Placement of Encryption Function

1
Placement of Encryption Function

• Lecture 3

2
Points of Vulnerability

• Adversary can eavesdrop from a machine on the
  same LAN
• Adversary can eavesdrop by dialing into
  communication server
• Adversary can eavesdrop by gaining physical
  control of part of external links
• twisted pair, coaxial cable, or optical fiber
• radio or satellite links

3
(No Transcript)
4
Confidentiality using Symmetric Encryption

• have two major placement alternatives
• link encryption
• encryption occurs independently on every link
• All traffic over all communication links is
  secured
• implies must decrypt traffic between links
  because the switch must read the address in the
  packet header
• Each pair of nodes that share a unique key, with
  a different key used on each link, many keys.
• Message is vulnerable at each switch
• If working with a public network, the user has
  not control over the security of the nodes

5
Confidentiality using Symmetric Encryption

• end-to-end encryption
• encryption occurs between original source and
  final destination
• need devices at each end with shared keys
• Secure the transmission against attacks on the
  network links or switches
• end-to-end principle
• What part of each packet will the host encrypt?
  Header or user data?
• A degree of authentication, only alleged sender
  shares the relevant key

6
(No Transcript)
7
Placement of Encryption

• Can place encryption function at various layers
  in OSI Reference Model
• link encryption occurs at layers 1 or 2
• end-to-end can occur at layers 3, 4, 6, 7
• If move encryption toward higher layer
• less information is encrypted but is more secure
• application layer encryption is more complex,
  with more entities and need more keys

8
Scope of Encryption
9
Traffic Analysis

• is monitoring of communications flows between
  parties
• useful both in military commercial spheres
• can also be used to create a covert channel
• link encryption obscures header details
• but overall traffic volumes in networks and at
  end-points is still visible
• traffic padding can further obscure flows
• but at cost of continuous traffic

10
Traffic Analysis

• when using end-to-end encryption must leave
  headers in clear
• so network can correctly route information
• hence although contents protected, traffic
  pattern flows are not
• ideally want both at once
• end-to-end protects data contents over entire
  path and provides authentication
• link protects traffic flows from monitoring

11
Key Distribution Center
12
Symmetric Cryptographic System
M K
cryptanalysis
Eve
M
C
M
encryption
decryption
Bob
Alice
K
Secure channel
key

• Alice sender
• Bob receiver
• Eve eavesdropper / Oscar opponent
• Alice and Bob are the celebrities in cryptography.

• Ciphertext C EK(M) Plaintext M EK-1(C)
• One of the greatest difficulties key management
• Algorithms DES, CAST, IDEA, RC2/4/5 (Rivests
  Code), AES,

13
Symmetric Key Management

• Each pair of communicating entities needs a
  shared key
• Why?
• For a n-party system, there are n(n-1)/2 distinct
  keys in the system and each party needs to
  maintain n-1 distinct keys.
• How to reduce the number of shared keys in the
  system
• Centralized key management
• Public keys

K1
K4
K2
K3
K5
K6
K8
K7
K9
K10
14
Centralized Key Management
Online Central Server
K2
K1
session key
Alice
Bob

• Only n keys, instead of n(n-1)/2 in the system.
• Central server may become the single-point-of-fail
  ure of the entire system and the performance
  bottleneck.

15
Key Distribution

• symmetric schemes require both parties to share a
  common secret key
• issue is how to securely distribute this key
• often secure system failure due to a break in the
  key distribution scheme

16
Key Distribution

• given parties A and B have various key
  distribution alternatives
• A can select key and physically deliver to B
• third party can select deliver key to A B
• if A B have communicated previously can use
  previous key to encrypt a new key
• if A B have secure communications with a third
  party C, C can relay key between A B

17
Key Distribution Scenario
18
Key Distribution Issues

• hierarchies of KDCs required for large networks,
  but must trust each other
• session key lifetimes should be limited for
  greater security
• controlling purposes keys are used for
• lots of keys to keep track of
• binding management information to key

19
Key Distribution Center (KDC)
Q How does KDC allow Bob, Alice to determine
shared symmetric secret key to communicate with
each other?
KDC generates R1
KA-KDC(A,B)
KA-KDC(R1, KB-KDC(A,R1) )
Alice knows R1
Bob knows to use R1 to communicate with Alice
KB-KDC(A,R1)
Alice and Bob communicate using R1 as session
key for shared symmetric encryption