1 / 39

Network and Communications Network Security

Network and Communications Network Security. Department of Computer Science. Virginia Commonwealth University. Key Distribution. How to deliver a key to two parties A and B wishing to exchange data Key selected by A, Physically delivered to B

joelle
Télécharger la présentation

Network and Communications Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network and CommunicationsNetwork Security Department of Computer Science Virginia Commonwealth University

  2. Key Distribution How to deliver a key to two parties A and B wishing to exchange data • Key selected by A, Physically delivered to B • Key selected by third party C, Physically Delivered to A and B • Key encrypted by either A or B using an existing secret key and sent to the other • Key delivered by Third Party C on Encrypted links to A and B

  3. How many keys are necessary? • A given host needs to do message exchange with many other hosts • A key needed for each pair of hosts • Many keys need to be supplied dynamically • Number of required keys depends on level of network where encryption is done: • Node-level encryption for 1000 nodes: half million keys • Application-level encryption (for 1000 nodes, 10000 applications): 50 million keys (A key for every pair of users or processes)

  4. Center approach? • Responsible for distributing keys to pairs of users: • Hosts, processes, applications • Each user shares a unique key with center • based on a hierarchy of keys: • Session key (temporary key) used to Encrypt End-systems Communication; • Master Key (Shared by KDC and end user) used to encrypt Session keys (a unique Master key for each end user) • Question: How many master keys are required for N users? • Question: How to distribute master keys?

  5. In Symmetric Cryptography This protocol assumes that Alice and Bob, users on a network, each share a secret key with the Key Distribution Center, which is Trent. • Alice requests Trent a session key to communicate with Bob. • Trent generates a random session key. He encrypts two copies of it: one in Alice’s key and the other in Bob’s key. Trent sends both copies to Alice. • Alice decrypts her copy of the session key. • Alice sends Bob his copy of the session key. • Bob decrypts his copy of the session key. • Both Alice and Bob use this session key to communicate securely.

  6. SKEY • Relies on a one-way function for its security. • Alice enters a random number, R. The computer computes f(R), f(f(R)), f(f(f(R))), and so on, about a hundred times. Call these numbers x1, x2, …x100. The Computer gives these to Alice for safekeeping. • When Alice wants to log in, she types her name and x100. The computer calculates f(x100) and compares it with x101; if they match, Alice is authenticated. Then, the computer replaces x101, with x100 in the database. Alice crosses x100 off her list. • Every time Alice logs in, she enters the last uncrossed number on her list: x1. The computer calculates f(x1) and compares it with xi+1 stored in its database. Eve cant get useful information because each number is only used once, and the function is one-way. Similarly, the database is not useful to an attacker. Of course, when Alice runs out of numbers on her list, she has to reinitialize the system.

  7. A Key Distribution Scenario • Connection between users A and B is required • Session key needs to be generated and transmitted to A and B • Ka(Kb) Secret key of A(B) known only to A(B) and KDC • IDA(IDB): Identity of A(B) • N1, N2: Nonce

  8. Steps in Previous Key Distribution • A requests KDC for a session key for a logical connection to B: • A sends IDA, IDB, N1 to KDC (N1: timestamp, counter, or random number, that is different each time) • KDC responds with a message consisting of two parts: • Session key KS and Original request of A • KS and IDA encrypted using Kb Both of the above are encrypted using Ka • A stores Ks and sends Ekb[KS || IDA] to B • B receives message from A and sends N2 encrypted using KS to A • A responds by sending f(N2) encrypted using KS to B (After step 3, KS has been securely delivered to A and B) Steps 1-3: Key Distribution; Steps 3-5 Authentication

  9. Hierarchical key control • For large networks, single KDC is impractical; Hierarchy of KDCs better suited • Local KDCs for each of the Domains • Global KDC facilitates key transfers across domains • Minimizes effort in distributing Master keys

  10. Lifetime of Session key • For connection-oriented protocols: • Same Session key is used for the duration the connection is open (session) • For long-duration logical connections, session key is changed periodically • For connectionless protocols (no explicit connection initiation/termination) • New Session key for each exchange • More overhead • Use Session key for a fixed period or for a certain number of transactions

  11. Decentralized Key Control • KDC: bottleneck and target of attacks • One solution: Decentralization • requires each end system be able to send session key securely with any other end system Steps: • A sends request R to B for session key (by including N1) • B generates KS; Sends KS, R, IDB, f(N1), N2 to A encrypted using shared master key • A returns f(N2) to B, encrypted using KS

