T101 networks
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

T101 Networks PowerPoint PPT Presentation


  • 70 Views
  • Uploaded on
  • Presentation posted in: General

T101 Networks. 12 – Key Exchange. Updated Notes. the original notes from last week contained an error in the transposition cipher new notes are on moodle. Practical Demo. Competency-based assessment tick list is on moodle take the pressure off the final week optional…

Download Presentation

T101 Networks

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


T101 networks

T101 Networks

12 – Key Exchange


Updated notes

Updated Notes

  • the original notes from last week contained an error in the transposition cipher

  • new notes are on moodle


Practical demo

Practical Demo

  • Competency-based assessment

    • tick list is on moodle

    • take the pressure off the final week

    • optional…

    • …but you have to do it sometime

    • no penalty if you don’t succeed, you’ll get another go if there is time

    • exam conditions apply


Lesson objectives

Lesson Objectives

  • explain problems with key exchange

  • describe a solution to the key exchange problem

  • explain problems with asymmetric ciphers


But first

But first…

  • Zodiac killer and his first cipher

    • was a substitution cipher

    • used multiple symbols to represent the same letter

    • awkward to crack because the frequency analysis fails, and he also made spelling mistakes and cipher errors

    • cracked by hand by guessing that:

      • the first letter would be ‘I’

      • the message would contain “kill’ or ‘killing’ or ‘killed’ etc…


Cryptography basics

Cryptography Basics

  • Cryptography is…

    • protecting privacy

    • authentication of identities

    • preservation of integrity

  • …in an environment of mistrust


Symmetric ciphers

Symmetric Ciphers

  • same key to encrypt as to decrypt

  • on a network, both parties must have the same key

  • the key is called a shared key

  • big problem is key exchange

  • how big was this problem?


Key exchange the good old days

Key Exchange: the Good old days


Asymmetric ciphers

Asymmetric Ciphers

  • … but asymmetric ciphers can solve the big problem that symmetric ciphers have

  • this week, solving the big problem

  • but first…


Lab results

Lab Results

  • old substitution ciphers are very easy to crack

  • the strength of modern symmetric ciphers is entirely based on the length of the key

  • 128 bits (16 bytes) is a good strength key because:


How long is that

How long is that?

  • 3e26 years is 3 followed by 26 zeroes

  • 300,000,000,000,000,000,000,000,000

  • so if we had 10,000,000 computers that were all running 1,000 times faster the lab computers, you would crack the code in about…

  • …30,000,000,000,000,000 years

  • the universe is 13,700,000,000 years old


Key choice

Key Choice

  • so symmetric ciphers are secure provided that

    • the key length is long enough not to be brute forced

      • 128 bits looks good, shorter keys are problematic

    • the key is chosen randomly

      • but humans are not very good at remembering random numbers


Short keys example 1

Short Keys Example 1

  • WEP initially used a 40 bit key

    • giving at most 240 different keys

    • some keys are weaker than others, so fewer keys are available

  • there are other problems with WEP

  • hence WEP can be cracked in a few minutes if you have enough ciphertext


Short keys example 2

Short Keys Example 2

  • DVDs are protected using CSS which uses 40 bit keys

  • there are problems with the way CSS uses the key, reducing the effective key length to 32 bits

  • the key can be recovered in less than 1 minute even on slow hardware

  • hence DVDs can be copied easily


Why 40 bits

Why 40 bits?

  • the US considered strong security as “munitions” and therefore came under the export of arms legislation

  • 40 bit encryption was considered weak, and therefore not munitions

  • restrictions were lifted in 1996


Shared key problems how many keys are needed

Shared Key ProblemsHow many keys are needed?


How many keys

How many keys?


How many keys1

How many keys?


Key exchange

Key Exchange

  • as the number of people gets big, the problems get worse

    • how to exchange keys securely with all these people?

    • how to keep a (secure) record of all those keys?

    • how to (securely) change a key if one gets lost?


Idea 1 a kdc

Idea 1 – A KDC

  • Key Distribution Centre (KDC)

  • if everybody exchanges a key securely with the KDC, we can communicate with it securely

  • to communicate with a third party, we ask the KDC for a key

  • the KDC gives you and the third party the same key


T101 networks

KDC

I need a key for Alice

Here is your shared key


Kdc problems

KDC Problems

  • who do you trust to be the KDC?

  • who does everybody trust to be the KDC?

