1 / 12

Information and Network Security

Information and Network Security. Ch4: Confidentiality Using Conventional Encryption. Conventional encryption to provide confidentiality. Historically, the focus of cryptology has been on the use of conventional encryption to provide confidentiality.

jania
Download Presentation

Information and Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information and Network Security Ch4: Confidentiality Using Conventional Encryption

  2. Conventional encryption toprovide confidentiality. • Historically, the focus of cryptology has been on the use of conventional encryption to provide confidentiality. • Authorization, Integrity, Digital signatures, and the use of public-key encryption, have been included in the theory only in the last several decades.

  3. Placement of EncryptionFunction • The location of encryption function is needed to be decided if the encryption is to be used to counter attacks on Confidentiality. • First, we have to find out the potential locations of security attacks. • Second, decide where to place the encryption function.

  4. Potential Locations forConfidentiality Attacks. • An attack can take place at any of the communications links. • The communications links can be: - Cable (telephone, twisted pair, coaxial cable, or optical fiber). - Microwave links. - Satellite channels.

  5. Potential Locations forConfidentiality Attacks • Invasive taps or inductive taps are used to monitor electromagnetic emanation with both Twisted pair and Coaxial cables. • Neither type of tap is particularly useful with optical fiber. • Physically breaking the cable seriously degrades signal quality and it is therefore detectable.

  6. Placement of Encryption Function • There are two major approaches to encryption placement: 1- Link encryption. 2- End-to-end encryption.

  7. Key Distribution • For conventional encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others. • Frequent key changes are required. • Therefore, the strength of cryptographic system relays on the key distribution technique.

  8. Key Distribution • There are a number of ways to deliver the key: 1- Physical delivery between two parties A,B. 2- Third party physically delivered the key. 3- A and B use used key to encrypt the new key and transmit it to the other party. 4- Using an encrypted connection to third party, then the third party delivers a key on encrypted links to A and B.

  9. A Key Distribution Scenario • One scenario to deploy the key distribution assumes that each user share a unique master key with the key distribution center (KDC). • Let us assume that user A wishes to establish a logical connection with B and require a one time session key to protect the data transmission over the connection. • A has a secret key ka, known only to itself and the KDC; similarly, B shares the master key kb with the KDC.

  10. A Key Distribution Scenario • Steps: 1- A issues a request to the KDC for a session key, the message includes the identity of A and B and a unique identifier N1 for this transaction. 2- the KDC responds with a message encrypted using Ka, the message includes two items intended for A: - the one time session key Ks to be used for the session. - the original request message for matching.

  11. A Key Distribution Scenario • Steps (Continue): And two items intended for B: - the one time session key, ks - An identifier of A IDA these two items are encrypted using kb 3- A stores the session key for use in the upcoming session and forwards to B the information that originated at the KDC for B.

  12. A Key Distribution Scenario • Steps (Continue): • Because this information is encrypted with kb, it is protected. B now knows the session key ks , knows that the other party is A (from the IDA), and knows that the information originated at the KDC. • At this point, a session key has been securely delivered to A and B, and they may begin their protected exchange.

More Related