NC7201 Communication. Dr.G.A.Sathish Kumar Professor EC

Similar documents
Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 7. Fourth Edition by William Stallings

Chapter 6: Contemporary Symmetric Ciphers

Network Security Essentials Chapter 2

Double-DES, Triple-DES & Modes of Operation

Chapter 6 Contemporary Symmetric Ciphers

CENG 520 Lecture Note III

KEY DISTRIBUTION AND USER AUTHENTICATION

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Crypto Basics. Recent block cipher: AES Public Key Cryptography Public key exchange: Diffie-Hellmann Homework suggestion

Cryptography and Network Security

Cryptography and Network Security

Network Security Essentials

T Cryptography and Data Security

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

Key Management and Distribution

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security 3/23/18

Data Encryption Standard (DES)

Information Security CS526

T Cryptography and Data Security

Chapter 3 Block Ciphers and the Data Encryption Standard

CS6701- CRYPTOGRAPHY AND NETWORK SECURITY UNIT 2 NOTES

Network Security Essentials

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Lecture 1 Applied Cryptography (Part 1)

CSC 474/574 Information Systems Security

Key Management and Distribution

U-II BLOCK CIPHER ALGORITHMS

Symmetric Encryption Algorithms

Darshan Institute of Engineering & Technology Page Information Security (IS) UNIT-2 Conventional Encryption Techniques

Winter 2011 Josh Benaloh Brian LaMacchia

Symmetric Encryption. Thierry Sans

Secret Key Cryptography

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

3 Symmetric Cryptography

Cryptography and Network Security. Sixth Edition by William Stallings

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Cryptography MIS

Security. Communication security. System Security

Block Cipher Operation. CS 6313 Fall ASU

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Information Security CS526

Practical Aspects of Modern Cryptography

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Symmetric Key Cryptography

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Cryptography and Network Security

Symmetric Cryptography CS461/ECE422

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

CIS 4360 Secure Computer Systems Symmetric Cryptography

Stream Ciphers. Stream Ciphers 1

Chapter 7 Public Key Cryptography and Digital Signatures

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Summary on Crypto Primitives and Protocols

ECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Secret Key Cryptography

(2½ hours) Total Marks: 75

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

This chapter continues our overview of public-key cryptography systems (PKCSs), and begins with a description of one of the earliest and simplest

ICT 6541 Applied Cryptography. Hossen Asiful Mustafa

CPSC 467: Cryptography and Computer Security

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Stream Ciphers An Overview

Content of this part

CSCI 454/554 Computer and Network Security. Topic 3.1 Secret Key Cryptography Algorithms

Goals of Modern Cryptography

Cryptography Functions

Symmetric Cryptography. Chapter 6

Overview of Security Principles

Computer Security: Principles and Practice

Computer Security CS 526

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Chapter 9. Public Key Cryptography, RSA And Key Management

Content of this part

Cryptography (Overview)

CSE 127: Computer Security Cryptography. Kirill Levchenko

Encryption. INST 346, Section 0201 April 3, 2018

Cryptography and Network Security Chapter 3. Modern Block Ciphers. Block vs Stream Ciphers. Block Cipher Principles

Cryptographic Algorithms - AES

AIT 682: Network and Systems Security

Key Management and Distribution

IDEA, RC5. Modes of operation of block ciphers

Spring 2010: CS419 Computer Security

EEC-484/584 Computer Networks

Homework 2. Out: 09/23/16 Due: 09/30/16 11:59pm UNIVERSITY OF MARYLAND DEPARTMENT OF ELECTRICAL AND COMPUTER ENGINEERING

ENGI 8868/9877 Computer and Communications Security III. BLOCK CIPHERS. Symmetric Key Cryptography. insecure channel

Computer and Data Security. Lecture 3 Block cipher and DES

Week 5: Advanced Encryption Standard. Click

HOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)

Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard

Acronyms. International Organization for Standardization International Telecommunication Union ITU Telecommunication Standardization Sector

Solutions to exam in Cryptography December 17, 2013

Transcription:

NC7201 Communication Network Security Dr.G.A.Sathish Kumar Professor EC

Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable." Talking to Strange Men, Ruth Rendell

Origins clear a replacement for DES was needed have theoretical attacks that can break it have demonstrated exhaustive key search attacks can use Triple-DES but slow, has small blocks US NIST issued call for ciphers in 1997 15 candidates accepted in Jun 98 5 were shortlisted in Aug-99 Rijndael was selected as the AES in Oct-2000 issued as FIPS PUB 197 standard in Nov-2001

