Secure Communication P.V. Ananda Mohan FNAE, Fellow IEEE, FIETE ECIL, Bangalore
AGENDA • Introduction • Current Scenario • Three Basic Requirements • Case studies • Conclusion
Where is Security needed? • Military communications- media and terminal Encryption • Electronic Commerce • E-banking • Secure Storage • Internet Applications: e-mail etc • Wireless networks: GSM, CDMA, Wi fi, WiMAX, Blue Tooth
Devices and Types of Networks used for Communication • Routers • LANs • Wireless devices • Virtual Private Networks (IPSec based) • SSL • PDAs (Personal digital assistants) • Storage Area Networks (SAN)
Algorithms and protocols are related to three basic domains Authentication Encryption Hashing and Digital Signatures
Digital encryption • Two techniques: • Stream ciphering : considered simple to implement, no error propagation, less latency • Block ciphering: considered complex to implement, smearing of whole blocks due to errors, latency of few blocks.
Stream ciphering SEQUENCE GENERATOR Clear Data stream Ciphered data Stream = Masking = modulo 2 operation
Block ciphers N bit input block K bit key N bit output block
E Ti E Vi+1 E E Vi Ri ANSI X9.17 Random Number generator • Useful for generating session keys • DES can be used Ti is time stamp, Vi is seed and Ri is the output random number
A5 Stream cipher Algorithm of GSM • LFSR= Linear Feedback Shift register IV LFSR 17 Clock LFSR 19 Clock control logic Clock IV IV LFSR 23 Clock Generated Sequence to mask speech
GSM authentication • Authentication • Network sends RAND(128 bits) • Ki is secret key • Ki, RAND used with Algorithm A3 to produce SRES (32 bits) • A3 is operator dependent • Ki cannot be accessed by the user.
GSM Encryption • Cipher Key Kc generated using Ki and RAND by algorithm A8 • Kc is 64 bits • Frame number (22bits) and Kc used with A5 to generate 114 bit cipher sequence • Speech is masked by cipher sequence and transmitted
RAND RAND 128 Bits A3 A3 Ki Ki SRES (32 bits) SRES ? RAND A8 A8 Ki Ki Kc 64 bits Kc 64 bits Frame# Frame# Encrypted traffic A5 A5 GSM Authentication and encryption in a nutshell Handset Network SIM has Ki, Algo RAND
CDMA Encryption Methodology RAND SSD generator ESN A-Key A-Key ESN RAND SSD Broadcast RAND generator CAVE CAVE SSDB SSDA SSDA SSDB Broadcast RAND CAVE CAVE CAVE CAVE ? 18 bit Sgnature check for authentication Long Code Long Code Data key Voice Scrambled Voice CEMA key ORYX ORYX Data Encrypted data CEMA CEMA Signalling Encrypted Signalling Messages
Future CDMA Encryption • AES for Encryption • SHA for Hashing • AKA (Authentication and Key agreement protocol) • Kasumi Algorithm for Encryption and message security.
WEP 802.11 Wireless Network security • Secret key shared between mobile and Access point • Standard does not say how the secret key is established • Single key shared by all laptops and access point! • Uses Integrity check field (IC) a CRC 32 to safeguard against modification in transit.
WEP 802.11 Wireless Network security • Uses an IV (Initialization vector 24 bit) together with common shared secret key so that session key for RC4 changes. • RC4 is a stream cipher. • Too small repeats in 5 hours for a single user situation say for 1500 byte packets at 11Mb/s • In a multiple user scenario collision will be very frequent.
Blue tooth • Three security modes • (a) no security (promiscuous mode) • (b) link level enforced (supports authentication and encryption, secret link key established based on entered PINs) • (c) Service level enforced (after channel is established )
48 bit • SAFER (secure and fast encryption routine) 128 bit SAFER Algorithm
Blue Tooth Key generation and Encryption Methodology Link Key • 1600 hops per second Encryption Offset Number (COF) EN-RAND 128 bit Kc Master Clock bits CLK 26-1 Algorithm to Modify Kc MAC Address 48 bit IV (Kc′) E0 Algorithm Kcipher Plain Text To medium
Blue Tooth Sequence generator 25 31 33 39
Tetra Security • Mobile Radio Trunking • Different modes of operation (direct Mode of operation DMO etc ) • Authentication key K • Hierarchy of Keys: • Derived Ciphered key (DCK) • Common Cipher Key (CCK) generated by SWMI (Switching and Management infrastructure) • Group Cipher Key (GCK) • Modified Group Cipher Key = ECCK(GCK) • Static Cipher Key (SCK)- no prior authentication is needed (fixed pre-stored) • Uses IDEA (International Data Encryption Algorithm)
Identifies the user Authentication code entered from keypad Algo K User Authentication key Identifies the handset Algo K Authentication code Identifies the handset and the user Algo K User Authentication key Tetra Authentication key generation
WiMAX security • WiMAX World wide interoperability for Microwave Access (IEEE 802.16e) • Future PC will be with with three plug-ins (a) WCDMA for HSPA (high speed packet access) card for GSM users (b) CDMA 2000 for CDMA users ( c) card for WiMAX • Integrate WiFI with WiMAX using Montevino code
The MAC has a privacy sublayer than performs authentication, key exchange and encryption of MPDUs.
