1 / 26

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7. Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation.

tymon
Download Presentation

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CONFIDENTIALY USING CONVENTIONAL ENCRYPTION– Chapter 7 • Historically – Conventional Encryption • Recently – Authentication, Integrity, Signature, Public-key • Link • End-to-End • Traffic-Analysis • Key Distribution • Random Number Generation

  2. Points of Vulnerability

  3. Link / End-to-End

  4. Confidentiality • Link • - both ends of link • - many encryps / decryps - all links use it • - decrypt at packet switch (read addr.) • - unique key / node pair • End- to-End • - only at ends • - data encrypted, not address (header) • - one key pair • - traffic pattern insecure • - authentication from sender

  5. Characteristics of Link and End-to-End Table 7.1

  6. Both Link and End-to-End • - Data secure at nodes • - Authentication • LINK – low level (physical/link) • END-TO-END – network (X.25) •  End0 •  End1 (ends separately •  End2 protected) • Cannot service internet traffic

  7. Front-End Processor Function

  8. E-mail Gateway

  9. E-mail Gateway • OSI  email gateway  TCP • no end-to-end protocol below appl. layer • networks terminate at mail gateway • mail gateway sets up new transport/network • connections • need end-to-end encryp. at appl. Layer • - disadvantage: many keys

  10. Various Encryption Strategies

  11. Identities • Message Frequency • Message Pattern • Event Correlation • Covert Channel • Link • Headers encrypted • Traffic padding (Fig 7.6) • End-to-End • Pad data • Null messages Traffic Confidentiality

  12. Traffic Padding

  13. Physically deliver • Third party physically select/deliver • EKold(Knew) → • 4. End-to-End(KDC): • A EKA(Knew) C EKB(Knew)B • N hosts → (N)choose(2) keys – Fig 7.7 • KDC – Key hierarchy – Fig 7.8 • Session Key – temporary : end ↔ end • Only N master keys – physical delivery KEY DISTRIBUTION

  14. #End-to-End Keys

  15. Key Hierarchy

  16. KEY DISTRIBUTION SCENARIO

  17. User shares Master Key with KDC Steps 1-3 : Key Distribution Steps 3,4,5 : Authentication KEY DISTRIBUTION

  18. Key Distribution Centre (KDC) Hierarchy LOCAL KDCs KDCX KDCA KDCB A B Key selected by KDCA, KDCB, or KDCX

  19. LIFETIME Shorter Lifetime → Highter Security → Reduced Capacity Connection-oriented: - change session key periodically Connectionless: - new key every exchange or #transactions or after time period

  20. Key Distribution (connection-oriented) End-to-End (X.25,TCP), FEP obtains session keys

  21. Decentralised Key Control Not practical for large networks - avoids trusted third party

  22. KEY USAGE key types : Data, PIN, File key tags : Session/Master/Encryp/Decryp Control Vector: associate session key with control vector (Fig 7.12)

  23. Control Vector Encryp. and Decryp.

  24. PRNG From Counter

  25. ANSI X9.17 PRNG

  26. Linear Congruential Generator • Xn+1 = (aXn + c) mod m • Encryption : DES (OFB) – (Fig 7.14) • Blum Blum Shub (BBS) • X0 = s2 mod n • for i = 1 to infinity • Xi = (Xi-1)2 mod n • Bi = Xi mod 2 Random Number Generation

More Related