[attachment=12042]
Advanced Block Cipher Characteristic
Introduction
 Published by NIST in 2001
 Developed to overcome bottleneck of 3DES
 Block length is of 128 bits
 Key length is of 128,192 and 256 bits
 Standard Symmetric Key Block Cipher Algo.
Characteristics
 General Security
 Uses S-Box as a nonlinear Components
 Software Implementations
 High performance due to parallelism
 Executes on variety of platform
 No of round decrease so speed is incresed
 Restricted-space Environments
 For S-Boxes pre-computation or Boolean representation is used
 Very Low ROM and RAM requirement
 Hardware Implementations
 Throughput is unaffected with highest Key size
 Attacks on Implementations
 Masking technique is used to defend timing attack and power attack
 Encryption versus Decryptions
 Key setup performance is slower than encryption for decryption
 Key ability
 One time execution of the key schedule to generate all subkeys
Conventional Encryption Issues
 Traffic Distribution
 Random Number Generation
 Key Distribution
Traffic Distribution
 Traffic Analysis is require
 Two ways to Analyze Traffic
 Traffic Analysis Attack
 Knowledge about message length
 Covert Channel
Traffic Analysis Attack
 Identities of Partners ( Authentication of Partners)
 Frequency of Communication between Partners
 Message Pattern
 Message Length
 Quantity of Message
 Identify special conversion between sender and receiver
Covert Channel
 Identify traffic by Traffic patter which is responsible to create covert channel
 Unwanted Channel and not designed by network designer
 Responsible for Security attack
 Example:
 Unwanted message passing by employee to outside person and management do not get identity about this communication
Link Encryption Approach
 Network layer headers are encrypted (packet header is encrypted) which reduced opportunities for traffic analysis
 End to end traffic is still unprotected
 To avoid above attack Traffic pading is used
Traffic Padding Encryption
End to End Encryption Approach
 Encryption implemented at Transport layer or Application layer
 Network layer traffic is unprotected and attacker can access it
 To avoid above attack padding is used
 Padding is apply to data units to maintain uniformity at either transport layer or application layer
 Null message can be inserted randomly into stream
Key Distribution
 If A is Sender and B is receiver then
 A can select key and physically deliver to B
 A third-party can select the key and physically deliver it to A and B
 If A and B have previously and recently used a key, one party can transmit the new key to the other, encrypted using the old key
 If A and B each has an encrypted connection to a third party C, then C can deliver a key on the encrypted links to A and B.
Key Hierarchy Model
Key Distribution Scenario
Transparent Key Control
 Known as automatic key distribution scheme
 Provide end-to-end encryption at a network layer and transport layer
 Used for connection-oriented end to end protocol (TCP)
 SSM (Session Security Module) is responsible for key control
Automatic Key Distribution Scheme
 Sender host Transmits a connection request packet to SSM
 SSM saves packet and applies to KDC for Permission to create connection
 Communication between KDC and SSM is encrypted by Master Key, If KDC approved connection request it generates session key and delivers it to Two appropriate SSM
 The Requesting SSM can now release connection request packet and connection is set up between two end systems
Automatic Key Distribution Scheme
Decentralized Key Control
 Sender request to Receiver for a session Key and includes nonce N1
 Receiver responds with encrypted message by shared master key which includes session key selected by receiver, an identifier of receiver and F(N1), and another nonce N2.
 Using the New session key Sender returns F(N2) to B.
Decentralized Key Control
Controlling Key Usage
 Key Usage controlled by two techniques
 Automated key distribution
 Key distribution done according to application
 Data encrypting key for general communication in network
 PIN encrypting key for Personal Identification numbers
 File encrypting key for file storage and public accessible locations
 Control vector Encryption and Decryption
 More flexible scheme
 Control vector coupled with key at the time of key generation
Control Vector Encryption
Random Number Generator
 Random Number is used Reciprocal authentication schemes as a feedback in form of nonces (nonces are used for handshaking)
 Used for session key generation
 Two type of Generator
 Randomness
 Two Criterai
 Uniform distribution
 Indepedence
 Unpredictability
 Each number is statistically independent to other
Pseudorandom Number Generators
 The algorithm which is responsible to generate sequence of numbers which are not statistically random are known as pseudorandom number generator
 For this type of numbers different tests are performed for randomness