  12. Controlling Key Usage • Impose controls on ways keys are used • Separation of master keys from session keys • Define different types of session keys: • Data Encrypting key (for general communication) • PIN Encrypting key (for EFT, POS applications) • File Encrypting Key (for files in publicly accessible locations)

  13. Limiting Ways of Usage of Keys • Based on Key characteristics • Associate ‘tag’ with each key • In DES, 8 nonkey bits reserved for parity can be used as tag • One bit: Indicates master key or session key • One bit: Indicates use in encryption • One bit: Indicates use in decryption • Remaining bits: for future use • Tag is embedded in the key

  14. Key Management Using Public-key Encryption

  15. Key Management Two distinct issues: • Distribution of Public Keys • Distribution of Secret Keys (of Conventional Encryption) using Public-key Encryption

  16. Distribution of Public Keys Broad Schemes: • Public Announcement • Each participant broadcasts the public key • Publicly Available Directory • Public-key Authority • Public-key Certificate

  17. Publicly Available Directory • A central authority maintains directory • One entry for each participant: {name, public key} • Each participant registers the public key • Secure, authenticated communication needed • Participant may replace existing key • Secrecy of authority’s private key is critical

  18. Public Key Distribution Using Public Key Authority For Distribution of public keys for directory to users A and BIDA(IDB): Id of A(B); KUa(KUb): Public key of A(B); KRauth: Private key of authority; N1, N2: nonce 1. A sends time stamped request for KUb 2. Authority sends KUb together with time stamped request encrypted using KRauth to A 2b. A decrypts using KUauth and stores KUb 3. A sends IDA and N1 encrypted using KUb to B 4,5. B requests for and receives KUa from the authority (Similar to 1,2,2b) 6. B sends N1||N2 encrypted using KUa to A • A returns N2 encrypted using KUb to B After steps 1-5: Keys have been delivered

  19. Public Key Distribution using Key Authority

  20. Public Keys Certificates • Overcomes bottleneck in Public Key Authority • Each user requesting authority for the public key of every other user • Certificates facilitate exchange of keys without contacting key authority • Certificate created by certificate authority • Certificate contains Public Key plus some other information • Certificate given to user with matching private key • Certificate: Timestamp, ID, Public Key encrypted using certificate authority’s Private key

  21. Exchange of Public Key Certificates • Certificate: CA=EKRauth[T, IDA, KUa] • Verification: DKUauth[CA]=DKUauth[CA=EKRauth[T, IDA, KUa]]=(T, IDA, KUa) • Decryption of Certificate using Public key of authority provides authentication

  22. Public Key Infrastructure (PKI) • For commercial applications, there is need for infrastructure to keep track of public keys. • PKI is a framework consisting of policies: • Define rules of operation of cryptographic systems • Define procedures for generating and publishing keys and certificates • PKI consists of certification and validation operations • Certification binds public key to an entity • Validation guarantees that certificates are valid

  23. Public Key Certificate • Certificate: information that has been validated (signed) by a certification authority (CA) • Two popular types: Identity Certificates and Credential certificates • Identity Certificate: Contain ID (ex. email address) and a list of public keys for the entity • Credential Certificates: contain information about access rights • Data in certificates (usually) encrypted using CA’s private key

  24. X.509 PKI • International Standard (ISO and ITU) • Provides authentication for directory services on large computer networks • Used in Visa and Mastercard’s SET (Secure Electronic Transaction) Standard • Allows inclusion of trust policies within certificates.

  25. Secret Key Distribution Using Public-key Systems

  26. Distribution of Secret keys using Public-key Systems • Diffie – Hellman Key Exchange • Merkle’s Simple Scheme • Key Distribution with confidentiality and Authentication (Needham and Schroeder) • Hybrid Scheme (A. Le, et. al.) Last three of the above schemes assume that the public keys have already been exchanged

  27. Diffie - Hellman Key Exchange Scheme • First published public-key algorithm (1976) • Based on difficulty of computing Discrete Logarithms • Enables two users to exchange a key securely to be used for subsequent message encryption • Several commercial products based on this technique

  28. Diffie - Hellman Key Exchange Algorithm

  29. Diffie – Hellman Key Exchange Operation • q, α are required to be known ahead of time ( or A could pick q and α and include in the first message)

