1 / 26

260 likes | 413 Views

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7. Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation.

Download Presentation
## CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7

**An Image/Link below is provided (as is) to download presentation**
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.
Content is provided to you AS IS for your information and personal use only.
Download presentation by click this link.
While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

**CONFIDENTIALY USING CONVENTIONAL ENCRYPTION– Chapter 7**• Historically – Conventional Encryption • Recently – Authentication, Integrity, Signature, Public-key • Link • End-to-End • Traffic-Analysis • Key Distribution • Random Number Generation**Confidentiality**• Link • - both ends of link • - many encryps / decryps - all links use it • - decrypt at packet switch (read addr.) • - unique key / node pair • End- to-End • - only at ends • - data encrypted, not address (header) • - one key pair • - traffic pattern insecure • - authentication from sender**Characteristics of Link and End-to-End**Table 7.1**Both Link and End-to-End**• - Data secure at nodes • - Authentication • LINK – low level (physical/link) • END-TO-END – network (X.25) • End0 • End1 (ends separately • End2 protected) • Cannot service internet traffic**E-mail Gateway**• OSI email gateway TCP • no end-to-end protocol below appl. layer • networks terminate at mail gateway • mail gateway sets up new transport/network • connections • need end-to-end encryp. at appl. Layer • - disadvantage: many keys**Identities**• Message Frequency • Message Pattern • Event Correlation • Covert Channel • Link • Headers encrypted • Traffic padding (Fig 7.6) • End-to-End • Pad data • Null messages Traffic Confidentiality**Physically deliver**• Third party physically select/deliver • EKold(Knew) → • 4. End-to-End(KDC): • A EKA(Knew) C EKB(Knew)B • N hosts → (N)choose(2) keys – Fig 7.7 • KDC – Key hierarchy – Fig 7.8 • Session Key – temporary : end ↔ end • Only N master keys – physical delivery KEY DISTRIBUTION**User shares Master Key with KDC**Steps 1-3 : Key Distribution Steps 3,4,5 : Authentication KEY DISTRIBUTION**Key Distribution Centre (KDC) Hierarchy**LOCAL KDCs KDCX KDCA KDCB A B Key selected by KDCA, KDCB, or KDCX**LIFETIME**Shorter Lifetime → Highter Security → Reduced Capacity Connection-oriented: - change session key periodically Connectionless: - new key every exchange or #transactions or after time period**Key Distribution (connection-oriented)**End-to-End (X.25,TCP), FEP obtains session keys**Decentralised Key Control**Not practical for large networks - avoids trusted third party**KEY USAGE**key types : Data, PIN, File key tags : Session/Master/Encryp/Decryp Control Vector: associate session key with control vector (Fig 7.12)**Linear Congruential Generator**• Xn+1 = (aXn + c) mod m • Encryption : DES (OFB) – (Fig 7.14) • Blum Blum Shub (BBS) • X0 = s2 mod n • for i = 1 to infinity • Xi = (Xi-1)2 mod n • Bi = Xi mod 2 Random Number Generation

More Related