Chapter 14Network

Encryption

Communications Security

• Physical protection works for local networks– Impractical for long-distance communications

• Types of attacks– Passive – eavesdropping or sniffing– Active – maliciously create or modify data

• Crypto techniques protect data when outside our physical control– Confidentiality, Integrity– Authenticity, Nonrepudiation

Crypto by Layers

Applying Crypto Layers

• We get different results when we apply crypto at different layers– Different key distribution requirements– Data protected in different places and ways

• Transparency – does crypto interfere?– Network transparency: can the network still

carry our traffic with the crypto applied?– Application transparency: is crypto applied

without affecting the application?

Layer 2: Link Encryption

Layer 3: Network Encryption

Layer 4: Transport Encryption

Layer 7: Application Encryption

Administrative and Policy Issues

• Scope of sniffing protection• Traffic filtering – does the crypto interfere?• Automatic encryption – must we rely on the end

user to enable crypto for sensitive data?• Access to Internet sites – full, automatic

encryption makes Internet access impossible• End-to-end crypto – do we need to associate

crypto operations with end users?• Keying – do end users need to manage keys?

We will review all of these at the end

Crypto Keys on the Network

• The key management problem– Ensure that the right people have keys– Prevent attackers from uncovering keys

• Key distribution objectives– Ensure that keys are changed periodically– Change keys when access rights change

• The default keying risk: keys installed by vendor– Default keys work “out of the box”– Attackers also have copies of the default keys

Key Distribution Strategies

• One big cryptonet – share the same secret key with everyone who must communicate safely

• Groups of cryptonets – share the same key among smaller communities of users

• Pairwise key sharing – one per endpoint pair• Key distribution center – a shared server that

distributes working keys to approved users• Public key distribution – use public key

techniques to distribute keys

Key Distribution Techniques

• Manual keying– Distribute all keys ‘by hand’ in person or via

trustworthy couriers – often a starting point• Simple rekeying

– Unreliable tricks to replace an existing key• Secret-key techniques

– Wrapping, KDCs, hashing• Public-key techniques

– Diffie-Hellman, RSA

Simple Rekeying: Weak

• Self-rekeying– Use a PRNG to transform the current key into

a new one– Separate endpoints can apply the same

PRNG to yield the same key• New keys encrypted with old

– Generate a new, random key– Use previous key to encrypt it for distribution

• Both techniques may leak all traffic if old keys are disclosed

Stronger Secret Key Building Blocks

• Key Wrapping– Use wrapping technique from Chapter 8 to

protect keys carried in network messages– Traffic encrypting Key (TEK) wrapped by KEK

• Key Distribution Center (KDC)– The center distributes wrapped keys– Authorized users share a secret with the KDC

• Shared Secret Hashing– Generate a new key using a one-way hash

Key Wrapping

Key Distribution Center

Shared Secret Hashing

Public Key Building Blocks

• Anonymous Diffie-Hellman secret sharing– D-H inherently constructs a shared secret– We can use it to construct a temporary shared

secret for any two endpoints• RSA key wrapping (encapsulation)

– One endpoint (the client) creates a secret key shared with the other endpoint (the server)

– Only the server needs a public key pair– Client needs a copy of the server’s public key

Anonymous Diffie-Hellman

RSA Key Wrapping

Trade-Off: Public and Secret Keys

Secret Key• Limited resources• Clearly defined user

community• Revocation must be

timely and reliable• Small user community• Trustworthy servers

are available

Public Key• User community can’t

be identified ahead of time

• Large community, and

• Untrustworthy server computer

• Inefficient revocation is an acceptable risk

Application Layer Encryption

Email key wrapping and encryption

• [Insert figure 14.16]

Transport Layer Security: SSL/TLS

• Secure Sockets Layer (SSL)– Developed by Netscape in 1994– Part of commercial client/server Web package– First really successful public-key application

• Inherited by the IETF– Now called Transport Layer Security (TLS)

• Three-part protocol– Handshake protocol – key exchange– Record protocol – data exchange– Alert protocol – errors and session shutdown

SSL Handshake Protocol

SSL Key Construction

SSL Record Transmission

Network Layer Encryption

• Provides both application transparency and network transparency

• Primary use: Virtual Private Networks (VPNs)– Network carries plaintext inside a site– VPN gateway encrypts data between sites

• “proxy encryption”– Remote users use VPN crypto to access site

• IPsec – IP Security Protocol– Used for Internet VPNs

Example VPN

Encryption by an IPsec Gateway

IPsec Encrypted Packet

Internet Key Exchange (IKE) Protocol

Wireless LAN Encryption

• Wireless Equivalent Privacy (WEP)– Introduced with early Wi-Fi products– Used RC4 and 40-bit keys– Later increased to 128-bit keys (WEP 2)– Successful attacks in early 2000s

• Wireless Protected Access (WPA, WPA2)– First WPA designed to work with existing Wi-

Fi hardware (still used RC4)– WPA2 uses AES, improved integrity

protection, and improved key exchange

WPA2 Crypto Format

Crypto Policy: Sniffing

Crypto Policy: Automatic Encryption

Crypto Policy: Others

End of Chapter 14