SlideShare a Scribd company logo

key distribution in network security

Download as PPT, PDF
babak danyal
babak danyal

Cns 13f-lec07- key distribution

EducationTechnology
1 of 38
Network Security Confidentiality Using Symmetric Encryption Chapter 7
Symmetric Key Cryptography Plain-text input Plain-text output “AxCv;5bmEseTfid3)f GsmWe#4^,sdgfMwir 3:dkJeTsY8Rs@! q3%” “The quick brown fox jumps over the lazy dog” Cipher-text “The quick brown fox jumps over the lazy dog” Encryption Decryption Same key (shared secret)
Confidentiality using Symmetric Encryption • Traditionally symmetric encryption is used to provide message confidentiality • Consider a typical scenario – Workstations on LANs access other workstations & servers on LAN – LANs are interconnected using switches/routers – With external lines or radio/satellite links
Points of Vulnerability
Confidentiality using Symmetric Encryption • Consider attacks and placement in this scenario – – – – snooping from another workstation use dial-in to a LAN or a server to snoop use external router link to enter & snoop monitor and/or modify traffic on external links
Confidentiality using Symmetric Encryption • Have two major placement alternatives – Link Encryption – End-to-End Encryption
Location of Encryption Device Link Encryption • Encryption devices are placed at each end of the link • Encryption occurs independently on every link • All the communication is made secure • A lot of encryption devices are required • Decrypt each packet at every switch • High level of security
Link Encryption Implications • All paths must use link encryption • Each pair of node must share a unique key – Large number of keys should be provided
End-to-End Encryption • Source encrypts and the Receiver decrypts • Payload encrypted • Header in the clear • Only destination and reciever share the key • High Security: Both link and end-to-end encryptions are needed
Encryption Across a Packet Switching Network
Traffic Analysis • When using end-to-end encryption must leave headers in clear – So network can correctly route information • Although content is protected, traffic flow patterns are not • Ideally want both at once – End-to-End protects data contents over entire path and provides authentication – Link protects traffic flows from monitoring
Placement of Encryption • Can place encryption function at various layers in OSI Reference Model – Link encryption occurs at layers 1 or 2 – End-to-End can occur at layers 3, 4, 6, 7 – As move higher, less information is encrypted but it is more secure and more complex with more entities and keys
Encryption coverage implications of store and forward communications
Traffic Analysis • Monitoring of communications flows between parties – Useful both in military & commercial spheres • Link encryption obscures header details – But overall traffic volumes in networks and at endpoints is still visible • Traffic padding can further obscure flows – But at cost of continuous traffic
Traffic Padding Encryption Device
Required Key Protection CONFIDENTIALITY INTEGRITY AUTHENTICATION AVAILABILITY
Key Storage • In Files – Using access control of operating system • In Crypto Tokens – Smart card, USB crypto token – Supports complete key life-cycle on token • Generation – storage – use – destruction – provide means to ensure that there is no way to get a key out • Key Backup (also known as key escrow)
Number of keys required to support Arbitrary connections
Use of a Key Hierarchy
Key Renewal • Keys should be renewed • More available cipher texts may facilitate certain attacks • How often depends on the crypto algorithm – Can depend on the amount of encrypted data – May depend on time (exhaustive key search requires time) • Regular key renewal can reduce damage in case of (unnoticed) key compromise • Protocols like SSL/TLS include features for (secret) key renewal
Key Life-Cycle Unrecoverabl e deletion Requires a secure random source! Key Generation Key Storage and Usage Key Destruction Time Keys must be protected
Key Distribution • Means of Exchanging Keys between two parties • Keys are used for conventional encryption • Frequent key exchanges are desirable – Limiting the amount of data compromised • Strength of cryptographic system rests with Key Distribution Mechanism