The AES Cipher -Rijndael designed by Rijmen-Daemen in Belgium has 128/192/256 bit keys, 128 bit data an iterative rather than feistel cipher processes data as block of 4 columns of 4 bytes operates on entire data block in every round designed to be: resistant against known attacks speed and code compactness on many CPUs design simplicity

AES Encryption Process

AES Structure datablockof4columnsof4bytesisstate keyisexpandedtoarrayofwords has 9/11/13 rounds in which state undergoes: bytesubstitution(1s-boxusedoneverybyte) shift rows(permute bytes between groups/columns) mix columns(subs using matrix multiply of groups) addroundkey(xorstatewithkeymaterial) viewasalternatingxorkey&scrambledatabytes initial XOR key material& incomplete last round with fast XOR& table lookup implementation

AES Structure

Some Comments on AES 1. an iterative rather than feistel cipher 2. key expanded into array of 32-bit words 1. four words form round key in each round 3. 4 different stages are used as shown 4. has a simple structure 5. only AddRoundKey uses key 6. AddRoundKey a form of Vernam cipher 7. each stage is easily reversible 8. decryption uses keys in reverse order 9. decryption does recover plaintext 10.final round has only 3 stages

Substitute Bytes asimplesubstitutionofeachbyte uses one table of 16x16 bytes containing a permutation of all 256 8-bit values eachbyteofstateisreplacedbybyteindexedbyrow (left 4-bits)& column(right 4-bits) eg.byte{95}isreplacedbybyteinrow9column5 whichhasvalue{2a} S-box constructed using defined transformation of valuesingf(2 8 ) designedtoberesistanttoallknownattacks

Substitute Bytes

Substitute Bytes Example

Shift Rows a circular byte shift in each each 1 st row is unchanged 2 nd row does 1 byte circular shift to left 3rd row does 2 byte circular shift to left 4th row does 3 byte circular shift to left decrypt inverts using shifts to right since state is processed by columns, this step permutes bytes between the columns

Shift Rows

Mix Columns each column is processed separately each byte is replaced by a value dependent on all 4 bytes in the column 8 effectively a matrix multiplication in GF(2 8 ) using prime poly m(x) =x 8 +x 4 +x 3 +x+1

Mix Columns

Mix Columns Example

AES Arithmetic uses arithmetic in the finite field GF(2 8 ) with irreducible polynomial m(x) = x 8 + x 4 + x 3 + x + 1 which is (100011011) or {11b} e.g. {02} {87} mod {11b} = (1 0000 1110) mod {11b} = (1 0000 1110) xor (1 0001 1011) = (0001 0101)

Mix Columns can express each colas 4 equations to derive each new byte in col decryption requires use of inverse matrix with larger coefficients, hence a little harder have an alternate characterisation each column a 4-term polynomial with coefficients in GF(2 8 ) and polynomials multiplied modulo (x 4 +1) coefficients based on linear code with maximal distance between codewords

Add Round Key XOR state with 128-bits of the round key again processed by column (though effectively a series of byte operations) inverse for decryption identical since XOR own inverse, with reversed keys designed to be as simple as possible a form of Vernam cipher on expanded key requires other stages for complexity / security

Add Round Key

AES Round

AES Key Expansion takes 128-bit (16-byte) key and expands into array of 44/52/60 32-bit words startbycopyingkeyintofirst4words then loop creating words that depend on valuesinprevious&4placesback in3of4casesjustxorthesetogether 1 st word in 4 has rotate + S-box + XOR round constantonprevious,beforexor4 th back

AES Key Expansion

Key Expansion Rationale designed to resist known attacks design criteria included knowing part key insufficient to find many more invertible transformation fastonwiderangeofcpu s use round constants to break symmetry diffusekeybitsintoroundkeys enough non-linearity to hinder analysis simplicity of description

AES Example Key Expansion

AES Example Encryption

AES Example Avalanche

AES Decryption AES decryption is not identical to encryption since steps done in reverse but can define an equivalent inverse cipher with steps as for encryption butusinginversesofeachstep with a different key schedule works since result is unchanged when swap byte substitution& shift rows swapmixcolumns&add(tweaked)roundkey

