Chap. 7: Confidentiality using
symmetric encryption &
Introduction to public-key
cryptosystems
Jen-Chang Liu, 2004
Adapted from
Lecture slides by Lawrie Brown
Amongst the tribes of Central Australia
every man, woman, and child has a secret
or sacred name which is bestowed by the
older men upon him or her soon after birth,
and which is known to none but the fully
initiated members of the group. The secret
name is never mentioned …The native
thinks that a stranger knowing his secret
name would have special power to work
him ill by means of magic.
-The Golden Bough, Sir James George Frazer
Motivation and outline
symmetric encryption is used to provide
message confidentiality
Q: Where to put the encryption mechanism?
How to distribute the secret key?




Placement of encryption function
Traffic confidentiality
Key distribution
Confidentiality using Symmetric
Encryption 機密性


What to encrypt and where the encryption function
should be located
(4) Monitor traffic
consider typical scenario:
(3) Tap into wire
(2) dial-in,
then intrude
(1) Eavesdropping by
members
Typical scenario and attacks

consider typical scenario




workstations on LANs access other workstations
& servers on LAN
LANs interconnected using switches/routers
with external lines or radio/satellite links
consider attacks and placement in this
scenario




snooping from another workstation
use dial-in to LAN or server to snoop
use external router link to enter & snoop
monitor and/or modify traffic one external links
Placement of encryption


have two major placement alternatives
link encryption




encryption occurs independently on every link
implies must decrypt traffic between links
requires many devices, but paired keys for all
links
end-to-end encryption


encryption occurs between original source and
final destination
need devices at each end with shared keys
Placement of encryption (cont.)
One key
for each link
One shared
key
Problems with routing

In a packet-switching network, we need packet
header to route packets
 Link encryption: so packet must be decrypted
before routing


End-to-end encryption: must leave headers in
clear, so network can correctly route information


Vulnerable at each switch node
hence although contents protected, traffic pattern is
not protected
ideally want both at once
 end-to-end protects data contents over entire
path and provides authentication
 link protects traffic flows from monitoring
Placement of encryption over OSI
model

can place encryption function at various layers in OSI
Reference Model
OSI model and packetization
Application level
encryption
TCP level
encryption
Link level
encryption
Placement of encryption over OSI
model (cont.)
Outline



Placement of encryption function
Traffic confidentiality
Key distribution
Traffic Analysis


In packet-switching network, the packet
header cannot be encrypted
Traffic analysis is monitoring of
communications flows between parties


Ex. know who is talking to whom in military
usage
Traffic analysis reveals



Identities of partners
How frequently the partners are communicating
Message pattern, message length, quantity of
messages, …
Defense against traffic analysis

link encryption obscures header details

but overall traffic volumes in networks and at
end-points is still visible
Traffic padding
Outline



Placement of encryption function
Traffic confidentiality
Key distribution
Model for Network Security
Key Distribution



symmetric schemes require both parties to
share a common secret key
issue is how to securely distribute this key
often secure system failure due to a break in
the key distribution scheme
Key Distribution methods

given parties A and B have various key
distribution alternatives:
Not suitable
for large 1.
systems
2.
Initial
3.
distribution?
4.
A can select key and physically deliver to B
third party can select & physically deliver key
to A & B
if A & B have communicated previously can use
previous key to encrypt a new key
if A & B have secure communications with a
third party C, C can relay key between A & B
Scale of key distribution problem



A network with N hosts
=> N(N-1)/2 pairs
Node-level encryption
N(N-1)/2
Application-level
encryption

10 applications/node
Key distribution center (KDC)
KDC shares a unique key (master key) with each user to distribute
secret key (session key) between a pair of users:
scale of key distribution problem reduces to N
EMK1 (Secret key)
Secret key
Key distribution
center (KDC)
EMK2 (Secret key)
Secret key
Key Distribution Scenario
nonce: an identifier
that differs for each request
1. Verify the original request
2. Avoid replay attack
Session key
Master key Ka
Identifier for A (ex. address)
Master key Kb
(avoid replay attack)
Hierarchical key control
KDC
KDC
KDC
…
a
…
b
Session key lifetime

Short session key lifetime


Long session key lifetime


Key exchanges frequently => more secure
Reduce key exchange time, and network capacity
Two connection protocol (session<connection)

