CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 • Historically

Download Report

Transcript CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 • Historically 

CONFIDENTIALY USING
CONVENTIONAL ENCRYPTION
– Chapter 7
• Historically – Conventional Encryption
• Recently
– Authentication, Integrity,
Signature, Public-key
• Link
• End-to-End
• Traffic-Analysis
• Key Distribution
• Random Number Generation
Points of Vulnerability
Comms
Ser ver
W iring
Closet
Telco
Centr al
Office
LAN
W orkstation
Fr ame Relay
or ATM
Networ k
Figur e 7.1 Points of Vulner ability
2
Link / End-to-End
PSN
PSN
Packet-switching
network
PSN
PSN
= end-to-end encryption device
= link encryption device
PSN = packet switching node
Figur e 7.2 Encr yption Acr oss a Packet-Switching Networ k
3
Confidentiality
• Link
- both ends of link
- many encryps / decryps - all links use it
- decrypt at packet switch (read addr.)
- unique key / node pair
• End- to-End
- only at ends
- data encrypted, not address (header)
- one key pair
- traffic pattern insecure
- authentication from sender
Characteristics of
Link and End-to-End
Table 7.1
Both Link and End-to-End
- Data secure at nodes
- Authentication
• LINK
– low level (physical/link)
• END-TO-END – network (X.25)
 End0
 End1
 End2
|
(ends separately
protected)
Front-End Processor Function
E-mail Gateway
OSI End
System
TCP/I P End
System
Mail Gateway
Email
Email
Presentation
Presentation
Session
Session
Email
Email
TCP
TCP
Transpor t
Transpor t
Networ k
Networ k
IP
IP
Data Link
Data Link
Data Link
Data Link
Physical
Physical
Physical
Physical
Internetwork
Internetwork
Scope of link-level
encryption
Scope of end-to-end encryption below application layer
Scope of Application-Layer End-to-End Encryption
Figur e 7.4 Encr yption Cover age Implications of Stor e-and-For war d Communications
E-mail Gateway
OSI 
email gateway  TCP
• no end-to-end protocol below appl. layer
• networks terminate at mail gateway
• mail gateway sets up new transport/network
connections
• need end-to-end encryp. at appl. Layer
- disadvantage: many keys
Various Encryption Strategies
L ink -H
(a)
Net-H
I P-H
T CP-H
Data
L ink -T
Application-L evel Encr yption (on link s and at r outer s and gateways)
L ink -H
Net-H
I P-H
T CP-H
Data
L ink -T
Data
L ink -T
Data
L ink -T
Data
L ink -T
On links and at routers
L ink -H
Net-H
I P-H
T CP-H
In gateways
(b)
TCP-L evel Encr yption
L ink -H
Net-H
I P-H
T CP-H
On links
L ink -H
Net-H
I P-H
T CP-H
In routers and gateways
(c)
L ink -L evel Encr yption
Shading indicates encryption.
TCP-H
IP-H
Net-H
Link-H
Link-T
=
=
=
=
=
TCP header
IP header
Network-level header (e.g., X.25 packet header, LLC header)
Data link control protocol header
Data link control protocol trailer
Fi gur e 7.5 Rel ationshi p between Encr yption and Pr otocol L evel s
Traffic Confidentiality
• Identities
• Message Frequency
• Message Pattern
• Event Correlation
• Covert Channel
Link
• Headers encrypted
• Traffic padding (Fig 7.6)
End-to-End
• Pad data
• Null messages
Traffic Padding
K ey
Discontinuous
plaintext input
Encr yption
algorithm
Continuous
random-data
gener ator
Figur e 7.6 Tr affic-Padding Encr yption Device
