Confidentiality using Conventional Encryption Chapter 5
Download
Report
Transcript Confidentiality using Conventional Encryption Chapter 5
Confidentiality using Conventional Encryption
Chapter 5
Vulnerability points
• In-house
– Corrupted workstation
• Extra machine with sniffer
– Wiring closet
• Sneaky rewiring – for example to phone line
– Corrupted server/router
• Hacked – routed to man-in-the middle
• Interception on external network
– Wireless interception
– Interception in external packet network
• DNS attack
• IP spoofing
Encryption points
• Link encryption
–
–
–
–
IP and higher headers are encrypted – less traffic analysis
Requires trust in packet network
Many keys required
Host authentication only
• End-to-end encryption
–
–
–
–
–
Link headers must be in clear
Packets show link headers
One key per user pair
User responsible and can decide not to encrypt
Can be either protocol (TCP layer) or application layer
Traffic Confidentiality
• Defends against traffic analysis
–
–
–
–
Partner identity
How much communication
Message characteristics – length, response patterns
Relation with external events
• Defenses
– Link encryption hides users’ headers
– Traffic padding (send useless random patterns) – used for end-toend
– Packet tunneling (real thing hidden within innocent-looking
packet)