1 / 21

PART I Symmetric Ciphers CHAPTER 7 Confidentiality

PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement of Encryption Function 7.2 Traffic Confidentiality 7.3 Key Distribution 7.4 Random Number Generation. 7.1 Placement of Encryption Function.

donovan-rojas
Télécharger la présentation

PART I Symmetric Ciphers CHAPTER 7 Confidentiality

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PART I Symmetric Ciphers CHAPTER 7 Confidentiality Using Symmetric Encryption 7.1 Placement of Encryption Function 7.2 Traffic Confidentiality 7.3 Key Distribution 7.4 Random Number Generation

  2. 7.1 Placement of Encryption Function • Symmetric encryption is used to provide message confidentiality; We need to decide what to encrypt and where the encryption function should be located. Potential Location for Confidentiality Attacks Fig. 7.1 Point of Vulnerability

  3. 7.1 Placement of Encryption Function Link versus End-to-End Encryption • Have two major placement alternatives • link encryption • Encryption occurs independently on every link; • Message is vulnerable at each node. • Requires many encryption devices; many keys must be provided • end-to-end encryption • Encryption occurs between original source and final destination • Need devices at each end with shared keys

  4. 7.1 Placement of Encryption Function Link versus End-to-End Encryption Fig. 7.2 Encryption Across a Packet Switching Network

  5. 7.1 Placement of Encryption Function Table 7.1 Characteristic of Link and End-to-End Encryption

  6. 7.1 Placement of Encryption Function Fig. 7.4 Encryption Coverage Implementations of Store-and-Forward Communications

  7. 7.2 Traffic Confidentiality • is monitoring of communications flows between parties • useful both in military & commercial spheres • can also be used to create a covert channel • link encryption obscures header details • but overall traffic volumes in networks and at end- points is still visible • traffic paddingcan further obscure flows • but at cost of continuous traffic

  8. 7.3 Key Distribution • Symmetric schemes require both parties to share common secret key. • Issue is how to securely distribute this key • Often secure system failure due to a break in the key distribution scheme. • Given parties A and B have various key distribution alternatives: 1) A can select key and physically deliver to B 2) Third party can select & deliver key to A & B 3) If A & B have communicated previously, They can use previous key to encrypt a new key 4) If A & B have secure communications with a thirdparty C, C can relay key between A & B

  9. 7.3 Key Distribution • Typically have a hierarchy of keys • Session key • temporary key; • used for encryption of data between usersfor one logical session then discarded. • Master key • used to encrypt session keys • shared by user & key distribution center A Key Distribution Scenario • The key distribution concept can be deployed in a number of ways. • Popek, G.Kline, C. “Encryption and Secure Computer networks,” ACM Computer Surveys, Dec., 1979

  10. 7.3 Key Distribution Fig. 7.9 Key Distribution Scenario

  11. 7.3 Key Distribution Key Distribution Issues • Hierarchies of KDC’s required for largenetworks, but must trust each other. • Session key lifetimes should be limited for greater security A Transparent Key Control Scheme • Automatic Key distribution : useful for providing end-to-end encryption at a network or transport level in a way that is transparent to end users. • See Fig. 7.10

  12. 7.3 Key Distribution Fig. 7.10 Automatic Key Distribution for Connection-Oriented Protocol

  13. 7.3 Key Distribution Decentralizing Key Control Controlling Key Usage • Need to be as many as n(n1)/2 master keys for a configuration with n end systems.

  14. 7.4 Random Number Generation The Use of Random Numbers • Many uses of random numbers in cryptography • nonces in authentication protocols to prevent replay attacks • Session keys generation • Keys for the RSA public key encryption algorithm. • Keystream for a one-time pad • Requirement for a random numbers: randomness and unpredictability

  15. 7.4 Random Number Generation The Use of Random Numbers • Randomness : The following two criteria are used to validate that a sequence of numbers is random: • Uniform distribution : The frequency of occurrence of each of the numbers should be approximately the same. • Independence:No one value in the sequence can be inferred from the other. • Unpredictability :With true random sequences, each number is statistically independent of other numbers in the sequence and therefore unpredictable.

  16. 7.4 Random Number Generation Pseudorandom Number Generators (PRNGs) • often use deterministic algorithmic techniques to create “random numbers” • although are not truly random • can pass many tests of “randomness” ENT, DieHard • known as “pseudorandom numbers”; created by “Pseudorandom Number Generators (PRNGs)” Linear Congruential Generators • common iterative technique using: Xn+1 = (aXn + c) mod m • The selection of values for a, c, and m is critical in developing a good random number generator

  17. 7.4 Random Number Generation Linear Congruential Generators • Given suitable values of parameters can produce a long random-like sequence • Suitable criteria to have are: • Function generates a full-period • Generated sequence should appear random • Efficient implementation with 32-bit arithmetic • Note that an attacker can reconstruct sequence given a small number of values

  18. 7.4 Random Number Generation Cryptographically Generated Random Numbers • Cyclic Encryption • DES Output Feedback Mode Xi = EKm[Xi-1] Fig. 7.13 Pseudorandom Number Generation from a Counter

  19. 7.4 Random Number Generation Cryptographically Generated Random Numbers • ANSI X9.17 PRNG : One of the strongest PRNGs DES keys Data/time ith seed value Fig. 7.14 ANSI X9.17 PRNS

  20. 7.4 Random Number Generation Blum Blum Shub Generator (BBS) • Based on public key algorithms. • Use least significant bit from iterative equation: X0 = s2 mod n for i = 1 to  Xi = Xi12 mod n Bi = Ximod 2 where n = pq, and primes p and q = 3 mod 4 • Unpredictable, passes next-bit test • Cryptographically secure pseudorandom bit generator • Security rests on difficulty of factoring N • Slow, since very large numbers must be used • Too slow for cipher use, good for key generation

  21. Summary • have considered: • use and placement of symmetric encryption to protect confidentiality • need for good key distribution • use of trusted third party KDC’s • random number generation issues

More Related