T101 networks
Download
1 / 38

T101 Networks - PowerPoint PPT Presentation


  • 91 Views
  • Uploaded on
  • Presentation posted in: General

T101 Networks. 12 – Key Exchange. Updated Notes. the original notes from last week contained an error in the transposition cipher new notes are on moodle. Practical Demo. Competency-based assessment tick list is on moodle take the pressure off the final week optional…

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha

Download Presentation

T101 Networks

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


T101 Networks

12 – Key Exchange


Updated Notes

  • the original notes from last week contained an error in the transposition cipher

  • new notes are on moodle


Practical Demo

  • Competency-based assessment

    • tick list is on moodle

    • take the pressure off the final week

    • optional…

    • …but you have to do it sometime

    • no penalty if you don’t succeed, you’ll get another go if there is time

    • exam conditions apply


Lesson Objectives

  • explain problems with key exchange

  • describe a solution to the key exchange problem

  • explain problems with asymmetric ciphers


But first…

  • Zodiac killer and his first cipher

    • was a substitution cipher

    • used multiple symbols to represent the same letter

    • awkward to crack because the frequency analysis fails, and he also made spelling mistakes and cipher errors

    • cracked by hand by guessing that:

      • the first letter would be ‘I’

      • the message would contain “kill’ or ‘killing’ or ‘killed’ etc…


Cryptography Basics

  • Cryptography is…

    • protecting privacy

    • authentication of identities

    • preservation of integrity

  • …in an environment of mistrust


Symmetric Ciphers

  • same key to encrypt as to decrypt

  • on a network, both parties must have the same key

  • the key is called a shared key

  • big problem is key exchange

  • how big was this problem?


Key Exchange: the Good old days


Asymmetric Ciphers

  • … but asymmetric ciphers can solve the big problem that symmetric ciphers have

  • this week, solving the big problem

  • but first…


Lab Results

  • old substitution ciphers are very easy to crack

  • the strength of modern symmetric ciphers is entirely based on the length of the key

  • 128 bits (16 bytes) is a good strength key because:


How long is that?

  • 3e26 years is 3 followed by 26 zeroes

  • 300,000,000,000,000,000,000,000,000

  • so if we had 10,000,000 computers that were all running 1,000 times faster the lab computers, you would crack the code in about…

  • …30,000,000,000,000,000 years

  • the universe is 13,700,000,000 years old


Key Choice

  • so symmetric ciphers are secure provided that

    • the key length is long enough not to be brute forced

      • 128 bits looks good, shorter keys are problematic

    • the key is chosen randomly

      • but humans are not very good at remembering random numbers


Short Keys Example 1

  • WEP initially used a 40 bit key

    • giving at most 240 different keys

    • some keys are weaker than others, so fewer keys are available

  • there are other problems with WEP

  • hence WEP can be cracked in a few minutes if you have enough ciphertext


Short Keys Example 2

  • DVDs are protected using CSS which uses 40 bit keys

  • there are problems with the way CSS uses the key, reducing the effective key length to 32 bits

  • the key can be recovered in less than 1 minute even on slow hardware

  • hence DVDs can be copied easily


Why 40 bits?

  • the US considered strong security as “munitions” and therefore came under the export of arms legislation

  • 40 bit encryption was considered weak, and therefore not munitions

  • restrictions were lifted in 1996


Shared Key ProblemsHow many keys are needed?


How many keys?


How many keys?


Key Exchange

  • as the number of people gets big, the problems get worse

    • how to exchange keys securely with all these people?

    • how to keep a (secure) record of all those keys?

    • how to (securely) change a key if one gets lost?


Idea 1 – A KDC

  • Key Distribution Centre (KDC)

  • if everybody exchanges a key securely with the KDC, we can communicate with it securely

  • to communicate with a third party, we ask the KDC for a key

  • the KDC gives you and the third party the same key


KDC

I need a key for Alice

Here is your shared key


KDC Problems

  • who do you trust to be the KDC?

