t101 networks n.
Skip this Video
Download Presentation
T101 Networks

Loading in 2 Seconds...

play fullscreen
1 / 38

T101 Networks - PowerPoint PPT Presentation

  • Uploaded on

T101 Networks. 12 – Key Exchange. Updated Notes. the original notes from last week contained an error in the transposition cipher new notes are on moodle. Practical Demo. Competency-based assessment tick list is on moodle take the pressure off the final week optional…

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'T101 Networks' - lei

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
t101 networks

T101 Networks

12 – Key Exchange

updated notes
Updated Notes
  • the original notes from last week contained an error in the transposition cipher
  • new notes are on moodle
practical demo
Practical Demo
  • Competency-based assessment
    • tick list is on moodle
    • take the pressure off the final week
    • optional…
    • …but you have to do it sometime
    • no penalty if you don’t succeed, you’ll get another go if there is time
    • exam conditions apply
lesson objectives
Lesson Objectives
  • explain problems with key exchange
  • describe a solution to the key exchange problem
  • explain problems with asymmetric ciphers
but first
But first…
  • Zodiac killer and his first cipher
    • was a substitution cipher
    • used multiple symbols to represent the same letter
    • awkward to crack because the frequency analysis fails, and he also made spelling mistakes and cipher errors
    • cracked by hand by guessing that:
      • the first letter would be ‘I’
      • the message would contain “kill’ or ‘killing’ or ‘killed’ etc…
cryptography basics
Cryptography Basics
  • Cryptography is…
    • protecting privacy
    • authentication of identities
    • preservation of integrity
  • …in an environment of mistrust
symmetric ciphers
Symmetric Ciphers
  • same key to encrypt as to decrypt
  • on a network, both parties must have the same key
  • the key is called a shared key
  • big problem is key exchange
  • how big was this problem?
asymmetric ciphers
Asymmetric Ciphers
  • … but asymmetric ciphers can solve the big problem that symmetric ciphers have
  • this week, solving the big problem
  • but first…
lab results
Lab Results
  • old substitution ciphers are very easy to crack
  • the strength of modern symmetric ciphers is entirely based on the length of the key
  • 128 bits (16 bytes) is a good strength key because:
how long is that
How long is that?
  • 3e26 years is 3 followed by 26 zeroes
  • 300,000,000,000,000,000,000,000,000
  • so if we had 10,000,000 computers that were all running 1,000 times faster the lab computers, you would crack the code in about…
  • …30,000,000,000,000,000 years
  • the universe is 13,700,000,000 years old
key choice
Key Choice
  • so symmetric ciphers are secure provided that
    • the key length is long enough not to be brute forced
      • 128 bits looks good, shorter keys are problematic
    • the key is chosen randomly
      • but humans are not very good at remembering random numbers
short keys example 1
Short Keys Example 1
  • WEP initially used a 40 bit key
    • giving at most 240 different keys
    • some keys are weaker than others, so fewer keys are available
  • there are other problems with WEP
  • hence WEP can be cracked in a few minutes if you have enough ciphertext
short keys example 2
Short Keys Example 2
  • DVDs are protected using CSS which uses 40 bit keys
  • there are problems with the way CSS uses the key, reducing the effective key length to 32 bits
  • the key can be recovered in less than 1 minute even on slow hardware
  • hence DVDs can be copied easily
why 40 bits
Why 40 bits?
  • the US considered strong security as “munitions” and therefore came under the export of arms legislation
  • 40 bit encryption was considered weak, and therefore not munitions
  • restrictions were lifted in 1996
key exchange
Key Exchange
  • as the number of people gets big, the problems get worse
    • how to exchange keys securely with all these people?
    • how to keep a (secure) record of all those keys?
    • how to (securely) change a key if one gets lost?
idea 1 a kdc
Idea 1 – A KDC
  • Key Distribution Centre (KDC)
  • if everybody exchanges a key securely with the KDC, we can communicate with it securely
  • to communicate with a third party, we ask the KDC for a key
  • the KDC gives you and the third party the same key

