260 likes | 379 Views
Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation.
E N D
Historically – Conventional Encryption • Recently – Authentication, Integrity, Signature, Public-key • Link • End-to-End • Traffic-Analysis • Key Distribution • Random Number Generation CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7
Link • - both ends of link • - many encryps / decryps - all links use it • - decrypt at packet switch (read addr.) • - unique key / node pair • End- to-End • - only at ends • - data encrypted, not address (header) • - one key pair • - traffic pattern insecure • - authentication from sender Confidentiality
Characteristics of Link and End-to-End Table 7.1
- Data secure at nodes • - Authentication • LINK – low level (physical/link) • END-TO-END – network (X.25) • End0 • End1 (ends separately • End2 protected) • | Both Link and End-to-End
OSI email gateway TCP • no end-to-end protocol below appl. layer • networks terminate at mail gateway • mail gateway sets up new transport/network • connections • need end-to-end encryp. at appl. Layer • - disadvantage: many keys E-mail Gateway
Identities • Message Frequency • Message Pattern • Event Correlation • Covert Channel • Link • Headers encrypted • Traffic padding (Fig 7.6) • End-to-End • Pad data • Null messages Traffic Confidentiality
Physically deliver • Third party physically select/deliver • EKold(Knew) → • 4. End-to-End(KDC): • A EKA(Knew) C EKB(Knew)B • N hosts → (N)choose(2) keys – Fig 7.7 • KDC – Key hierarchy – Fig 7.8 • Session Key – temporary : end ↔ end • Only N master keys – physical delivery KEY DISTRIBUTION
User shares Master Key with KDC Steps 1-3 : Key Distribution Steps 3,4,5 : Authentication KEY DISTRIBUTION
LOCAL KDCs KDCX KDCA KDCB A B Key selected by KDCA, KDCB, or KDCX Key Distribution Centre (KDC) Hierarchy
Shorter Lifetime → Highter Security → Reduced Capacity Connection-oriented: - change session key periodically Connectionless: - new key every exchange or #transactions or after time period LIFETIME
Key Distribution (connection-oriented) End-to-End (X.25,TCP), FEP obtains session keys
Decentralised Key Control Not practical for large networks - avoids trusted third party
key types : Data, PIN, File key tags : Session/Master/Encryp/Decryp Control Vector: associate session key with control vector (Fig 7.12) KEY USAGE
Linear Congruential Generator • Xn+1 = (aXn + c) mod m • Encryption : DES (OFB) – (Fig 7.14) • Blum Blum Shub (BBS) • X0 = s2 mod n • for i = 1 to infinity • Xi = (Xi-1)2 mod n • Bi = Xi mod 2 Random Number Generation