Confidentialy using conventional encryption chapter 7
Download
1 / 26

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 - PowerPoint PPT Presentation


  • 79 Views
  • Uploaded on

Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7' - urian


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Confidentialy using conventional encryption chapter 7

  • Historically – Conventional Encryption

  • Recently – Authentication, Integrity, Signature, Public-key

  • Link

  • End-to-End

  • Traffic-Analysis

  • Key Distribution

  • Random Number Generation

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7




Confidentiality

  • Link

  • - both ends of link

  • - many encryps / decryps - all links use it

  • - decrypt at packet switch (read addr.)

  • - unique key / node pair

  • End- to-End

  • - only at ends

  • - data encrypted, not address (header)

  • - one key pair

  • - traffic pattern insecure

  • - authentication from sender

Confidentiality


Characteristics of link and end to end

Characteristics of Link and End-to-End

Table 7.1


Both link and end to end

  • - Data secure at nodes

  • - Authentication

  • LINK – low level (physical/link)

  • END-TO-END – network (X.25)

  •  End0

  •  End1 (ends separately

  •  End2 protected)

  • |

Both Link and End-to-End




E mail gateway1

  • OSI  email gateway  TCP

  • no end-to-end protocol below appl. layer

  • networks terminate at mail gateway

  • mail gateway sets up new transport/network

  • connections

  • need end-to-end encryp. at appl. Layer

  • - disadvantage: many keys

E-mail Gateway



Traffic confidentiality

  • Identities

  • Message Frequency

  • Message Pattern

  • Event Correlation

  • Covert Channel

  • Link

  • Headers encrypted

  • Traffic padding (Fig 7.6)

  • End-to-End

  • Pad data

  • Null messages

Traffic Confidentiality



Key distribution

  • Physically deliver

  • Third party physically select/deliver

  • EKold(Knew) →

  • 4. End-to-End(KDC):

  • A EKA(Knew) C EKB(Knew)B

  • N hosts → (N)choose(2) keys – Fig 7.7

  • KDC – Key hierarchy – Fig 7.8

  • Session Key – temporary : end ↔ end

  • Only N master keys – physical delivery

KEY DISTRIBUTION





Key distribution1

User shares Master Key with KDC

Steps 1-3 : Key Distribution

Steps 3,4,5 : Authentication

KEY DISTRIBUTION


Key distribution centre kdc hierarchy

LOCAL KDCs

KDCX

KDCA KDCB

A B

Key selected by KDCA, KDCB, or KDCX

Key Distribution Centre (KDC) Hierarchy


Lifetime

Shorter Lifetime → Highter Security

→ Reduced Capacity

Connection-oriented:

- change session key periodically

Connectionless:

- new key every exchange

or #transactions

or after time period

LIFETIME


Key distribution connection oriented

Key Distribution (connection-oriented)

End-to-End (X.25,TCP), FEP obtains session keys


Decentralised key control

Decentralised Key Control

Not practical for large networks

- avoids trusted third party


Key usage

key types : Data, PIN, File

key tags : Session/Master/Encryp/Decryp

Control Vector:

associate session key with control vector

(Fig 7.12)

KEY USAGE





Random number generation

  • Linear Congruential Generator

  • Xn+1 = (aXn + c) mod m

  • Encryption : DES (OFB) – (Fig 7.14)

  • Blum Blum Shub (BBS)

  • X0 = s2 mod n

  • for i = 1 to infinity

  • Xi = (Xi-1)2 mod n

  • Bi = Xi mod 2

Random Number Generation


ad