T101 networks
1 / 38

T101 Networks - PowerPoint PPT Presentation

  • Uploaded on

T101 Networks. 12 – Key Exchange. Updated Notes. the original notes from last week contained an error in the transposition cipher new notes are on moodle. Practical Demo. Competency-based assessment tick list is on moodle take the pressure off the final week optional…

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' T101 Networks' - lei

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
T101 networks

T101 Networks

12 – Key Exchange

Updated notes
Updated Notes

  • the original notes from last week contained an error in the transposition cipher

  • new notes are on moodle

Practical demo
Practical Demo

  • Competency-based assessment

    • tick list is on moodle

    • take the pressure off the final week

    • optional…

    • …but you have to do it sometime

    • no penalty if you don’t succeed, you’ll get another go if there is time

    • exam conditions apply

Lesson objectives
Lesson Objectives

  • explain problems with key exchange

  • describe a solution to the key exchange problem

  • explain problems with asymmetric ciphers

But first
But first…

  • Zodiac killer and his first cipher

    • was a substitution cipher

    • used multiple symbols to represent the same letter

    • awkward to crack because the frequency analysis fails, and he also made spelling mistakes and cipher errors

    • cracked by hand by guessing that:

      • the first letter would be ‘I’

      • the message would contain “kill’ or ‘killing’ or ‘killed’ etc…

Cryptography basics
Cryptography Basics

  • Cryptography is…

    • protecting privacy

    • authentication of identities

    • preservation of integrity

  • …in an environment of mistrust

Symmetric ciphers
Symmetric Ciphers

  • same key to encrypt as to decrypt

  • on a network, both parties must have the same key

  • the key is called a shared key

  • big problem is key exchange

  • how big was this problem?

Asymmetric ciphers
Asymmetric Ciphers

  • … but asymmetric ciphers can solve the big problem that symmetric ciphers have

  • this week, solving the big problem

  • but first…

Lab results
Lab Results

  • old substitution ciphers are very easy to crack

  • the strength of modern symmetric ciphers is entirely based on the length of the key

  • 128 bits (16 bytes) is a good strength key because:

How long is that
How long is that?

  • 3e26 years is 3 followed by 26 zeroes

  • 300,000,000,000,000,000,000,000,000

  • so if we had 10,000,000 computers that were all running 1,000 times faster the lab computers, you would crack the code in about…

  • …30,000,000,000,000,000 years

  • the universe is 13,700,000,000 years old

Key choice
Key Choice

  • so symmetric ciphers are secure provided that

    • the key length is long enough not to be brute forced

      • 128 bits looks good, shorter keys are problematic

    • the key is chosen randomly

      • but humans are not very good at remembering random numbers

Short keys example 1
Short Keys Example 1

  • WEP initially used a 40 bit key

    • giving at most 240 different keys

    • some keys are weaker than others, so fewer keys are available

  • there are other problems with WEP

  • hence WEP can be cracked in a few minutes if you have enough ciphertext

Short keys example 2
Short Keys Example 2

  • DVDs are protected using CSS which uses 40 bit keys

  • there are problems with the way CSS uses the key, reducing the effective key length to 32 bits

  • the key can be recovered in less than 1 minute even on slow hardware

  • hence DVDs can be copied easily

Why 40 bits
Why 40 bits?

  • the US considered strong security as “munitions” and therefore came under the export of arms legislation

  • 40 bit encryption was considered weak, and therefore not munitions

  • restrictions were lifted in 1996

Shared key problems how many keys are needed
Shared Key ProblemsHow many keys are needed?

Key exchange
Key Exchange

  • as the number of people gets big, the problems get worse

    • how to exchange keys securely with all these people?

    • how to keep a (secure) record of all those keys?

    • how to (securely) change a key if one gets lost?

Idea 1 a kdc
Idea 1 – A KDC

  • Key Distribution Centre (KDC)

  • if everybody exchanges a key securely with the KDC, we can communicate with it securely

  • to communicate with a third party, we ask the KDC for a key

  • the KDC gives you and the third party the same key


I need a key for Alice

Here is your shared key

Kdc problems
KDC Problems

  • who do you trust to be the KDC?

  • who does everybody trust to be the KDC?

