8/12/2019 144551742010

1/12

8/12/2019 144551742010

2/12

Conventional encryption toprovide confidentiality .

Historically, the focus of cryptology has beenon the use of conventional encryption toprovide confidentiality.

Authorization, Integrity, Digital signatures, andthe use of public-key encryption, have beenincluded in the theory only in the last severaldecades.

8/12/2019 144551742010

3/12

Placement of EncryptionFunction

The location of encryption function is neededto be decided if the encryption is to be used tocounter attacks on Confidentiality.

First, we have to find out the potentiallocations of security attacks.

Second, decide where to place the encryptionfunction.

8/12/2019 144551742010

4/12

Potential Locations forConfidentiality Attacks.

An attack can take place at any of thecommunications links.

The communications links can be:

- Cable (telephone, twisted pair, coaxial cable,or optical fiber).

- Microwave links.- Satellite channels.

8/12/2019 144551742010

5/12

Potential Locations forConfidentiality Attacks

Invasive taps or inductive taps are used tomonitor electromagnetic emanation with bothTwisted pair and Coaxial cables.

Neither type of tap is particularly useful withoptical fiber.

Physically breaking the cable seriouslydegrades signal quality and it is thereforedetectable.

8/12/2019 144551742010

6/12

Placement of Encryption Function

There are two major approaches to encryptionplacement:

1- Link encryption.

2- End-to-end encryption.

8/12/2019 144551742010

7/12

Key Distribution

For conventional encryption to work, the twoparties to an exchange must share the samekey, and that key must be protected fromaccess by others.

Frequent key changes are required. Therefore, the strength of cryptographic

system relays on the key distributiontechnique.

8/12/2019 144551742010

8/12

Key Distribution

There are a number of ways to deliver the key:

1- Physical delivery between two parties A,B.

2- Third party physically delivered the key.3- A and B use used key to encrypt the newkey and transmit it to the other party.

4- Using an encrypted connection to thirdparty, then the third party delivers a key onencrypted links to A and B.

8/12/2019 144551742010

9/12

A Key Distribution Scenario One scenario to deploy the key distribution

assumes that each user share a unique masterkey with the key distribution center (KDC).

Let us assume that user A wishes to establish alogical connection with B and require a one timesession key to protect the data transmission overthe connection.

A has a secret key ka, known only to itself and theKDC; similarly, B shares the master key k b with theKDC.

8/12/2019 144551742010

10/12

A Key Distribution Scenario Steps:

1- A issues a request to the KDC for a session key,the message includes the identity of A and B anda unique identifier N1 for this transaction.2- the KDC responds with a message encryptedusing Ka, the message includes two itemsintended for A:- the one time session key Ks to be used for thesession.- the original request message for matching.

8/12/2019 144551742010

11/12

A Key Distribution Scenario

Steps (Continue):

And two items intended for B:

- the one time session key, k s- An identifier of A IDA

these two items are encrypted using k b

3- A stores the session key for use in theupcoming session and forwards to B theinformation that originated at the KDC for B.

8/12/2019 144551742010

12/12

A Key Distribution Scenario

Steps (Continue): Because this information is encrypted with k b,

it is protected. B now knows the session key k s , knows that the other party is A (from theIDA), and knows that the informationoriginated at the KDC.

At this point, a session key has been securelydelivered to A and B, and they may begin theirprotected exchange.