View
225
Download
1
Tags:
Embed Size (px)
Citation preview
Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems
Jen-Chang Liu, 2004
Adapted fromLecture slides by Lawrie Brown
Amongst the tribes of Central Australia every man, woman, and child has a secret or sacred name which is bestowed by the older men upon him or her soon after birth, and which is known to none but the fully initiated members of the group. The secret name is never mentioned …The native thinks that a stranger knowing his secret name would have special power to work him ill by means of magic.
-The Golden Bough, Sir James George Frazer
Motivation and outline symmetric encryption is used to
provide message confidentialityQ: Where to put the encryption
mechanism? How to distribute the secret key?
Placement of encryption function Traffic confidentiality Key distribution
Confidentiality using Symmetric Encryption 機密性
What to encrypt and where the encryption function should be located
consider typical scenario:
(1)Eavesdropping bymembers
(2) dial-in,then intrude
(3) Tap into wire
(4) Monitor traffic
Typical scenario and attacks
consider typical scenario workstations on LANs access other
workstations & servers on LAN LANs interconnected using switches/routers with external lines or radio/satellite links
consider attacks and placement in this scenario snooping from another workstation use dial-in to LAN or server to snoop use external router link to enter & snoop monitor and/or modify traffic one external
links
Placement of encryption have two major placement alternatives link encryption
encryption occurs independently on every link
implies must decrypt traffic between links requires many devices, but paired keys for
all links end-to-end encryption
encryption occurs between original source and final destination
need devices at each end with shared keys
Placement of encryption (cont.)
One sharedkey
One keyfor each link
Problems with routing In a packet-switching network, we need packet
header to route packets Link encryption: so packet must be decrypted
before routing Vulnerable at each switch node
End-to-end encryption: must leave headers in clear, so network can correctly route information
hence although contents protected, traffic pattern is not protected
ideally want both at once end-to-end protects data contents over entire
path and provides authentication link protects traffic flows from monitoring
Placement of encryption over OSI model
can place encryption function at various layers in OSI Reference Model
OSI model and packetization
Application levelencryption
TCP levelencryption Link level
encryption
Placement of encryption over OSI model (cont.)
Outline Placement of encryption function Traffic confidentiality Key distribution
Traffic Analysis In packet-switching network, the
packet header cannot be encrypted Traffic analysis is monitoring of
communications flows between parties Ex. know who is talking to whom in
military usage Traffic analysis reveals
Identities of partners How frequently the partners are
communicating Message pattern, message length,
quantity of messages, …
Defense against traffic analysis
link encryption obscures header details but overall traffic volumes in networks and
at end-points is still visible
Traffic padding
Outline Placement of encryption function Traffic confidentiality Key distribution
Model for Network Security
Key Distribution symmetric schemes require both
parties to share a common secret key issue is how to securely distribute this
key often secure system failure due to a
break in the key distribution scheme
Key Distribution methods given parties A and B have various
key distribution alternatives:1. A can select key and physically deliver to
B2. third party can select & physically deliver
key to A & B3. if A & B have communicated previously
can use previous key to encrypt a new key4. if A & B have secure communications with
a third party C, C can relay key between A & B
Not suitablefor largesystems
Initial distribution?