  • who does everybody trust to be the KDC?

  • the KDC knows all your secrets

  • how do you exchange initial keys with the KDC?

  • …and other problems


KDC today

  • KDCs are a good option for LANs

  • computers on a LAN, generally trust other computers on a LAN inside the same organisation

  • Microsoft’s Active Directory is an example of a KDC

  • how does AD get your initial password?


Key Exchange Problem

  • originally solved by Whitfield Diffie and Martin Hellman, called Diffie-Hellman key exchange

  • still used but currently the most common method is to use asymmetric encryption

  • mostly RSA encryption

  • elliptic curves getting to be popular because they use smaller numbers than RSA so the arithmetic is easier


Asymmetric Encryption

  • key used to encrypt is called the public key

  • key used to decrypt is called the private key

  • the two keys are related to each other

  • the private key cannot be easily discovered from the public key

  • how does this help?


Shared Key Exchange using Asymmetric ciphers

  • Alice wants to talk to Bob

  • Alice asks for Bob’s public key

  • Bob sends his public key

Send me your public key

Here is my public key


Shared Key Exchange with using Asymmetric ciphers

  • Alice creates a shared key and encrypts it with Bob’s public key

Bob’s Public key

Asymmetric

Encryption

Ciphertext = Encrypted key

Cleartext = Shared key

Send the encrypted shared key to Bob


Shared Key Exchange with using Asymmetric ciphers

  • Bob gets encrypted shared key

  • Bob uses his private key to decrypt the shared key

Bob’s Private key

Asymmetric

Encryption

Cleartext = Shared key

Ciphertext = Encrypted Shared key


Shared Key Exchange with using Asymmetric ciphers

  • all messages between Alice and Bob can now be encrypted with symmetric ciphers using the shared key

Encrypted Message = “Hello”


Key Exchange

  • using asymmetric encryption to exchange a shared key is a good solution because

    • the asymmetric encryption and decryption tasks only happen once, and at the start of the communication

    • so it takes a little longer to set the communication channel up but…

    • …fast symmetric encryption is used for the rest of the communication


Exercise

  • see page 4 of this week’s notes


Eve the Eavesdropper

  • what does an eavesdropper see?

    • request for Bob’s public key

    • Bob’s public key

    • a message encrypted with Bob’s public key

    • messages encrypted with a shared key

  • in order to read the messages, Eve would need to either

    • get Bob’s private key or

    • brute force the private key or the shared key


Are we there yet?

  • we have now got

    • privacy using symmetric encryption

    • key exchange using asymmetric encryption

  • we still have a big problem

    • before next week, work out how Alice can be duped by Eve!


Asymmetric Cipher Uses

  • why not just use asymmetric ciphers, then everybody just needs one private/public key pair?

  • we don’t need to use symmetric ciphers???

  • but…


Problems with Asymmetric Ciphers

  • all current asymmetric systems rely on some awkward arithmetic

    • coding errors in the arithmetic have been known

    • about 1,000 times slower than symmetric (although Elliptic Curves are better)

    • produce big chunks of ciphertext (because of those big numbers that are used)

    • so not suitable for encrypting lots of small packets, especially if speed is important


More problems…

  • an advance in mathematics may break asymmetric encryption

    • remember that RSA relies on the notion that it is easy to multiply two large numbers together, but there is no known quick way to factor very large numbers

  • perhaps someone has already made this breakthrough

    • it is hoped that the promise of instant fame and a Nobel prize will be enough to ensure publication


and another one…

  • imagine using asymmetric encryption to encrypt votes in a poll

    • poll site sends you their public key

    • you encrypt the message “NATIONAL” or “LABOUR” or “GREEN” etc… using the public key, and send your vote

    • Eve intercepts the encrypted message

    • Eve can work out who you voted for!!!

    • how does she do it?


Summary

  • key exchange is a problem when there are many users

  • a KDC can help on the LAN

  • asymmetric encryption solves the key exchange problem…

  • …almost


ad
  • Login