AES Decryption

Implementation Aspects can efficiently implement on 8-bit CPU byte substitution works on bytes using a table of 256 entries shiftrowsissimplebyteshift addroundkeyworksonbytexor s mix columns requires matrix multiply in GF(2 8 ) which works on byte values, can be simplified to usetablelookups&bytexor s

Implementation Aspects can efficiently implement on 32-bit CPU redefine steps to use 32-bit words can precompute 4 tables of 256-words theneachcolumnineachroundcanbecomputed using4tablelookups+4xors atacostof4kbtostoretables designers believe this very efficient implementation was a key factor in its selection as the AES cipher

Multiple Encryption & DES clearareplacementfordeswasneeded theoretical attacks that can break it demonstrated exhaustive key search attacks AESisanewcipheralternative prior to this alternative was to use multiple encryption with DES implementations Triple-DES is the chosen form

Double-DES? could use 2 DES encrypts on each block C = E K2 (E K1 (P)) issue of reduction to single stage and have meet-in-the-middle attack works whenever use a cipher twice since X = E K1 (P) = D K2 (C) attack by encrypting P with all keys and store then decrypt C with keys and match X value can show takes O(2 56 )steps

Triple-DES with Two-Keys hence must use 3 encryptions would seem to need 3 distinct keys but can use 2 keys with E-D-E sequence C = E K1 (D K2 (E K1 (P))) nb encrypt & decrypt equivalent in security if K1=K2then can work with single DES standardized in ANSI X9.17 & ISO8732 no current known practical attacks several proposed impractical attacks might become basis of future attacks

Triple-DES with Three-Keys although are no practical attacks on two-key Triple-DES have some indications can use Triple-DES with Three-Keys to avoid even these C = E K3 (D K2 (E K1 (P))) has been adopted by some Internet applications, eg PGP, S/MIME

Blowfish a symmetric block cipher designed by Bruce Schneier in 1993/94 characteristics fast implementation on 32-bit CPUs compactinuseofmemory simple structure eases analysis/ implemention variable security by varying key size has been implemented in various products

Blowfish Key Schedule uses a 32 to 448 bit key used to generate 18 32-bit subkeysstored in K-array K j four 8x32 S-boxes stored in S i,j key schedule consists of: initialize P-array and then 4 S-boxes using pi XOR P-array with key bits (reuse as needed) loop repeatedly encrypting data using current P & S and replace successive pairs of P then S values requires 521 encryptions, hence slow in rekeying

Blowfish Encryption uses two primitives: addition & XOR data is divided into two 32-bit halves L 0 & R 0 for i = 1 to 16 do R i = L i-1 XOR P i ; L i = F[R i ] XOR R i-1 ; L 17 = R 16 XOR P 18 ; R 17 = L 16 XOR i 17 ; where F[a,b,c,d] = ((S 1,a + S 2,b ) XOR S 3,c ) + S 4,a

Discussion key dependent S-boxes and subkeys, generated using cipher itself, makes analysis very difficult changing both halves in each round increases security provided key is large enough, brute-force key search is not practical, especially given the high key schedule cost

RC5 a proprietary cipher owned by RSADSI designed by Ronald Rivest (of RSA fame) used in various RSADSI products can vary key size / data size / no rounds very clean and simple design easy implementation on various CPUs yet still regarded as secure

RC5 Ciphers RC5 is a family of ciphers RC5-w/r/b w = word size in bits (16/32/64) nb data=2w r = number of rounds (0..255) b = number of bytes in key (0..255) nominal version is RC5-32/12/16 ie 32-bit words so encrypts 64-bit data blocks using 12 rounds with 16 bytes (128-bit) secret key

RC5 Key Expansion RC5 uses 2r+2 subkey words(w-bits) subkeys are stored in array S[i], i=0..t-1 thenthekeyscheduleconsistsof initializing S to a fixed pseudorandom value, based onconstantseandphi the byte key is copied (little-endian) into a c-word array L amixing operation then combines L and S to form thefinalsarray

RC5 Encryption split input into two halves A & B L 0 = A + S[0]; R 0 = B + S[1]; for i = 1 to r do L i = ((L i-1 XOR R i-1 ) <<< R i-1 ) + S[2 x i]; R i = ((R i-1 XOR L i ) <<< L i ) + S[2 x i + 1]; each round is like 2 DES rounds note rotation is main source of non-linearity need reasonable number of rounds (eg 12-16)

