Confidentialy using conventional encryption chapter 7
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation.

Download Presentation

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Confidentialy using conventional encryption chapter 7

  • Historically – Conventional Encryption

  • Recently – Authentication, Integrity, Signature, Public-key

  • Link

  • End-to-End

  • Traffic-Analysis

  • Key Distribution

  • Random Number Generation

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7


Points of vulnerability

Points of Vulnerability


Link end to end

Link / End-to-End


Confidentiality

  • Link

  • - both ends of link

  • - many encryps / decryps - all links use it

  • - decrypt at packet switch (read addr.)

  • - unique key / node pair

  • End- to-End

  • - only at ends

  • - data encrypted, not address (header)

  • - one key pair

  • - traffic pattern insecure

  • - authentication from sender

Confidentiality


Characteristics of link and end to end

Characteristics of Link and End-to-End

Table 7.1


Both link and end to end

  • - Data secure at nodes

  • - Authentication

  • LINK – low level (physical/link)

  • END-TO-END – network (X.25)

  •  End0

  •  End1 (ends separately

  •  End2 protected)

  • |

Both Link and End-to-End


Front end processor function

Front-End Processor Function


E mail gateway

E-mail Gateway


E mail gateway1

  • OSI  email gateway  TCP

  • no end-to-end protocol below appl. layer

  • networks terminate at mail gateway

  • mail gateway sets up new transport/network

  • connections

  • need end-to-end encryp. at appl. Layer

  • - disadvantage: many keys

E-mail Gateway


Various encryption strategies

Various Encryption Strategies


Traffic confidentiality

  • Identities

  • Message Frequency

  • Message Pattern

  • Event Correlation

  • Covert Channel

  • Link

  • Headers encrypted

  • Traffic padding (Fig 7.6)

  • End-to-End

  • Pad data

  • Null messages

Traffic Confidentiality


Traffic padding

Traffic Padding


Key distribution

  • Physically deliver

  • Third party physically select/deliver

  • EKold(Knew) →

  • 4. End-to-End(KDC):

  • A EKA(Knew) C EKB(Knew)B

  • N hosts → (N)choose(2) keys – Fig 7.7

  • KDC – Key hierarchy – Fig 7.8

  • Session Key – temporary : end ↔ end

  • Only N master keys – physical delivery

KEY DISTRIBUTION


End to end keys

#End-to-End Keys


Key hierarchy

Key Hierarchy


Key distribution scenario

KEY DISTRIBUTION SCENARIO


Key distribution1

User shares Master Key with KDC

Steps 1-3 : Key Distribution

Steps 3,4,5 : Authentication

KEY DISTRIBUTION


Key distribution centre kdc hierarchy

LOCAL KDCs

KDCX

KDCA KDCB

A B

Key selected by KDCA, KDCB, or KDCX

Key Distribution Centre (KDC) Hierarchy


Lifetime

Shorter Lifetime → Highter Security

→ Reduced Capacity

Connection-oriented:

- change session key periodically

Connectionless:

- new key every exchange

or #transactions

or after time period

LIFETIME


Key distribution connection oriented

Key Distribution (connection-oriented)

End-to-End (X.25,TCP), FEP obtains session keys


Decentralised key control

Decentralised Key Control

Not practical for large networks

- avoids trusted third party


Key usage

key types : Data, PIN, File

key tags : Session/Master/Encryp/Decryp

Control Vector:

associate session key with control vector

(Fig 7.12)

KEY USAGE


Control vector encryp and decryp

Control Vector Encryp. and Decryp.


Prng from counter

PRNG From Counter


Ansi x9 17 prng

ANSI X9.17 PRNG


Random number generation

  • Linear Congruential Generator

  • Xn+1 = (aXn + c) mod m

  • Encryption : DES (OFB) – (Fig 7.14)

  • Blum Blum Shub (BBS)

  • X0 = s2 mod n

  • for i = 1 to infinity

  • Xi = (Xi-1)2 mod n

  • Bi = Xi mod 2

Random Number Generation


  • Login