Comms Tech

Introduction to Communication Security I 1

Communication Security
Introduction to Concepts
Part I
Security Requirements
Privacy: only the intended recipient can 'see'
the contents of the message.
Integrity: the message received is the same as
the message transmitted
Authentication: the message has actually
come from a sender of known identity and not
an imposter.
Nonrepudiation: a sender cannot later deny
sending the message or receiver having
received it.
(some also consider Availability: protection against loss of
access to data or ability to communicate)
Communication Channel Security
Some media are more difficult to eavesdrop
than others.
In order of increasing difficulty it goes: wireless,
wired, optical
However: For all communications channels
assume that a determined eavesdropper can
pick up messages either by detecting the
transmission directly or by manipulating lower
layer protocols and devices.
=> Need to protect messages
Cryptography (brief introduction)
From Greek for secret writing
Plaintext message (readable by anyone) is converted to
Ciphertext by an encryption algorithm.
Ciphertext can only be read by intended receiver as it requires
the specific decryption algorithm (which only intended receiver
has)
Sender
Encryption Decryption
Receiver
Communication
channel
Plaintext
Plaintext
Ciphertext
Ciphers and Keys
A Cipher refers to a particular encryption/decryption algorithm
(or class of algorithms).
It is not necessary for every pair of communicators to have their
own shared algorithms.
Instead a public algorithm is used (it can be known by
everyone) in combination with keys.
A key is a number that the Cipher uses in the encryption and
decryption process (ie. as an input to the algorithm).
Keys may be:
Shared secret keys (sender and receiver use same key that is secret
from everyone else) or
A pair of keys one public (that everyone can know about) and one secret
(only known to the receiver*)
*or transmitter depending on the purpose of the crytography
Symmetric Key Cryptography
Same key used by both parties (encryption and decryption) and
in both directions (hence symmetric)
The key is a shared secret key.
Decryption algorithm is the inverse of the encryption algorithm.
Alice
Encryption Decryption
Bob
Communication Channel
Shared Secret Key
Comms Tech
Introduction to Communication Security I 2
Bob, Alice and Eve too
It is conventional to call the communicators
Alice and Bob.
Eve is the evil eavesdropper
Symmetric Key Ciphers
Caesar Cipher (substitution Cipher)
- Transform character by substituting character in
new position of alphabet (e.g. A=> D, B=>E, C=>F)
Transpositional cipher
Reorganise position of characters according to
table defined by key
Data Encryption Standard
Operates on 64-bit blocks with 56-bit key.
Shared Secret Key: Example
Cipher: shift letter in message to right by
corresponding key value
Decipher: shift letter in ciphertext to left by
corresponding key value
Shared Key Example: Part II
Heres a highly secret message encrypted earlier:
f ilsb zljjp qbze
In groups of four or five see if you can crack the
code (the Caesar Cipher has been used)
Prize to the winning team
Shared Key Distribution
Cipher may be public but Key is a shared secret
anyone who gets the key could decrypt the
ciphercode.
Need a way of sharing the key without the key
being found out by potential eavesdropper.
This becomes more difficult as the number of
users grows (poor scalability)
=> An alternative is Public Key Cryptography
Public Key Cryptography
Two keys: Public Key and Private or Secret Key.
Secret key held by receiver (i.e. it's kept secret) Public key
made openly available to anyone who wants to send a
message (i.e. it's not secret).
Public key used to encrypt message
Private key necessary to decrypt message (only intended
receiver has this)
Alice
Encryption Decryption
Bob
Communication Channel
Public Key
Private Key Private Key
Comms Tech
Introduction to Communication Security I 3
Public Key Ciphers
e.g. RSA
Private key pair of numbers (N,d)
Public key another pair of numbers (N,e)
Sender encryption algorithm: C=P
e
mod N
Receiver decryption algorithm: P=C
d
mod N
[P is Plain message (Plaintext),
C is Ciphered message (Ciphertext)
Mod means remainder after division]
Public Key: Example
My public key: 5
Send me a message: Cipher: P
5
mod 133 = C
(mod means remainder after division)
Note: in this example use P = the numerical position of
the letter in the alphabet e.g. a=1 b=2 etc. (this isnt
very robust (could be easily hacked) but it will do as a
simple example
My secret key: ?
Decryption: C
secret key
mod 133 = P
Comparison Symmetric/Public Key
Cryptography
Symmetric Public
Efficiency
Key can be smaller
Efficient for long messages
Complex algorithm
Scalability
Requires key for each pair of
communicators
Pair of keys for each entity
Key distribution Can be difficult Key is public
Authentication
Verification implied in sharing
process
Public key needs to be
verified as belonging to
appropriate entity.
Privacy/Secrecy
Confidentiality of the message.
Eavesdroppers cannot decode and read
message
Achieved with either Symmetric or Public key
cryptography
Relies on Robustness of algorithm (Cipher)
(and private keys remaining secret)
Implementation
These ideas may be implemented at any layer
of the communication protocol stack
Common examples exist for layers 1, 2, 3, 4 and
7
Example Wireless (LAN)
Wired Equivalent Privacy (WEP)
Layer 2 protocol for privacy
symmetric key for message privacy (+attempt at
integrity)
Key managed by manually inputting key value for each
user.
Encrypted message becomes payload in unencrypted
802.11 frame
Relatively easy to crack (lots of how-tos on Web).
Comms Tech
Introduction to Communication Security I 4
WEP Structure
K is shared secret key:
40 bit or 104 bit (input as 10 or 26 hex digits respectively)
IV is initialization vector:
24 bit random value that should vary from frame to frame
RC4 is algorithm to generate key stream from concatenation of K and IV
ICV is Integrity check value appended to message (32 bit CRC acting on plaintext
message)
Key ID 2-bit value that permits choice of K to be used.
Key
ID
Ciphered Message 802.11 frame
header
IV FCS
Message
Key stream
ICV
K IV RC4
XOR
Summary
Communication security relates to four main criteria:
Privacy, Integrity, Authentication and Non-repudiation.
To implement security algorithms called Ciphers are
used.
Rather than requiring a secret cipher for each pair of
communicators Keys are used with public ciphers.
Keys can be shared secret or public key (one of them)
So far we have looked at how these ideas can be used
to give message privacy.