ISS and Cryptography

Confidentiality using
Symmetric Encryption

Dr Renu Dhir
Department of Computer Science & Engineering
NIT Jalandhar 1
Confidentiality using Symmetric Encryption
traditionally symmetric encryption is used to
provide message confidentiality
consider typical scenario
» workstations on LANs access other workstations
& servers on LAN
» LANs interconnected using switches/routers
» with external lines or radio/satellite links
consider attacks and placement in this
scenario
» snooping from another workstation
» use dial-in to LAN or server to snoop
» use external router link to enter & snoop
» monitor and/or modify traffic one external links

2
Confidentiality using Symmetric Encryption
have two major placement alternatives
link encryption
» encryption occurs independently on every link
» implies must decrypt traffic between links
» requires many devices, but paired keys
end-to-end encryption
» encryption occurs between original source and
final destination
» need devices at each end with shared keys

3
 Traffic Analysis
is monitoring of communications flows between
parties
» useful both in military & commercial spheres
» can also be used to create a covert channel
» Covert channels are frequently classified as either storage or
timing channels. Examples would include using a file intended to
hold only audit information to convey user passwords--using the
name of a file or perhaps status bits associated with it that can be
read by all users to signal the contents of the file.
(An overt channel is a communications path that is not hidden. Anyone can
see that Steve connected to Stack Exchange. A covert channel is an
intentional communications path that is hidden, using a technique like
steganography.)
link encryption obscures header details
» but overall traffic volumes in networks and at end-
points is still visible
traffic padding can further obscure flows 4

» but at cost of continuous traffic

 Traffic Analysis
when using end-to-end encryption must
leave headers in clear
» so network can correctly route information
hence although contents protected, traffic
pattern flows are not
ideally want both at once
» end-to-end protects data contents over entire
path and provides authentication
» link protects traffic flows from monitoring

5
 Placement of Encryption
can place encryption function at various
layers in OSI Reference Model
» link encryption occurs at layers 1 or 2
» end-to-end can occur at layers 3, 4, 6, 7
» as move higher less information is
encrypted but it is more secure though
more complex with more entities and
keys

6
Confidentiality using Symmetric Encryption
In a typical business organization indicates the
point s of vulnerability as shown in the diag.
Placement of Encryption Function

7
 ATM
ATMs can be used for efficient data transfer over
high speed data networks.

8
Confidentiality using Symmetric Encryption
Points of Vulnerability or Potentials locations for
Confidentiality Attacks:
Traffic Confidentiality:
Attacker can monitor Traffic on LAN and capture any traffic on basis
of source/destination address.
List of information that can be derived from a traffic analysis attack:
Identities of Partners
How frequently the partners are
communicating
Message patterns, Message length,
quality of messages that suggest
important information is being exchanged.
The events that correlate with special
conversations between particular partners
9
Confidentiality using Symmetric Encryption
Points of Vulnerability or Potentials locations for
Confidentiality Attacks:
Traffic Confidentiality:
Another concern is to use of Traffic Patterns to create Covert Channel
It is a mean of communication in a fashion unintended by the
designers of the communications facility.
Channel is used to transfer information in a way that violates security
policy.

10
Confidentiality using Symmetric Encryption
Points of Vulnerability or Potentials locations for
Confidentiality Attacks
Wiring Closet
Tapping into each line
Wiring closet may provide link to satellite
or µwave antenna.
Also provide link of mode of Packet Switching N/W
For Active attack it can have physical control of portion of Link
For Passive attack Communication links like Telephone, µwave or satellite
channel to modify H/W S/W or control over memory of processor.
Attacker can monitor Traffic on LAN and capture any traffic on basis of
source/destination address.
List of information that can be derived from a traffic analysis attack:
Identities of Partners

