Scribd
Upload
3K views19 pages

Placement of Encryption Function: v0.0 CPSC415 Biometrics and Cryptography 1

This document discusses different approaches to encryption in network communication. It describes link encryption, where each network link is encrypted separately, requiring keys for each link, and end-to-end encryption, where only the endpoints are encrypted using a shared key. End-to-end encryption better secures the transmission but leaves traffic patterns visible. The document also covers key distribution challenges for symmetric encryption and how a key distribution center can help distribute keys to allow communication between two parties.

Uploaded by

Harsh Parikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
3K views19 pages

Placement of Encryption Function: v0.0 CPSC415 Biometrics and Cryptography 1

This document discusses different approaches to encryption in network communication. It describes link encryption, where each network link is encrypted separately, requiring keys for each link, and end-to-end encryption, where only the endpoints are encrypted using a shared key. End-to-end encryption better secures the transmission but leaves traffic patterns visible. The document also covers key distribution challenges for symmetric encryption and how a key distribution center can help distribute keys to allow communication between two parties.

Uploaded by

Harsh Parikh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd

Placement of Encryption Function

Lecture 3

v0.0

CPSC415 Biometrics

Points of Vulnerability
Adversary can eavesdrop from a machine
on the same LAN
Adversary can eavesdrop by dialing into
communication server
Adversary can eavesdrop by gaining
physical control of part of external links
twisted pair, coaxial cable, or optical fiber
radio or satellite links

v0.0

CPSC415 Biometrics

v0.0

CPSC415 Biometrics

Confidentiality using Symmetric


Encryption
have two major placement alternatives
link encryption

encryption occurs independently on every link


All traffic over all communication links is secured
implies must decrypt traffic between links because the
switch must read the address in the packet header
Each pair of nodes that share a unique key, with a
different key used on each link, many keys.
Message is vulnerable at each switch
If working with a public network, the user has not
control over the security of the nodes

v0.0

CPSC415 Biometrics

Confidentiality using Symmetric


Encryption
end-to-end encryption

encryption occurs between original source and


final destination
need devices at each end with shared keys
Secure the transmission against attacks on the
network links or switches
end-to-end principle
What part of each packet will the host encrypt?
Header or user data?
A degree of authentication, only alleged sender
shares the relevant key

v0.0

CPSC415 Biometrics

v0.0

CPSC415 Biometrics

Placement of Encryption
Can place encryption function at various
layers in OSI Reference Model
link encryption occurs at layers 1 or 2
end-to-end can occur at layers 3, 4, 6, 7

If move encryption toward higher layer


less information is encrypted but is more
secure
application layer encryption is more complex,
with more entities and need more keys

v0.0

CPSC415 Biometrics

Scope of Encryption

v0.0

CPSC415 Biometrics

Traffic Analysis
is monitoring of communications flows
between parties

useful both in military & commercial spheres


can also be used to create a covert channel

link encryption obscures header details

but overall traffic volumes in networks and at


end-points is still visible

traffic padding can further obscure flows


but at cost of continuous traffic

v0.0

CPSC415 Biometrics

Traffic Analysis
when using end-to-end encryption must
leave headers in clear

so network can correctly route information

hence although contents protected,


traffic pattern flows are not
ideally want both at once

end-to-end protects data contents over


entire path and provides authentication
link protects traffic flows from monitoring

v0.0

CPSC415 Biometrics

10

Key Distribution Center

v0.0

CPSC415 Biometrics

11

Symmetric Cryptographic System


cryptanalysis
M

encryption

Alice

decryption

Bob

K
key

Eve

M
K

Secure channel

Alice: sender
Bob: receiver
Eve: eavesdropper / Oscar : opponent
Alice and Bob are the celebrities in cryptography.

Ciphertext C = EK(M); Plaintext M = EK-1(C)


One of the greatest difficulties: key management
Algorithms: DES, CAST, IDEA, RC2/4/5 (Rivests Code), AES,

v0.0

CPSC415 Biometrics

12

Symmetric Key Management


Each pair of communicating entities needs a shared key
Why?
For a n-party system, there are n(n-1)/2 distinct keys in the system
and each party needs to maintain n-1 distinct keys.

How to reduce the number of shared keys in the system


Centralized key management
Public keys
K4

K1

K5
K7

K2

K6

K3
K8
K9

K10

v0.0

CPSC415 Biometrics

13

Centralized Key Management


Online Central Server

K2

K1
session key
Alice

Bob

Only n keys, instead of n(n-1)/2 in the system.


Central server may become the single-point-of-failure of the
entire system and the performance bottleneck.

v0.0

CPSC415 Biometrics

14

Key Distribution
symmetric schemes require both
parties to share a common secret key
issue is how to securely distribute
this key
often secure system failure due to a
break in the key distribution scheme

v0.0

CPSC415 Biometrics

15

Key Distribution

given parties A and B have various


key distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use
previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B

v0.0

CPSC415 Biometrics

16

Key Distribution Scenario

v0.0

CPSC415 Biometrics

17

Key Distribution Issues


hierarchies of KDCs required for large
networks, but must trust each other
session key lifetimes should be limited
for greater security
controlling purposes keys are used for
lots of keys to keep track of
binding management information to key

v0.0

CPSC415 Biometrics

18

Key Distribution Center (KDC)


Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?
KDC
generates
R1

KA-KDC(A,B)
Alice
knows
R1

KA-KDC(R1, KB-KDC(A,R1) )
KB-KDC(A,R1)

Bob knows to
use R1 to
communicate
with Alice

Alice and Bob communicate: using R1 as


session key for shared symmetric encryption
v0.0

CPSC415 Biometrics

19

You might also like