Title: Confidentiality with Secretkey Ciphers
1 Confidentialitywith Secret-key Ciphers
2Potential locations for confidentiality attacks
3Where to put encryption algorithms
- Link-to-link encryption
- End-to-end encryption
4Link-to-link encryption
- Host A?(encryption)-(transmitted)-(decryption)
?Router1?(encryption)-(transmitted)- ???
(decryption) ?Rounter2?????Router
n?(encryption)-(transmitted)-(decryption)?Host B
5(No Transcript)
6Link-to-link encryption (cont.)
- Advantages
- Encryption is transparent to the application
programs. Therefore, we need not modify existent
application programs. - Disadvantages
- Messages are plaintext in the routers
- It needs one encryption and decryption for each
link and therefore it consumes much time.
7End-to-end encryption
- Host A?(encryption)---(transmitted)---?Router1?R
ounter2?????Router n?---(transmitted)---(decrypti
on)?Host B
8End-to-end encryption (cont.)
- Advantages
- Messages are ciphertext during transmission.
- It needs only one encryption and one decryption.
- Disadvantages
- We need modify the existing application programs
to assure confidentiality during transmission.
9Where to put encryption in theOSI network layers
- OSI has 7 network layers
- The encryption function can be put in any layer.
- Lower layers transparent to application programs
- Higher layers end-to-end encryption
10(No Transcript)
11What data are encrypted
- The dark parts are encrypted.
12(No Transcript)
13Key distribution
- To establish a (session) key between two parties
Alice and Bob. - Methods
- A key is selected by A and sent to B physically.
- A third party selects a key and sends it to A and
B physically. - If A and B has previously and recently used a
key, one party can select a new key, encrypt it
with the old key, and send it to another party. - If A and B each has an encrypted connection to a
third party C, C can deliver a key on the
encrypted links to A and B.
14Key distribution (cont.)
- Without a third party, N users need establish
N(N-1)/2 secret keys in advance, one for each
pair of users.
15Key distribution (cont.)
16A key distribution scenario
- It is desirable to have a third party (key
distribution center, KDC) since only N secret
keys have to be established for N users in
advance. - Each user establishes a secret key with the KDC.
- When two users want to communicate, they
establish a (session) key with the help from the
KDC. - Since each user has encrypted communication with
the KDC, this approach is feasible.
17A key distribution scenario (cont.)
- Key Distribution Center
- Let Kx be the secret key between KDC and user X.
- Since it is not easy to set up a secret key
between a user and KDC, the secret key should not
be used frequently. Therefore, when two users
want to communicate, they set up a session key
for the current communication session. - A key distribution scheme
18(No Transcript)
19(No Transcript)
20Decentralized key distribution
21Controlling Key Usage
22Random number generators
- Usage
- Generating secret and session keys.
- Generating public keys, such as, RSA.
- Generating nonces used in authentication schemes
-
23Random number generators (cont.)
- A sequence of random numbers is thought as
random if it has the properties - Uniform distribution every number should appear
with the same frequency. - Independence no one value in the sequence can be
inferred from other numbers. - Statistical tests
- We say a sequence of numbers is random if it
passes some well-known statistical tests, such
as, the uniform test, chi-square test, etc.
24Random number generators (cont.)
- Unpredictability
- given a prefix of the sequence, one cannot
predict what the next value is. - True random sources are hard to come by.
Therefore, we use deterministic programs to
generate pseudorandom numbers which has good
statistical properties.
25Pseudorandom generators
- Pseudorandom numbers are not random. It is only
semi-random. - It expands a short random number (seed) to a long
pseudorandom number
26Pseudorandom generators (cont.)
- Linear congruential generator
- Parameters
- m mgt0, the modulus
- a 0?altm, the multiplier
- c 0 ?cltm, the increment
- X0, 0 ?X0ltm , the start value, or seed
- Xn1(aXnc) mod m, for n?0.
- For example
- a3, m7, c2, X01,then X15, X23, X34, X40,
X52, X61, - If gcd(a, m)1, then the period T is the maximum
m-1.
27Pseudorandom generators (cont.)
- Cyclic encryption
- () C?C1
- XiEK(C)
- Goto ()
28Pseudorandom generators (cont.)
- ANSI X9.17 pseudorandom number generator
- Parameters
- DTi date/time value at the beginning of the ith
generation stage. - Vi seed value at the beginning of the ith
generation stage. - Ri Pseudorandom number produced by the ith
generation stage. - K1, K2 DES keys used for each stage.
29(No Transcript)
30Pseudorandom generators (cont.)
- Blum, Blum, Shub (BBS) generator
- Parameters
- npq, where p?q?3 (mod 4),
- p and q are prime and of the same length.
- S is the seed, 1?s?n-1
- Algorithm
- X0s2 mod n,
- XiXi-12 mod n, for i ? 1
- Let Bi be the last bit of Xi
- Output B1B2B3
- Remark
- In practice, n is of length ? 512 bits
31BBS generator (cont.)
- Example
- n 192649 383503
- seed 101355
32Cryptographically secure pseudorandom bit
generator (CSPB)
- CSPB use the concept of polynomial
indistinguishability between true random bits
and pseudorandom bits. - BBS generator is considered as a CSPB generator.
- BBS generator is secure if and only if factoring
is hard.