0 views

Uploaded by Priyanka Singh Sengar

information Security

- Information Hiding in CSS: A Secure Scheme Text-Steganography Using Public Key Cryptosystem
- Tech Mahindra - Suhas Desai -Open Source _Cry-Steganography 1.0
- Nw report (1) (1)
- Encryption Decryption
- h 0315056
- Secure Cryptographic System Using Face Biometrics
- CNS Syllabus
- HABSE which Extends cipher text policy of attribute set based encryption in cloud Computing
- Attribute-Based Data Sharing
- CSNB414 Course Outline Sem 1 2015_16
- Crypto Primer
- Mobile Payment Security
- Fully Secure and Efficient Data Sharing With Attribute Revocation for Multi-Owner Cloud Storage
- 4 Page Sample of Sylabus of Information Security
- HYBRID CRYPTOGRAPHIC TECHNIQUE USING RSA ALGORITHM AND SCHEDULING CONCEPTS
- journal.pone.0102747.pdf
- RP_0215_5828
- Colliqulum Report
- Encryption
- 6-68-1-PB

You are on page 1of 30

Network Security

Chapter 7

Confidentiality Using

Symmetric Encryption

Using Cryptography for Network

Security

Internet

Common problems:

Authentication - A and B want to prove their

identities to one another

Key-distribution - A and B want to agree on a

session key that can be used to encrypt all

subsequent communications

Cryptographic Protocols

A protocol is an agreed-upon sequence of

actions performed by two or more principals

Cryptographic protocols make use of

cryptography to accomplish some task securely

Example:

How can Alice and Bob agree on a session key to

protect a conversation?

Answer: use a key-exchange cryptographic protocol

Confidentiality using Symmetric

Encryption

traditionally

symmetric encryption is used

to provide message confidentiality

Placement of Encryption

link encryption

encryption occurs independently on every link

implies must decrypt traffic between links

requires many devices, but paired keys

end-to-end encryption

encryption occurs between original source

and final destination

need devices at each end with shared keys

Placement of Encryption

Placement of Encryption

leave headers in clear

so network can correctly route information

hence although contents protected, traffic

pattern flows are not

ideally want both at once

end-to-end protects data contents over entire

path and provides authentication

link protects traffic flows from monitoring

Placement of Encryption

canplace encryption function at various

layers in OSI Reference Model

link encryption occurs at layers 1 or 2

end-to-end can occur at layers 3, 4, 6, 7

as move higher less information is encrypted

but it is more secure though more complex

with more entities and keys

Encryption vs Protocol Level

Traffic Analysis

ismonitoring of communications flows

between parties

useful both in military & commercial spheres

can also be used to create a covert channel

link encryption obscures header details

but overall traffic volumes in networks and at

end-points is still visible

traffic padding can further obscure flows

but at cost of continuous traffic

Key Distribution

symmetric schemes require both parties to

share a common secret key

issue is how to securely distribute this key

often secure system failure due to a break

in the key distribution scheme

Key Distribution

given parties A and B have various key

distribution alternatives:

1. A can select key and physically deliver to B

2. third party can select & deliver key to A & B

3. if A & B have communicated previously can

use previous key to encrypt a new key

4. if A & B have secure communications with a

third party C, C can relay key between A & B

Key Hierarchy

typically

have a hierarchy of keys

session key

temporary key

used for encryption of data between users

for one logical session then discarded

master key

used to encrypt session keys

shared by user & key distribution center

Key Distribution Scenario

Key Distribution Issues

hierarchies of KDC’s required for large

networks, but must trust each other

session key lifetimes should be limited for

greater security

use of automatic key distribution on behalf

of users, but must trust system

use of decentralized key distribution

controlling key usage

Key Exchange with Symmetric

Cryptography

Key Distribution Center (KDC)

KA is the key shared by Alice and the KDC

KB is the key shared by Bob and the KDC

To agree on a session key:

Alice contacts the KDC and requests a session key

for Bob and her

The KDC generates a random session key, encrypts

it with both KA and KB, and sends the results to Alice

Key Exchange with Symmetric Cryptography

(cont)

Alice decrypts the part of the message

encrypted with KA and learns the session key

Alice sends the part of the message

encrypted with KB to Bob

Bob receives Alice’s message, decrypts it,

and learns the session key

Alice and Bob communicate securely using

the session key

Key Exchange with Symmetric Cryptography

(cont)