Scale of key distribution problem
A network with N hosts => N(N-1)/2 pairs
Node-level encryption N(N-1)/2
Application-level encryption 10 applications/node
Key distribution center (KDC)
Key distribution
center (KDC)
KDC shares a unique key (master key) with each user to distributesecret key (session key) between a pair of users: scale of key distribution problem reduces to N
EMK1 (Secret key)
Secret key Secret key
EMK2 (Secret key)
Key Distribution Scenariononce: an identifierthat differs for each request
Session key Identifier for A (ex. address)
Master key Ka Master key Kb
(avoid replay attack)
1. Verify the original request2. Avoid replay attack
Hierarchical key control
…
KDC
…
KDC
KDC
a b
Session key lifetime Short session key lifetime
Key exchanges frequently => more secure Long session key lifetime
Reduce key exchange time, and network capacity Two connection protocol
(session<connection) Connectionless protocol (ex. UDP, HTTP)
Not to use a new key for each session, use a given session key for a fixed period of time
Connection-oriented protocol (ex. TCP) The same key for the connection; or update the key
periodically if the connection has long lifetime
Transparent key control scheme
End-to-end encrypt at network (transport) layer, which is transparent to users
? No authentication
Front-end processor (FEP)
data
header
Decentralized key control KDC trusted? Decentralized: assume there is one
master key for each pair of end systems
shared master key
session key
Master key are used for a short time, cryptanalysis is difficult
Nonce for authentication
Introduction to public-key cryptosystems
Introduction to public-key cryptosystems
Recall: symmetric ciphers One secret key, shared by sender and
receivers (symmetric) Based on substitution and permutation Problem:
Key distribution Digital signature: a kind of signature used in
paper document
Deffie and Hellman proposed the public-key cryptosystem to address the above two problems in 1976
Preview of public-key systems
Features of public-key system Asymmetric: a public key and a private key Algorithm based on mathematical functions
Fallacies Public-key is more secure than symmetric
encryption Public-key encryption is a general-purpose
technique that will make symm. encrypt. obsolete
Key distribution is trivial is easier for public-key encryption than symmetric encryption
Public-key encryption One-key for encryption A different but related key for decryption
It is computational infeasible to determine the decryption key given the crypto. algorithm and the encryption key
Steps in public-key encryption
1. Each user generates a pair of keys for encryption and decryption(In RSA, these two keys can exchange 加解密皆
可 )
2. One key (public key) is announced publicly. The other key is kept private.
Q: key distribution problem? (Chap. 10)
3. Bob sends encrypted message to Alice using Alice’s public key.
4. Only Alice can decrypt the message using her private key.
Comparison between symmetric and public-key encryption
Math. formulation of public-key system
Y = EKU (X)b
X = DKR (Y)b
What E and D can achieve this?
Requirement for public-key cryptography
Diffie and Hellman (1976) proposed the system without the algorithm for E and D. They laid out the requirement: It is computationally easy to generate a pair of keys It is computationally easy for a sender to encrypt It is computationally easy for a receiver to decrypt It is computationally infeasible for an opponent,
knowing the public key, to determine the private key
It is computationally infeasible for an opponent, knowing the public key and ciphtertext, to recover the plaintext
Y = EKU (X)b
X = DKR (Y)b
The algorithms that satisfy public-key requirement
RSA (Rivest-Shamir-Adleman) 1978 Number theory
Elliptic curve cryptography
Trap-door one-way function
Public-key encryption is a one-way function Every function value has a unique inverse
domain targetY=f(X): easy
X=f-1 (Y): infeasible ( > polynomial time)
• It is hard to determine the complexity to compute the inverse• Not a traditionally complexity problem, which focuses on the worst-case or average-case complexity
Trap-door one-way function (cont.)
Open a trap-door using the private key…
domain targetY=f(X): easy
X=f-1 (Y): infeasible ( > polynomial time)
X=fK-1 (Y): easy if trap-door K is known
( ~ polynomial time)
Public-key system for authentication 身份認證
Recall: the problem of digital signature
• Only Bob has the private keyto encrypt !!!
(server asdigital signature)
Authentication issues (Chap. 13)
Encrypt entire message? No necessary. Encrypt the authenticator: a
small block of bits that is a function of the document
Change of document will change the authenticator
Digital signature is confidential? No. Any one who has the public-key can
decrypt What to do? => double use of the public-key
system
Public-key system for both confidentiality and authentication
Public-key cryptanalysis Brute-force attack: search the private
key Solution: use large keys Tradeoffs: complexity of encrypt/decrypt
using large keys security using large keys Public-key system are currently too slow for
general-purpose use, only used for key management and signature application
Compute private key given the public key Not proved to be infeasible
Public-key cryptanalysis (cont.)
Probable-message attack Ex. encrypt 56-bit DES key
Public-keyencryption
56-bitDES key C
Public-key
Attack:
Public-keyencryption
C1
Public-key
000…000000…001000…010000…011….111…111
Try allDES Key
C2
C3
…
Ck= C
Solution: append thingsin the plaintext