Connectionless protocol (ex. UDP, HTTP)


Not to use a new key for each session, use a given
session key for a fixed period of time
Connection-oriented protocol (ex. TCP)

The same key for the connection; or update the key
periodically if the connection has long lifetime
Transparent key control scheme

End-to-end encrypt at network (transport) layer, which is
transparent to users
? No authentication
Front-end processor (FEP)
header
data
Decentralized key control


KDC trusted?
Decentralized: assume there is one master
key for each pair of end systems
Nonce for authentication
session key
shared master key
Master key are used for a short time, cryptanalysis is difficult
Introduction to public-key
cryptosystems
Introduction to public-key
cryptosystems

Recall: symmetric ciphers



One secret key, shared by sender and receivers
(symmetric)
Based on substitution and permutation
Problem:



Key distribution
Digital signature: a kind of signature used in paper
document
Deffie and Hellman proposed the public-key
cryptosystem to address the above two
problems in 1976
Preview of public-key systems

Features of public-key system



Asymmetric: a public key and a private key
Algorithm based on mathematical functions
Fallacies



Public-key is more secure than symmetric
encryption
Public-key encryption is a general-purpose
technique that will make symm. encrypt. obsolete
Key distribution is trivial is easier for public-key
encryption than symmetric encryption
Public-key encryption


One-key for encryption
A different but related key for decryption
 It is computational infeasible to determine the
decryption key given the crypto. algorithm and the
encryption key
Steps in public-key encryption
1. Each user generates a pair of keys for
encryption and decryption
(In RSA, these two keys can exchange 加解密皆可)
2. One key (public key) is announced publicly.
The other key is kept private.
Q: key distribution problem? (Chap. 10)
3. Bob sends encrypted message to Alice using
Alice’s public key.
4. Only Alice can decrypt the message using
her private key.
Comparison between symmetric
and public-key encryption
Math. formulation of public-key
system
Y = EKU b(X)
What E and D can achieve this?
X = DKRb(Y)
Requirement for public-key
cryptography

Diffie and Hellman (1976) proposed the system
without the algorithm for E and D. They laid out the
requirement:





It is computationally easy to generate a pair of keys
It is computationally easy for a sender to encrypt Y = EKUb(X)
It is computationally easy for a receiver to decrypt X = DKRb(Y)
It is computationally infeasible for an opponent, knowing
the public key, to determine the private key
It is computationally infeasible for an opponent, knowing
the public key and ciphtertext, to recover the plaintext
The algorithms that satisfy
public-key requirement

RSA (Rivest-Shamir-Adleman) 1978


Number theory
Elliptic curve cryptography
Trap-door one-way function

Public-key encryption is a one-way function

Every function value has a unique inverse
Y=f(X): easy
domain
target
X=f-1 (Y): infeasible ( > polynomial time)
• It is hard to determine the complexity to compute the inverse
• Not a traditionally complexity problem, which focuses on the
worst-case or average-case complexity
Trap-door one-way function
(cont.)

Open a trap-door using the private key…
Y=f(X): easy
domain
target
X=f-1 (Y): infeasible ( > polynomial time)
X=fK-1 (Y): easy if trap-door K is known
( ~ polynomial time)
Public-key system for
authentication 身份認證

Recall: the problem of digital signature
• Only Bob has the private key
to encrypt !!!
(server as
digital signature)
Authentication issues (Chap. 13)

Encrypt entire message?



No necessary. Encrypt the authenticator: a small
block of bits that is a function of the document
Change of document will change the authenticator
Digital signature is confidential?


No. Any one who has the public-key can decrypt
What to do? => double use of the public-key
system
Public-key system for both
confidentiality and authentication
Public-key cryptanalysis

Brute-force attack: search the private key




Solution: use large keys
Tradeoffs: complexity of encrypt/decrypt using
large keys  security using large keys
Public-key system are currently too slow for
general-purpose use, only used for key
management and signature application
Compute private key given the public key

Not proved to be infeasible
Public-key cryptanalysis (cont.)

Probable-message attack

Ex. encrypt 56-bit DES key
Public-key
56-bit
DES key
Public-key
encryption
Public-key
Attack:
Try all
DES Key
C
000…000
000…001
000…010
000…011
….
111…111
Public-key
encryption
C1
C2
C3
…
Ck= C
Solution: append things
in the plaintext