Continuous
cipher text output
KEY DISTRIBUTION
1. Physically deliver
2. Third party physically select/deliver
3. EKold(Knew) →
4. End-to-End(KDC):
A
E (K ) 
C
E (K
KA
new
KB
new)
B
N hosts → (N)choose(2) keys – Fig 7.7
KDC – Key hierarchy – Fig 7.8
Session Key
– temporary : end ↔ end
Only N master keys – physical delivery
N um ber of keys
#End-to-End Keys
10
10
10
10
9
8
7
6
5
6
7
8 9
2
10
3
3
4
5
6
7
8 9
10
2
3
4
5
6
7
4
Number of endpoints
Figur e 7.7
Number of K eys Requir ed to Suppor t Arbitrar y
Connections Between Endpoints
8 9
10
5
Key Hierarchy
Data
Cr yptogr aphic
Pr otection
Session K eys
Cr yptogr aphic
Pr otection
M aster K eys
Non-Cr yptogr aphic
Pr otection
Figur e 7.8 The Use of a K ey Hier ar chy
KEY DISTRIBUTION SCENARIO
K ey
Distribution
Center (K DC)
(1) Request || N 1
Key distribution
steps
(2) E Ka[ K s || Request || N 1] || E Kb(Ks, ID A)]
(3) E Kb[K s || ID A]
Initiator
A
Responder
B
(4) E Ks[N2]
(5) E Ks[f(N 2)]
Authentication
steps
Figur e 7.9
Key Distribution Scenar io
16
KEY DISTRIBUTION
User shares Master Key with KDC
Steps 1-3 : Key Distribution
Steps 3,4,5 : Authentication
Key Distribution Centre (KDC)
Hierarchy
LOCAL KDCs
KDCX
KDCA KDCB
A
B
Key selected by KDCA, KDCB, or KDCX
LIFETIME
Shorter Lifetime → Highter Security
→ Reduced Capacity
Connection-oriented:
- change session key periodically
Connectionless:
- new key every exchange
or #transactions
or after time period
Key Distribution (connection-oriented)
K DC
1. H ost sends packet requesting connection
2. Fr ont end buffer s packet; asks KDC for session key
3. K DC distr ibutes session key to both fr ont ends
4. Buffer ed packet tr ansmitted
FEP
FEP = fr ont end pr ocessor
K DC = key distr ibution center
2
3
1
HOST
F
E
P
4
F
E
P
HOST
network
Figur e 7.10
Automatic Key Distribution for Connection-Or iented Pr otocol
End-to-End (X.25,TCP), FEP obtains session keys
Decentralised Key Control
(1) Request || N 1
Initiator
A
Responder
B
(2) E MK m[ Ks || Request || ID A || f(N 1) || N2 ]
(3) E Ks[ f(N 2) ]
Figure 7.11 Decentralized Key Distribution
Not practical for large networks
- avoids trusted third party
KEY USAGE
key types : Data, PIN, File
key tags : Session/Master/Encryp/Decryp
Control Vector:
associate session key with control vector
(Fig 7.12)
Control Vector Encryp. and Decryp.
Control
Vector
Master
Key
Session
Key
Hashing
Function
Control
Vector
Master
Key
Encr ypted
Session Key
Hashing
Function
»
»
Plaintext
input
Key
input
Encryption
Function
Encr ypted
Session Key
(a) Control Vector Encryption
Plaintext
input
Key
input
Decryption
Function
Session Key
(b) Control Vector Decryption
Figur e 7.12 Control Vector Encr yption and Decr yption
PRNG From Counter
Counter with
Per iod N
C
C+ 1
M aster K ey
Km
Encr yption
A lgor ithm
X i = E Km[C + 1]
Pseudor andom Number
Figur e 7.13
Gener ation Fr om a Counter
ANSI X9.17 PRNG
K 1, K 2
DT i
EDE
EDE
Vi
V i+1
EDE
Ri
Figur e 7.14
ANSI X9.17 Pseudor andom Number Generator
Random Number Generation
• Linear Congruential Generator
Xn+1 = (aXn + c) mod m
• Encryption : DES (OFB) – (Fig 7.14)
• Blum Blum Shub (BBS)
X0 = s2 mod n
for i = 1 to infinity
Xi = (Xi-1)2 mod n
Bi = Xi mod 2