1 / 42

Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems

Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems. Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown.

garrison-fisher
Download Presentation

Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie Brown

  2. Amongst the tribes of Central Australia every man, woman, and child has a secret or sacred name which is bestowed by the older men upon him or her soon after birth, and which is known to none but the fully initiated members of the group. The secret name is never mentioned …The native thinks that a stranger knowing his secret name would have special power to work him ill by means of magic. -The Golden Bough, Sir James George Frazer

  3. Motivation and outline • symmetric encryption is used to provide message confidentiality Q: Where to put the encryption mechanism? How to distribute the secret key? • Placement of encryption function • Traffic confidentiality • Key distribution

  4. Confidentiality using Symmetric Encryption機密性 • What to encrypt and where the encryption function should be located • consider typical scenario: (4) Monitor traffic (3) Tap into wire (2) dial-in, then intrude • Eavesdropping by • members

  5. Typical scenario and attacks • consider typical scenario • workstations on LANs access other workstations & servers on LAN • LANs interconnected using switches/routers • with external lines or radio/satellite links • consider attacks and placement in this scenario • snooping from another workstation • use dial-in to LAN or server to snoop • use external router link to enter & snoop • monitor and/or modify traffic one external links

  6. Placement of encryption • have two major placement alternatives • link encryption • encryption occurs independently on every link • implies must decrypt traffic between links • requires many devices, but paired keys for all links • end-to-end encryption • encryption occurs between original source and final destination • need devices at each end with shared keys

  7. Placement of encryption (cont.) One key for each link One shared key

  8. Problems with routing • In a packet-switching network, we need packet header to route packets • Link encryption: so packet must be decrypted before routing • Vulnerable at each switch node • End-to-end encryption: must leave headers in clear, so network can correctly route information • hence although contents protected, traffic patternis not protected • ideally want both at once • end-to-end protects data contents over entire path and provides authentication • link protects traffic flows from monitoring

  9. Placement of encryption over OSI model • can place encryption function at various layers in OSI Reference Model

  10. OSI model and packetization Application level encryption TCP level encryption Link level encryption

  11. Placement of encryption over OSI model (cont.)

  12. Outline • Placement of encryption function • Traffic confidentiality • Key distribution

  13. Traffic Analysis • In packet-switching network, the packet header cannot be encrypted • Traffic analysis is monitoring of communications flows between parties • Ex. know who is talking to whom in military usage • Traffic analysis reveals • Identities of partners • How frequently the partners are communicating • Message pattern, message length, quantity of messages, …

  14. Defense against traffic analysis • link encryption obscures header details • but overall traffic volumes in networks and at end-points is still visible Traffic padding

  15. Outline • Placement of encryption function • Traffic confidentiality • Key distribution

  16. Model for Network Security

  17. Key Distribution • symmetric schemes require both parties to share a common secret key • issue is how to securely distribute this key • often secure system failure due to a break in the key distribution scheme

  18. Key Distribution methods • given parties A and B have various key distribution alternatives: • A can select key and physically deliver to B • third party can select & physically deliver key to A & B • if A & B have communicated previously can use previous key to encrypt a new key • if A & B have secure communications with a third party C, C can relay key between A & B Not suitable for large systems Initial distribution?

  19. Scale of key distribution problem • A network with N hosts => N(N-1)/2 pairs • Node-level encryption N(N-1)/2 • Application-level encryption • 10 applications/node

  20. Key distribution center (KDC) KDC shares a unique key (master key) with each user to distribute secret key (session key) between a pair of users: scale of key distribution problem reduces to N Key distribution center (KDC) EMK1 (Secret key) EMK2 (Secret key) Secret key Secret key

  21. Key Distribution Scenario nonce: an identifier that differs for each request • Verify the original request • Avoid replay attack Session key Identifier for A (ex. address) Master key Ka Master key Kb (avoid replay attack)

  22. Hierarchical key control KDC KDC KDC … … a b

  23. Session key lifetime • Short session key lifetime • Key exchanges frequently => more secure • Long session key lifetime • Reduce key exchange time, and network capacity • Two connection protocol (session<connection) • Connectionless protocol (ex. UDP, HTTP) • Not to use a new key for each session, use a given session key for a fixed period of time • Connection-oriented protocol (ex. TCP) • The same key for the connection; or update the key periodically if the connection has long lifetime