Key Distribution • Symmetric schemes require both parties to share a common secret key • Issue is how to securely distribute this key • Often a secure system failure due to a break in the key distribution scheme
Key Distribution • Two parties A and B can have various key distribution alternatives: 1. A can select key and physically deliver to B 2. third party can select & deliver key to A & B 3. if A & B have communicated previously can use previous key to encrypt a new key 4. if A & B have secure communications with a third party C, C can relay key between A & B
Key Distribution Scenario
Key Distribution Scenario 1. A issues a request to the KDC for a session key – – Nonce is also sent Nonce includes identities of communicating parties and a unique value 1. KDC sends a response encrypted with A’s secret key KA – – – It includes one time session key KS Original request message, including the nonce Message also includes KS and ID of A encrypted with KB intended for B
Key Distribution Scenario 3. A stores KS and forwards information for B i.e., EKB[KS||IDA] 4. B sends a nonce to A encrypted with KS 5. A responds by performing some function on nonce like incrementing The last two steps assure B that the message it received was not a replay
Key Distribution Entities • Key Distribution Center – Provides one time session key to valid users for encryption • Front end Processor – Carries out the end to end encryption – Obtains session key from the KDC on behalf of its host
Key distribution for symmetric keys • Key distribution for symmetric keys by a central server (KDC): - fixed number of distributions (for given n) - However, need security protocol
Key Distribution Issues Hierarchical Key Control • Not suitable that a single KDC is used for all the users • Hierarchies of KDC’s required for large networks • A single KDC may be responsible for a small number of users since it shares the master keys of all the entities attached to it • If two entities in different domains want to communicate, local KDCs communicate through a global KDC • Must trust each other
Session Key Lifetimes • Session key lifetimes should be limited for greater security • More frequently the session keys are exchanged, more secure they become • For connection oriented protocols, it should be valid for the duration of connection • For connectionless protocols key should be valid for a certain duration
Transparent Key Control • Use of automatic key distribution on behalf of users, but must trust system 1. Host sends packet requesting connection 2. Front End buffers packet; asks KDC for session key 3. KDC distributes session key to both front ends 4. Buffered packet transmitted
Automatic Key Distribution for Connection-Oriented Protocol KDC FEP HOST F E P F E P HOST
Decentralized Key Control • • • • KDCs need to be trusted and protected This can be avoided by the use of decentralized key distribution Decentralized approach requires that each node be able to communicate in a secure manner Session key may be established in following way 1. A issues a request to B for a session key and includes a nonce, N1. 2. B responds with a message that is encrypted using the shared secret key • Response includes session key, ID of B, the value f(N1) and nonce N2 1. Using the new session key, A returns f(N2) to B
Decentralized Key Distribution
Controlling Key Usage • Different types of session keys e.g., – Data encrypting key: for general communication across network – PIN-encrypting key: for PIN used in electronic funds – File encrypting key: for encrypting files stored on a publicly accessible location • Avoid using master key instead of session key since some unauthorized application may obtain the master key and exploit it
Key Distribution • Session key – Data encrypted with a one-time session key. At the conclusion of the session the key is destroyed • Permanent key – Used between entities for the purpose of distributing session keys
Summary • Have considered: – use of symmetric encryption to protect confidentiality – need for good key distribution – use of trusted third party KDC’s

