490 likes | 917 Views
Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems. Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown.
E N D
Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown
Amongst the tribes of Central Australia every man, woman, and child has a secret or sacred name which is bestowed by the older men upon him or her soon after birth, and which is known to none but the fully initiated members of the group. The secret name is never mentioned …The native thinks that a stranger knowing his secret name would have special power to work him ill by means of magic. -The Golden Bough, Sir James George Frazer
Motivation and outline • symmetric encryption is used to provide message confidentiality Q: Where to put the encryption mechanism? How to distribute the secret key? • Placement of encryption function • Traffic confidentiality • Key distribution
Confidentiality using Symmetric Encryption機密性 • What to encrypt and where the encryption function should be located • consider typical scenario: (4) Monitor traffic (3) Tap into wire (2) dial-in, then intrude • Eavesdropping by • members
Typical scenario and attacks • consider typical scenario • workstations on LANs access other workstations & servers on LAN • LANs interconnected using switches/routers • with external lines or radio/satellite links • consider attacks and placement in this scenario • snooping from another workstation • use dial-in to LAN or server to snoop • use external router link to enter & snoop • monitor and/or modify traffic one external links
Placement of encryption • have two major placement alternatives • link encryption • encryption occurs independently on every link • implies must decrypt traffic between links • requires many devices, but paired keys for all links • end-to-end encryption • encryption occurs between original source and final destination • need devices at each end with shared keys
Placement of encryption (cont.) One key for each link One shared key
Problems with routing • In a packet-switching network, we need packet header to route packets • Link encryption: so packet must be decrypted before routing • Vulnerable at each switch node • End-to-end encryption: must leave headers in clear, so network can correctly route information • hence although contents protected, traffic patternis not protected • ideally want both at once • end-to-end protects data contents over entire path and provides authentication • link protects traffic flows from monitoring
Placement of encryption over OSI model • can place encryption function at various layers in OSI Reference Model
OSI model and packetization Application level encryption TCP level encryption Link level encryption
Outline • Placement of encryption function • Traffic confidentiality • Key distribution
Traffic Analysis • In packet-switching network, the packet header cannot be encrypted • Traffic analysis is monitoring of communications flows between parties • Ex. know who is talking to whom in military usage • Traffic analysis reveals • Identities of partners • How frequently the partners are communicating • Message pattern, message length, quantity of messages, …
Defense against traffic analysis • link encryption obscures header details • but overall traffic volumes in networks and at end-points is still visible Traffic padding
Outline • Placement of encryption function • Traffic confidentiality • Key distribution
Key Distribution • symmetric schemes require both parties to share a common secret key • issue is how to securely distribute this key • often secure system failure due to a break in the key distribution scheme
Key Distribution methods • given parties A and B have various key distribution alternatives: • A can select key and physically deliver to B • third party can select & physically deliver key to A & B • if A & B have communicated previously can use previous key to encrypt a new key • if A & B have secure communications with a third party C, C can relay key between A & B Not suitable for large systems Initial distribution?
