Transcript Slide 1

Secure Communication
P.V. Ananda Mohan
FNAE, Fellow IEEE, FIETE
ECIL, Bangalore
AGENDA
•
•
•
•
•
Introduction
Current Scenario
Three Basic Requirements
Case studies
Conclusion
Where is Security needed?
• Military communications- media and
terminal Encryption
• Electronic Commerce
• E-banking
• Secure Storage
• Internet Applications: e-mail etc
• Wireless networks: GSM, CDMA, Wi fi,
WiMAX, Blue Tooth
Devices and Types of Networks
used for Communication
•
•
•
•
•
•
•
Routers
LANs
Wireless devices
Virtual Private Networks (IPSec based)
SSL
PDAs (Personal digital assistants)
Storage Area Networks (SAN)
Algorithms and protocols are
related to three basic domains
Authentication
Encryption
Hashing and
Digital
Signatures
Digital encryption
• Two techniques:
• Stream ciphering : considered simple to
implement, no error propagation, less
latency
• Block ciphering: considered complex to
implement, smearing of whole blocks due
to errors, latency of few blocks.
Stream ciphering
SEQUENCE GENERATOR
Clear Data
stream
Ciphered
data Stream
= Masking = modulo 2 operation
Block ciphers
N bit input
block
K bit key
N bit output block
ANSI X9.17 Random Number
generator
E
Ti
E
E
Vi
E
Ri
• Useful for generating session keys
• DES can be used Ti is time stamp, Vi is
seed and Ri is the output random number
Vi+1
A5 Stream cipher Algorithm of
GSM
IV
LFSR 17
Clock
LFSR 19
Clock
control
logic
Clock
IV
IV
LFSR 23
Clock
• LFSR= Linear Feedback Shift register
Generated
Sequence
to mask
speech
GSM authentication
•
•
•
•
Authentication
Network sends RAND(128 bits)
Ki is secret key
Ki, RAND used with Algorithm A3 to
produce SRES (32 bits)
• A3 is operator dependent
• Ki cannot be accessed by the user.
GSM Encryption
• Cipher Key Kc generated using Ki and
RAND by algorithm A8
• Kc is 64 bits
• Frame number (22bits) and Kc used with
A5 to generate 114 bit cipher sequence
• Speech is masked by cipher sequence
and transmitted
GSM Authentication and encryption
Handset
in a nutshell
Network
SIM has Ki, Algo
RAND
RAND 128 Bits
A3
A3
Ki
Ki
SRES (32 bits)
SRES
?
RAND
RAND
A8
A8
Ki
Ki
Kc 64 bits
Kc 64 bits
Frame#
Frame#
Encrypted traffic
A5
A5
CDMA Encryption Methodology
RAND SSD
generator
ESN A-Key
Broadcast RAND
generator
CAVE
SSDB
CAVE
SSDA
CAVE
Long Code
CAVE
SSDA
Broadcast RAND
CAVE
18 bit Sgnature check
for authentication
ORYX
Data
CEMA
SSDB
CAVE
?
Long Code
Data key
Voice
Signalling
A-Key ESN
RAND SSD
CEMA key
Scrambled
Voice
Encrypted
data
Encrypted Signalling
Messages
ORYX
CEMA
Future CDMA Encryption
• AES for Encryption
• SHA for Hashing
• AKA (Authentication and Key agreement
protocol)
• Kasumi Algorithm for Encryption and
message security.
WEP 802.11 Wireless Network
security
• Secret key shared between mobile and
Access point
• Standard does not say how the secret key
is established
• Single key shared by all laptops and
access point!
• Uses Integrity check field (IC) a CRC 32 to
safeguard against modification in transit.
WEP 802.11 Wireless Network
security
• Uses an IV (Initialization vector 24 bit)
together with common shared secret key
so that session key for RC4 changes.
• RC4 is a stream cipher.
• Too small repeats in 5 hours for a single
user situation say for 1500 byte packets at
11Mb/s
• In a multiple user scenario collision will be
very frequent.