SS (subscriber station) first must gain authorization to access the system and a security association for its secondary management connection • Privacy and key management (PKM) protocol is used. • IP connectivity can then be established • User connections can be created using the MAC service.
Symmetric key encryption algorithms • Data encryption standard(DES) • Triple DES • International data encryption algorithm (IDEA) • Blowfish • Many more • RIJNDAEL - the advanced encryption standard
General Features/Specifications • Block length in bits • Key length in Bits • Rounds • Operations in Each round • Key Schedule for all rounds • Round Key generation • Decryption • Modes of operation • Any Weak Keys • Complexity / Execution time Benchmarks
IP 56 28 28 Expansion Rotate by number of bits as given in table in each round Rotate by number of bits as given in table in each round 48 bit sub-key1 Substitution Compression Permutation 48 bits Sub Key generation DES Structure 64 64 32 48 32 48 48 Permutation 32 One Round 32 32
Shift register 64-j bits j bits E Plain text Cipher text DES Modes 64 bit input Text block1 Text block2 Text block3 IV (Initialization Vector) E E E 56 bit key 64 bit output Cipher text blocks • ECB (Electronic Code Book) • CBC (Cipher Block chaining) Shift Register (64-J) bits J bits key J bits Discard 64-j bits Plain text j bits Cipher text j bits • CFB (Cipher feedback mode) • OFB (Output feedback) Encryption
Triple DES C=EK1[DK2[EK1[P]]] • 112 bit key (caution: different K1 and K2!!!) E D E P C K1 K2 K1
Rijndael Brand New!!! • Variable block length (128,192,256 bits) • Variable key length( 128,192 or 256 bits) • Block cipher • Data and key arranged as rows and columns • Byte level design • Suitable for DSP or Microprocessor based or ASIC implementation
Rijndael • Four Rows • Nb columns : Nb = Block length/32 • Nk columns : Nk = Key length /32 • Number of rounds dependent on Nb and Nk: 4 6 8 4 10 12 14 6 12 12 14 8 14 14 14 Nb Nk
Rijndael • Rounds shown in Table +1 needed • Each round consists of four operations: • 1)Byte Substitution • 2) Shift row • 3)Mix column • 4) Add Round key (modulo 2 bit by bit)
Rijndael Substitute for each byte from a Rijndalel S-Box to get a new block Write data vertically in the memory Add Round Key Rotate Byte Followed by Mix column
Key Generation method • Continue to get 44 words g
D D S S U R K K U stands for Public R stands for Private S D D S R U R R U U Authentication Both Authentication and confidentiality Encryption and authentication Confidentiality Conventional encryption
Key distribution(contd..) PUBLIC KEY AUTHORITY 4 1 5 2 3 A 6 B 7
Key distribution using certificates CA KUa KUb CA CB CA B A CB
Authentication using RSA • RSA ( Rivest- Shamir- Adleman) inventors • Two keys are used (public key and private key) Choose two large primes p and q. n = pq Choose e such that e and (p-1)(q-1) are relatively prime. Calculate d so that ed = 1 mod((p-1).(q-1)) Disclose d and n. Keep e safe with you. m = message Public Key = (e,n) Private Key = (d,n) Encryption c = me mod n Decryption m = cd mod n Modulo exponentiation is a complex task.
DIFFIE- HELLMAN KEY EXCHANGE • Public values p and n. • A selects x and B selects y. k1= px mod n A B k2 = py mod n A computes k2x mod n B computes k1y mod n Both getpxy mod n
AUTHENTICATION BY DIGITAL SIGNATURES M M -------- CK(M) K C COMPARE K
Y0 Y1 YN-1 F F F IV General Principle • F is a compression function • Yi are successive blocks in the input • If F is collision resistant, so is the Hash algorithm.