key distribution Hierarchical Key Control sessiong key更換的頻率越高 越不容易被別人破解 distribution session key的缺點:會delay 1)fixed period 每隔一段時間就更新一次 connection-oriented protocol 2)the specific number of transation 一定數目的傳輸後就更改 connectionless protocol Decentralized key distribution 1. request||n1 2. Pmk[Ks||request||IDb||n1||f(n2)] 3. Ks[n2] drawback 1.tag只有8bits 太少 flexible and functionallity 2.tag is not transmmited in clear form 加上control vector(由KDC產生) encryption: control vector經過hash function 要和session同長 和session做XOR和session加密 decryption: 一樣!! advantage: 1.control vectorhh用hash 可以控制key的長度 2.control vector in the clear form Transparent key control scheme KDC和FEP共享master key KDC generate session key for FEP decentralized key control 不需求trust or protect KDC n(n-1)/2 master key 當有n個end systems時 different session key data-encrypting key:general information PIN-encrypting key :PINs File-encrypting key:encrypting files store in a publicly accessible location separate key type master key :cryptographic hardware physically session: available for application programs DES 8 bits for key tag(56 bits for key) 1 bit for master or session key 1 bit for encryption 1 bit for decryption drawback: limited flexibility and functionality tag is nottransmitted in clear form control vector 用hash取control vector 沒有length的限制 control vector is available in clear form -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 220.135.222.145 > -------------------------------------------------------------------------- < 作者: stillflying (阿彬) 看板: HSNU_975 標題: Re: 網路安全概論 時間: Sat Jan 8 23:28:12 2005 random and unpredictability random: uniform distribution 平均分配 independence unpredictability: sequence of numbers that appear to be random are generated by some algorithm Random number physical noise generator:random and precision published random numbers:predictable psedorandom numbers :deterministic not statistically random psedorandom number: Xn+1=(aX(n)+c)mod m m=2^31 three criteria for random number generate full-period :全部的值都出現過 appear random :generated sequence 是random的 efficiently :implement with 32-bit arithmetic cyclic encryption: master key is deduced by several session keys based on earlier keys ANSI X9.17 one of the strongest psedorandom number generators Input1:64-bit of data and time Input2:64-bit of seed value Keys :K1 and K2 56-bit DES key used for 3 Trible-DES encryption modules Output:64-bit psedorandom number and 64-bit seed value -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 220.135.222.145 > -------------------------------------------------------------------------- < 作者: stillflying (阿彬) 看板: HSNU_975 標題: Re: 網路安全概論 時間: Sun Jan 9 02:57:51 2005 distribution of public keys 1.public announcement: convenience weakness:任何人都可以仿造public annyouncement 2.publicly available directory: {name,public key} registration 必須要本人(in person) 或是經過安全認證(secure authentication communication) 3.public key authority: Tighter control fig 10.3 step1 :request||Time1 (a->public-key authority) step2 :Ekr[Kub||request||Time1] (public-key authority->a) step3 :Eku[IDa||N1] (a->b) step4 :request||time2 (b->public key authoruty) step5 :Ekr[Kua||request||time2] (public-key authority->b) step6 :Ekua[n1||n2] (b->a)-| step7 :Ekub[n2] (a->b)-|----desirable, not required 4.public-key certificate exchange key without contacting public-key authority fig 10.4 a和b在之前就分別給Certificate authority他們之間的public key certificate authority 會分別generate Ca=Ekr[Time1,IDa,Kua] 和Cb=Ekr[time2,IDb,Kub] 在互相交換 (time即為有效時間 故不用電子簽章) distribution public-key simple (互傳public-key和ID only) Ks會被竊取 public key和ID也會被假造 secret key distribution with confidentiality and authentication step1. Ekub[N1||ID] (a->b) step2. Ekua[N1||N2] (a<-b) 確定為b step3. Ekub[N2] (a->b) 確定為a step4. Ekub[Ekra[Ks]] (a->b) A Hybird Scheme IBM mainuframes: KDC shares a secret master key secret session key is encrypted by master key public key is used to distribution master key performance session key用PKE太慢 Public keys 只被用來update master key Back compatiablity with an existing KDC sheme -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 220.135.222.145 > -------------------------------------------------------------------------- < 作者: stillflying (阿彬) 看板: HSNU_975 標題: Re: 網路安全概論 時間: Sun Jan 9 19:16:47 2005 authentication code function authenticator:用來證明所傳message的值 types of function that prodice a authenticator 1.hash function 2.MAC(message authentication code) 3.message encryption checksum error detecting code frame check sequence (FCS) internal error control:authentication of messages external error control:會被forged(做假) internal error control: F(m)+m ==> E[F(m)+m] ==> Ek[m||F(m)] ==> D[m||F(m)] ==> 對m做F(m) 比對F(m) F(m)為checksum external error control: 先做encryption 再做checksum 但當 Ek[m]+F(Ek[m]) 傳送時可以被造假 對方可以直接從Ek[m]得到F(Ek[m']) 且等於F(Ek[m]) public-key encryption authentication signature confidentiality authentication 使用hash 或checksum receiver確定message沒有被更改過 receiver確定message是從sender送出的 確定receiver是被指定的接收且attacker不能更改內容 MAC and Conventional Encryption 1.for broadcast system,cheaper and reliable 2.authentication is carried out on selective basis 3.可以檢查是否需要decrypt 不用每次都decrypty 4.authenticate messages 5.將authentication和confidentiality分開 使architecture flexible 6.prolong protection time note: MAC 沒有digital signature的功能 因為是sender和receiver使用相同的key Hash function 1.可以符合各種size的data block 2.easy to compute requirement for a hash function one-way property: 不論給任一個m 不可能去找到一個x 使F(x)=m weak collision resistance (prevent forgery) 不論任何一個x 不可能找到y =\= x 又 F(y)=F(x) strong collision resistance 不可能找到一pair (x,y)使H(x)=H(y) -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 220.135.222.145