1 1 link encryption what is link security? link security objectives by link encryption in-line...
Post on 15-Jan-2016
227 views
TRANSCRIPT
1
Link Encryption
What is Link Security?Link security objectives by link encryption
In-line encryptor hardware
Point to point deployment
IP-routed developmentKey Recovery from Internet Cryptograph chapter 3
22
ISO/OSI Layer Review – 7 layersInternational Standard Organisation/Open System Interconnection
The 7-layer is shown on right.
There are many protocols in each layer.
For example, High Level Data link Control (HDLC) in Data link layer
33
Internet Protocol – 5 layers
Internet protocol reduces to five layers.
Link Security refers to the security measure in data link layer (ISO/OSI, layer 2) or Network Interface (Internet Protocol, layer 2)
44
Internet Cryptographic ProtocolsProtocol PurposeCyberCash (5) Electronic funds transactions
DNSSEC (5) Domain Name System
IPSec (layer 3) Packet-level encryption
PCT TCP/IP level encryption
PGP (layer 5) E-mail
S-HTTP (layer 5) Web browsing
Secure RPC Remote procedure calls
SET (layer 4) Electronic funds transactions
SSL (layer 4) TCP/IP level encryption
55
What is a protocol? It means “The proper way of handling data transfer
between two parties. “ Assume two parties, Sender and Receiver are sending
message. Below is the proper procedure inlcuding the error handling (in this case, retransmit)
66
What is link security protocol?
It is designed to hide secrets (means, encrypt for you)
It intends to protect data against forgery (false data).
It can simply fit into existing Internet applications.
In Data link layer (ISO/OSI layer 2) or Network Interface
77
Security Objectives of link security (1)
Maintain confidentiality on an isolated set of computers. The computer contains sensitive data
and needs to exchange with others. Use a simple but secure protocol
Communications with outsiders is unwanted and to be blocked To prevent the data from happening
through accident, carelessness or overt (公開 ) attempt.
Purpose
Reason
88
Security Objectives (2)
Hide data traffic as much as possible Shield everything possible about
the data sentSafety and familiarity is more
important than cost Use a well-established technique
that is simple to understand and implement.
Action
99
In-line Encryptor – must be a pair
It is a building block for link encryption. It is a hardware device (not a software)One port accepts plaintext, while the
other produce ciphertext. (vice versa)
iomegaIn te rn e t
In- line Enc rypto r
P lain text Cipher tex t
1010
Example of a pair of in-line encryptor through the Internet, usually it is used through a leased line (from PCCW)
1111
In-line Encryptor (real products)
Code encryptor
(a small device with two network data link connections.)
In-line encryptor
1212
Inside in-line encryptor
S end a m es s ageof "G rade A toChan T ai M an"
Enc rypt
D ec rypt
uy78& 454
c ipher tes tin terfac e
P lain tex tin terfac e
90iu^&N o problemIn-line Enc ryptor
1313
Features of in-line encryptorSeparate the plaintext and ciphertext
ports (that is why there are two ports)Use a stream cipher or block cipher In practice, a block cipher such as RC4
is used in commercial setting. (it uses DES (data encryption standard algorithm)
1414
Link level Vulnerabilities (means weakness)
There are a few attacks, Below are some of them:
Replay Attacks Rewrite Attacks Convert Signalling Attacks
1515
Replay Attacks – resend a few times
If the message is an encrypted, why should we care about replay?
The reason is that: If an outsider captures the encrypted
message and re-send it, he/she might attack the system.
1616
Example of Replay Attacks
S end a m es s age of"pay Chan T ai M an 1000"
$% & *(
P ay Chan T ai M an 1000
P ay Chan T ai M an 1000
P ay Chan T ai M an 1000
$% & *(
$% & *(
Alic e
P lay- it-aganS am
Bob and h is c o lleagues
Bo gusC o p ies
G enuine
Falsecopies
1717
Example of Replay Attacks - Explanation
Alice sends a message of “pay Chan Tai Man” to Bob. She sends one genuine (true) message.
Play-it-again Sam captures the encrypted message and re-sends twice to Bob.
Bob and his colleagues will then pay Chan Tai Man three times.
Of course, Sam will have certain benefits of doing this.
1818
How to solve this? – Replay attack
Each plaintext message must have an extra information such as message number.
If the receiver receives a duplicated message, it is discarded.
This will solve it in TCP/IP (layers 3 & 4). It has this feature to solve this problem.
data22 3 data3
2 data2 2 data2
1919
Rewrite Attacks If an hacker knows the contents, he/she
can modify the encrypted message.Say for example, the encrypted
message of pay 1000 is 89^&oiu, he/she can modify 89^&aiu by changing o to a. The resulting plaintext message is 9000. (This assumes that 89^&aiu will produce 9000.)
2020
Example of Rewrite
S end a m es s age of"pay Chan T ai M an 1000"
P ay Chan T ai M an 9000
$% & *(
Alic eBob and h is c o lleagues
G enuine
89^& oiu
89^& aiu
S w i t c h e r
Here, the encrypted message is modified via a switcher.
2121
How to resolve this? - rewriteThere are many methods. Below are some of them1. Avoid products using other modes. Always
use block ciphers or Vernam techniques. (crude rewrite attacks are still possible with block mode.); or
2. Insert a random number into each packet, include it in the packet checksum and encrypt the resulting packet; or
3. Use Message Digest that you learnt in lecture 4; or
4. Use digital signature to authenticate the source of data. (the message is signed)
2222
Convert Signaling AttacksThe attack is done by inserting a
subverted program (spy software) into a host on the plaintext side of an encryptor
The program collects sensitive data and then transmits it to the program outside the security boundary.
