Ks]]
28
Random Number Generation
• Many uses of random numbers in cryptography
▫ nonces in authentication protocols to prevent replay
▫ session keys generation
▫ public key generation
• Criteria
▫ Uniform distribution
▫ Independence
 No one value in the sequence can be inferred from
the others
• Unpredictability
29
Natural Random Noise
• Best source is natural randomness in real world
• Find a regular but random event and monitor
• Do generally need special h/w to do this
▫ eg. radiation counters, radio noise, audio noise,
thermal noise in diodes, leaky capacitors, gas
discharge tubes etc.
30
Published Sources
• A few published collections of random numbers
• Rand Co, in 1955, published 1 million numbers
▫ generated using an electronic roulette wheel
▫ has been used in some cipher designs cf Khafre
• Earlier Tippett in 1927 published a collection
• Issues are that:
▫ these are limited
▫ too well-known for most uses: predictable
31
Pseudorandom Number Generators (PRNGs)
• Algorithmic technique to create “random
numbers”
▫ Although not truly random, can pass many tests
of “randomness”
32
Linear Congruential
Generator
• Common iterative technique using:
Xn+1 = (aXn + c) mod m
• Given suitable values of parameters can produce a
long random-like sequence
• Suitable criteria to have are [PARK88]:
▫ T1: function generates a full-period
▫ T2: generated sequence should appear random
▫ T3: efficient implementation with 32-bit arithmetic
• Note that an attacker can reconstruct sequence
given a small number of values
33
Using Block Ciphers as Stream Ciphers
• Can use block cipher to generate numbers
• Use Counter Mode
Xi = EKm[i]
• Use Output Feedback Mode
Xi = EKm[Xi-1]
• ANSI X9.17 PRNG
▫ uses date-time + seed inputs and 3 triple-DES
encryptions to generate new seed & random
34
Cyclic Encryption
35
ANSI X9.17 PRNG
Ri  EDE k1 .k2 [vi  EDE k1 .k2 [DTi ]]
vi 1  EDE k1 .k2 [ Ri  EDE k1 .k2 [DTi ]]
36
Blum Blum Shub (BBS) Generator
• Based on public key algorithms
• Use least significant bit from iterative equation:
▫ X0 = s2 mod n
▫ For i=1 to 
▫
Xi=(Xi-1)2 mod n
▫
Bi=Xi mod 2
 where n=p.q, and primes p,q=3 mod 4
•
•
•
•
•
Unpredictable, passes next-bit test
Security rests on difficulty of factoring N
Is unpredictable given any run of bits
Slow, since very large numbers must be used
Too slow for cipher use, good for key generation
37
Example of BBS
Related documents
VideoCase08:_Security
VideoCase08:_Security
Hwk #11
Hwk #11
Abstract - Chennaisunday.com
Abstract - Chennaisunday.com
17.1 Case Study Worksheet1
17.1 Case Study Worksheet1
Description
Description
Issue 73 Encryption Algorithm
Issue 73 Encryption Algorithm
26. Cryptology WS
26. Cryptology WS
Download
advertisement