RC5 Modes RFC2040defines4modesusedbyRC5 RC5BlockCipher,isECBmode RC5-CBC,isCBCmode RC5-CBC-PAD, is CBC with padding by bytes with value being the number of padding bytes RC5-CTS, a variant of CBC which is the same size as the original message, uses ciphertext stealing to keep size same as original

Stream Ciphers processmessagebitbybit(asastream) have a pseudo random keystream combined(xor) with plaintext bit by bit randomness of stream key completely destroys statistically properties in message C i = M i XOR StreamKey i but must never reuse stream key otherwise can recover messages(cf book cipher)

Stream Cipher Structure

Stream Cipher Properties some design considerations are: long period with no repetitions statistically random depends on large enough key large linear complexity properly designed, can be as secure as a block cipher with same size key but usually simpler& faster

RC4 aproprietarycipherownedbyrsadsi another Ron Rivest design, simple but effective variable key size, byte-oriented stream cipher widely used(web SSL/TLS, wireless WEP/WPA) key forms random permutation of all 8-bit values uses that permutation to scramble input info processedabyteatatime

RC4 Key Schedule starts with an array S of numbers: 0..255 use key to well and truly shuffle S forms internal stateof the cipher for i = 0 to 255 do S[i] = i T[i] = K[i mod keylen]) j = 0 for i = 0 to 255 do j = (j + S[i] + T[i]) (mod 256) swap (S[i], S[j])

RC4 Encryption encryption continues shuffling array values sum of shuffled pair selects"stream key" value from permutation XOR S[t] with next byte of message to en/decrypt i = j = 0 for each message byte M i i = (i + 1) (mod 256) j = (j + S[i]) (mod 256) swap(s[i], S[j]) t = (S[i] + S[j]) (mod 256) C i = M i XOR S[t]

RC4 Overview

RC4 Security claimed secure against known attacks have some analyses, none practical result is very non-linear sincerc4isastreamcipher,mustneverreuse akey have a concern with WEP, but due to key handling rather than RC4 itself

Motivation and outline symmetric encryption is used to provide message confidentiality Q: Where to put the encryption mechanism? How to distribute the secret key? Placement of encryption function Traffic confidentiality Key distribution

Confidentiality using Symmetric Encryption Whatto encrypt and wherethe encryption function should be located (4) Monitor traffic consider typical scenario: (2) dial-in, then intrude (3) Tap into wire (1) Eavesdropping by members

Typical scenario and attacks consider typical scenario workstations on LANs access other workstations & servers on LAN LANs interconnected using switches/routers with external lines or radio/satellite links consider attacks and placement in this scenario snooping from another workstation usedial-intolanorservertosnoop useexternalrouterlinktoenter&snoop monitor and/or modify traffic one external links

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario workstations on LANs access other workstations & servers onlan LANs interconnected using switches/routers with external lines or radio/satellite links consider attacks and placement in this scenario snooping from another workstation usedial-intolanorservertosnoop useexternalrouterlinktoenter&snoop monitor and/or modify traffic one external links

Confidentiality using Symmetric Encryption have two major placement alternatives link encryption encryption occurs independently on every link implies must decrypt traffic between links requires many devices, but paired keys end-to-end encryption encryption occurs between original source and final destination needdevicesateachendwithsharedkeys

Confidentiality using Symmetric Encryption Which part to encrypt in a PSN Packet switching network traditionally symmetric encryption is used to provide message confidentiality Vulnerable points: snooping, monitoring or modifying by using another workstation dial-intolanorserverorexternalrouter by physically taping line in wiring closet end-to-end encryption (shared keys): protects data between source and destination, needs devices at each end. link encryption, (paired keys): protects traffic monitoring, is considered over every link, requires many devices, End[Link[]Link]End

Confidentiality using Symmetric Encryption Which part to encrypt in a PSN Packet switching network PSN

Confidentiality using Symmetric Encryption have two major placement alternatives linkencryption encryption occurs independently on every link implies must decrypt traffic between links requires many devices, but paired keys end-to-endencryption encryption occurs between original source and final destination needdevicesateachendwithsharedkeys

Placement of encryption have two major placement alternatives link encryption encryption occurs independently on every link implies must decrypt traffic between links requiresmanydevices,butpairedkeysforalllinks end-to-end encryption encryption occurs between original source and final destination needdevicesateachendwithsharedkeys