2323
Example – subverted program
In t e r n e t
S e cu irty bo u n da ry
C o lle cts e n s it iv eda ta
2424
Deployment – Point to point between sender and receiver
This deployment uses a pair of trusted lines between a pair of hosts.
There is no need to connect to the Internet. For example, you can apply for a leased line
via Pacific Century Cyber Work (PCCW) between two computers (example from Central to Kowloon Tong). Now, it uses VPN, a pair of encryptors through the Internet)
Arrangement
2525
Point to point – Connection
S e cu irty bo u n da ry
In- line Enc rypto r
P lain tex t
iomega
In- line Enc rypto r
P lain tex t
iomega
Un pro te cte dbu t u n re a da bleciph e rte x t m e s s a g e
7 6 % 7 h u i
Each host’s data link is connected to the plaintext port of in-line encryptor. It is commonly used in military applications.
Protect
2626
Point to point limitation
It is hard to use as it limits between two in-line encryptors. (between two points)
You don’t have any choice on the encryption.
In- line E nc rypto r
P lain text
iomega
In- l ine Enc rypto r
P lain text
iomega
En cry pt io n with in th is bo u n da ry
2727
Deployment Example: Ip routed Link encryption can also be applied to links carrying IP traffic. (means network layer)
This yields a flexible networking environment. (any workstation in the network can access.)
For example, assume that there are two networks that are connected by a pair of routers.
Any workstation, server etc can access the remote networking components through the leased line that is protected by the in-line encryptors.
2828
Ip routed network diagram (to any host within the network) This arrangement is more flexible
In- line Enc rypto r
iomega
W infram e S erver
N e tw o rk C a b le
N etw ork S erver M ainfram e
P lain tex t
In- line Enc rypto r
iomega
W infram e S erver
N e tw o rk C a b le
N etw ork S erver M ainfram e
IP router
P lain text
Ip R o ute r
Le a s e d line
a cc e
s s p
a th
c iphertext
2929
Site protection – Ip routedGiven in the previous slide, the
machines (server and workstations) are within the protected boundary of the site.
The in-line encryptors are used to further to protect from unnecessary physical access. (messages are encrypted.)
3030
Site Protection – Unsafe arrangement
The workstation out of physical protection is unsafe.
In- line Enc rypto r
iomega
W infram e S erver
N e tw ork C a ble
N etw ork S erverM ainfram e
P lain text
In- line Enc rypto r
iomega
W infram e S erver
N e tw o rk C a b le
N etw ork S erver M ainfram e
IP router
P lain text
Ip R o ute r
Le a se d line
a cc e
s s p
a th
c ipher tex t
Site P ro te c tio n
P hys ic a l pro te c tion
uns afe, as au thoris edpeople c an us e it
3131
Key Recovery – how to get the key
The protection of in-line encryptors lies in the key used.
Key recovery means the keys that are used to encrypt the data is recovered by someone else without notice.
S end a m es s ageof "G rade A toChan T ai M an"
Enc rypt
D ec rypt
uy78& 454
c ipher tes tin terfac e
P lain tex tin terfac e
90iu^&N o problemIn-line Enc ryptor
3232
Escrowed Encryption Escrowed encryption is the system or method
by which secret keys are stored to be used for key recovery.
That is to say, the secret keys are held in escrow (a separate organisation) until an authorised person (FBI or CIA in US) accesses it.
There is no commercial value as the encryption lasts for the transfer of data, but is used by government to decrypt the encrypted message (for anti-terrorism).
No need to memorise
3333
Example – sequence no need to memorise
The FBI first stores the ciphertext and then uses the family key (product of in-line encryptor) to obtain the session key.
Different manufacturer will produce different family keys for their products
FBI then approaches escrow agency to obtain the sender’s key based on device ID.
FBI then use the key to together with the session key to decrypt the ciphertext.
3434
Example – picture
Law enforc em entac c es s f ield
C iphe r te xt
fam ily keydifferentproduc tsm ight havedifferent key
D ec rypt
D evic e ID S es s ion key Chec ks umChec ks um
D ec rypt
Es c row edKeyfromes c row agenc y
D ec rypt
P lain tex t
3535
Summary Link Security – between two parties, layer 2 Link security objectives – extend the security
coverage In-line encryptor – a pair of devices, to
encrypt/decrypt message, there is no need to configure, and no need to encrypt document, it is done by the in-line encryptors.
Point to point – there is a limitation of the use of in-line encryptor, only to known location, The solution is to extend by IP routed
Key Recovery - less common in business, but is required by U.S. law to recover ciphertext for in-line encryptors
Link Security – between two parties, layer 2 Link security objectives – extend the security
coverage In-line encryptor – a pair of devices, to
encrypt/decrypt message, there is no need to configure, and no need to encrypt document, it is done by the in-line encryptors.
Point to point – there is a limitation of the use of in-line encryptor, only to known location, The solution is to extend by IP routed
Key Recovery - less common in business, but is required by U.S. law to recover ciphertext for in-line encryptors
3636
Next Week
IPSec (Security at the IP Layer, Layer 3)
In-line encryptor
This Week