Only the intended recipient can'see' the contents of the message. Only the intended receiver can decrypt it. Communication Channel Security Some media are more difficult to eavesdrop than others.
Only the intended recipient can'see' the contents of the message. Only the intended receiver can decrypt it. Communication Channel Security Some media are more difficult to eavesdrop than others.
Only the intended recipient can'see' the contents of the message. Only the intended receiver can decrypt it. Communication Channel Security Some media are more difficult to eavesdrop than others.
Communication Security Introduction to Concepts Part I Security Requirements Privacy: only the intended recipient can 'see' the contents of the message. Integrity: the message received is the same as the message transmitted Authentication: the message has actually come from a sender of known identity and not an imposter. Nonrepudiation: a sender cannot later deny sending the message or receiver having received it. (some also consider Availability: protection against loss of access to data or ability to communicate) Communication Channel Security Some media are more difficult to eavesdrop than others. In order of increasing difficulty it goes: wireless, wired, optical However: For all communications channels assume that a determined eavesdropper can pick up messages either by detecting the transmission directly or by manipulating lower layer protocols and devices. => Need to protect messages Cryptography (brief introduction) From Greek for secret writing Plaintext message (readable by anyone) is converted to Ciphertext by an encryption algorithm. Ciphertext can only be read by intended receiver as it requires the specific decryption algorithm (which only intended receiver has) Sender Encryption Decryption Receiver Communication channel Plaintext Plaintext Ciphertext Ciphers and Keys A Cipher refers to a particular encryption/decryption algorithm (or class of algorithms). It is not necessary for every pair of communicators to have their own shared algorithms. Instead a public algorithm is used (it can be known by everyone) in combination with keys. A key is a number that the Cipher uses in the encryption and decryption process (ie. as an input to the algorithm). Keys may be: Shared secret keys (sender and receiver use same key that is secret from everyone else) or A pair of keys one public (that everyone can know about) and one secret (only known to the receiver*) *or transmitter depending on the purpose of the crytography Symmetric Key Cryptography Same key used by both parties (encryption and decryption) and in both directions (hence symmetric) The key is a shared secret key. Decryption algorithm is the inverse of the encryption algorithm. Alice Encryption Decryption Bob Communication Channel Shared Secret Key Comms Tech Introduction to Communication Security I 2 Bob, Alice and Eve too It is conventional to call the communicators Alice and Bob. Eve is the evil eavesdropper Symmetric Key Ciphers Caesar Cipher (substitution Cipher) - Transform character by substituting character in new position of alphabet (e.g. A=> D, B=>E, C=>F) Transpositional cipher Reorganise position of characters according to table defined by key Data Encryption Standard Operates on 64-bit blocks with 56-bit key. Shared Secret Key: Example Cipher: shift letter in message to right by corresponding key value Decipher: shift letter in ciphertext to left by corresponding key value Shared Key Example: Part II Heres a highly secret message encrypted earlier: f ilsb zljjp qbze In groups of four or five see if you can crack the code (the Caesar Cipher has been used) Prize to the winning team Shared Key Distribution Cipher may be public but Key is a shared secret anyone who gets the key could decrypt the ciphercode. Need a way of sharing the key without the key being found out by potential eavesdropper. This becomes more difficult as the number of users grows (poor scalability) => An alternative is Public Key Cryptography Public Key Cryptography Two keys: Public Key and Private or Secret Key. Secret key held by receiver (i.e. it's kept secret) Public key made openly available to anyone who wants to send a message (i.e. it's not secret). Public key used to encrypt message Private key necessary to decrypt message (only intended receiver has this) Alice Encryption Decryption Bob Communication Channel Public Key Private Key Private Key Comms Tech Introduction to Communication Security I 3 Public Key Ciphers e.g. RSA Private key pair of numbers (N,d) Public key another pair of numbers (N,e) Sender encryption algorithm: C=P e mod N Receiver decryption algorithm: P=C d mod N [P is Plain message (Plaintext), C is Ciphered message (Ciphertext) Mod means remainder after division] Public Key: Example My public key: 5 Send me a message: Cipher: P 5 mod 133 = C (mod means remainder after division) Note: in this example use P = the numerical position of the letter in the alphabet e.g. a=1 b=2 etc. (this isnt very robust (could be easily hacked) but it will do as a simple example My secret key: ? Decryption: C secret key mod 133 = P Comparison Symmetric/Public Key Cryptography Symmetric Public Efficiency Key can be smaller Efficient for long messages Complex algorithm Scalability Requires key for each pair of communicators Pair of keys for each entity Key distribution Can be difficult Key is public Authentication Verification implied in sharing process Public key needs to be verified as belonging to appropriate entity. Privacy/Secrecy Confidentiality of the message. Eavesdroppers cannot decode and read message Achieved with either Symmetric or Public key cryptography Relies on Robustness of algorithm (Cipher) (and private keys remaining secret) Implementation These ideas may be implemented at any layer of the communication protocol stack Common examples exist for layers 1, 2, 3, 4 and 7 Example Wireless (LAN) Wired Equivalent Privacy (WEP) Layer 2 protocol for privacy symmetric key for message privacy (+attempt at integrity) Key managed by manually inputting key value for each user. Encrypted message becomes payload in unencrypted 802.11 frame Relatively easy to crack (lots of how-tos on Web). Comms Tech Introduction to Communication Security I 4 WEP Structure K is shared secret key: 40 bit or 104 bit (input as 10 or 26 hex digits respectively) IV is initialization vector: 24 bit random value that should vary from frame to frame RC4 is algorithm to generate key stream from concatenation of K and IV ICV is Integrity check value appended to message (32 bit CRC acting on plaintext message) Key ID 2-bit value that permits choice of K to be used. Key ID Ciphered Message 802.11 frame header IV FCS Message Key stream ICV K IV RC4 XOR Summary Communication security relates to four main criteria: Privacy, Integrity, Authentication and Non-repudiation. To implement security algorithms called Ciphers are used. Rather than requiring a secret cipher for each pair of communicators Keys are used with public ciphers. Keys can be shared secret or public key (one of them) So far we have looked at how these ideas can be used to give message privacy.