Recommended

Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
distributed shared memory
distributed shared memory distributed shared memory
distributed shared memoryAshish Kumar
 

Recommended

Block Cipher and its Design Principles
Block Cipher and its Design PrinciplesBlock Cipher and its Design Principles
Block Cipher and its Design PrinciplesSHUBHA CHATURVEDI
 
IP Security
IP SecurityIP Security
IP SecurityKeshab Nath
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
block ciphers
block ciphersblock ciphers
block ciphersAsad Ali
 
Key management
Key managementKey management
Key managementSujata Regoti
 
Key management and distribution
Key management and distributionKey management and distribution
Key management and distributionRiya Choudhary
 
Intruders
IntrudersIntruders
IntrudersDr.Florence Dayana
 
distributed shared memory
distributed shared memory distributed shared memory
distributed shared memoryAshish Kumar
 
Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHMShashank Shetty
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Message passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsMessage passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsAlagappa Govt Arts College, Karaikudi
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...JAINAM KAPADIYA
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed systemishapadhy
 
Confusion and Diffusion.pptx
Confusion and Diffusion.pptxConfusion and Diffusion.pptx
Confusion and Diffusion.pptxbcanawakadalcollege
 
distributed Computing system model
distributed Computing system modeldistributed Computing system model
distributed Computing system modelHarshad Umredkar
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
ELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOLELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOLShashank Rustagi
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Agreement Protocols, distributed File Systems, Distributed Shared Memory
Agreement Protocols, distributed File Systems, Distributed Shared MemoryAgreement Protocols, distributed File Systems, Distributed Shared Memory
Agreement Protocols, distributed File Systems, Distributed Shared MemorySHIKHA GAUTAM
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure callSunita Sahu
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownInformation Security Awareness Group
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)DUET
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
ch07.ppt
ch07.pptch07.ppt
ch07.pptssuser4198c4
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - WorkshopSamant Khajuria
 

More Related Content

What's hot

Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its UsesMohsin Ali
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key CryptosystemDevakumar Kp
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...JAINAM KAPADIYA
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed systemishapadhy
 
distributed Computing system model
distributed Computing system modeldistributed Computing system model
distributed Computing system modelHarshad Umredkar
 
ELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOLELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOLShashank Rustagi
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanismsRajapriya82
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Agreement Protocols, distributed File Systems, Distributed Shared Memory
Agreement Protocols, distributed File Systems, Distributed Shared MemoryAgreement Protocols, distributed File Systems, Distributed Shared Memory
Agreement Protocols, distributed File Systems, Distributed Shared MemorySHIKHA GAUTAM
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure callSunita Sahu
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)DUET
 

What's hot (20)

Principles of public key cryptography and its Uses
Principles of public key cryptography and its UsesPrinciples of public key cryptography and its Uses
Principles of public key cryptography and its Uses
 
RSA ALGORITHM
RSA ALGORITHMRSA ALGORITHM
RSA ALGORITHM
 
Public Key Cryptosystem
Public Key CryptosystemPublic Key Cryptosystem
Public Key Cryptosystem
 
Message passing in Distributed Computing Systems
Message passing in Distributed Computing SystemsMessage passing in Distributed Computing Systems
Message passing in Distributed Computing Systems
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacy
 
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
Symmetric Cipher Model, Substitution techniques, Transposition techniques, St...
 
System models in distributed system
System models in distributed systemSystem models in distributed system
System models in distributed system
 
Confusion and Diffusion.pptx
Confusion and Diffusion.pptxConfusion and Diffusion.pptx
Confusion and Diffusion.pptx
 
distributed Computing system model
distributed Computing system modeldistributed Computing system model
distributed Computing system model
 
Hash Function
Hash FunctionHash Function
Hash Function
 
ELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOLELEMENTS OF TRANSPORT PROTOCOL
ELEMENTS OF TRANSPORT PROTOCOL
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notes
 
Security services and mechanisms
Security services and mechanismsSecurity services and mechanisms
Security services and mechanisms
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Agreement Protocols, distributed File Systems, Distributed Shared Memory
Agreement Protocols, distributed File Systems, Distributed Shared MemoryAgreement Protocols, distributed File Systems, Distributed Shared Memory
Agreement Protocols, distributed File Systems, Distributed Shared Memory
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
RPC: Remote procedure call
RPC: Remote procedure callRPC: Remote procedure call
RPC: Remote procedure call
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie Brown
 
Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)Secure Hash Algorithm (SHA-512)
Secure Hash Algorithm (SHA-512)
 
Kerberos
KerberosKerberos
Kerberos
 

Similar to key distribution in network security

Confidentiality using symmetric encryption.pptx
Confidentiality using symmetric encryption.pptxConfidentiality using symmetric encryption.pptx
Confidentiality using symmetric encryption.pptxAYUSHJAIN152065
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3limsh
 
Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1vmuniraja
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols NetProtocol Xpert
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityRamki M
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006Nate Lawson
 
