1
play

1 Confidentiality using Symmetric Encryption have two major - PDF document

Feb 25, 2023 •602 likes •698 views

Information System Security Chapter 7 Confidentiality Using Symmetric Encryption Dr. Loai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Loai Tawalbeh Summer

  1. Information System Security Chapter 7 – Confidentiality Using Symmetric Encryption Dr. Lo’ai Tawalbeh Faculty of Information system and Technology, The Arab Academy for Banking and Financial Sciences. Jordan Dr. Lo’ai Tawalbeh Summer 2006 Confidentiality using Symmetric Encryption • traditionally symmetric encryption is used to provide message confidentiality • consider typical scenario • workstations on LANs access other workstations & servers on LAN • LANs interconnected using switches/routers • with external lines or radio/satellite links • consider attacks and placement in this scenario • snooping from another workstation • use dial-in to LAN or server to snoop • use external router link to enter & snoop • monitor and/or modify traffic on external links Dr. Lo’ai Tawalbeh Summer 2006 1

  2. Confidentiality using Symmetric Encryption • have two major placement alternatives • link encryption • encryption occurs independently on every link • must decrypt traffic between links • requires many devices, but paired keys • end-to-end encryption • encryption occurs between original source and final destination • need devices at each end with shared keys Dr. Lo’ai Tawalbeh Summer 2006 Traffic Analysis • when using end-to-end encryption must leave headers in clear • so network can correctly route information • So, contents protected, but traffic pattern flows are not • ideally want both at once • end-to-end protects data contents over entire path and provides authentication • link protects traffic flows from monitoring Dr. Lo’ai Tawalbeh Summer 2006 2

  3. Traffic Analysis • is monitoring of communications flows between parties • useful both in military & commercial spheres • can also be used to create a covert channel • link encryption obscures header details • but overall traffic volumes in networks and at end-points is still visible • traffic padding can further obscure flows • but at cost of continuous traffic Dr. Lo’ai Tawalbeh Summer 2006 Placement of Encryption-Basic Approach Dr. Lo’ai Tawalbeh Summer 2006 3

  4. Placement of Encryption-logical placement • can place encryption function at various layers in OSI Reference Model • link encryption occurs at layers 1 or 2 • end-to-end can occur at layers 3, 4, 6, 7 • as move higher less information is encrypted but it is more secure though more complex with more entities and keys Dr. Lo’ai Tawalbeh Summer 2006 End-End Logical Placement Dr. Lo’ai Tawalbeh Summer 2006 4

  5. Key Distribution • symmetric schemes require both parties to share a common secret key • issue is how to securely distribute this key • often secure system failure due to a break in the key distribution scheme Dr. Lo’ai Tawalbeh Summer 2006 Key Distribution • given parties A and B, there are various key distribution alternatives: 1. A can select key and physically deliver to B 2. third party can select & physically deliver key to A & B 3. if A & B have communicated previously, they can use previous key to encrypt a new key 4. if A & B have secure communications with a third party C, C can relay key between A & B (Key Distribution Center-KDC) Dr. Lo’ai Tawalbeh Summer 2006 5

  6. A Key Distribution Scenario Dr. Lo’ai Tawalbeh Summer 2006 Key Distribution Issues 1. Hierarchical Key Control: hierarchies of KDC’s required for large networks, but must trust each other-Local KDCs, 2. Session Key Lifetimes: should be limited for more security: • new key for each session, • Change the key periodically- if the session has long lifetime 3. Transparent Key Control Scheme: use of automatic key distribution on behalf of users, but must trust system –see next slide. 4. Decentralized Key Control: use of decentralized key distribution Dr. Lo’ai Tawalbeh Summer 2006 6

  7. 3. A transparent Key Control Scheme- Automatic Key Distribution Dr. Lo’ai Tawalbeh Summer 2006 4. Decentralized Key Control • Might need to have n(n-1)/2 master keys. At most (n-1) stored at each node. Why? Dr. Lo’ai Tawalbeh Summer 2006 7

  8. Random Numbers • many uses of random numbers in cryptography • session keys, public key generation • keystream for a one-time pad • in all cases its critical that these values be • statistically random with uniform distribution, • Independent and unpredictable Dr. Lo’ai Tawalbeh Summer 2006 Pseudorandom Number Generators (PRNGs) • algorithmic technique to create “random numbers” • although not truly random • can pass many tests of “randomness” Examples: • BBS Generator, • Linear generators, Dr. Lo’ai Tawalbeh Summer 2006 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Merton Partnership Doing Things Differently 21 January 2016 Adam Doyle, Chief Officer Hard

Merton Partnership Doing Things Differently 21 January 2016 Adam Doyle, Chief Officer Hard

Merton Partnership Doing Things Differently 21 January 2016 Adam Doyle, Chief Officer Hard Times Recognise the extremely difficult time the that all public services have had over the past few years and that the scale of savings