Note that v is transparent.
Blue tooth
• Three security modes
• (a) no security (promiscuous mode)
• (b) link level enforced (supports
authentication and encryption, secret link
key established based on entered PINs)
• (c) Service level enforced (after channel is
established )
48 bit
128 bit
SAFER
Algorithm
• SAFER (secure and fast encryption routine)
Summary of Authentication
parameters
ACO= Authenticated
cipher offset
Blue Tooth Key generation and
Encryption Methodology
Link Key
Encryption Offset
Number (COF)
EN-RAND 128 bit
Kc
Master Clock bits
CLK 26-1
Algorithm to Modify Kc
MAC Address
48 bit
IV (Kc′)
E0 Algorithm
Kcipher
Plain Text
To medium
Blue Tooth Sequence generator
25
31
33
39
Tetra Security
•
•
•
•
•
•
•
•
•
•
Mobile Radio Trunking
Different modes of operation (direct Mode of operation DMO etc )
Authentication key K
Hierarchy of Keys:
Derived Ciphered key (DCK)
Common Cipher Key (CCK) generated by SWMI (Switching and
Management infrastructure)
Group Cipher Key (GCK)
Modified Group Cipher Key = ECCK(GCK)
Static Cipher Key (SCK)- no prior authentication is needed (fixed
pre-stored)
Uses IDEA (International Data Encryption Algorithm)
Tetra Authentication key generation
Identifies
the user
Authentication code
entered from keypad
Algo
Identifies
the
handset
User Authentication key
Algo
Identifies
the
handset
and the
user
K
K
Authentication code
Algo
User Authentication key
K
WiMAX security
• WiMAX World wide interoperability for
Microwave Access (IEEE 802.16e)
• Future PC will be with with three plug-ins
(a) WCDMA for HSPA (high speed packet
access) card for GSM users (b) CDMA
2000 for CDMA users ( c) card for WiMAX
• Integrate WiFI with WiMAX using
Montevino code
The MAC has a privacy sublayer than performs authentication,
key exchange and encryption of MPDUs.
• SS (subscriber station) first must gain
authorization to access the system and a
security association for its secondary
management connection
• Privacy and key management (PKM)
protocol is used.
• IP connectivity can then be established
• User connections can be created using the
MAC service.
Symmetric key encryption
algorithms
• Data encryption standard(DES)
• Triple DES
• International data encryption algorithm
(IDEA)
• Blowfish
• Many more
• RIJNDAEL - the advanced encryption
standard
General Features/Specifications
•
•
•
•
•
•
•
•
•
•
Block length in bits
Key length in Bits
Rounds
Operations in Each round
Key Schedule for all rounds
Round Key generation
Decryption
Modes of operation
Any Weak Keys
Complexity / Execution time Benchmarks
DES Structure
Sub Key generation
64
IP
56
64
32
28
28
Expansion
48
32
48 bit sub-key1
Rotate by
number of
bits as given
in table in
each round
Rotate by
number of
bits as given
in table in
each round
48
Substitution
48
Permutation
Compression
Permutation
32
32
One Round
32
48 bits
DES Modes
64 bit input
Text
block1
IV
(Initialization
Vector)
56 bit key
Text
block2
E
64 bit output
(64-J) bits
E
E
Cipher text blocks
•ECB (Electronic Code Book)
Shift
Register
Text
block3
J bits
•CBC (Cipher Block chaining)
Shift
register
64-j bits
j bits
E
key
J bits
Plain text j bits
Discard 64-j bits
Cipher text j bits
•CFB (Cipher feedback mode)
Plain
text
Cipher
text
•OFB (Output feedback) Encryption
Triple DES
C=EK1[DK2[EK1[P]]]
E
D
E
P
C
K1
K2
K1
• 112 bit key (caution: different K1 and K2!!!)
Rijndael
•
•
•
•
Brand
New!!!
