Download Presentation
T101 Networks

Loading in 2 Seconds...

1 / 38

# T101 Networks - PowerPoint PPT Presentation

T101 Networks. 12 – Key Exchange. Updated Notes. the original notes from last week contained an error in the transposition cipher new notes are on moodle. Practical Demo. Competency-based assessment tick list is on moodle take the pressure off the final week optional…

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

## PowerPoint Slideshow about 'T101 Networks' - lei

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### T101 Networks

12 – Key Exchange

Updated Notes
• the original notes from last week contained an error in the transposition cipher
• new notes are on moodle
Practical Demo
• Competency-based assessment
• tick list is on moodle
• take the pressure off the final week
• optional…
• …but you have to do it sometime
• no penalty if you don’t succeed, you’ll get another go if there is time
• exam conditions apply
Lesson Objectives
• explain problems with key exchange
• describe a solution to the key exchange problem
• explain problems with asymmetric ciphers
But first…
• Zodiac killer and his first cipher
• was a substitution cipher
• used multiple symbols to represent the same letter
• awkward to crack because the frequency analysis fails, and he also made spelling mistakes and cipher errors
• cracked by hand by guessing that:
• the first letter would be ‘I’
• the message would contain “kill’ or ‘killing’ or ‘killed’ etc…
Cryptography Basics
• Cryptography is…
• protecting privacy
• authentication of identities
• preservation of integrity
• …in an environment of mistrust
Symmetric Ciphers
• same key to encrypt as to decrypt
• on a network, both parties must have the same key
• the key is called a shared key
• big problem is key exchange
• how big was this problem?
Asymmetric Ciphers
• … but asymmetric ciphers can solve the big problem that symmetric ciphers have
• this week, solving the big problem
• but first…
Lab Results
• old substitution ciphers are very easy to crack
• the strength of modern symmetric ciphers is entirely based on the length of the key
• 128 bits (16 bytes) is a good strength key because:
How long is that?
• 3e26 years is 3 followed by 26 zeroes
• 300,000,000,000,000,000,000,000,000
• so if we had 10,000,000 computers that were all running 1,000 times faster the lab computers, you would crack the code in about…
• …30,000,000,000,000,000 years
• the universe is 13,700,000,000 years old
Key Choice
• so symmetric ciphers are secure provided that
• the key length is long enough not to be brute forced
• 128 bits looks good, shorter keys are problematic
• the key is chosen randomly
• but humans are not very good at remembering random numbers
Short Keys Example 1
• WEP initially used a 40 bit key
• giving at most 240 different keys
• some keys are weaker than others, so fewer keys are available
• there are other problems with WEP
• hence WEP can be cracked in a few minutes if you have enough ciphertext
Short Keys Example 2
• DVDs are protected using CSS which uses 40 bit keys
• there are problems with the way CSS uses the key, reducing the effective key length to 32 bits
• the key can be recovered in less than 1 minute even on slow hardware
• hence DVDs can be copied easily
Why 40 bits?
• the US considered strong security as “munitions” and therefore came under the export of arms legislation
• 40 bit encryption was considered weak, and therefore not munitions
• restrictions were lifted in 1996
Key Exchange
• as the number of people gets big, the problems get worse
• how to exchange keys securely with all these people?
• how to keep a (secure) record of all those keys?
• how to (securely) change a key if one gets lost?
Idea 1 – A KDC
• Key Distribution Centre (KDC)
• if everybody exchanges a key securely with the KDC, we can communicate with it securely
• to communicate with a third party, we ask the KDC for a key
• the KDC gives you and the third party the same key
KDC

I need a key for Alice

Here is your shared key

KDC Problems
• who do you trust to be the KDC?
• who does everybody trust to be the KDC?
• the KDC knows all your secrets
• how do you exchange initial keys with the KDC?
• …and other problems
KDC today
• KDCs are a good option for LANs
• computers on a LAN, generally trust other computers on a LAN inside the same organisation
• Microsoft’s Active Directory is an example of a KDC
• how does AD get your initial password?
Key Exchange Problem
• originally solved by Whitfield Diffie and Martin Hellman, called Diffie-Hellman key exchange
• still used but currently the most common method is to use asymmetric encryption
• mostly RSA encryption
• elliptic curves getting to be popular because they use smaller numbers than RSA so the arithmetic is easier
Asymmetric Encryption
• key used to encrypt is called the public key
• key used to decrypt is called the private key
• the two keys are related to each other
• the private key cannot be easily discovered from the public key
• how does this help?
Shared Key Exchange using Asymmetric ciphers
• Alice wants to talk to Bob
• Alice asks for Bob’s public key
• Bob sends his public key

Send me your public key

Here is my public key

Shared Key Exchange with using Asymmetric ciphers
• Alice creates a shared key and encrypts it with Bob’s public key

Bob’s Public key

Asymmetric

Encryption

Ciphertext = Encrypted key

Cleartext = Shared key

Send the encrypted shared key to Bob

Shared Key Exchange with using Asymmetric ciphers
• Bob gets encrypted shared key
• Bob uses his private key to decrypt the shared key

Bob’s Private key

Asymmetric

Encryption

Cleartext = Shared key

Ciphertext = Encrypted Shared key

Shared Key Exchange with using Asymmetric ciphers
• all messages between Alice and Bob can now be encrypted with symmetric ciphers using the shared key

Encrypted Message = “Hello”

Key Exchange
• using asymmetric encryption to exchange a shared key is a good solution because
• the asymmetric encryption and decryption tasks only happen once, and at the start of the communication
• so it takes a little longer to set the communication channel up but…
• …fast symmetric encryption is used for the rest of the communication
Exercise
• see page 4 of this week’s notes
Eve the Eavesdropper
• what does an eavesdropper see?
• request for Bob’s public key
• Bob’s public key
• a message encrypted with Bob’s public key
• messages encrypted with a shared key
• in order to read the messages, Eve would need to either
• get Bob’s private key or
• brute force the private key or the shared key
Are we there yet?
• we have now got
• privacy using symmetric encryption
• key exchange using asymmetric encryption
• we still have a big problem
• before next week, work out how Alice can be duped by Eve!
Asymmetric Cipher Uses
• why not just use asymmetric ciphers, then everybody just needs one private/public key pair?
• we don’t need to use symmetric ciphers???
• but…
Problems with Asymmetric Ciphers
• all current asymmetric systems rely on some awkward arithmetic
• coding errors in the arithmetic have been known
• about 1,000 times slower than symmetric (although Elliptic Curves are better)
• produce big chunks of ciphertext (because of those big numbers that are used)
• so not suitable for encrypting lots of small packets, especially if speed is important
More problems…
• an advance in mathematics may break asymmetric encryption
• remember that RSA relies on the notion that it is easy to multiply two large numbers together, but there is no known quick way to factor very large numbers
• perhaps someone has already made this breakthrough
• it is hoped that the promise of instant fame and a Nobel prize will be enough to ensure publication
and another one…
• imagine using asymmetric encryption to encrypt votes in a poll
• poll site sends you their public key
• you encrypt the message “NATIONAL” or “LABOUR” or “GREEN” etc… using the public key, and send your vote
• Eve intercepts the encrypted message
• Eve can work out who you voted for!!!
• how does she do it?
Summary
• key exchange is a problem when there are many users
• a KDC can help on the LAN
• asymmetric encryption solves the key exchange problem…
• …almost