486 views • 10 slides
Digitized smart Logistics from Luxembourg June 2018 Cluster for Logistics Luxembourg A.s.b.l 1

Digitized smart Logistics from Luxembourg June 2018 Cluster for Logistics Luxembourg A.s.b.l 1

Digitized smart Logistics from Luxembourg June 2018 Cluster for Logistics Luxembourg A.s.b.l 1 90% World- Trade is sea freight but 19/07/2018 When location matters: EUROHUB Luxembourg 2 How to reliably serve locally & deliver last

2.05k views • 32 slides
Hyperbolicity of the Layerwise Discretized Shallow Water equations The bilayer case Martin

Hyperbolicity of the Layerwise Discretized Shallow Water equations The bilayer case Martin

Hyperbolicity of the Layerwise Discretized Shallow Water equations The bilayer case Martin Parisot - Ange Inria Paris-Rocquencourt in collaboration with Nina Aguillon (P6) Emmanuel Audusse (P13) Edwige Godlewski (P6 - Ange ) and EGRIN - 2 juin

302 views • 28 slides
DIRECT USES/HEAT PUMPS University of Pisa -DESTEC Italian Geothermal Union SUMMARY 1. Direct

DIRECT USES/HEAT PUMPS University of Pisa -DESTEC Italian Geothermal Union SUMMARY 1. Direct

Paolo CONTI, Ph.D DIRECT USES/HEAT PUMPS University of Pisa -DESTEC Italian Geothermal Union SUMMARY 1. Direct uses: brief introduction and statistical data 2. Traditional/handbook design approach 3. Advanced/optimized design 4. Examples

958 views • 63 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to

Introduction to Symmetric Cryptography Lars R. Knudsen June 2014 L.R. Knudsen Introduction to Symmetric Cryptography What is cryptography? Cryptography is communication in the presence of an adversary Ron Rivest. Coding theory Detection and

877 views • 28 slides
First-class Synchronous Operations CML supports selective communication in a very general way,

First-class Synchronous Operations CML supports selective communication in a very general way,

First-class Synchronous Operations CML supports selective communication in a very general way, using first-class synchronous operations. The idea is to decouple the description of a synchronous operation from the act of synchronizing on it. 1

251 views • 6 slides
Non-Blocking Communications Deadlock 1 2 5 3 4 0 Communicator Completion The mode of

Non-Blocking Communications Deadlock 1 2 5 3 4 0 Communicator Completion The mode of

Non-Blocking Communications Deadlock 1 2 5 3 4 0 Communicator Completion The mode of a communication determines when its constituent operations complete. i.e. synchronous / asynchronous The form of an operation determines when

601 views • 21 slides
Abstractness of Continuation Semantics for Asynchronous Concurrency Gabriel Ciobanu, Eneia

Abstractness of Continuation Semantics for Asynchronous Concurrency Gabriel Ciobanu, Eneia

Introduction Continuations for Concurrency Weak Abstractness An Asynchronous Formalism Conclusion Abstractness of Continuation Semantics for Asynchronous Concurrency Gabriel Ciobanu, Eneia Nicolae Todoran A.I. Cuza University, Iasi,

479 views • 43 slides
INF5470 Fall 2010 Philipp Hfliger Lecture 5: Neuromorphic Communication Content The AER

INF5470 Fall 2010 Philipp Hfliger Lecture 5: Neuromorphic Communication Content The AER

INF5470 Fall 2010 Philipp Hfliger Lecture 5: Neuromorphic Communication Content The AER protocol Collision Handling Serial AER Lecture 5: Neuromorphic Communication 2 Content The AER protocol Collision Handling Serial AER Lecture

664 views • 13 slides
The full -calculus: simple and expressive -Refresh. What we know so far? We have studied

The full -calculus: simple and expressive -Refresh. What we know so far? We have studied

The full -calculus: simple and expressive -Refresh. What we know so far? We have studied the asynchronous monadic -calculus no continuation on the output (asynchronous) u v .P only one value is communicated (monadic) u

426 views • 16 slides
Serial Communication Asynchronous communication Synchronous communication clock TX RX data

Serial Communication Asynchronous communication Synchronous communication clock TX RX data

Serial Communication Asynchronous communication Synchronous communication clock TX RX data A->B Device A Device B Device A Device B data B->A RX TX asynchronous no clock Synchronous with clock Data represented by setting

492 views • 25 slides
Real-life needs Individualized Individualized Feedback in ITS Feedback in ITS Detmar Meurers

Real-life needs Individualized Individualized Feedback in ITS Feedback in ITS Detmar Meurers

ICALL: Part I ICALL: Part I Real-life needs Individualized Individualized Feedback in ITS Feedback in ITS Detmar Meurers Detmar Meurers Universit at T ubingen Universit at T ubingen Intelligent Computer-Assisted Language

