Information Security and Management 7' Confidentiality Using Symmetric Encryption

1
Information Security and Management 7.
Confidentiality Using Symmetric Encryption

• Chih-Hung Wang
• Sep. 2007

2
Confidentiality using Symmetric Encryption

• Traditionally symmetric encryption is used to
  provide message confidentiality
• Consider typical scenario
• Workstations on LANs access other workstations
  servers on LAN
• LANs interconnected using switches/routers
• with external lines or radio/satellite links
• The wiring closet itself is vulnerable
• Consider attacks and placement in this scenario
• snooping from another workstation
• use dial-in to LAN or server to snoop
• use external router link to enter snoop
• monitor and/or modify traffic one external links

3
Points of Vulnerability
4
Confidentiality using Symmetric Encryption

• Have two major placement alternatives
• link encryption
• encryption occurs independently on every link
• implies must decrypt traffic between links
• requires many devices, but paired keys
• end-to-end encryption
• encryption occurs between original source and
  final destination
• need devices at each end with shared keys

5
Link vs. End-to-End Encryption
6
Link Encryption

• Each vulnerable communications link is equipped
  on both ends with an encryption device.
• All traffic over all communications links is
  secure.
• Disadvantage the message must be decrypted each
  time it enters a packet switch.
• The message is vulnerable at each switch.
• Each pair of nodes that share a link should share
  a unique key, with a different key used on each
  link. Thus, many keys must be provided.

7
End-to-End Encryption

• The encryption process is carried out at the two
  end systems.
• The data in encrypted form are then transmitted
  unaltered across the network to the destination
  terminal or host.
• The destination shares a key with the source and
  so is able to decrypt the data.
• The host may encrypt only the user data portion
  of the packet and must leave the header in the
  clear.
• Provide a degree of authentication
• To achieve greater security, both link and
  end-to-end encryption are needed.

8
Comparison
9
Logical Placement of End-to-End Encryption

• Network-layer encryption
• Front-end processor function

10
Scope
11
Encryption Strategies
12
Traffic Analysis (1)

• When using end-to-end encryption must leave
  headers in clear
• so network can correctly route information
• Hence although contents protected, traffic
  pattern flows are not
• Ideally want both at once
• end-to-end protects data contents over entire
  path and provides authentication
• link protects traffic flows from monitoring

13
Traffic Analysis (2)

• Is monitoring of communications flows between
  parties
• useful both in military commercial spheres
• can also be used to create a covert channel
• Types of information that can be derived from a
  traffic analysis attack
• Identities of partners
• How frequently the partners are communicating
• Message pattern, message length, or quantity of
  messages that suggest important information is
  being exchanged
• The events that correlative with special
  conversations between particular partners.

14
Traffic Analysis (3)

• Link encryption approach
• Network-layer headers are encrypted, reducing the
  opportunity for traffic analysis.
• But it is still possible to access the amount of
  traffic on a network and to observe the amount of
  traffic entering and leaving each end system
• Countermeasure
• Traffic padding

15
Traffic Analysis (4)
Traffic-padding Encryption Device
16
Traffic Analysis (5)

• End-to-end encryption approach
• Encryption is implemented at the application the
  opponent can determine which transport entities
  are engaged in dialogue.
• Encryption is housed at the transport layer the
  network-layer address and traffic patterns remain
  accessible
• Countermeasure
• Pad out data units to a uniform length at either
  the transport or application level.
• The tactics deny an opponent knowledge about the
  amount of data exchanged between end users and
  obscure the underlying traffic pattern.

17
Key Distribution

• Symmetric schemes require both parties to share a
  common secret key
• Issue is how to distribute this key without
  allowing others to see the key.
• Often secure system failure due to a break in the
  key distribution scheme

18
Key Distribution

• Given parties A and B have various key
  distribution alternatives
• A can select key and physically deliver to B.
• A third party can select the key and physically
  deliver it to A and B.
• If A and B have previously and recently used a
  key, one party can transmit the new key to the
  other, encrypted using the old key.
• If A and B each has an encrypted connection to a
  third party C, C can deliver a key on the
  encrypted links to A and B.

