CONFIDENTIALY USING CONVENTIONAL ENCRYPTION - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION

Description:

Both Link and End-to-End. Front-End Processor Function. E-mail Gateway. OSI email gateway TCP. no end-to-end protocol below appl. layer. networks terminate at mail ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 27
Provided by: matthew124
Category:

less

Transcript and Presenter's Notes

Title: CONFIDENTIALY USING CONVENTIONAL ENCRYPTION


1
CONFIDENTIALY USING CONVENTIONAL
ENCRYPTION
Chapter 7
  • Historically Conventional Encryption
  • Recently Authentication, Integrity,
    Signature, Public-key
  • Link
  • End-to-End
  • Traffic-Analysis
  • Key Distribution
  • Random Number Generation

2
Points of Vulnerability
3
Link / End-to-End
4
Confidentiality
  • Link
  • - both ends of link
  • - many encryps / decryps - all links
    use it
  • - decrypt at packet switch (read
    addr.)
  • - unique key / node pair
  • End- to-End
  • - only at ends
  • - data encrypted, not address
    (header)
  • - one key pair
  • - traffic pattern insecure
  • - authentication from sender

5
Characteristics of Link and End-to-End
Table 7.1
6
Both Link and End-to-End
  • - Data secure at nodes
  • - Authentication
  • LINK low level
    (physical/link)
  • END-TO-END network (X.25)
  • ? End0
  • ? End1
    (ends separately
  • ? End2
    protected)

7
Front-End Processor Function
8
E-mail Gateway
9
E-mail Gateway
  • OSI ?? email gateway ?? TCP
  • no end-to-end protocol below appl. layer
  • networks terminate at mail gateway
  • mail gateway sets up new transport/network

  • connections
  • need end-to-end encryp. at appl. Layer
  • - disadvantage many keys

10
Various Encryption Strategies
11
Traffic Confidentiality
  • Identities
  • Message Frequency
  • Message Pattern
  • Event Correlation
  • Covert Channel
  • Link
  • Headers encrypted
  • Traffic padding (Fig 7.6)
  • End-to-End
  • Pad data
  • Null messages

12
Traffic Padding
13
KEY DISTRIBUTION
  • Physically deliver
  • Third party physically select/deliver
  • EKold(Knew) ?
  • 4. End-to-End(KDC)
  • A EKA(Knew) ? C
    ?EKB(Knew) B
  • N hosts ? (N)choose(2) keys Fig 7.7
  • KDC Key hierarchy Fig 7.8
  • Session Key temporary end
    ? end
  • Only N master keys physical delivery

14
End-to-End Keys
15
Key Hierarchy
16
KEY DISTRIBUTION SCENARIO
17
KEY DISTRIBUTION
User shares Master Key with KDC Steps 1-3
Key Distribution Steps 3,4,5 Authentication
18
Key Distribution Centre (KDC)
Hierarchy
LOCAL KDCs
KDCX KDCA KDCB
A
B Key selected by KDCA, KDCB, or KDCX
19
LIFETIME
Shorter Lifetime ? Highter Security ?
Reduced Capacity Connection-oriented
- change session key
periodically Connectionless
- new key every exchange
or transactions or after time
period
20
Key Distribution (connection-oriented)
End-to-End (X.25,TCP), FEP obtains session keys
21
Decentralised Key Control
Not practical for large networks - avoids
trusted third party
22
KEY USAGE
key types Data, PIN, File key tags
Session/Master/Encryp/Decryp Control
Vector associate session key with control
vector (Fig 7.12)
23
Control Vector Encryp. and Decryp.
24
PRNG From Counter
25
ANSI X9.17 PRNG
26
Random Number Generation
  • Linear Congruential Generator
  • Xn1 (aXn c) mod m
  • Encryption DES (OFB) (Fig 7.14)
  • Blum Blum Shub (BBS)
  • X0 s2 mod n
  • for i 1 to infinity
  • Xi (Xi-1)2 mod n
  • Bi Xi mod 2
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CONFIDENTIALY USING CONVENTIONAL ENCRYPTION " is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!