470 views • 17 slides
Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP

Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP

Unit 15: Experimental Microkernel Systems 15.2. Chorus: Microkernel and User-space Actors AP 9/01 CHORUS: a new Look at Microkernel- based Operating Systems OS structuring: modular set of system servers which sit on top of a minimal

599 views • 42 slides
Outline 0024 Spring 2010 12 :: 2 Synchronization, revisited Two aspects of synchronization

Outline 0024 Spring 2010 12 :: 2 Synchronization, revisited Two aspects of synchronization

Outline 0024 Spring 2010 12 :: 2 Synchronization, revisited Two aspects of synchronization Avoid that a thread sees an object in an inconsistent state As defined by the programmer s design Ensure that all threads see all updates

585 views • 29 slides
S YNCHRONOUS & 24-Nov-2010 A SYNCHRONOUS D ATA T RANSFER www.eazynotes.com Maninder Kaur 1

S YNCHRONOUS & 24-Nov-2010 A SYNCHRONOUS D ATA T RANSFER www.eazynotes.com Maninder Kaur 1

S YNCHRONOUS & 24-Nov-2010 A SYNCHRONOUS D ATA T RANSFER www.eazynotes.com Maninder Kaur 1 professormaninder@gmail.com S YNCHRONOUS D ATA T RANSFER 24-Nov-2010 In a digital system, the internal operations are synchronized by means of

219 views • 18 slides
1 Data path basic building blocks. Register file Storage elements Basic building block (at

1 Data path basic building blocks. Register file Storage elements Basic building block (at

Levels in Processor Design Register transfer level Circuit design Two types of components (cf. CSE 370) Keywords: transistors, wires etc.Results in gates, flip-flops etc. Combinational : the output is a function of the input

268 views • 3 slides
Diogenes: A tool for exposing Hidden GPU Performance Opportunities Benjamin Welton and Barton

Diogenes: A tool for exposing Hidden GPU Performance Opportunities Benjamin Welton and Barton

Diogenes: A tool for exposing Hidden GPU Performance Opportunities Benjamin Welton and Barton Miller 2019 Performance T ools Workshop July 29th, Tahoe, CA. Overview of Diogenes Automatically detect performance issues with CPU- GPU

506 views • 32 slides
Interconnection Structures Patrick Happ Raul Queiroz Feitosa Objective To present key issues

Interconnection Structures Patrick Happ Raul Queiroz Feitosa Objective To present key issues

Interconnection Structures Patrick Happ Raul Queiroz Feitosa Objective To present key issues that affect interconnection design. 2 Interconnection Structures Outline Introduction Computer Busses Bus Types PCI PCI Express

922 views • 49 slides
CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410

CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410

1 CAN CLOUD COMPUTING SYSTEMS OFFER HIGH ASSURANCE WITHOUT LOSING KEY CLOUD PROPERTIES? CS6410 Ken Birman, Cornell University High Assurance in Cloud Settings 2 A wave of applications that need high assurance is fast approaching

672 views • 40 slides
Content Synchronization Content Synchronization March 2nd 2005 Jukka Honkola T-110.456

Content Synchronization Content Synchronization March 2nd 2005 Jukka Honkola T-110.456

Content Synchronization Content Synchronization March 2nd 2005 Jukka Honkola T-110.456 Synchronization Synchronization Needed whenever multiple copies of an object may be updated independently After synchronization objects should be

413 views • 14 slides
Architecture Design Principles for the Integration of Synchronization Interfaces into

Architecture Design Principles for the Integration of Synchronization Interfaces into

Architecture Design Principles for the Integration of Synchronization Interfaces into Network-on-Chip Switches Daniele Ludovici Alessandro Strano Davide Bertozzi Computer Engineering lab TUDelft - NL MPSoC research group

1.48k views • 32 slides
Introduction to the Microsoft Sync Framework Michael Clark Development Manager Microsoft Agenda

Introduction to the Microsoft Sync Framework Michael Clark Development Manager Microsoft Agenda

Introduction to the Microsoft Sync Framework Michael Clark Development Manager Microsoft Agenda Why Is Sync both Interesting and Hard Sync Framework Overview Using the Sync Framework Future Directions Summary m Microsoft

772 views • 36 slides
Logic and State Circuits Lecture 10 CAP 3103 06-18-2014 New- School Machine Structures

Logic and State Circuits Lecture 10 CAP 3103 06-18-2014 New- School Machine Structures

Stateless Combinational Logic and State Circuits Lecture 10 CAP 3103 06-18-2014 New- School Machine Structures (It s a bit more complicated!) Software Hardware Parallel Requests Warehouse Smart Assigned to computer Scale

814 views • 22 slides

More recommend