19
Problems

• If end-to-end encryption is done at a network or
  IP level, then a key is needed for each pair of
  hosts.
• If there are N hosts, the number of required keys
  is
• N(N-1)/2.

20
The Use of Key Hierarchy
21
Key Distribution Scenario
22
Key Distribution Issues

• Hierarchical Key Control Hierarchies of KDCs
  required for large networks, but must trust each
  other
• Session Key Lifetime session key lifetimes
  should be limited for greater security
• Use of automatic key distribution on behalf of
  users, but must trust system
• Use of decentralized key distribution
• Controlling Key Usage

23
A Transparent Key Control Scheme
24
Decentralized Key Control

• The use of a key distribution center imposes the
  requirement that the KDC be trusted and be
  protected from subversion. This requirement can
  be avoid if key distribution is fully
  decentralized.

Disadvantage Needs a large amount of Master key
25
Controlling Key Usage (1)

• Associate a tag with each key (8-bits)
• One bit indicates whether the key is a session
  key or a master key.
• One bit indicates whether the key can be used for
  encryption.
• One bit indicates whether the key can be used for
  decryption.
• The remaining bits are spares for future use.

26
Controlling Key Usage (2)
Control Vector Technique
27
Controlling Key Usage (3)

• Encrypted session key
• Hash value H h(CV)
• Key input Km ? H
• Ciphertext Ekm ? HKs
• Decryption
• Ks Dkm ? HEkm ? HKs

28
Random Number Generation

• Many uses of random numbers in cryptography
• nonces in authentication protocols to prevent
  replay
• session keys generation
• public key generation
• Criteria
• Uniform distribution
• Independence
• No one value in the sequence can be inferred from
  the others
• Unpredictability

29
Natural Random Noise

• Best source is natural randomness in real world
• Find a regular but random event and monitor
• Do generally need special h/w to do this
• eg. radiation counters, radio noise, audio noise,
  thermal noise in diodes, leaky capacitors, gas
  discharge tubes etc.

30
Published Sources

• A few published collections of random numbers
• Rand Co, in 1955, published 1 million numbers
• generated using an electronic roulette wheel
• has been used in some cipher designs cf Khafre
• Earlier Tippett in 1927 published a collection
• Issues are that
• these are limited
• too well-known for most uses predictable

31
Pseudorandom Number Generators (PRNGs)

• Algorithmic technique to create random numbers
• Although not truly random, can pass many tests of
  randomness

32
Linear CongruentialGenerator

• Common iterative technique using
• Xn1 (aXn c) mod m
• Given suitable values of parameters can produce a
  long random-like sequence
• Suitable criteria to have are PARK88
• T1 function generates a full-period
• T2 generated sequence should appear random
• T3 efficient implementation with 32-bit
  arithmetic
• Note that an attacker can reconstruct sequence
  given a small number of values

33
Using Block Ciphers as Stream Ciphers

• Can use block cipher to generate numbers
• Use Counter Mode
• Xi EKmi
• Use Output Feedback Mode
• Xi EKmXi-1
• ANSI X9.17 PRNG
• uses date-time seed inputs and 3 triple-DES
  encryptions to generate new seed random

34
Cyclic Encryption
35
ANSI X9.17 PRNG
36
Blum Blum Shub (BBS) Generator

• Based on public key algorithms
• Use least significant bit from iterative
  equation
• X0 s2 mod n
• For i1 to ?
• Xi(Xi-1)2 mod n
• BiXi mod 2
• where np.q, and primes p,q3 mod 4
• Unpredictable, passes next-bit test
• Security rests on difficulty of factoring N
• Is unpredictable given any run of bits
• Slow, since very large numbers must be used
• Too slow for cipher use, good for key generation

37
Example of BBS