KDC: => A (E(KAB,KA), E(KAB,KB));

A: => B (E(KAB,KB));

Key Exchange with Symmetric Cryptography

(cont)

Issues:

Security depends on secrecy of KA and KB

• KDC must be secure and trusted by both Alice and

Bob

• KA and KB should be used sparingly

The use of a new session key for each

conversation limits the chances/value of

compromising a session key

Attacking the Protocol

Alice and Bob set up a secure session protected by KAB

An intruder, Mallory, watches them do this and stores the

KDC’s message to Alice and all the subsequent

messages between Alice Bob encrypted with KAB

Mallory cryptanalyzes the session between Alice and

Bob and eventually recovers KAB

The next time Alice and Bob want to talk Mallory

intercepts the KDC’s reply and replays the old message

containing KAB

Alice and Bob conduct a “secure” conversation which is

protected by KAB which is known to Mallory

Attacking the Protocol (cont)

A: => KDC (A,B);

KDC: => A (E(KAB,KA), E(KAB,KB));

A: => B (E(KAB,KB));

// Alice and Bob encrypt their messages using KAB

// Mallory recovers KAB by analyzing Alice and Bob’s session

A: => KDC (A,B);

KDC: => A (E(KAB’,KA), E(KAB’,KB));

// Mallory intercepts the above message and replaces it

M: => A (E(KAB,KA), E(KAB,KB));

A: => B (E(KAB,KB));

// Mallory reads all traffic session between Alice and Bob

Random Numbers

many uses of random numbers in cryptography

nonces in authentication protocols to prevent replay

session keys

public key generation

keystream for a one-time pad

in all cases its critical that these values be

statistically random, uniform distribution, independent

unpredictability of future values from previous values

Pseudorandom Number

Generators (PRNGs)

often

use deterministic algorithmic

techniques to create “random numbers”

although are not truly random

can pass many tests of “randomness”

known as “pseudorandom numbers”

created by “Pseudorandom Number

Generators (PRNGs)”

Linear Congruential

Generator

common iterative technique using:

Xn+1 = (aXn + c) mod m

given suitable values of parameters can produce

a long random-like sequence

suitable criteria to have are:

function generates a full-period

generated sequence should appear random

efficient implementation with 32-bit arithmetic

note that an attacker can reconstruct sequence

given a small number of values

have possibilities for making this harder

Using Block Ciphers as PRNGs

cipher to generate random numbers

often for creating session keys from master key

Counter Mode

Xi = EKm[i]

Output Feedback Mode

Xi = EKm[Xi-1]

ANSI X9.17 PRG

Blum Blum Shub Generator

based on public key algorithms

use least significant bit from iterative equation:

xi = xi-12 mod n

where n=p.q, and primes p,q=3 mod 4

unpredictable, passes next-bit test

security rests on difficulty of factoring N

is unpredictable given any run of bits

slow, since very large numbers must be used

too slow for cipher use, good for key generation

Natural Random Noise

best source is natural randomness in real world

find a regular but random event and monitor

do generally need special h/w to do this

eg. radiation counters, radio noise, audio noise,

thermal noise in diodes, leaky capacitors, mercury

discharge tubes etc

starting to see such h/w in new CPU's

problems of bias or uneven distribution in signal

have to compensate for this when sample and use

best to only use a few noisiest bits from each sample

Published Sources

a few published collections of random numbers

Rand Co, in 1955, published 1 million numbers

generated using an electronic roulette wheel

has been used in some cipher designs cf Khafre

earlier Tippett in 1927 published a collection

issues are that:

these are limited

too well-known for most uses

Summary

have considered:

use and placement of symmetric encryption to

protect confidentiality

need for good key distribution

use of trusted third party KDC’s

random number generation issues

- Information Hiding in CSS: A Secure Scheme Text-Steganography Using Public Key CryptosystemUploaded byijcisjournal
- Tech Mahindra - Suhas Desai -Open Source _Cry-Steganography 1.0Uploaded byMOSC2010
- Nw report (1) (1)Uploaded byAsha
- Encryption DecryptionUploaded bychamiyaa
- h 0315056Uploaded byAJER JOURNAL
- CNS SyllabusUploaded bygdeepthi
- HABSE which Extends cipher text policy of attribute set based encryption in cloud ComputingUploaded byseventhsensegroup
- Crypto PrimerUploaded bybk422
- Secure Cryptographic System Using Face BiometricsUploaded byInternational Journal for Scientific Research and Development - IJSRD
- Attribute-Based Data SharingUploaded byAnonymous 7VPPkWS8O
- Mobile Payment SecurityUploaded byabysinya
- HYBRID CRYPTOGRAPHIC TECHNIQUE USING RSA ALGORITHM AND SCHEDULING CONCEPTSUploaded byAIRCC - IJNSA
- CSNB414 Course Outline Sem 1 2015_16Uploaded byMuhammad Shukri Abdul Hamid
- Fully Secure and Efficient Data Sharing With Attribute Revocation for Multi-Owner Cloud StorageUploaded byEditor IJRITCC
- journal.pone.0102747.pdfUploaded byDeebak Rose
- RP_0215_5828Uploaded byInternational Journal of Computer and Communication System Engineering
- 4 Page Sample of Sylabus of Information SecurityUploaded byRizaldi Djamil
- Colliqulum ReportUploaded byPraveen Sehgal
- EncryptionUploaded byshahidachauhan
- 6-68-1-PBUploaded byPrati Hutari Gani
- Data Encryption Details[1]Uploaded bySalmy Jose
- Requirements Model.rtfUploaded bypraveen555
- [IJCST-V4I2P10]:Mrs.K.Aruna, Ms.S.DurgadeviUploaded byEighthSenseGroup
- IRJET-Geo Encryption using GPS Co-OrdinatesUploaded byIRJET Journal
- RAVI 2 DOCUploaded byVithanala Ravikiran
- A Novel Constant size Cipher-text Scheme for Security in Real-time SystemsUploaded byATS
- V3I607.pdfUploaded byIJCERT PUBLICATIONS
- [IJCST-V3I6P10]:Anita Ganpati, Narender TyagiUploaded byEighthSenseGroup
- RSAUploaded bydivine serpent
- Fc14 Submission 112Uploaded byDavid Berge

- Design and Implementation of Floating Point ALU with Parity Generator Using Verilog HDLUploaded byIOSRjournal
- ch09Uploaded byPriyanka Singh Sengar
- cryptUploaded bySrini Vasan
- Chemical Speciation,Chemical Toxicology GTUploaded byPriyanka Singh Sengar
- Vlsi NotesUploaded byPriyanka Singh Sengar
- i 05515459Uploaded byPriyanka Singh Sengar

- Data Analytics in RUploaded byMeliodas Dmo
- HOA7114-17 Man RevDUploaded bytsunamionnet
- Linux & Open Source Genius Guide - Volume 3, 2013Uploaded byThierry Baeyens
- CP R77 DataLossPrevention AdminGuideUploaded byKaushal Kishor
- balometer-ebt721-alnorUploaded byAlex Wellington Salles
- BVB0032939.pdfUploaded byMuhammadAmirrulAriffinHeffny
- PlatinumVAX_41-11951Uploaded byMuhammad Nasir Gul
- Fatima Rizwan ResumeUploaded byFatima Rizwan
- Interview Questions - IUploaded byNitin Patel
- Lotto Master FormulaUploaded bynexuszork
- MSDN ArticlesUploaded bycfeinbein
- Imagerunner Advance 8105Uploaded byGenaline Longgos
- CV Halbar August KandaUploaded byCek Guevara
- ASR Quick InstallUploaded byRamu Kadali
- InstallationManualVista128FBP.pdfUploaded byOmar David Lugo Ramos
- FAFSA HandbookUploaded byAnonymous 9xheGVRM1
- Primergy TX100 S2 Server ManualUploaded bybriant28
- 4-huffman.pdfUploaded byHarshit Lalpura
- svg import latexUploaded bylinkgreencold
- "Cracking the C, C++ and Java Interview" book brochureUploaded bysgganesh
- QUESTION BANK FOR COMPUTER PROGRAMING REGULATION 2013Uploaded byPRIYA RAJI
- sathya williams new linkedinUploaded byapi-247487905
- Concep Best Practice GuideUploaded byPriscilla Pace
- Sample_BSUploaded byShafique Ahmed
- Security concern in computation offloading TechniqueUploaded byIRJET Journal
- x3655__system__7985.pdfUploaded bysyedpandt
- Informa PMD-A User ManualUploaded bylfapp
- Operation Manual (Total Station NTS-350R Series)Uploaded byCoroiu Cristian
- cw4Uploaded byJesper Kjeldgaard
- Slide Rekayasa perangkat lunakUploaded byDavid D'bayu