Placement of encryption (cont.) One key for each link One shared key

Problems with routing In a packet-switching network, we need packet header to route packets Link encryption: so packet must be decrypted before routing Vulnerable at each switch node End-to-end encryption: must leave headers in clear, so network can correctly route information hence although contents protected, traffic pattern is not protected ideallywantbothatonce end-to-end protects data contents over entire path and provides authentication link protects traffic flows from monitoring

Placement of Encryption can place encryption function at various layers in OSI Reference Model linkencryptionoccursatlayers1or2 end-to-endcanoccuratlayers3,4,6,7 as move higher less information is encrypted but it is more secure though more complex with more entities and keys

Placement of encryptionover OSI model can place encryption function at various layers in OSI Reference Model

OSI model and packetization Application level encryption TCP level encryption Link level encryption

Placement of encryptionover OSI model (cont.)

Placement of Encryption in the various levels of OSI Encapsulation Model (b) TCP Layer level (c) Link Layer Level

Traffic Analysis when using end-to-end encryption must leave headers in clear so network can correctly route information hence although contents protected, traffic pattern flows are not ideallywantbothatonce end-to-end protects data contents over entire path and provides authentication link protects traffic flows from monitoring

Traffic Analysis is monitoring of communications flows between parties useful both in military& commercial spheres canalsobeusedtocreateacovertchannel link encryption obscures header details butoveralltrafficvolumesinnetworksandatendpoints is still visible traffic padding can further obscure flows butatcostofcontinuoustraffic

Traffic Analysis In packet-switching network, the packet header cannot be encrypted Traffic analysis is monitoring of communications flows between parties Ex.knowwhoistalkingtowhominmilitaryusage Traffic analysis reveals Identities of partners How frequently the partners are communicating Message pattern, message length, quantity of messages,

Defense against traffic analysis link encryption obscures header details but overall traffic volumesin networks and at endpoints is still visible Traffic padding

Traffic monitoring The purpose of monitoring military& commercial can also be used to create a covert channel ifcontrolled Link encryption obscures headerdetails But overall traffic volumes in networks and at end- points will still bevisible Traffic padding can further obscure flows butat cost of continuoustraffic..

Key Distribution symmetric schemes require both parties to share a common secret key issue is how to securely distribute this key often secure system failure due to a break in often secure system failure due to a break in the key distribution scheme

How to distribute key symmetric schemes require to share a common secret key often secure system failure due to a break in the key distribution scheme given parties A and B have various key distribution alternatives: 1. PhysicallydeliveryfromAtoB 2. Third party can issue & deliver key to A & B, if A & B have secure communicationswithathirdpartyc,ccanrelaykeybetweena&b DistributionofKeyisbasedonaHierarchy,atleasttwolevelsof keys are used temporary key referred as session key used for the duration of a logical connection between users for one logical session then discarded masterkey usedtoencryptsessionkeys sharedbyuser&keydistributioncenter

Key Distribution given parties A and B have various key distribution alternatives: 1.AcanselectkeyandphysicallydelivertoB 2.thirdpartycanselect&deliverkeytoA&B 3.if A & B have communicated previously can use previous keytoencryptanewkey 4.if A & B have secure communications with a third party C, CcanrelaykeybetweenA&B

Key Distribution Scenario Assume that user A wishes to establish a logical connection with B and requires a one-time session key to protect the data transmitted over the logical connection tob.ahas hasamaster key, K a, known only to itself and the KDC; similarly, B shares the masterkeyk b with the KDC. Thefollowing steps occur:

a.aissues a requesttothe the KDC for a session keytob including the identity of A and B and a unique session identifier, N 1, valid for this transaction, nonce: a timestamp, a counter, orarandomrandom number; differs with each request. I.e. to prevent masquerading, suppose something like, a random number. a. b.thekdc sresponsetoa:k A Thus,onlyAcandecrypt themessage.one-timesessionkey,k S,tobeusedfor thesession.itemsfora:theoriginalmessagesothat,a can verify the original request not altered before reception by the KDC. Thenonce, so that this isnot areplay of some previous request. Items for B: The one time session key K S and ID SA (e.g., its network address), both encrypted with K B (the master key that thekdcshareswithb).