  30. Merkle’s Secret Key Distribution Scheme • A generates a public/private key pair [KUa, KRa] and transmits a message to B consisting of KUa and an identifier of A, IDA • B generates a secret key, KS, and transmits it to A, encrypted with A’s public key. • A computes DKRa[EKUa[KS]] to recover the secret key. Because only A can decrypt the message, only A and B will know the identity of KS. • A discards KUa and KRa and B discards KUa

  31. Key Exchange with Public-Key Cryptography • Alice gets Bob’s public key from the KDC. • Alice generates a random session key, encrypts it using Bob’s public key, and sends it to Bob. • Bob them decrypts Alice’s message using his private key. • Both of them encrypt their communications using the same session key.

  32. Man-in-the-middle Attack • Alice sends Bob her public key. Mallory intercepts this key and sends Bob his own public key. • Bob sends Alice his public key. Mallory intercepts this key and sends Alice his own public key. • When Alice sends a message to Bob, encrypted in “Bob’s” public key, Mallory intercepts it. Since the message is really encrypted with his own public key, he decrypts it with his private key, re-encrypts it with Bob’s public key an sends it on to Bob. • When Bob sends a message to Alice, encrypted in “Alice’s” public key, Mallory intercepts it. Since the message is really encrypted with his own public key, he decrypts it with his private key, re-encrypts it with Alice’s public key an sends it on to Alice.

  33. Interlock Protocol(Foils Man-in-the-middle attack) • Alice sends Bob her public key. • Bob sends Alice his public key. • Alice encrypts her message using Bob’s public key. She sends half of the encrypted message to Bob. • Bob encrypts his message using Alice’s public key. He sends half of the encrypted message to Alice. • Alice sends the other half of her encrypted message to Bob. • Bob puts the two halves of Alice’s message together and decrypts with his private key . Bob sends the other half of his encrypted message to Alice. • Alice puts the two halves of Bob’s message together and encrypts it with her private key.

  34. Key and Message Transmission Alice and Bob need not complete the key-exchange protocol before exchanging messages. In this protocol, Alice sends Bob the message, M, without any previous key exchange protocol: • Alice generates a random session key , K and encrypts M using K. EK(M) • Alice gets Bob’s public key from the database • Alice encrypts K with Bob’s public key. EB(K) • Alice sends both the encrypted message and encrypted session key to Bob. EK(M), EB(K) • Bob decrypts Alice’s session key, K using his private key. • Bob decrypts Alice’s message using the session key.

  35. Key and Message Broadcast Alice sending encrypted message to several people (ex. to Bob, Carol, and Dave) • Alice generates a random session key, K, and encrypts M using K. EK(M) • Alice gets Bob’s Carol’s and Dave’s public keys from the database. • Alice encrypts K with Bob’s public key, encrypts K with Carol’s public key, and then encrypts K with Dave’s public key. EB(K), EC(K), ED(K) • Alice broadcasts the encrypted message and all the encrypted keys to anybody who cares to receive it. EB(K), EC(K), ED(K), EK(M) • Only Bob, Carol, and Dave can decrypt the key, K, using his or private key. • Only Bob, Carol, and Dave can decrypt Alice’s message using K.

  36. Needham & Schroeder Scheme with Confidentiality and Authentication • A uses B’s public key to encrypt a message to B containing an identifier of A (IDA) and a nonce (N1) which is used to identify this transaction uniquely. • B sends a message of A encrypted with KUa and containing A’s nonce (N1) as well as a new nonce generated by B (N2). Because only B could have decrypted message (1), the presence of N1 in message (2) assures A that the correspondent is A. • A selects a secret key KS and sends M=EKUb[EKRa[KS]] to B. Encryption of this message with B’s public key ensures that only B can read it; encryption with A’s private key ensures that only A could have sent it. • B Computes DKUa[DKRb[M]] to recover the secret key.

  37. Needham & Schroeder Scheme with Confidentiality and Authentication

  38. Hybrid Scheme (for Secret Key Distribution) • KDC Shares a secret master key with each user • Secret Session keys encrypted using master key • Public-key Scheme used to distribute master keys KDC Users . . .

  39. End of semester Thank you! Chapter 5 & 6 Chapter 8 (7,8,11,14,15,17,18,24,31)

More Related