Documente Academic
Documente Profesional
Documente Cultură
SMU
CSE 5349/7349
End-to-end
Carried out at the end systems Can encrypt only the data portion and not the header
SMU CSE 5349/7349
For e-t-e, must generate and distribute many keys, often in real time
SMU
CSE 5349/7349
Logical Placement
Application layer Transport layer Network layer Link layer
SMU
CSE 5349/7349
Traffic Analysis
Both techniques hide user data (payload) Link encryption
Hides address information Buffers clear data in each node
E-T-E encryption
Leaves addresses in the clear No need to buffer decrypted payload
Traffic Analysis
Identities of communicating partners Frequency of communication Message patterns, e.g., length, quantity, (encrypted) content Correlation between messages and real world events Can (sometimes) be defeated through traffic padding
SMU CSE 5349/7349
Covert Channels
Essentially, the dual of traffic analysis Usually intended to violate or defeat a security policy Examples Message length Message content Message presence
SMU
CSE 5349/7349
Key Distribution
Most important component in secure transmission. Options: (between A and B).
A selects a key and physically delivers it to B. A trusted third party key distribution center (KDC) selects a key and physically delivers it to A and B. If A and B already have have a viable key, it can be used to distribute a new key. If A and B have a secure link to KDC, can receive the key through that channel.
CSE 5349/7349
SMU
SMU
Decentralized Distribution
No need for KDC to be trusted and protected Any two nodes can establish a session key Needs n(n-1)/2 master keys Can generate any number of session keys Key distribution protocol
SMU
CSE 5349/7349
SMU
CSE 5349/7349
SMU
CSE 5349/7349
Public-Key Authority
Public-key authority (1) Request|T1 (4) Request|T2
A (7) EKe_b[N2]
SMU
(6) EKe_a[N1|N2]
CSE 5349/7349
Public-Key Certificates
A certificate contains a public key and other information
Created by a certificate authority Given to the participant with the matching private key
CB= EKd_auth[T2, IDB, Ke_b] Ke_a CA= EKd_auth[T1, IDA, Ke_a] (1) CA A (2) CB B
B does: DKe_auth(CA)= DKe_auth(EKd_auth[T1, IDA, Ke_a]) = (T1, IDA, Ke_a), hence gets the public key of A
SMU CSE 5349/7349
(2) EKu_a[Ks]
CSE 5349/7349
SMU
CSE 5349/7349
Diffie-Hellman KE
Public information: p is a prime number g is a generating element of Zp Alices
Bobs
Private Key : a Public Key : ga mod p Private Key : b Public Key : gb mod p
CSE 5349/7349
SMU
DH Key Exchange
Key Exchange: Alice obtains gb and computes (gb)a = gab mod p = ks Bob obtains ga and computes (ga)b = gab mod p = ks Alice and Bob have agreed upon key ks The well-known man-in-the-middle attack exploits the lack of authentication
SMU CSE 5349/7349
Diffie-Hellman Scheme
Security factors
Discrete logarithm very difficult. Shared key (the secret) itself never transmitted.
Disadvantages:
Expensive exponential operation The scheme itself cannot be used to encrypt anything it is for secret key establishment. No authentication, so you can not sign anything
SMU
CSE 5349/7349
Man-In-The-Middle Attack
Alice ga=123 123 --> Eve Bob ge =654 gb =255 654 --> <--654 <--255 gae geb Eve plays Bob to Alice and Alice to Bob
SMU CSE 5349/7349
Authenticated DH
Alice sends ga mod p to Bob and Bob computes kB = (ga )b mod p. Bob sends gb mod p and SB(gb, ga) and his certificate to Alice Alice computes kA = (gb )a mod p. Finally, Alice sends ga mod p and SA(ga, gb) and his certificate to Bob
SMU
CSE 5349/7349
Key Generation
Manual selection not good Using pass-phrase Random generation
PRNG Standards
SMU
CSE 5349/7349
How do we know?
SMU
CSE 5349/7349
Typical Implementation
SMU
CSE 5349/7349
Cryptographic PRNGs
RNG from a counter ANSI X9.17 PRNG
2 pr inputs 3 Triple DES encryption