  • the KDC knows all your secrets

  • how do you exchange initial keys with the KDC?

  • …and other problems


Kdc today

KDC today

  • KDCs are a good option for LANs

  • computers on a LAN, generally trust other computers on a LAN inside the same organisation

  • Microsoft’s Active Directory is an example of a KDC

  • how does AD get your initial password?


Key exchange problem

Key Exchange Problem

  • originally solved by Whitfield Diffie and Martin Hellman, called Diffie-Hellman key exchange

  • still used but currently the most common method is to use asymmetric encryption

  • mostly RSA encryption

  • elliptic curves getting to be popular because they use smaller numbers than RSA so the arithmetic is easier


Asymmetric encryption

Asymmetric Encryption

  • key used to encrypt is called the public key

  • key used to decrypt is called the private key

  • the two keys are related to each other

  • the private key cannot be easily discovered from the public key

  • how does this help?


Shared key exchange using asymmetric ciphers

Shared Key Exchange using Asymmetric ciphers

  • Alice wants to talk to Bob

  • Alice asks for Bob’s public key

  • Bob sends his public key

Send me your public key

Here is my public key


Shared key exchange with using asymmetric ciphers

Shared Key Exchange with using Asymmetric ciphers

  • Alice creates a shared key and encrypts it with Bob’s public key

Bob’s Public key

Asymmetric

Encryption

Ciphertext = Encrypted key

Cleartext = Shared key

Send the encrypted shared key to Bob


Shared key exchange with using asymmetric ciphers1

Shared Key Exchange with using Asymmetric ciphers

  • Bob gets encrypted shared key

  • Bob uses his private key to decrypt the shared key

Bob’s Private key

Asymmetric

Encryption

Cleartext = Shared key

Ciphertext = Encrypted Shared key


Shared key exchange with using asymmetric ciphers2

Shared Key Exchange with using Asymmetric ciphers

  • all messages between Alice and Bob can now be encrypted with symmetric ciphers using the shared key

Encrypted Message = “Hello”


Key exchange1

Key Exchange

  • using asymmetric encryption to exchange a shared key is a good solution because

    • the asymmetric encryption and decryption tasks only happen once, and at the start of the communication

    • so it takes a little longer to set the communication channel up but…

    • …fast symmetric encryption is used for the rest of the communication


Exercise

Exercise

  • see page 4 of this week’s notes


Eve the eavesdropper

Eve the Eavesdropper

  • what does an eavesdropper see?

    • request for Bob’s public key

    • Bob’s public key

    • a message encrypted with Bob’s public key

    • messages encrypted with a shared key

  • in order to read the messages, Eve would need to either

    • get Bob’s private key or

    • brute force the private key or the shared key


Are we there yet

Are we there yet?

  • we have now got

    • privacy using symmetric encryption

    • key exchange using asymmetric encryption

  • we still have a big problem

    • before next week, work out how Alice can be duped by Eve!


Asymmetric cipher uses

Asymmetric Cipher Uses

  • why not just use asymmetric ciphers, then everybody just needs one private/public key pair?

  • we don’t need to use symmetric ciphers???

  • but…


Problems with asymmetric ciphers

Problems with Asymmetric Ciphers

  • all current asymmetric systems rely on some awkward arithmetic

    • coding errors in the arithmetic have been known

    • about 1,000 times slower than symmetric (although Elliptic Curves are better)

    • produce big chunks of ciphertext (because of those big numbers that are used)

    • so not suitable for encrypting lots of small packets, especially if speed is important


More problems

More problems…

  • an advance in mathematics may break asymmetric encryption

    • remember that RSA relies on the notion that it is easy to multiply two large numbers together, but there is no known quick way to factor very large numbers

  • perhaps someone has already made this breakthrough

    • it is hoped that the promise of instant fame and a Nobel prize will be enough to ensure publication


And another one

and another one…

  • imagine using asymmetric encryption to encrypt votes in a poll

    • poll site sends you their public key

    • you encrypt the message “NATIONAL” or “LABOUR” or “GREEN” etc… using the public key, and send your vote

    • Eve intercepts the encrypted message

    • Eve can work out who you voted for!!!

    • how does she do it?


Summary

Summary

  • key exchange is a problem when there are many users

  • a KDC can help on the LAN

  • asymmetric encryption solves the key exchange problem…

  • …almost


  • Login