Variable block length (128,192,256 bits)
Variable key length( 128,192 or 256 bits)
Block cipher
Data and key arranged as rows and
columns
• Byte level design
• Suitable for DSP or Microprocessor based
or ASIC implementation
Rijndael
•
•
•
•
Four Rows
Nb columns : Nb = Block length/32
Nk columns : Nk = Key length /32
Number of rounds dependent on Nb and
Nk:
Nk
4
6
8
4
10
12
14
6
12
12
14
8
14
14
14
Nb
Rijndael
•
•
•
•
•
•
Rounds shown in Table +1 needed
Each round consists of four operations:
1)Byte Substitution
2) Shift row
3)Mix column
4) Add Round key (modulo 2 bit by bit)
Rijndael
A0
A4
A8
A12
S0
S4
S8
S12
A1
A5
A9
A13
S1
S5
S9
S13
A2
A6
A10
A14
S2
S6
S10
S14
S3
S7
S11
S15
A3
A7
A11
A15
Substitute for each byte from a Rijndalel S-Box
to get a new block
Write data vertically in the memory
F0
F4
F8
F12
F1
F5
F9
F13
F2
F6
F10
F14
F3
F7
F11
F15
Add Round Key
A0
A4
A8
A12
A5
A9
A13
A1
A10
A14
A2
A6
A15
A3
A7
A11
Rotate Byte Followed by Mix column
Key Generation method
K0
K4
K8
K12
K1
K5
K9
K13
K2
K6
K10 K14
K3
K7
K11 K15
W0 W1 W2 W3
g
• Continue to get 44 words W4 W5 W6 W7
Encryption and authentication
D
S
D
S
U
K
K
Conventional encryption
D
S
R
R
U
Authentication
U stands for Public
R stands for Private
Confidentiality
S
D
R
U
R
U
Both Authentication and
confidentiality
Key distribution(contd..)
4
PUBLIC KEY AUTHORITY
1
5
2
3
6
A
7
B
Key distribution using
certificates
KUa
CA
CA
A
KUb
CA
CB
CB
B
Authentication using RSA
• RSA ( Rivest- Shamir- Adleman) inventors
• Two keys are used (public key and private
key)
Choose two large primes p and q.
n = pq
Choose e such that e and (p-1)(q-1)
are relatively prime.
Calculate d so that
ed = 1 mod((p-1).(q-1))
Disclose d and n.
Keep e safe with you.
Modulo exponentiation is a complex task.
m = message
Public Key = (e,n)
Private Key = (d,n)
Encryption c = me mod n
Decryption m = cd mod n
DIFFIE- HELLMAN KEY
EXCHANGE
• Public values p and n.
• A selects x and B selects y.
k1= px mod n
A
B
k2 = py mod n
A computes k2x mod n
B computes k1y mod n
Both get pxy mod n
DIGITAL SIGNATURE
ALGORITHMS
AUTHENTICATION BY DIGITAL
SIGNATURES
•
M
-------CK(M)
M
C
K
COMPARE
K
General Principle
Y0
Y1
F
YN-1
F
IV
• F is a compression function
• Yi are successive blocks in the input
• If F is collision resistant, so is the Hash
algorithm.
F
SECURE HASH ALGORITHM
•
•
•
•
Treats messages as 512 bit blocks
Four rounds of 20 operations each
Five Constants 32 bit A, B, C, D, E
Uses nonlinear operations involving AND,
OR, EXCLUSIVE-OR
• Uses circular shifts
• Generates a hash of 160 bits.
Improvement over MD5
SHA Hashing step
Kt
Wt
E
E
+
+
+
D
D
C
C
B
B
S30
A
+
S5
A
Conclusion
• Algorithms are well known
• Need to be implemented which are resistant to
side-channel attacks, low power, low area, small
code, high speed
• Protocols need to be strong- resistant to attacks
• Integrated solutions- end to end security
paradigm to be explored
• Other related issues – attacks, 3wormsw,
viruses, malware etc also need to be addressed