1 / 46

Placement of Symmetric Encryption

mairead
Télécharger la présentation

Placement of Symmetric Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Placement of Symmetric Encryption Two major placement alternatives Link encryption encryption occurs independently on every link implies must decrypt traffic between links requires many devices, but paired keys End-to-end encryption encryption occurs between original source and final destination need devices at each end with shared keys

    2. Characteristics of Link and End-to-End Encryption

    3. Placement of Encryption 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical

    4. Data Transmission

    5. TCP/IP Reference Model

    6. Placement of Encryption Can place encryption function at various layers in OSI Reference Model link encryption occurs at layers 1 or 2 end-to-end can occur at layers, ?, ?, 7 If move encryption toward higher layer less information is encrypted but is more secure application layer encryption is more complex, with more entities and need more keys

    7. Traffic Analysis When using end-to-end encryption, must leave headers in clear so network can correctly route information Hence although contents are protected, traffic patterns are not protected Ideally both are desired end-to-end protects data contents over entire path and provides authentication link protects traffic flows from monitoring

    8. Key Establishment: The problem Securing communication requires that the data is encrypted before being transmitted. Associated with encryption and decryption are keys that must be shared by the participants. The problem of securing the data then becomes the problem of securing the establishment of keys. Task: If the participants do not physically meet, then how do the participants establish a shared key? Two types of key establishment: Key Agreement Key Distribution

    9. Key Distribution Schemes Various key distribution schemes for two parties A can select key and physically deliver to B third party C can select and deliver key to A and B if A and B have shared a key previously, can use previous key to encrypt a new key if A and B have secure communications with third party C, C can relay key between A and B

    10. Key Distribution Key Agreement protocols: the key isnt determined until after the protocol is performed. Key Distribution protocols: one party generates the key and distributes it to Bob and/or Alice (Shamirs 3pass, Kerberos). Shamirs Three-Pass Protocol: Alice generates and Bob generates . A key K is distributed by:

    11. Session key Permanent key Key Distribution Center Front-end Processor

    12. Key Distribution Scenario

    13. Key Agreement

    14. Key Distribution Issues Hierarchies of KDCs are required for large networks, but must trust each other Session key lifetimes should be limited for greater security Use of automatic key distribution on behalf of users, but must trust system Use of decentralized key distribution

    15. Summary of Symmetric Encryption Traditional symmetric cryptography uses one key shared by both sender and receiver If this key is disclosed, communications are compromised Provide confidentiality, but does not provide non-repudiation

    16. Message Authentication Encryption protects against passive attacks. A different requirement is to protect against active attacks. Protection against such attack is known as message authentication. A message, file, document, or other collection of data is said to be authentic when it is genuine and came from its alleged source.

    17. Important aspects: Verify that received messages have not been altered. Verify that source is authentic. Verify a messages timeliness (it has not been artificially delayed and replayed)

    18. Authentication using conventional Encryption If we assume that only the sender and receiver share a key, then only the genuine sender would be able to encrypt a message successfully for the other participant. If the message includes an error-detection code and a sequence number, the receiver is assured that no alterations have been made and that sequencing is proper. If the message also includes a timestamp, the receiver is assured that the message has not been delayed beyond that normally expected for network transit.

    19. Message Authentication without Message Encryption

    20. Authentication Without Message Encryption

    22. Message Authentication Code ( MAC )

    23. If we assume that only the sender and receiver share a key, then: The receiver is assured that the message has not been altered. The receiver is assured that the message is from the alleged sender. If the message also includes a timestamp, the receiver can be assured of the proper sequence.

    24. Hash Functions: Main Idea H is a lossy compression function Collisions: h(x)=h(x) for some inputs x, x Result of hashing should look random Intuition: half of digest bits are 1; any bit in digest is 1 half the time Cryptographic hash function needs a few properties

    25. Requirements of Secure Hash Functions Input data can have variable-size Output should be fixed-size H(x) should be relatively easy to compute for any x H(x) should be relatively easy in both hardware and software in order to make implementation practicle. For any given output, it is computationally infeasible to find input. It is computationally infeasible to find two different numbers which have the same output. H(x) should be relatively easy in both hardware and software in order to make implementation practicle. For any given output, it is computationally infeasible to find input. It is computationally infeasible to find two different numbers which have the same output.

    26. Requirements of Secure Hash Functions For any given h, it is computationally infeasible to find x such that H(x)=h. (One-way) For a given x, it is computationally infeasible to find any y?x with H(x) = H(y). It is computationally infeasible to find any pair (x, y) such that H(x)=H(y). H(x) should be relatively easy in both hardware and software in order to make implementation practicle. For any given output, it is computationally infeasible to find input. It is computationally infeasible to find two different numbers which have the same output. H(x) should be relatively easy in both hardware and software in order to make implementation practicle. For any given output, it is computationally infeasible to find input. It is computationally infeasible to find two different numbers which have the same output.

    27. A hash function that satisfies the first five properties is referred as a weak hash function. If the sixth property also satisfy, then it is referred to as a strong hash function.

    28. Why Hash Functions? - message integrity - Authentication - Digital signature

    29. Hash Functions Hash Functions can be used for message integrity

    30. Message can be authenticated in three ways: Message digest can be encrypted by Using Secret-key Encryption Using Public-key encryption Using Secret Value

    33. In the first and the second methods, only the message digest is encrypted instead of entire message. However, encryption is expensive. Therefore, we avoid encryption. In the third method, there is no encryption.

    34. Which Property Do We Need? 4TH property -solution c 5Th property -solutions a & b 6Th property - Birthday attack

    35. Initially set the n-bit hash value to 0. Break the message up in n-bit blocks (Rotate the block to the left by one bit.) XOR the block into the hash value. The Simplest Hash Function

    36. The Simplest Hash Function

    37. Common Hash Functions MD5 128-bit output Designed by Ron Rivest, used very widely Collision-resistance broken (summer of 2004) RIPEMD-160 160-bit variant of MD-5 SHA-1 (Secure Hash Algorithm) 160-bit output US government (NIST) standard as of 1993-95 Also the hash algorithm for Digital Signature Standard (DSS)

    39. General model for iterated hash functions

    40. Detailed view

    41. Basic Structure of SHA-1

    42. How Strong Is SHA-1? Every bit of output depends on every bit of input Very important property for collision-resistance Brute-force inversion requires 2160 ops, birthday attack on collision resistance requires 280 ops Some very recent weaknesses (2005) Collisions can be found in 263 ops

    43. HMAC Use a MAC derived from a cryptographic hash code, such as SHA-1. Motivations: Cryptographic hash functions executes faster in software than encryption algorithms such as DES Library code for cryptographic hash functions is widely available No export restrictions from the US

    44. HMAC Design Objectives Proposal to include secret key in hash function RFC 2104 lists design objectives for HMAC To use available hash functions Allow easy replaceability of hash function Maintain performance of original hash Use and handle keys simply Have well understood cryptographic analysis of strength of the authentication method

    45. HMAC Invented by Bellare, Canetti, and Krawczyk (1996) HMAC strength established by cryptographic analysis Mandatory for IP security, also used in SSL/TLS

    46. Structure of HMAC

More Related