Key Distribution Issues hierarchies of KDC s required for large networks, but must trust each other session key lifetimes should be limited for greater security use of automatic key distribution on behalf of users, but must trust system use of decentralized key distribution controlling purposes keys are used for

Key Management and Distribution No Singhalese, whether man or woman, would venture out of the house without a bunch of keys in his hand, for without such a talisman he would fear that some devil might take advantage of his weak state to slip into his body. The Golden Bough, Sir James George Frazer

Key Management and Distribution topics of cryptographic key management / key distribution are complex cryptographic, protocol, & management issues symmetric schemes require both parties to share a common secret key public key schemes require parties to acquire valid public keys have concerns with doing both

Key Distribution symmetric schemes require both parties to share a common secret key issue is how to securely distribute this key whilst protecting it from others frequent key changes can be desirable often secure system failure due to a break in the key distribution scheme

Key Distribution given parties A and B have various key distribution alternatives: 1. AcanselectkeyandphysicallydelivertoB 2. thirdpartycanselect&deliverkeytoa&b 3. if A & B have communicated previously can use previouskeytoencryptanewkey 4. if A & B have secure communications with a thirdpartyc,ccanrelaykeybetweena&b

Key Distribution Task

Key Hierarchy typically have a hierarchy of keys session key temporary key used for encryption of data between users for one logical session then discarded master key used to encrypt session keys shared by user & key distribution center

Key Hierarchy

Key Distribution Scenario

Key Distribution Issues hierarchies of KDC s required for large networks, but must trust each other session key lifetimes should be limited for greater security use of automatic key distribution on behalf of users, but must trust system use of decentralized key distribution controlling key usage

Symmetric Key Distribution Using Public Keys public key cryptosystems are inefficient so almost never use for direct data encryption rather use to encrypt secret keys for distribution

Simple Secret Key Distribution Merkle proposed this very simple scheme allows secure communications no keys before/after exist

Man-in-the-Middle Attack this very simple scheme is vulnerable to an active man-in-the-middle attack

Secret Key Distribution with Confidentiality and Authentication

Hybrid Key Distribution retain use of private-key KDC shares secret master key with each user distributes session key using master key public-key used to distribute master keys especially useful with widely distributed users rationale performance backward compatibility

Distribution of Public Keys can be considered as using one of: public announcement publicly available directory public-key authority public-key certificates

Public Announcement users distribute public keys to recipients or broadcast to community at large eg. append PGP keys to email messages or post to news groups or email list major weakness is forgery anyone can create a key claiming to be someone else and broadcast it until forgery is discovered can masquerade as claimed user

Publicly Available Directory can obtain greater security by registering keys with a public directory directory must be trusted with properties: contains {name,public-key} entries participants register securely with directory participants can replace key at any time directory is periodically published directory can be accessed electronically still vulnerable to tampering or forgery

Public-Key Authority improve security by tightening control over distribution of keys from directory has properties of directory and requires users to know public key for the directory then users interact with directory to obtain any desired public key securely does require real-time access to directory when keys are needed may be vulnerable to tampering

Public-Key Authority

Public-Key Certificates certificates allow key exchange without realtime access to public-key authority a certificate binds identity to public key usually with other info such as period of validity, rights of use etc with all contents signed by a trusted Public- Key or Certificate Authority (CA) can be verified by anyone who knows the public-key authorities public-key

Public-Key Certificates

X.509 Authentication Service part of CCITT X.500 directory service standards distributed servers maintaining user info database defines framework for authentication services directory may store public-key certificates with public key of user signed by certification authority also defines authentication protocols uses public-key crypto & digital signatures algorithms not standardised, but RSA recommended X.509 certificates are widely used have 3 versions

X.509 Certificate Use

X.509 Certificates issued by a Certification Authority (CA), containing: version V (1, 2, or 3) serial number SN (unique within CA) identifying certificate signature algorithm identifier AI issuer X.500 name CA) period of validity TA (from -to dates) subject X.500 name A (name of owner) subject public-key info Ap (algorithm, parameters, key) issuer unique identifier (v2+) subject unique identifier (v2+) extension fields (v3) signature (of hash of all fields in certificate) notation CA<<A>> denotes certificate for A signed by CA

X.509 Certificates

Obtaining a Certificate any user with access to CA can get any certificate from it only the CA can modify a certificate because cannot be forged, certificates can be placed in a public directory

CA Hierarchy if both users share a common CA then they are assumed to know its public key otherwise CA's must form a hierarchy use certificates linking members of hierarchy to validate other CA's each CA has certificates for clients (forward) and parent (backward) each client trusts parents certificates enable verification of any certificate from one CA by users of all other CAs in hierarchy