  • the KDC knows all your secrets

  • how do you exchange initial keys with the KDC?

  • …and other problems

Kdc today
KDC today

  • KDCs are a good option for LANs

  • computers on a LAN, generally trust other computers on a LAN inside the same organisation

  • Microsoft’s Active Directory is an example of a KDC

  • how does AD get your initial password?

Key exchange problem
Key Exchange Problem

  • originally solved by Whitfield Diffie and Martin Hellman, called Diffie-Hellman key exchange

  • still used but currently the most common method is to use asymmetric encryption

  • mostly RSA encryption

  • elliptic curves getting to be popular because they use smaller numbers than RSA so the arithmetic is easier

Asymmetric encryption
Asymmetric Encryption

  • key used to encrypt is called the public key

  • key used to decrypt is called the private key

  • the two keys are related to each other

  • the private key cannot be easily discovered from the public key

  • how does this help?

Shared key exchange using asymmetric ciphers
Shared Key Exchange using Asymmetric ciphers

  • Alice wants to talk to Bob

  • Alice asks for Bob’s public key

  • Bob sends his public key

Send me your public key

Here is my public key

Shared key exchange with using asymmetric ciphers
Shared Key Exchange with using Asymmetric ciphers

  • Alice creates a shared key and encrypts it with Bob’s public key

Bob’s Public key



Ciphertext = Encrypted key

Cleartext = Shared key

Send the encrypted shared key to Bob

Shared key exchange with using asymmetric ciphers1
Shared Key Exchange with using Asymmetric ciphers

  • Bob gets encrypted shared key

  • Bob uses his private key to decrypt the shared key

Bob’s Private key



Cleartext = Shared key

Ciphertext = Encrypted Shared key

Shared key exchange with using asymmetric ciphers2
Shared Key Exchange with using Asymmetric ciphers

  • all messages between Alice and Bob can now be encrypted with symmetric ciphers using the shared key

Encrypted Message = “Hello”

Key exchange1
Key Exchange

  • using asymmetric encryption to exchange a shared key is a good solution because

    • the asymmetric encryption and decryption tasks only happen once, and at the start of the communication

    • so it takes a little longer to set the communication channel up but…

    • …fast symmetric encryption is used for the rest of the communication


  • see page 4 of this week’s notes

Eve the eavesdropper
Eve the Eavesdropper

  • what does an eavesdropper see?

    • request for Bob’s public key

    • Bob’s public key

    • a message encrypted with Bob’s public key

    • messages encrypted with a shared key

  • in order to read the messages, Eve would need to either

    • get Bob’s private key or

    • brute force the private key or the shared key

Are we there yet
Are we there yet?

  • we have now got

    • privacy using symmetric encryption

    • key exchange using asymmetric encryption

  • we still have a big problem

    • before next week, work out how Alice can be duped by Eve!

Asymmetric cipher uses
Asymmetric Cipher Uses

  • why not just use asymmetric ciphers, then everybody just needs one private/public key pair?

  • we don’t need to use symmetric ciphers???

  • but…

Problems with asymmetric ciphers
Problems with Asymmetric Ciphers

  • all current asymmetric systems rely on some awkward arithmetic

    • coding errors in the arithmetic have been known

    • about 1,000 times slower than symmetric (although Elliptic Curves are better)

    • produce big chunks of ciphertext (because of those big numbers that are used)

    • so not suitable for encrypting lots of small packets, especially if speed is important

More problems
More problems…

  • an advance in mathematics may break asymmetric encryption

    • remember that RSA relies on the notion that it is easy to multiply two large numbers together, but there is no known quick way to factor very large numbers

  • perhaps someone has already made this breakthrough

    • it is hoped that the promise of instant fame and a Nobel prize will be enough to ensure publication

And another one
and another one…

  • imagine using asymmetric encryption to encrypt votes in a poll

    • poll site sends you their public key

    • you encrypt the message “NATIONAL” or “LABOUR” or “GREEN” etc… using the public key, and send your vote

    • Eve intercepts the encrypted message

    • Eve can work out who you voted for!!!

    • how does she do it?


  • key exchange is a problem when there are many users

  • a KDC can help on the LAN

  • asymmetric encryption solves the key exchange problem…

  • …almost