Scale of key distribution problem • A network with N hosts => N(N-1)/2 pairs • Node-level encryption N(N-1)/2 • Application-level encryption • 10 applications/node
Key distribution center (KDC) KDC shares a unique key (master key) with each user to distribute secret key (session key) between a pair of users: scale of key distribution problem reduces to N Key distribution center (KDC) EMK1 (Secret key) EMK2 (Secret key) Secret key Secret key
Key Distribution Scenario nonce: an identifier that differs for each request • Verify the original request • Avoid replay attack Session key Identifier for A (ex. address) Master key Ka Master key Kb (avoid replay attack)
Hierarchical key control KDC KDC KDC … … a b
Session key lifetime • Short session key lifetime • Key exchanges frequently => more secure • Long session key lifetime • Reduce key exchange time, and network capacity • Two connection protocol (session<connection) • Connectionless protocol (ex. UDP, HTTP) • Not to use a new key for each session, use a given session key for a fixed period of time • Connection-oriented protocol (ex. TCP) • The same key for the connection; or update the key periodically if the connection has long lifetime
Transparent key control scheme • End-to-end encrypt at network (transport) layer, which is transparent to users ? No authentication
Front-end processor (FEP) header data
Decentralized key control • KDC trusted? • Decentralized: assume there is one master key for each pair of end systems Nonce for authentication session key shared master key Master key are used for a short time, cryptanalysis is difficult
Introduction to public-key cryptosystems • Recall: symmetric ciphers • One secret key, shared by sender and receivers (symmetric) • Based on substitution and permutation • Problem: • Key distribution • Digital signature: a kind of signature used in paper document • Deffie and Hellman proposed the public-key cryptosystem to address the above two problems in 1976
Preview of public-key systems • Features of public-key system • Asymmetric: a public key and a private key • Algorithm based on mathematical functions • Fallacies • Public-key is more secure than symmetric encryption • Public-key encryption is a general-purpose technique that will make symm. encrypt. obsolete • Key distribution is trivial is easier for public-key encryption than symmetric encryption
Public-key encryption • One-key for encryption • A different but related key for decryption • It is computational infeasible to determine the decryption key given the crypto. algorithm and the encryption key
Steps in public-key encryption 1. Each user generates a pair of keys for encryption and decryption (In RSA, these two keys can exchange 加解密皆可) 2. One key (public key) is announced publicly. The other key is kept private. Q: key distribution problem? (Chap. 10) 3. Bob sends encrypted message to Alice using Alice’s public key. 4. Only Alice can decrypt the message using her private key.
Math. formulation of public-key system Y = EKU (X) X = DKR (Y) b b What E and D can achieve this?
Requirement for public-key cryptography • Diffie and Hellman (1976) proposed the system without the algorithm for E and D. They laid out the requirement: • It is computationally easy to generate a pair of keys • It is computationally easy for a sender to encrypt • It is computationally easy for a receiver to decrypt • It is computationally infeasible for an opponent, knowing the public key, to determine the private key • It is computationally infeasible for an opponent, knowing the public key and ciphtertext, to recover the plaintext Y = EKU (X) b X = DKR (Y) b
The algorithms that satisfy public-key requirement • RSA (Rivest-Shamir-Adleman) 1978 • Number theory • Elliptic curve cryptography
Trap-door one-way function • Public-key encryption is a one-way function • Every function value has a unique inverse Y=f(X): easy target domain X=f-1 (Y): infeasible ( > polynomial time) • It is hard to determine the complexity to compute the inverse • Not a traditionally complexity problem, which focuses on the • worst-case or average-case complexity
Trap-door one-way function (cont.) • Open a trap-door using the private key… Y=f(X): easy target domain X=f-1 (Y): infeasible ( > polynomial time) X=fK-1 (Y): easy if trap-door K is known ( ~ polynomial time)
Public-key system for authentication身份認證 • Recall: the problem of digital signature • Only Bob has the private key • to encrypt !!! (server as digital signature)
Authentication issues (Chap. 13) • Encrypt entire message? • No necessary. Encrypt the authenticator: a small block of bits that is a function of the document • Change of document will change the authenticator • Digital signature is confidential? • No. Any one who has the public-key can decrypt • What to do? => double use of the public-key system
Public-key system for both confidentiality and authentication
Public-key cryptanalysis • Brute-force attack: search the private key • Solution: use large keys • Tradeoffs: complexity of encrypt/decrypt using large keys security using large keys • Public-key system are currently too slow for general-purpose use, only used for key management and signature application • Compute private key given the public key • Not proved to be infeasible
Public-key Attack: Public-key encryption 000…000 000…001 000…010 000…011 …. 111…111 C1 C2 Try all DES Key C3 … Ck= C Public-key cryptanalysis (cont.) • Probable-message attack • Ex. encrypt 56-bit DES key Public-key Public-key encryption 56-bit DES key C Solution: append things in the plaintext