11
Confidentiality using Symmetric Encryption
Link Encryption Approach:
With the use of Link Encryption, Network-
Layer Headers are encrypted reducing the
opportunity for Traffic Analysis.
However it is still possible in those
circumstances for an attacker to assess the
amount of traffic on a network and to
observe the amount of traffic entering and
leaving each end system.
Countermeasure to this attack is Traffic
Padding
12
Traffic padding produces Cipher text output continuously, even in the
absence of plain text.
A continuous random data stream is generated
When PT is available, it is encrypted and transmitted.
When input PT is not present, Random data are encrypted and
transmitted.
This makes it impossible for an attacker to distinguish between true
data flow and padding and therefore impossible to deduce the amount 13
of traffic.
 End – to End Approach
Traffic padding is a link encryption function.
If only end-to-end is employed, then the
measures available to the defender are
more limited.
For Example, if encryption is implemented at
the application layer, then an opponent can
determine which transport entries are
engaged in dialogue.
If encryption techniques are housed at the
transport layer, then network-layer
addresses and traffic patterns remain
accessible.
14
Placement of Security Devices

15
Key Management and Distribution
topics of cryptographic key management /
key distribution are complex
» cryptographic, protocol, & management issues
symmetric schemes require both parties to
share a common secret key
public key schemes require parties to
acquire valid public keys
have concerns with doing both

16
 Key Distribution
Strength of any cryptographic system rests
with Key distribution technique.
symmetric schemes require both parties to
share a common secret key, so delivering a
key to two parties.
issue is how to securely distribute this key
without allowing others to see it.
often secure system failure due to a break in
the key distribution scheme

17
Key Distribution Scenario

18
 Key Distribution
given parties A and B have various key
distribution alternatives:
A can select key and physically deliver to B ( Physical Delivery)
Physical delivery (1 & 2) is simplest - but only applicable when
there is personal contact between recipient and key issuer. Is fine
for link encryption where devices & keys occur in pairs, but does
not scale as number of parties who wish to communicate grows.
 third party can select & deliver key to A & B (Third party Delivery)
A third party is a trusted intermediary, whom all parties trust, to
mediate the establishment of secure communications between
them. Must trust intermediary not to abuse the knowledge of all
session keys.
 if A & B have communicated previously can use previous key to
encrypt a new key
 if A & B have secure communications with a third party C, C can
relay key between A & B
 As number of parties grow, some variant of above is only 19
practical solution.
 Key Distribution Issues
hierarchies of KDC’s required for large
networks, but must trust each other
session key lifetimes should be limited for
greater security
use of automatic key distribution on behalf
of users, but must trust system
use of decentralized key distribution
controlling purposes keys are used for

20
 Key Hierarchy

 typically have a hierarchy of keys

 session key
 temporary key
 used for encryption of data between users
 for one logical session then discarded
 master key
 used to encrypt session keys
 shared by user & key distribution center

21
Key Hierarchy

22
 Distribution of Public Keys
can be considered as using one of:
» public announcement
» publicly available directory
» public-key authority
» public-key certificates

23
 Public Announcement

users distribute public keys to recipients or

broadcast to community at large
» eg. append PGP keys to email messages or post
to news groups or email list
major weakness is forgery
» anyone can create a key claiming to be someone
else and broadcast it
» until forgery is discovered can masquerade as
claimed user

24
 Publicly Available Directory
can obtain greater security by registering
keys with a public directory
directory must be trusted with properties:
» contains {name, public-key} entries
» participants register securely with directory
» participants can replace key at any time
» directory is periodically published
» directory can be accessed electronically
still vulnerable to tampering or forgery

25
 Public-Key Authority
improve security by tightening control over
distribution of keys from directory
has properties of directory
and requires users to know public key for
the directory
then users interact with directory to obtain
any desired public key securely
» does require real-time access to directory when
keys are needed
» may be vulnerable to tampering

26
 Simple Secret Key Distribution
Merkle proposed this very simple scheme
» allows secure communications
» no keys before / after exist

27
 Man-in-the-Middle Attack
 this very simple scheme is vulnerable to an
active man-in-the-middle attack

28
Secret Key Distribution with Confidentiality and
Authentication

29
 Obtaining a Certificate
 any user with access to CA can get any
certificate from it
 only the CA can modify a certificate
 because cannot be forged, certificates can
be placed in a public directory