I need a key for Alice

Here is your shared key

kdc problems
KDC Problems
  • who do you trust to be the KDC?
  • who does everybody trust to be the KDC?
  • the KDC knows all your secrets
  • how do you exchange initial keys with the KDC?
  • …and other problems
kdc today
KDC today
  • KDCs are a good option for LANs
  • computers on a LAN, generally trust other computers on a LAN inside the same organisation
  • Microsoft’s Active Directory is an example of a KDC
  • how does AD get your initial password?
key exchange problem
Key Exchange Problem
  • originally solved by Whitfield Diffie and Martin Hellman, called Diffie-Hellman key exchange
  • still used but currently the most common method is to use asymmetric encryption
  • mostly RSA encryption
  • elliptic curves getting to be popular because they use smaller numbers than RSA so the arithmetic is easier
asymmetric encryption
Asymmetric Encryption
  • key used to encrypt is called the public key
  • key used to decrypt is called the private key
  • the two keys are related to each other
  • the private key cannot be easily discovered from the public key
  • how does this help?
shared key exchange using asymmetric ciphers
Shared Key Exchange using Asymmetric ciphers
  • Alice wants to talk to Bob
  • Alice asks for Bob’s public key
  • Bob sends his public key

Send me your public key

Here is my public key

shared key exchange with using asymmetric ciphers
Shared Key Exchange with using Asymmetric ciphers
  • Alice creates a shared key and encrypts it with Bob’s public key

Bob’s Public key



Ciphertext = Encrypted key

Cleartext = Shared key

Send the encrypted shared key to Bob

shared key exchange with using asymmetric ciphers1
Shared Key Exchange with using Asymmetric ciphers
  • Bob gets encrypted shared key
  • Bob uses his private key to decrypt the shared key

Bob’s Private key



Cleartext = Shared key

Ciphertext = Encrypted Shared key

shared key exchange with using asymmetric ciphers2
Shared Key Exchange with using Asymmetric ciphers
  • all messages between Alice and Bob can now be encrypted with symmetric ciphers using the shared key

Encrypted Message = “Hello”

key exchange1
Key Exchange
  • using asymmetric encryption to exchange a shared key is a good solution because
    • the asymmetric encryption and decryption tasks only happen once, and at the start of the communication
    • so it takes a little longer to set the communication channel up but…
    • …fast symmetric encryption is used for the rest of the communication
  • see page 4 of this week’s notes
eve the eavesdropper
Eve the Eavesdropper
  • what does an eavesdropper see?
    • request for Bob’s public key
    • Bob’s public key
    • a message encrypted with Bob’s public key
    • messages encrypted with a shared key
  • in order to read the messages, Eve would need to either
    • get Bob’s private key or
    • brute force the private key or the shared key
are we there yet
Are we there yet?
  • we have now got
    • privacy using symmetric encryption
    • key exchange using asymmetric encryption
  • we still have a big problem
    • before next week, work out how Alice can be duped by Eve!
asymmetric cipher uses
Asymmetric Cipher Uses
  • why not just use asymmetric ciphers, then everybody just needs one private/public key pair?
  • we don’t need to use symmetric ciphers???
  • but…
problems with asymmetric ciphers
Problems with Asymmetric Ciphers
  • all current asymmetric systems rely on some awkward arithmetic
    • coding errors in the arithmetic have been known
    • about 1,000 times slower than symmetric (although Elliptic Curves are better)
    • produce big chunks of ciphertext (because of those big numbers that are used)
    • so not suitable for encrypting lots of small packets, especially if speed is important
more problems
More problems…
  • an advance in mathematics may break asymmetric encryption
    • remember that RSA relies on the notion that it is easy to multiply two large numbers together, but there is no known quick way to factor very large numbers
  • perhaps someone has already made this breakthrough
    • it is hoped that the promise of instant fame and a Nobel prize will be enough to ensure publication
and another one
and another one…
  • imagine using asymmetric encryption to encrypt votes in a poll
    • poll site sends you their public key
    • you encrypt the message “NATIONAL” or “LABOUR” or “GREEN” etc… using the public key, and send your vote
    • Eve intercepts the encrypted message
    • Eve can work out who you voted for!!!
    • how does she do it?
  • key exchange is a problem when there are many users
  • a KDC can help on the LAN
  • asymmetric encryption solves the key exchange problem…
  • …almost