12 security i
TRANSCRIPT
-
Comms Tech
Introduction to Communication Security I 1
Communication Security
Introduction to ConceptsPart I
Security Requirements Privacy: only the intended recipient can 'see'
the contents of the message. Integrity: the message received is the same as
the message transmitted Authentication: the message has actually
come from a sender of known identity and not an imposter.
Nonrepudiation: a sender cannot later deny sending the message or receiver having received it.
(some also consider Availability: protection against loss of access to data or ability to communicate)
Communication Channel SecuritySome media are more difficult to eavesdrop than others.In order of increasing difficulty it goes: wireless, wired, opticalHowever: For all communications channels assume that a determined eavesdropper can pick up messages either by detecting the transmission directly or by manipulating lower layer protocols and devices.
=> Need to protect messages
Cryptography (brief introduction) From Greek for secret writing Plaintext message (readable by anyone) is converted to
Ciphertext by an encryption algorithm. Ciphertext can only be read by intended receiver as it requires
the specific decryption algorithm (which only intended receiver has)
Sender
Encryption Decryption
Receiver
Communication channel
PlaintextPlaintextCiphertext
Ciphers and Keys A Cipher refers to a particular encryption/decryption algorithm
(or class of algorithms). It is not necessary for every pair of communicators to have their
own shared algorithms. Instead a public algorithm is used (it can be known by
everyone) in combination with keys. A key is a number that the Cipher uses in the encryption and
decryption process (ie. as an input to the algorithm). Keys may be:
Shared secret keys (sender and receiver use same key that is secret from everyone else) or
A pair of keys one public (that everyone can know about) and one secret(only known to the receiver*)
*or transmitter depending on the purpose of the crytography
Symmetric Key Cryptography Same key used by both parties (encryption and decryption) and
in both directions (hence symmetric) The key is a shared secret key. Decryption algorithm is the inverse of the encryption algorithm.
Alice
Encryption Decryption
BobCommunication Channel
Shared Secret Key
-
Comms Tech
Introduction to Communication Security I 2
Bob, Alice and Eve too
It is conventional to call the communicators Alice and Bob.Eve is the evil eavesdropper
Symmetric Key Ciphers Caesar Cipher (substitution Cipher)
- Transform character by substituting character in new position of alphabet (e.g. A=> D, B=>E, C=>F)
Transpositional cipher Reorganise position of characters according to
table defined by key Data Encryption Standard
Operates on 64-bit blocks with 56-bit key.
Shared Secret Key: ExampleCipher: shift letter in message to right by corresponding key value
Decipher: shift letter in ciphertext to left by corresponding key value
Shared Key Example: Part IIHeres a highly secret message encrypted earlier:
f ilsb zljjp qbze
In groups of four or five see if you can crack the code (the Caesar Cipher has been used)
Prize to the winning team
Shared Key Distribution Cipher may be public but Key is a shared secret
anyone who gets the key could decrypt the ciphercode.
Need a way of sharing the key without the key being found out by potential eavesdropper.
This becomes more difficult as the number of users grows (poor scalability)
=> An alternative is Public Key Cryptography
Public Key Cryptography Two keys: Public Key and Private or Secret Key. Secret key held by receiver (i.e. it's kept secret) Public key
made openly available to anyone who wants to send a message (i.e. it's not secret).
Public key used to encrypt message Private key necessary to decrypt message (only intended
receiver has this)
Alice
Encryption Decryption
Bob
Communication Channel
Public Key
Private KeyPrivate Key
-
Comms Tech
Introduction to Communication Security I 3
Public Key Cipherse.g. RSA Private key pair of numbers (N,d) Public key another pair of numbers (N,e) Sender encryption algorithm: C=Pe mod N Receiver decryption algorithm: P=Cd mod N[P is Plain message (Plaintext),C is Ciphered message (Ciphertext)Mod means remainder after division]
Public Key: ExampleMy public key: 5Send me a message: Cipher: P5 mod 133 = C(mod means remainder after division)
Note: in this example use P = the numerical position of the letter in the alphabet e.g. a=1 b=2 etc. (this isnt very robust (could be easily hacked) but it will do as a simple example
My secret key: ?Decryption: Csecret key mod 133 = P
Comparison Symmetric/Public Key Cryptography
Symmetric Public
EfficiencyKey can be smallerEfficient for long messages
Complex algorithm
ScalabilityRequires key for each pair of communicators
Pair of keys for each entity
Key distribution Can be difficult Key is public
AuthenticationVerification implied in sharing process
Public key needs to be verified as belonging to appropriate entity.
Privacy/Secrecy Confidentiality of the message. Eavesdroppers cannot decode and read
message Achieved with either Symmetric or Public key
cryptography Relies on Robustness of algorithm (Cipher)
(and private keys remaining secret)
ImplementationThese ideas may be implemented at any layer of the communication protocol stack
Common examples exist for layers 1, 2, 3, 4 and 7
Example Wireless (LAN)
Wired Equivalent Privacy (WEP) Layer 2 protocol for privacy symmetric key for message privacy (+attempt at
integrity) Key managed by manually inputting key value for each
user.
Encrypted message becomes payload in unencrypted 802.11 frame
Relatively easy to crack (lots of how-tos on Web).
-
Comms Tech
Introduction to Communication Security I 4
WEP Structure
K is shared secret key:
40 bit or 104 bit (input as 10 or 26 hex digits respectively) IV is initialization vector:
24 bit random value that should vary from frame to frame RC4 is algorithm to generate key stream from concatenation of K and IV ICV is Integrity check value appended to message (32 bit CRC acting on plaintext
message) Key ID 2-bit value that permits choice of K to be used.
KeyID
Ciphered Message802.11 frame header
IV FCS
Message
Key stream
ICV
K IV RC4
XOR
Summary Communication security relates to four main criteria:
Privacy, Integrity, Authentication and Non-repudiation. To implement security algorithms called Ciphers are
used. Rather than requiring a secret cipher for each pair of
communicators Keys are used with public ciphers. Keys can be shared secret or public key (one of them) So far we have looked at how these ideas can be used
to give message privacy.