1 / 26

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7

Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation.

urian
Download Presentation

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Historically – Conventional Encryption • Recently – Authentication, Integrity, Signature, Public-key • Link • End-to-End • Traffic-Analysis • Key Distribution • Random Number Generation CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7

  2. Points of Vulnerability

  3. Link / End-to-End

  4. Link • - both ends of link • - many encryps / decryps - all links use it • - decrypt at packet switch (read addr.) • - unique key / node pair • End- to-End • - only at ends • - data encrypted, not address (header) • - one key pair • - traffic pattern insecure • - authentication from sender Confidentiality

  5. Characteristics of Link and End-to-End Table 7.1

  6. - Data secure at nodes • - Authentication • LINK – low level (physical/link) • END-TO-END – network (X.25) •  End0 •  End1 (ends separately •  End2 protected) • | Both Link and End-to-End

  7. Front-End Processor Function

  8. E-mail Gateway

  9. OSI  email gateway  TCP • no end-to-end protocol below appl. layer • networks terminate at mail gateway • mail gateway sets up new transport/network • connections • need end-to-end encryp. at appl. Layer • - disadvantage: many keys E-mail Gateway

  10. Various Encryption Strategies

  11. Identities • Message Frequency • Message Pattern • Event Correlation • Covert Channel • Link • Headers encrypted • Traffic padding (Fig 7.6) • End-to-End • Pad data • Null messages Traffic Confidentiality

  12. Traffic Padding

  13. Physically deliver • Third party physically select/deliver • EKold(Knew) → • 4. End-to-End(KDC): • A EKA(Knew) C EKB(Knew)B • N hosts → (N)choose(2) keys – Fig 7.7 • KDC – Key hierarchy – Fig 7.8 • Session Key – temporary : end ↔ end • Only N master keys – physical delivery KEY DISTRIBUTION

  14. #End-to-End Keys

  15. Key Hierarchy

  16. KEY DISTRIBUTION SCENARIO

  17. User shares Master Key with KDC Steps 1-3 : Key Distribution Steps 3,4,5 : Authentication KEY DISTRIBUTION

  18. LOCAL KDCs KDCX KDCA KDCB A B Key selected by KDCA, KDCB, or KDCX Key Distribution Centre (KDC) Hierarchy

  19. Shorter Lifetime → Highter Security → Reduced Capacity Connection-oriented: - change session key periodically Connectionless: - new key every exchange or #transactions or after time period LIFETIME

  20. Key Distribution (connection-oriented) End-to-End (X.25,TCP), FEP obtains session keys

  21. Decentralised Key Control Not practical for large networks - avoids trusted third party

  22. key types : Data, PIN, File key tags : Session/Master/Encryp/Decryp Control Vector: associate session key with control vector (Fig 7.12) KEY USAGE

  23. Control Vector Encryp. and Decryp.

  24. PRNG From Counter

  25. ANSI X9.17 PRNG

  26. Linear Congruential Generator • Xn+1 = (aXn + c) mod m • Encryption : DES (OFB) – (Fig 7.14) • Blum Blum Shub (BBS) • X0 = s2 mod n • for i = 1 to infinity • Xi = (Xi-1)2 mod n • Bi = Xi mod 2 Random Number Generation

More Related