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...CAS
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxssuserd5e356
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network SecurityPa Van Tanku
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniquesMohitManna
 
Slide Deck Class Session 8 – FRSecure CISSP Mentor Program
Slide Deck Class Session 8 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 8 – FRSecure CISSP Mentor Program
Slide Deck Class Session 8 – FRSecure CISSP Mentor ProgramFRSecure
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.pptIshaKanwal4
 
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017FRSecure
 

Similar to key distribution in network security (20)

ch07.ppt
ch07.pptch07.ppt
ch07.ppt
 
Slidecast - Workshop
Slidecast - WorkshopSlidecast - Workshop
Slidecast - Workshop
 
Confidentiality using symmetric encryption.pptx
Confidentiality using symmetric encryption.pptxConfidentiality using symmetric encryption.pptx
Confidentiality using symmetric encryption.pptx
 
ch13 ABCD.ppt
ch13 ABCD.pptch13 ABCD.ppt
ch13 ABCD.ppt
 
BAIT1103 Chapter 3
BAIT1103 Chapter 3BAIT1103 Chapter 3
BAIT1103 Chapter 3
 
Is unit-4-part-1
Is unit-4-part-1Is unit-4-part-1
Is unit-4-part-1
 
IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols IPSec VPN & IPSec Protocols
IPSec VPN & IPSec Protocols
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006TLS/SSL Protocol Design 201006
TLS/SSL Protocol Design 201006
 
Unit08
Unit08Unit08
Unit08
 
Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...Improved authentication & key agreement protocol using elliptic curve cryptog...
Improved authentication & key agreement protocol using elliptic curve cryptog...
 
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptxUNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
UNIT 4 CRYPTOGRAPHIC SYSTEMS.pptx
 
Cryptography and Network Security
Cryptography and Network SecurityCryptography and Network Security
Cryptography and Network Security
 
UNIT-IV.pptx
UNIT-IV.pptxUNIT-IV.pptx
UNIT-IV.pptx
 
Encryption techniques
Encryption techniquesEncryption techniques
Encryption techniques
 
Slide Deck Class Session 8 – FRSecure CISSP Mentor Program
Slide Deck Class Session 8 – FRSecure CISSP Mentor ProgramSlide Deck Class Session 8 – FRSecure CISSP Mentor Program
Slide Deck Class Session 8 – FRSecure CISSP Mentor Program
 
Security Threats at OSI layers
Security Threats at OSI layersSecurity Threats at OSI layers
Security Threats at OSI layers
 
Lec 10 - Key Management.ppt
Lec 10 - Key Management.pptLec 10 - Key Management.ppt
Lec 10 - Key Management.ppt
 
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
Slide Deck – Session 8 – FRSecure CISSP Mentor Program 2017
 
ch13.ppt
ch13.pptch13.ppt
ch13.ppt
 

More from babak danyal

Easy Steps to implement UDP Server and Client Sockets
Easy Steps to implement UDP Server and Client SocketsEasy Steps to implement UDP Server and Client Sockets
Easy Steps to implement UDP Server and Client Socketsbabak danyal
 
Java IO Package and Streams
Java IO Package and StreamsJava IO Package and Streams
Java IO Package and Streamsbabak danyal
 
Swing and Graphical User Interface in Java
Swing and Graphical User Interface in JavaSwing and Graphical User Interface in Java
Swing and Graphical User Interface in Javababak danyal
 
block ciphers and the des
block ciphers and the desblock ciphers and the des
block ciphers and the desbabak danyal
 
Lecture10 Signal and Systems
Lecture10 Signal and SystemsLecture10 Signal and Systems
Lecture10 Signal and Systemsbabak danyal
 
Lecture8 Signal and Systems
Lecture8 Signal and SystemsLecture8 Signal and Systems
Lecture8 Signal and Systemsbabak danyal
 
Lecture7 Signal and Systems
Lecture7 Signal and SystemsLecture7 Signal and Systems
Lecture7 Signal and Systemsbabak danyal
 