  24. Transparent key control scheme • End-to-end encrypt at network (transport) layer, which is transparent to users ? No authentication

  25. Front-end processor (FEP) header data

  26. Decentralized key control • KDC trusted? • Decentralized: assume there is one master key for each pair of end systems Nonce for authentication session key shared master key Master key are used for a short time, cryptanalysis is difficult

  27. Introduction to public-key cryptosystems

  28. Introduction to public-key cryptosystems • Recall: symmetric ciphers • One secret key, shared by sender and receivers (symmetric) • Based on substitution and permutation • Problem: • Key distribution • Digital signature: a kind of signature used in paper document • Deffie and Hellman proposed the public-key cryptosystem to address the above two problems in 1976

  29. Preview of public-key systems • Features of public-key system • Asymmetric: a public key and a private key • Algorithm based on mathematical functions • Fallacies • Public-key is more secure than symmetric encryption • Public-key encryption is a general-purpose technique that will make symm. encrypt. obsolete • Key distribution is trivial is easier for public-key encryption than symmetric encryption

  30. Public-key encryption • One-key for encryption • A different but related key for decryption • It is computational infeasible to determine the decryption key given the crypto. algorithm and the encryption key

  31. Steps in public-key encryption 1. Each user generates a pair of keys for encryption and decryption (In RSA, these two keys can exchange 加解密皆可) 2. One key (public key) is announced publicly. The other key is kept private. Q: key distribution problem? (Chap. 10) 3. Bob sends encrypted message to Alice using Alice’s public key. 4. Only Alice can decrypt the message using her private key.

  32. Comparison between symmetric and public-key encryption

  33. Math. formulation of public-key system Y = EKU (X) X = DKR (Y) b b What E and D can achieve this?

  34. Requirement for public-key cryptography • Diffie and Hellman (1976) proposed the system without the algorithm for E and D. They laid out the requirement: • It is computationally easy to generate a pair of keys • It is computationally easy for a sender to encrypt • It is computationally easy for a receiver to decrypt • It is computationally infeasible for an opponent, knowing the public key, to determine the private key • It is computationally infeasible for an opponent, knowing the public key and ciphtertext, to recover the plaintext Y = EKU (X) b X = DKR (Y) b

  35. The algorithms that satisfy public-key requirement • RSA (Rivest-Shamir-Adleman) 1978 • Number theory • Elliptic curve cryptography

  36. Trap-door one-way function • Public-key encryption is a one-way function • Every function value has a unique inverse Y=f(X): easy target domain X=f-1 (Y): infeasible ( > polynomial time) • It is hard to determine the complexity to compute the inverse • Not a traditionally complexity problem, which focuses on the • worst-case or average-case complexity

  37. Trap-door one-way function (cont.) • Open a trap-door using the private key… Y=f(X): easy target domain X=f-1 (Y): infeasible ( > polynomial time) X=fK-1 (Y): easy if trap-door K is known ( ~ polynomial time)

  38. Public-key system for authentication身份認證 • Recall: the problem of digital signature • Only Bob has the private key • to encrypt !!! (server as digital signature)

  39. Authentication issues (Chap. 13) • Encrypt entire message? • No necessary. Encrypt the authenticator: a small block of bits that is a function of the document • Change of document will change the authenticator • Digital signature is confidential? • No. Any one who has the public-key can decrypt • What to do? => double use of the public-key system

  40. Public-key system for both confidentiality and authentication

  41. Public-key cryptanalysis • Brute-force attack: search the private key • Solution: use large keys • Tradeoffs: complexity of encrypt/decrypt using large keys  security using large keys • Public-key system are currently too slow for general-purpose use, only used for key management and signature application • Compute private key given the public key • Not proved to be infeasible

  42. Public-key Attack: Public-key encryption 000…000 000…001 000…010 000…011 …. 111…111 C1 C2 Try all DES Key C3 … Ck= C Public-key cryptanalysis (cont.) • Probable-message attack • Ex. encrypt 56-bit DES key Public-key Public-key encryption 56-bit DES key C Solution: append things in the plaintext

More Related