Академический Документы
Профессиональный Документы
Культура Документы
Network Security
Chapter 7
Confidentiality Using
Symmetric Encryption
Using Cryptography for Network
Security
Common problems:
Authentication - A and B want to prove their
identities to one another
Key-distribution - A and B want to agree on a
session key that can be used to encrypt all
subsequent communications
Cryptographic Protocols
A protocol is an agreed-upon sequence of
actions performed by two or more principals
Cryptographic protocols make use of
cryptography to accomplish some task securely
Example:
How can Alice and Bob agree on a session key to
protect a conversation?
Answer: use a key-exchange cryptographic protocol
Confidentiality using Symmetric
Encryption
traditionally
symmetric encryption is used
to provide message confidentiality
Placement of Encryption
Issues:
Security depends on secrecy of KA and KB
• KDC must be secure and trusted by both Alice and
Bob
• KA and KB should be used sparingly
The use of a new session key for each
conversation limits the chances/value of
compromising a session key
Attacking the Protocol
Alice and Bob set up a secure session protected by KAB
An intruder, Mallory, watches them do this and stores the
KDC’s message to Alice and all the subsequent
messages between Alice Bob encrypted with KAB
Mallory cryptanalyzes the session between Alice and
Bob and eventually recovers KAB
The next time Alice and Bob want to talk Mallory
intercepts the KDC’s reply and replays the old message
containing KAB
Alice and Bob conduct a “secure” conversation which is
protected by KAB which is known to Mallory
Attacking the Protocol (cont)
A: => KDC (A,B);
KDC: => A (E(KAB,KA), E(KAB,KB));
A: => B (E(KAB,KB));
// Alice and Bob encrypt their messages using KAB
// Mallory recovers KAB by analyzing Alice and Bob’s session
A: => KDC (A,B);
KDC: => A (E(KAB’,KA), E(KAB’,KB));
// Mallory intercepts the above message and replaces it
M: => A (E(KAB,KA), E(KAB,KB));
A: => B (E(KAB,KB));
// Mallory reads all traffic session between Alice and Bob
Random Numbers
many uses of random numbers in cryptography
nonces in authentication protocols to prevent replay
session keys
public key generation
keystream for a one-time pad
in all cases its critical that these values be
statistically random, uniform distribution, independent
unpredictability of future values from previous values
Pseudorandom Number
Generators (PRNGs)
often
use deterministic algorithmic
techniques to create “random numbers”
although are not truly random
can pass many tests of “randomness”
known as “pseudorandom numbers”
created by “Pseudorandom Number
Generators (PRNGs)”
Linear Congruential
Generator
common iterative technique using:
Xn+1 = (aXn + c) mod m
given suitable values of parameters can produce
a long random-like sequence
suitable criteria to have are:
function generates a full-period
generated sequence should appear random
efficient implementation with 32-bit arithmetic
note that an attacker can reconstruct sequence
given a small number of values
have possibilities for making this harder
Using Block Ciphers as PRNGs