11-04-2011, 04:59 PM
[attachment=12042]
Advanced Block Cipher Characteristic
Introduction
Published by NIST in 2001
Developed to overcome bottleneck of 3DES
Block length is of 128 bits
Key length is of 128,192 and 256 bits
Standard Symmetric Key Block Cipher Algo.
Characteristics
General Security
Uses S-Box as a nonlinear Components
Software Implementations
High performance due to parallelism
Executes on variety of platform
No of round decrease so speed is incresed
Restricted-space Environments
For S-Boxes pre-computation or Boolean representation is used
Very Low ROM and RAM requirement
Hardware Implementations
Throughput is unaffected with highest Key size
Attacks on Implementations
Masking technique is used to defend timing attack and power attack
Encryption versus Decryptions
Key setup performance is slower than encryption for decryption
Key ability
One time execution of the key schedule to generate all subkeys
Conventional Encryption Issues
Traffic Distribution
Random Number Generation
Key Distribution
Traffic Distribution
Traffic Analysis is require
Two ways to Analyze Traffic
Traffic Analysis Attack
Knowledge about message length
Covert Channel
Traffic Analysis Attack
Identities of Partners ( Authentication of Partners)
Frequency of Communication between Partners
Message Pattern
Message Length
Quantity of Message
Identify special conversion between sender and receiver
Covert Channel
Identify traffic by Traffic patter which is responsible to create covert channel
Unwanted Channel and not designed by network designer
Responsible for Security attack
Example:
Unwanted message passing by employee to outside person and management do not get identity about this communication
Link Encryption Approach
Network layer headers are encrypted (packet header is encrypted) which reduced opportunities for traffic analysis
End to end traffic is still unprotected
To avoid above attack Traffic pading is used
Traffic Padding Encryption
End to End Encryption Approach
Encryption implemented at Transport layer or Application layer
Network layer traffic is unprotected and attacker can access it
To avoid above attack padding is used
Padding is apply to data units to maintain uniformity at either transport layer or application layer
Null message can be inserted randomly into stream
Key Distribution
If A is Sender and B is receiver then
A can select key and physically deliver to B
A third-party can select the key and physically deliver it to A and B
If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key
If A and B each has an encrypted connection to a third party C, then C can deliver a key on the encrypted links to A and B.
Key Hierarchy Model
Key Distribution Scenario
Transparent Key Control
Known as automatic key distribution scheme
Provide end-to-end encryption at a network layer and transport layer
Used for connection-oriented end to end protocol (TCP)
SSM (Session Security Module) is responsible for key control
Automatic Key Distribution Scheme
Sender host Transmits a connection request packet to SSM
SSM saves packet and applies to KDC for Permission to create connection
Communication between KDC and SSM is encrypted by Master Key, If KDC approved connection request it generates session key and delivers it to Two appropriate SSM
The Requesting SSM can now release connection request packet and connection is set up between two end systems
Automatic Key Distribution Scheme
Decentralized Key Control
Sender request to Receiver for a session Key and includes nonce N1
Receiver responds with encrypted message by shared master key which includes session key selected by receiver, an identifier of receiver and F(N1), and another nonce N2.
Using the New session key Sender returns F(N2) to B.
Decentralized Key Control
Controlling Key Usage
Key Usage controlled by two techniques
Automated key distribution
Key distribution done according to application
Data encrypting key for general communication in network
PIN encrypting key for Personal Identification numbers
File encrypting key for file storage and public accessible locations
Control vector Encryption and Decryption
More flexible scheme
Control vector coupled with key at the time of key generation
Control Vector Encryption
Random Number Generator
Random Number is used Reciprocal authentication schemes as a feedback in form of nonces (nonces are used for handshaking)
Used for session key generation
Two type of Generator
Randomness
Two Criterai
Uniform distribution
Indepedence
Unpredictability
Each number is statistically independent to other
Pseudorandom Number Generators
The algorithm which is responsible to generate sequence of numbers which are not statistically random are known as pseudorandom number generator
For this type of numbers different tests are performed for randomness