30
 Public-Key Certificates
 certificates allow key exchange without real-
time access to public-key authority
 a certificate binds identity to public key
 usually with other info such as period of validity,
rights of use etc
 with all contents signed by a trusted Public-
Key or Certificate Authority (CA)
 can be verified by anyone who knows the
public-key authorities public-key

31
Public-Key Certificates

32
Public-Key Authority

33
Symmetric Key Distribution Using Public
Keys

 public key cryptosystems are inefficient

 so almost never use for direct data encryption
 rather use to encrypt secret keys for distribution

34
 Hybrid Key Distribution
 retain use of private-key KDC
 shares secret master key with each user
 distributes session key using master key
 public-key used to distribute master keys
 especially useful with widely distributed users
 rationale
 performance
 backward compatibility

35
 Summary
have considered:
» symmetric key distribution using symmetric
encryption
» symmetric key distribution using public-key
encryption
» distribution of public keys
• announcement, directory, authority, CA
» X.509 authentication and certificates
» public key infrastructure (PKIX)

36
 Random Number Generation
Random Numbers play an important role in the
use of Encryption for various network security
applications.
Many uses of random numbers in cryptography
A number of Network security algorithm based
on cryptography make use of random Numbers.
Reciprocal authentication schemes
Session key generation, whether done by KDC
or one of the Principals.
Generation of keys for RSA Public key
encryption algorithm.
37
 Uses of Random Numbers
» nonces in authentication protocols to prevent
replay
» session keys
» public key generation
» keystream for a one-time pad

in all cases its critical that these values be

» statistically random
• with uniform distribution, independent
» unpredictable cannot infer future sequence on
previous values

38
 Natural Random Noise
best source is natural randomness in real
world
find a regular but random event and monitor
do generally need special h/w to do this
» eg. radiation counters, radio noise, audio noise,
thermal noise in diodes, leaky capacitors,
mercury discharge tubes etc
starting to see such h/w in new CPU's
problems of bias or uneven distribution in
signal
» have to compensate for this when sample and
use
» best to only use a few noisiest bits from each
sample 39
 Published Sources
a few published collections of random
numbers
Rand Co, in 1955, published 1 million
numbers
» generated using an electronic roulette wheel
» has been used in some cipher designs cf Khafre

earlier Tippett in 1927 published a collection

issues are that:
» these are limited
» too well-known for most uses

40
Pseudo random Number Generators ( PRNGs)

Algorithmic technique to create

“random numbers”
» although not truly random
» can pass many tests of
“randomness”

41
 Linear Congruential Generator
common iterative technique using:
Xn+1 = (aXn + c) mod m
given suitable values of parameters can
produce a long random-like sequence
suitable criteria to have are:
» function generates a full-period
» generated sequence should appear random
» efficient implementation with 32-bit arithmetic
note that an attacker can reconstruct
sequence given a small number of values

42
Using Block Ciphers as Stream Ciphers
can use block cipher to generate numbers
use Counter Mode
Xi = EKm[i]
use Output Feedback Mode
Xi = EKm[Xi-1]
ANSI X9.17 PRNG
» uses date-time + seed inputs and 3 triple-DES
encryptions to generate new seed & random
» Pseudo Random Number Generator(PRNG) refers
to an algorithm that uses mathematical formulas to
produce sequences of random numbers. PRNGs
generate a sequence of numbers approximating the
properties of random numbers. A PRNG starts from 43
an arbitrary starting state using a seed state.
 Blum Blum Shub Generator
based on public key algorithms
use least significant bit from iterative
equation:
» xi+1 = xi2 mod n
» where n = p. q, and primes p,q = 3 mod 4
unpredictable, passes next-bit test
security rests on difficulty of factoring N
is unpredictable given any run of bits
slow, since very large numbers must be used
too slow for cipher use, good for key
generation
44
 Summary
have considered:
» use of symmetric encryption to
protect confidentiality
» need for good key distribution
» use of trusted third party KDC’s
» random number generation

45