Title: Information Security and Management 7' Confidentiality Using Symmetric Encryption
1Information Security and Management 7.
Confidentiality Using Symmetric Encryption
2Confidentiality using Symmetric Encryption
- Traditionally symmetric encryption is used to
provide message confidentiality - Consider typical scenario
- Workstations on LANs access other workstations
servers on LAN - LANs interconnected using switches/routers
- with external lines or radio/satellite links
- The wiring closet itself is vulnerable
- Consider attacks and placement in this scenario
- snooping from another workstation
- use dial-in to LAN or server to snoop
- use external router link to enter snoop
- monitor and/or modify traffic one external links
3Points of Vulnerability
4Confidentiality using Symmetric Encryption
- Have two major placement alternatives
- link encryption
- encryption occurs independently on every link
- implies must decrypt traffic between links
- requires many devices, but paired keys
- end-to-end encryption
- encryption occurs between original source and
final destination - need devices at each end with shared keys
5Link vs. End-to-End Encryption
6Link Encryption
- Each vulnerable communications link is equipped
on both ends with an encryption device. - All traffic over all communications links is
secure. - Disadvantage the message must be decrypted each
time it enters a packet switch. - The message is vulnerable at each switch.
- Each pair of nodes that share a link should share
a unique key, with a different key used on each
link. Thus, many keys must be provided.
7End-to-End Encryption
- The encryption process is carried out at the two
end systems. - The data in encrypted form are then transmitted
unaltered across the network to the destination
terminal or host. - The destination shares a key with the source and
so is able to decrypt the data. - The host may encrypt only the user data portion
of the packet and must leave the header in the
clear. - Provide a degree of authentication
- To achieve greater security, both link and
end-to-end encryption are needed.
8Comparison
9Logical Placement of End-to-End Encryption
- Network-layer encryption
- Front-end processor function
10Scope
11Encryption Strategies
12Traffic Analysis (1)
- When using end-to-end encryption must leave
headers in clear - so network can correctly route information
- Hence although contents protected, traffic
pattern flows are not - Ideally want both at once
- end-to-end protects data contents over entire
path and provides authentication - link protects traffic flows from monitoring
13Traffic Analysis (2)
- Is monitoring of communications flows between
parties - useful both in military commercial spheres
- can also be used to create a covert channel
- Types of information that can be derived from a
traffic analysis attack - Identities of partners
- How frequently the partners are communicating
- Message pattern, message length, or quantity of
messages that suggest important information is
being exchanged - The events that correlative with special
conversations between particular partners.
14Traffic Analysis (3)
- Link encryption approach
- Network-layer headers are encrypted, reducing the
opportunity for traffic analysis. - But it is still possible to access the amount of
traffic on a network and to observe the amount of
traffic entering and leaving each end system - Countermeasure
- Traffic padding
15Traffic Analysis (4)
Traffic-padding Encryption Device
16Traffic Analysis (5)
- End-to-end encryption approach
- Encryption is implemented at the application the
opponent can determine which transport entities
are engaged in dialogue. - Encryption is housed at the transport layer the
network-layer address and traffic patterns remain
accessible - Countermeasure
- Pad out data units to a uniform length at either
the transport or application level. - The tactics deny an opponent knowledge about the
amount of data exchanged between end users and
obscure the underlying traffic pattern.
17Key Distribution
- Symmetric schemes require both parties to share a
common secret key - Issue is how to distribute this key without
allowing others to see the key. - Often secure system failure due to a break in the
key distribution scheme
18Key Distribution
- Given parties A and B have various key
distribution alternatives - A can select key and physically deliver to B.
- A third party can select the key and physically
deliver it to A and B. - If A and B have previously and recently used a
key, one party can transmit the new key to the
other, encrypted using the old key. - If A and B each has an encrypted connection to a
third party C, C can deliver a key on the
encrypted links to A and B.
19Problems
- If end-to-end encryption is done at a network or
IP level, then a key is needed for each pair of
hosts. - If there are N hosts, the number of required keys
is - N(N-1)/2.
20The Use of Key Hierarchy
21Key Distribution Scenario
22Key Distribution Issues
- Hierarchical Key Control Hierarchies of KDCs
required for large networks, but must trust each
other - Session Key Lifetime session key lifetimes
should be limited for greater security - Use of automatic key distribution on behalf of
users, but must trust system - Use of decentralized key distribution
- Controlling Key Usage
23A Transparent Key Control Scheme
24Decentralized Key Control
- The use of a key distribution center imposes the
requirement that the KDC be trusted and be
protected from subversion. This requirement can
be avoid if key distribution is fully
decentralized.
Disadvantage Needs a large amount of Master key
25Controlling Key Usage (1)
- Associate a tag with each key (8-bits)
- One bit indicates whether the key is a session
key or a master key. - One bit indicates whether the key can be used for
encryption. - One bit indicates whether the key can be used for
decryption. - The remaining bits are spares for future use.
26Controlling Key Usage (2)
Control Vector Technique
27Controlling Key Usage (3)
- Encrypted session key
- Hash value H h(CV)
- Key input Km ? H
- Ciphertext Ekm ? HKs
- Decryption
- Ks Dkm ? HEkm ? HKs
28Random Number Generation
- Many uses of random numbers in cryptography
- nonces in authentication protocols to prevent
replay - session keys generation
- public key generation
- Criteria
- Uniform distribution
- Independence
- No one value in the sequence can be inferred from
the others - Unpredictability
29Natural Random Noise
- Best source is natural randomness in real world
- Find a regular but random event and monitor
- Do generally need special h/w to do this
- eg. radiation counters, radio noise, audio noise,
thermal noise in diodes, leaky capacitors, gas
discharge tubes etc.
30Published Sources
- A few published collections of random numbers
- Rand Co, in 1955, published 1 million numbers
- generated using an electronic roulette wheel
- has been used in some cipher designs cf Khafre
- Earlier Tippett in 1927 published a collection
- Issues are that
- these are limited
- too well-known for most uses predictable
31Pseudorandom Number Generators (PRNGs)
- Algorithmic technique to create random numbers
- Although not truly random, can pass many tests of
randomness
32Linear CongruentialGenerator
- Common iterative technique using
- Xn1 (aXn c) mod m
- Given suitable values of parameters can produce a
long random-like sequence - Suitable criteria to have are PARK88
- T1 function generates a full-period
- T2 generated sequence should appear random
- T3 efficient implementation with 32-bit
arithmetic - Note that an attacker can reconstruct sequence
given a small number of values
33Using Block Ciphers as Stream Ciphers
- Can use block cipher to generate numbers
- Use Counter Mode
- Xi EKmi
- Use Output Feedback Mode
- Xi EKmXi-1
- ANSI X9.17 PRNG
- uses date-time seed inputs and 3 triple-DES
encryptions to generate new seed random
34Cyclic Encryption
35ANSI X9.17 PRNG
36Blum Blum Shub (BBS) Generator
- Based on public key algorithms
- Use least significant bit from iterative
equation - X0 s2 mod n
- For i1 to ?
- Xi(Xi-1)2 mod n
- BiXi mod 2
- where np.q, and primes p,q3 mod 4
- Unpredictable, passes next-bit test
- Security rests on difficulty of factoring N
- Is unpredictable given any run of bits
- Slow, since very large numbers must be used
- Too slow for cipher use, good for key generation
37Example of BBS