CA Hierarchy Use

Certificate Revocation certificates have a period of validity may need to revoke before expiry, eg: 1. user's private key is compromised 2. user is no longer certified by this CA 3. CA's certificate is compromised CA s maintain list of revoked certificates the Certificate Revocation List (CRL) users should check certificates with CA s CRL

X.509 Version 3 has been recognised that additional information is needed in a certificate email/url, policy details, usage constraints rather than explicitly naming new fields defined a general extension method extensions consist of: extension identifier criticality indicator extension value

Certificate Extensions key and policy information convey info about subject & issuer keys, plus indicators of certificate policy certificate subject and issuer attributes support alternative names, in alternative formats for certificate subject and/or issuer certificate path constraints allow constraints on use of certificates by other CA s

Public Key Infrastructure

PKIX Management functions: registration initialization certification key pair recovery key pair update revocation request cross certification protocols: CMP, CMC

Stream Ciphers and Random Number Generation The comparatively late rise of the theory of probability shows how hard it is to grasp, and the many paradoxes show clearly that we, as humans, lack a well grounded intuition in this matter. In probability theory there is a great deal of art in setting up the model, in solving the problem, and in applying the results back to the real world actions that will follow. The Art of Probability, Richard Hamming

Random Numbers many uses of random numbersin cryptography nonces in authentication protocols to prevent replay session keys public key generation keystream for a one-time pad in all cases its critical that these values be statistically random, uniform distribution, independent unpredictability of future values from previous values true random numbers provide this care needed with generated random numbers

Pseudorandom Number Generators (PRNGs) often use deterministic algorithmic techniques to create random numbers although are not truly random can pass many tests of randomness known as pseudorandom numbers created by Pseudorandom Number Generators (PRNGs)

Random & Pseudorandom Number Generators

PRNG Requirements randomness uniformity, scalability, consistency unpredictability forward & backward unpredictability use same tests to check characteristics of the seed secure if known adversary can determine output so must be random or pseudorandom number

Linear Congruential Generator common iterative technique using: X n+1 = (ax n + c) mod m given suitable values of parameters can produce a long random-like sequence suitable criteria to have are: function generates a full-period generated sequence should appear random efficient implementation with 32-bit arithmetic note that an attacker can reconstruct sequence given a small number of values have possibilities for making this harder

Blum Blum Shub Generator based on public key algorithms use least significant bit from iterative equation: x i = x i-12 mod n where n=p.q, and primes p,q=3 mod 4 unpredictable, passes next-bit test security rests on difficulty of factoring N is unpredictable given any run of bits slow, since very large numbers must be used too slow for cipher use, good for key generation

Using Block Ciphers as PRNGs for cryptographic applications, can use a block cipher to generate random numbers often for creating session keys from master key CTR X i = E K [V i ] OFB X i = E K [X i-1 ]

ANSI X9.17 PRG

Stream Ciphers process message bit by bit (as a stream) have a pseudo random keystream combined (XOR) with plaintext bit by bit randomness of stream keycompletely destroys statistically properties in message C i = M i XOR StreamKey i but must never reuse stream key otherwise can recover messages (cf book cipher)

Stream Cipher Structure

Stream Cipher Properties some design considerations are: long period with no repetitions statistically random depends on large enough key large linear complexity properly designed, can be as secure as a block cipher with same size key but usually simpler & faster

Natural Random Noise best source is natural randomness in real world find a regular but random event and monitor do generally need special h/w to do this eg. radiation counters, radio noise, audio noise, thermal noise in diodes, leaky capacitors, mercury discharge tubes etc starting to see such h/w in new CPU's problems of biasor uneven distribution in signal have to compensate for this when sample, often by passing bits through a hash function best to only use a few noisiest bits from each sample RFC4086 recommends using multiple sources + hash

Published Sources a few published collections of random numbers Rand Co, in 1955, published 1 million numbers generated using an electronic roulette wheel has been used in some cipher designs cf Khafre earlier Tippett in 1927 published a collection issues are that: these are limited too well-known for most uses

Summary have considered: the AES selection process the details of Rijndael the AES cipher looked at the steps in each round the key expansion implementation aspects

Summary Multiple Encryption & Triple-DES Modes of Operation ECB, CBC, CFB, OFB, CTR, XTS-AES

Summary have considered: some other modern symmetric block ciphers Triple-DES Blowfish RC5 briefly introduced stream ciphers RC4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback