Transcript Chapter 5
Confidentiality using Conventional Encryption Chapter 5 Vulnerability points • In-house – Corrupted workstation • Extra machine with sniffer – Wiring closet • Sneaky rewiring – for example to phone line – Corrupted server/router • Hacked – routed to man-in-the middle • Interception on external network – Wireless interception – Interception in external packet network • DNS attack • IP spoofing Encryption points • Link encryption – – – – IP and higher headers are encrypted – less traffic analysis Requires trust in packet network Many keys required Host authentication only • End-to-end encryption – – – – – Link headers must be in clear Packets show link headers One key per user pair User responsible and can decide not to encrypt Can be either protocol (TCP layer) or application layer Traffic Confidentiality • Defends against traffic analysis – – – – Partner identity How much communication Message characteristics – length, response patterns Relation with external events • Defenses – Link encryption hides users’ headers – Traffic padding (send useless random patterns) – used for end-toend – Packet tunneling (real thing hidden within innocent-looking packet)