Lecture6 Signal and Systems
Lecture6 Signal and SystemsLecture6 Signal and Systems
Lecture6 Signal and Systemsbabak danyal
 
Lecture5 Signal and Systems
Lecture5 Signal and SystemsLecture5 Signal and Systems
Lecture5 Signal and Systemsbabak danyal
 
Lecture4 Signal and Systems
Lecture4 Signal and SystemsLecture4 Signal and Systems
Lecture4 Signal and Systemsbabak danyal
 
Lecture3 Signal and Systems
Lecture3 Signal and SystemsLecture3 Signal and Systems
Lecture3 Signal and Systemsbabak danyal
 
Lecture2 Signal and Systems
Lecture2 Signal and SystemsLecture2 Signal and Systems
Lecture2 Signal and Systemsbabak danyal
 
Lecture1 Intro To Signa
Lecture1 Intro To SignaLecture1 Intro To Signa
Lecture1 Intro To Signababak danyal
 
Lecture9 Signal and Systems
Lecture9 Signal and SystemsLecture9 Signal and Systems
Lecture9 Signal and Systemsbabak danyal
 
Cns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption TechniquesCns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption Techniquesbabak danyal
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Securitybabak danyal
 
Problems at independence
Problems at independenceProblems at independence
Problems at independencebabak danyal
 

More from babak danyal (20)

applist
applistapplist
applist
 
Easy Steps to implement UDP Server and Client Sockets
Easy Steps to implement UDP Server and Client SocketsEasy Steps to implement UDP Server and Client Sockets
Easy Steps to implement UDP Server and Client Sockets
 
Java IO Package and Streams
Java IO Package and StreamsJava IO Package and Streams
Java IO Package and Streams
 
Swing and Graphical User Interface in Java
Swing and Graphical User Interface in JavaSwing and Graphical User Interface in Java
Swing and Graphical User Interface in Java
 
Tcp sockets
Tcp socketsTcp sockets
Tcp sockets
 
block ciphers and the des
block ciphers and the desblock ciphers and the des
block ciphers and the des
 
Lecture10 Signal and Systems
Lecture10 Signal and SystemsLecture10 Signal and Systems
Lecture10 Signal and Systems
 
Lecture8 Signal and Systems
Lecture8 Signal and SystemsLecture8 Signal and Systems
Lecture8 Signal and Systems
 
Lecture7 Signal and Systems
Lecture7 Signal and SystemsLecture7 Signal and Systems
Lecture7 Signal and Systems
 
Lecture6 Signal and Systems
Lecture6 Signal and SystemsLecture6 Signal and Systems
Lecture6 Signal and Systems
 
Lecture5 Signal and Systems
Lecture5 Signal and SystemsLecture5 Signal and Systems
Lecture5 Signal and Systems
 
Lecture4 Signal and Systems
Lecture4 Signal and SystemsLecture4 Signal and Systems
Lecture4 Signal and Systems
 
Lecture3 Signal and Systems
Lecture3 Signal and SystemsLecture3 Signal and Systems
Lecture3 Signal and Systems
 
Lecture2 Signal and Systems
Lecture2 Signal and SystemsLecture2 Signal and Systems
Lecture2 Signal and Systems
 
Lecture1 Intro To Signa
Lecture1 Intro To SignaLecture1 Intro To Signa
Lecture1 Intro To Signa
 
Lecture9 Signal and Systems
Lecture9 Signal and SystemsLecture9 Signal and Systems
Lecture9 Signal and Systems
 
Lecture9
Lecture9Lecture9
Lecture9
 
Cns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption TechniquesCns 13f-lec03- Classical Encryption Techniques
Cns 13f-lec03- Classical Encryption Techniques
 
Classical Encryption Techniques in Network Security
Classical Encryption Techniques in Network SecurityClassical Encryption Techniques in Network Security
Classical Encryption Techniques in Network Security
 
Problems at independence
Problems at independenceProblems at independence
Problems at independence
 

