055931_PPTx_CH14

Download Report

Transcript 055931_PPTx_CH14

Chapter 14
Network
Encryption
Communications Security
• Physical protection works for local networks
– Impractical for long-distance communications
• Types of attacks
– Passive – eavesdropping or sniffing
– Active – maliciously create or modify data
• Crypto techniques protect data when outside our
physical control
– Confidentiality, Integrity
– Authenticity, Nonrepudiation
Crypto by Layers
Applying Crypto Layers
• We get different results when we apply crypto at
different layers
– Different key distribution requirements
– Data protected in different places and ways
• Transparency – does crypto interfere?
– Network transparency: can the network still
carry our traffic with the crypto applied?
– Application transparency: is crypto applied
without affecting the application?
Layer 2: Link Encryption
Layer 3: Network Encryption
Layer 4: Transport Encryption
Layer 7: Application Encryption
Administrative and Policy Issues
• Scope of sniffing protection
• Traffic filtering – does the crypto interfere?
• Automatic encryption – must we rely on the end
user to enable crypto for sensitive data?
• Access to Internet sites – full, automatic
encryption makes Internet access impossible
• End-to-end crypto – do we need to associate
crypto operations with end users?
• Keying – do end users need to manage keys?
We will review all of these at the end
Crypto Keys on the Network
• The key management problem
– Ensure that the right people have keys
– Prevent attackers from uncovering keys
• Key distribution objectives
– Ensure that keys are changed periodically
– Change keys when access rights change
• The default keying risk: keys installed by vendor
– Default keys work “out of the box”
– Attackers also have copies of the default keys
Key Distribution Strategies
• One big cryptonet – share the same secret key
with everyone who must communicate safely
• Groups of cryptonets – share the same key
among smaller communities of users
• Pairwise key sharing – one per endpoint pair
• Key distribution center – a shared server that
distributes working keys to approved users
• Public key distribution – use public key
techniques to distribute keys
Key Distribution Techniques
• Manual keying
– Distribute all keys ‘by hand’ in person or via
trustworthy couriers – often a starting point
• Simple rekeying
– Unreliable tricks to replace an existing key
• Secret-key techniques
– Wrapping, KDCs, hashing
• Public-key techniques
– Diffie-Hellman, RSA
Simple Rekeying: Weak
• Self-rekeying
– Use a PRNG to transform the current key into
a new one
– Separate endpoints can apply the same
PRNG to yield the same key
• New keys encrypted with old
– Generate a new, random key
– Use previous key to encrypt it for distribution
• Both techniques may leak all traffic if old keys
are disclosed
Stronger Secret Key Building Blocks
• Key Wrapping
– Use wrapping technique from Chapter 8 to
protect keys carried in network messages
– Traffic encrypting Key (TEK) wrapped by KEK
• Key Distribution Center (KDC)
– The center distributes wrapped keys
– Authorized users share a secret with the KDC
• Shared Secret Hashing
– Generate a new key using a one-way hash
Key Wrapping
Key Distribution Center
Shared Secret Hashing
Public Key Building Blocks
• Anonymous Diffie-Hellman secret sharing
– D-H inherently constructs a shared secret
– We can use it to construct a temporary shared
secret for any two endpoints
• RSA key wrapping (encapsulation)
– One endpoint (the client) creates a secret key
shared with the other endpoint (the server)
– Only the server needs a public key pair
– Client needs a copy of the server’s public key
Anonymous Diffie-Hellman
RSA Key Wrapping
Trade-Off: Public and Secret Keys
•
•
•
•
•
Secret Key
Limited resources
Clearly defined user
community
Revocation must be
timely and reliable
Small user community
Trustworthy servers
are available
•
•
•
•
Public Key
User community
can’t be identified
ahead of time
Large community, and
Untrustworthy server
computer
Inefficient revocation
is an acceptable risk
Application Layer Encryption
Email key wrapping and encryption
• [Insert figure 14.16]
Transport Layer Security: SSL/TLS
• Secure Sockets Layer (SSL)
– Developed by Netscape in 1994
– Part of commercial client/server Web package
– First really successful public-key application
• Inherited by the IETF
– Now called Transport Layer Security (TLS)
• Three-part protocol
– Handshake protocol – key exchange
– Record protocol – data exchange
– Alert protocol – errors and session shutdown
SSL Handshake Protocol
SSL Key Construction
SSL Record Transmission
Network Layer Encryption
• Provides both application transparency and
network transparency
• Primary use: Virtual Private Networks (VPNs)
– Network carries plaintext inside a site
– VPN gateway encrypts data between sites
• “proxy encryption”
– Remote users use VPN crypto to access site
• IPsec – IP Security Protocol
– Used for Internet VPNs
Example VPN
Encryption by an IPsec Gateway
IPsec Encrypted Packet
Internet Key Exchange (IKE) Protocol
Wireless LAN Encryption
• Wireless Equivalent Privacy (WEP)
– Introduced with early Wi-Fi products
– Used RC4 and 40-bit keys
– Later increased to 128-bit keys (WEP 2)
– Successful attacks in early 2000s
• Wireless Protected Access (WPA, WPA2)
– First WPA designed to work with existing WiFi hardware (still used RC4)
– WPA2 uses AES, improved integrity
protection, and improved key exchange
WPA2 Crypto Format
Crypto Policy: Sniffing
Crypto Policy: Automatic Encryption
Crypto Policy: Others
End of Chapter 14