Presentation is loading. Please wait.

Presentation is loading. Please wait.

CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 Historically – Conventional Encryption.

Published byCathleen Foster Modified over 8 years ago

Similar presentations

Presentation on theme: "CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 Historically – Conventional Encryption."— Presentation transcript:

1 CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 Historically – Conventional Encryption Recently – Authentication, Integrity, Signature, Public-key Link End-to-End Traffic-Analysis Key Distribution Random Number Generation

2 2 Points of Vulnerability

3 3 Link / End-to-End

4 Link - both ends of link - many encryps / decryps - all links use it - decrypt at packet switch (read addr.) - unique key / node pair End- to-End - only at ends - data encrypted, not address (header) - one key pair - traffic pattern insecure - authentication from sender Confidentiality Confidentiality

5 Table 7.1 Characteristics of Link and End-to-End Characteristics of Link and End-to-End

6 - Data secure at nodes - Authentication LINK – low level (physical/link) END-TO-END – network (X.25)  End 0  End 1 (ends separately  End 2 protected) | Both Link and End-to-End

7 Front-End Processor Function

8 E-mail Gateway

9 OSI  email gateway  TCP no end-to-end protocol below appl. layer networks terminate at mail gateway mail gateway sets up new transport/network connections need end-to-end encryp. at appl. Layer - disadvantage: many keys E-mail Gateway E-mail Gateway

10 Various Encryption Strategies

11 Traffic Confidentiality Traffic Confidentiality Identities Message Frequency Message Pattern Event Correlation Covert Channel Link Headers encrypted Traffic padding (Fig 7.6) End-to-End Pad data Null messages

12 Traffic Padding

13 KEY DISTRIBUTION KEY DISTRIBUTION 1.Physically deliver 2.Third party physically select/deliver 3.E K old (K new ) → 4. End-to-End(KDC): A E KA (K new )  C  E KB (K new ) B N hosts → (N)choose(2) keys – Fig 7.7 KDC – Key hierarchy – Fig 7.8 Session Key – temporary : end ↔ end Only N master keys – physical delivery

14 #End-to-End Keys

15 Key Hierarchy

16 16 KEY DISTRIBUTION SCENARIO

17 KEY DISTRIBUTION KEY DISTRIBUTION User shares Master Key with KDC Steps 1-3 : Key Distribution Steps 3,4,5 : Authentication

18 Key Distribution Centre (KDC) Hierarchy Key Distribution Centre (KDC) Hierarchy LOCAL KDCs KDCX KDCA KDCB A B Key selected by KDCA, KDCB, or KDCX

19 LIFETIME LIFETIME Shorter Lifetime → Highter Security → Reduced Capacity Connection-oriented: - change session key periodically Connectionless: - new key every exchange or #transactions or after time period

20 Key Distribution (connection-oriented) End-to-End (X.25,TCP), FEP obtains session keys

21 Decentralised Key Control Not practical for large networks - avoids trusted third party

22 KEY USAGE KEY USAGE key types : Data, PIN, File key tags : Session/Master/Encryp/Decryp Control Vector: associate session key with control vector (Fig 7.12)

23 Control Vector Encryp. and Decryp.

24 PRNG From Counter

25 ANSI X9.17 PRNG

26 Random Number Generation Linear Congruential Generator X n+1 = (aX n + c) mod m Encryption : DES (OFB) – (Fig 7.14) Blum Blum Shub (BBS) X 0 = s 2 mod n for i = 1 to infinity X i = (X i-1 ) 2 mod n B i = X i mod 2

Download ppt "CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 CONFIDENTIALY USING CONVENTIONAL ENCRYPTION – Chapter 7 Historically – Conventional Encryption."

Similar presentations

SCSC 455 Computer Security

SCSC 455 Computer Security
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.

Network Security. Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first lines and tried it.
Computer Science&Technology School of Shandong University Instructor: Hou Mengbo Email: houmb AT sdu.edu.cn Office: Information Security Research Group.

Computer Science&Technology School of Shandong University Instructor: Hou Mengbo houmb AT sdu.edu.cn Office: Information Security Research Group.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Data & Network Security

Data & Network Security
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.

Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie.

Chap. 7: Confidentiality using symmetric encryption & Introduction to public-key cryptosystems Jen-Chang Liu, 2004 Adapted from Lecture slides by Lawrie.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.

Cryptography1 CPSC 3730 Cryptography Chapter 7 Confidentiality Using Symmetric Encryption.
Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.

Chapter 6 IP Security. Outline Internetworking and Internet Protocols (Appendix 6A) IP Security Overview IP Security Architecture Authentication Header.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.
Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.

Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Modified – Tom Noack, UPRM.
E-mail Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Similar presentations

Ads by Google