Recently uploaded

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 

Recently uploaded (20)

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 

key distribution in network security

  • 1. Network Security Confidentiality Using Symmetric Encryption Chapter 7
  • 2. Symmetric Key Cryptography Plain-text input Plain-text output “AxCv;5bmEseTfid3)f GsmWe#4^,sdgfMwir 3:dkJeTsY8Rs@! q3%” “The quick brown fox jumps over the lazy dog” Cipher-text “The quick brown fox jumps over the lazy dog” Encryption Decryption Same key (shared secret)
  • 3. Confidentiality using Symmetric Encryption • Traditionally symmetric encryption is used to provide message confidentiality • Consider a typical scenario – Workstations on LANs access other workstations & servers on LAN – LANs are interconnected using switches/routers – With external lines or radio/satellite links
  • 5. Confidentiality using Symmetric Encryption • Consider attacks and placement in this scenario – – – – snooping from another workstation use dial-in to a LAN or a server to snoop use external router link to enter & snoop monitor and/or modify traffic on external links
  • 6. Confidentiality using Symmetric Encryption • Have two major placement alternatives – Link Encryption – End-to-End Encryption
  • 7. Location of Encryption Device Link Encryption • Encryption devices are placed at each end of the link • Encryption occurs independently on every link • All the communication is made secure • A lot of encryption devices are required • Decrypt each packet at every switch • High level of security
  • 8. Link Encryption Implications • All paths must use link encryption • Each pair of node must share a unique key – Large number of keys should be provided
  • 9. End-to-End Encryption • Source encrypts and the Receiver decrypts • Payload encrypted • Header in the clear • Only destination and reciever share the key • High Security: Both link and end-to-end encryptions are needed
  • 10. Encryption Across a Packet Switching Network
  • 11. Traffic Analysis • When using end-to-end encryption must leave headers in clear – So network can correctly route information • Although content is protected, traffic flow patterns are not • Ideally want both at once – End-to-End protects data contents over entire path and provides authentication – Link protects traffic flows from monitoring
  • 12. Placement of Encryption • Can place encryption function at various layers in OSI Reference Model – Link encryption occurs at layers 1 or 2 – End-to-End can occur at layers 3, 4, 6, 7 – As move higher, less information is encrypted but it is more secure and more complex with more entities and keys
  • 13. Encryption coverage implications of store and forward communications
  • 14. Traffic Analysis • Monitoring of communications flows between parties – Useful both in military & commercial spheres • Link encryption obscures header details – But overall traffic volumes in networks and at endpoints is still visible • Traffic padding can further obscure flows – But at cost of continuous traffic
  • 17. Key Storage • In Files – Using access control of operating system • In Crypto Tokens – Smart card, USB crypto token – Supports complete key life-cycle on token • Generation – storage – use – destruction – provide means to ensure that there is no way to get a key out • Key Backup (also known as key escrow)
  • 18. Number of keys required to support Arbitrary connections
  • 19. Use of a Key Hierarchy
  • 20. Key Renewal • Keys should be renewed • More available cipher texts may facilitate certain attacks • How often depends on the crypto algorithm – Can depend on the amount of encrypted data – May depend on time (exhaustive key search requires time) • Regular key renewal can reduce damage in case of (unnoticed) key compromise • Protocols like SSL/TLS include features for (secret) key renewal
  • 21. Key Life-Cycle Unrecoverabl e deletion Requires a secure random source! Key Generation Key Storage and Usage Key Destruction Time Keys must be protected
  • 22. Key Distribution • Means of Exchanging Keys between two parties • Keys are used for conventional encryption • Frequent key exchanges are desirable – Limiting the amount of data compromised • Strength of cryptographic system rests with Key Distribution Mechanism
  • 23. Key Distribution • Symmetric schemes require both parties to share a common secret key • Issue is how to securely distribute this key • Often a secure system failure due to a break in the key distribution scheme
  • 24. Key Distribution • Two parties A and B can have various key distribution alternatives: 1. A can select key and physically deliver to B 2. third party can select & deliver key to A & B 3. if A & B have communicated previously can use previous key to encrypt a new key 4. if A & B have secure communications with a third party C, C can relay key between A & B
