Placement of Encryption Function

Lecture 3

v0.0

CPSC415 Biometrics

Points of Vulnerability
Adversary can eavesdrop from a machine
on the same LAN
Adversary can eavesdrop by dialing into
communication server
Adversary can eavesdrop by gaining
physical control of part of external links
twisted pair, coaxial cable, or optical fiber
radio or satellite links

v0.0

CPSC415 Biometrics

v0.0

CPSC415 Biometrics

Confidentiality using Symmetric

Encryption
have two major placement alternatives
link encryption

encryption occurs independently on every link

All traffic over all communication links is secured
implies must decrypt traffic between links because the
switch must read the address in the packet header
Each pair of nodes that share a unique key, with a
different key used on each link, many keys.
Message is vulnerable at each switch
If working with a public network, the user has not
control over the security of the nodes

v0.0

CPSC415 Biometrics

Confidentiality using Symmetric

Encryption
end-to-end encryption

encryption occurs between original source and

final destination
need devices at each end with shared keys
Secure the transmission against attacks on the
network links or switches
end-to-end principle
What part of each packet will the host encrypt?
Header or user data?
A degree of authentication, only alleged sender
shares the relevant key

v0.0

CPSC415 Biometrics

v0.0

CPSC415 Biometrics

Placement of Encryption
Can place encryption function at various
layers in OSI Reference Model
link encryption occurs at layers 1 or 2
end-to-end can occur at layers 3, 4, 6, 7

If move encryption toward higher layer

less information is encrypted but is more
secure
application layer encryption is more complex,
with more entities and need more keys

v0.0

CPSC415 Biometrics

Scope of Encryption

v0.0

CPSC415 Biometrics

Traffic Analysis
is monitoring of communications flows
between parties

useful both in military & commercial spheres

can also be used to create a covert channel

link encryption obscures header details

but overall traffic volumes in networks and at

end-points is still visible

traffic padding can further obscure flows

but at cost of continuous traffic

v0.0

CPSC415 Biometrics

Traffic Analysis
when using end-to-end encryption must
leave headers in clear

so network can correctly route information

hence although contents protected,

traffic pattern flows are not
ideally want both at once

end-to-end protects data contents over

entire path and provides authentication
link protects traffic flows from monitoring

v0.0

CPSC415 Biometrics

10

Key Distribution Center

v0.0

CPSC415 Biometrics

11

Symmetric Cryptographic System

cryptanalysis
M

encryption

Alice

decryption

Bob

K
key

Eve

M
K

Secure channel

Alice: sender
Bob: receiver
Eve: eavesdropper / Oscar : opponent
Alice and Bob are the celebrities in cryptography.

Ciphertext C = EK(M); Plaintext M = EK-1(C)

One of the greatest difficulties: key management
Algorithms: DES, CAST, IDEA, RC2/4/5 (Rivests Code), AES,

v0.0

CPSC415 Biometrics

12

Symmetric Key Management

Each pair of communicating entities needs a shared key
Why?
For a n-party system, there are n(n-1)/2 distinct keys in the system
and each party needs to maintain n-1 distinct keys.

How to reduce the number of shared keys in the system

Centralized key management
Public keys
K4

K1

K5
K7

K2

K6

K3
K8
K9

K10

v0.0

CPSC415 Biometrics

13

Centralized Key Management

Online Central Server

K2

K1
session key
Alice

Bob

Only n keys, instead of n(n-1)/2 in the system.

Central server may become the single-point-of-failure of the
entire system and the performance bottleneck.

v0.0

CPSC415 Biometrics

14

Key Distribution
symmetric schemes require both
parties to share a common secret key
issue is how to securely distribute
this key
often secure system failure due to a
break in the key distribution scheme

v0.0

CPSC415 Biometrics

15

Key Distribution

given parties A and B have various

key distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can use
previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B

v0.0

CPSC415 Biometrics

16

Key Distribution Scenario

v0.0

CPSC415 Biometrics

17

Key Distribution Issues

hierarchies of KDCs required for large
networks, but must trust each other
session key lifetimes should be limited
for greater security
controlling purposes keys are used for
lots of keys to keep track of
binding management information to key

v0.0

CPSC415 Biometrics

18

Key Distribution Center (KDC)

Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?
KDC
generates
R1

KA-KDC(A,B)
Alice
knows
R1

KA-KDC(R1, KB-KDC(A,R1) )
KB-KDC(A,R1)

Bob knows to
use R1 to
communicate
with Alice

Alice and Bob communicate: using R1 as

session key for shared symmetric encryption
v0.0

CPSC415 Biometrics

19