Information and Network Security

Ch4: Confidentiality Using Conventional Encryption

Conventional encryption to provide confidentiality.

Historically, the focus of cryptology has been on the use of conventional encryption to provide confidentiality. Authorization, Integrity, Digital signatures, and the use of public-key encryption, have been included in the theory only in the last several decades.

Placement of Encryption Function

The location of encryption function is needed to be decided if the encryption is to be used to counter attacks on Confidentiality. First, we have to find out the potential locations of security attacks. Second, decide where to place the encryption function.

Potential Locations for Confidentiality Attacks.

An attack can take place at any of the communications links. The communications links can be: - Cable (telephone, twisted pair, coaxial cable, or optical fiber). - Microwave links. - Satellite channels.

Potential Locations for Confidentiality Attacks

Invasive taps or inductive taps are used to monitor electromagnetic emanation with both Twisted pair and Coaxial cables. Neither type of tap is particularly useful with optical fiber. Physically breaking the cable seriously degrades signal quality and it is therefore detectable.

Placement of Encryption Function

There are two major approaches to encryption placement: 1- Link encryption. 2- End-to-end encryption.

Key Distribution
For conventional encryption to work, the two parties to an exchange must share the same key, and that key must be protected from access by others. Frequent key changes are required. Therefore, the strength of cryptographic system relays on the key distribution technique.

Key Distribution
There are a number of ways to deliver the key: 1- Physical delivery between two parties A,B. 2- Third party physically delivered the key. 3- A and B use used key to encrypt the new key and transmit it to the other party. 4- Using an encrypted connection to third party, then the third party delivers a key on encrypted links to A and B.

A Key Distribution Scenario

One scenario to deploy the key distribution assumes that each user share a unique master key with the key distribution center (KDC). Let us assume that user A wishes to establish a logical connection with B and require a one time session key to protect the data transmission over the connection. A has a secret key ka, known only to itself and the KDC; similarly, B shares the master key kb with the KDC.

A Key Distribution Scenario

Steps: 1- A issues a request to the KDC for a session key, the message includes the identity of A and B and a unique identifier N1 for this transaction. 2- the KDC responds with a message encrypted using Ka, the message includes two items intended for A: - the one time session key Ks to be used for the session. - the original request message for matching.

A Key Distribution Scenario

Steps (Continue): And two items intended for B: - the one time session key, ks - An identifier of A IDA these two items are encrypted using kb 3- A stores the session key for use in the upcoming session and forwards to B the information that originated at the KDC for B.

A Key Distribution Scenario

Steps (Continue): Because this information is encrypted with kb, it is protected. B now knows the session key ks , knows that the other party is A (from the IDA), and knows that the information originated at the KDC. At this point, a session key has been securely delivered to A and B, and they may begin their protected exchange.