  • 26. Key Distribution Scenario 1. A issues a request to the KDC for a session key – – Nonce is also sent Nonce includes identities of communicating parties and a unique value 1. KDC sends a response encrypted with A’s secret key KA – – – It includes one time session key KS Original request message, including the nonce Message also includes KS and ID of A encrypted with KB intended for B
  • 27. Key Distribution Scenario 3. A stores KS and forwards information for B i.e., EKB[KS||IDA] 4. B sends a nonce to A encrypted with KS 5. A responds by performing some function on nonce like incrementing The last two steps assure B that the message it received was not a replay
  • 28. Key Distribution Entities • Key Distribution Center – Provides one time session key to valid users for encryption • Front end Processor – Carries out the end to end encryption – Obtains session key from the KDC on behalf of its host
  • 29. Key distribution for symmetric keys • Key distribution for symmetric keys by a central server (KDC): - fixed number of distributions (for given n) - However, need security protocol
  • 30. Key Distribution Issues Hierarchical Key Control • Not suitable that a single KDC is used for all the users • Hierarchies of KDC’s required for large networks • A single KDC may be responsible for a small number of users since it shares the master keys of all the entities attached to it • If two entities in different domains want to communicate, local KDCs communicate through a global KDC • Must trust each other
  • 31. Session Key Lifetimes • Session key lifetimes should be limited for greater security • More frequently the session keys are exchanged, more secure they become • For connection oriented protocols, it should be valid for the duration of connection • For connectionless protocols key should be valid for a certain duration
  • 32. Transparent Key Control • Use of automatic key distribution on behalf of users, but must trust system 1. Host sends packet requesting connection 2. Front End buffers packet; asks KDC for session key 3. KDC distributes session key to both front ends 4. Buffered packet transmitted
  • 33. Automatic Key Distribution for Connection-Oriented Protocol KDC FEP HOST F E P F E P HOST
  • 34. Decentralized Key Control • • • • KDCs need to be trusted and protected This can be avoided by the use of decentralized key distribution Decentralized approach requires that each node be able to communicate in a secure manner Session key may be established in following way 1. A issues a request to B for a session key and includes a nonce, N1. 2. B responds with a message that is encrypted using the shared secret key • Response includes session key, ID of B, the value f(N1) and nonce N2 1. Using the new session key, A returns f(N2) to B
  • 36. Controlling Key Usage • Different types of session keys e.g., – Data encrypting key: for general communication across network – PIN-encrypting key: for PIN used in electronic funds – File encrypting key: for encrypting files stored on a publicly accessible location • Avoid using master key instead of session key since some unauthorized application may obtain the master key and exploit it
  • 37. Key Distribution • Session key – Data encrypted with a one-time session key. At the conclusion of the session the key is destroyed • Permanent key – Used between entities for the purpose of distributing session keys
  • 38. Summary • Have considered: – use of symmetric encryption to protect confidentiality – need for good key distribution – use of trusted third party KDC’s

Editor's Notes

  1. Have many locations where attacks can occur in typical scenarios.
  2. This is one of the most critical areas in security systems - on many occasions systems have been broken, not because of a poor encryption algorithm, but because of poor key selection or management. It is absolutely critical to get this right!
  3. Physical delivery (1 & 2) is simplest - but only applicable when there is personal contact between recipient and key issuer. Is fine for link encryption where devices & keys occur in pairs, but does not scale as number of parties who wish to communicate grows. A third party is a trusted intermediary, whom all parties trust, to mediate the establishment of secure communications between them. Must trust intermediary not to abuse the knowledge of all session keys. As number of parties grow, some variant of 4 is only practical solution.
  4. Stallings Fig 7.9. Based on concept of having a “Key Distribution Center” (KDC) which shares a unique key with each party (user). See text for details of steps in distribution process.