tailieunhanh - Lecture Network security: Chapter 22 - Dr. Munam Ali Shah

In this chapter you would be able to present an understanding of the confidentiality and message authentication mechanism, you would be able demonstrate knowledge about different functions and protocols used for message authentication. | Network Security Lecture 22 Presented by: Dr. Munam Ali Shah Part – 2 (e): Incorporating security in other parts of the network Summary of the Previous Lecture In previous lecture we continued our discussion on Confidentiality using symmetric encryption We talked about Master Key/Session Key We also talked about Key storage, key hierarchy, key renewal and lifetime of a session key We also explored the issues with centralized and decentralized key distribution. Summary of the previous lecture A key distribution scenario Outlines of today’s lecture Some discussion on Decentralized Key Control Message Authentication Mechanism Message encryption MAC Hash Objectives You would be able to present an understanding of the confidentiality and message authentication mechanism. You would be able demonstrate knowledge about different functions and protocols used for message authentication Decentralized Key Control 7 Decentralized Key Control For n end system, [n(n-1)]/2 master keys are required. . | Network Security Lecture 22 Presented by: Dr. Munam Ali Shah Part – 2 (e): Incorporating security in other parts of the network Summary of the Previous Lecture In previous lecture we continued our discussion on Confidentiality using symmetric encryption We talked about Master Key/Session Key We also talked about Key storage, key hierarchy, key renewal and lifetime of a session key We also explored the issues with centralized and decentralized key distribution. Summary of the previous lecture A key distribution scenario Outlines of today’s lecture Some discussion on Decentralized Key Control Message Authentication Mechanism Message encryption MAC Hash Objectives You would be able to present an understanding of the confidentiality and message authentication mechanism. You would be able demonstrate knowledge about different functions and protocols used for message authentication Decentralized Key Control 7 Decentralized Key Control For n end system, [n(n-1)]/2 master keys are required. message send using master key are short, crypt analysis is difficult, session are used for limited time 8 Controlling key usage Can define different types of key on the basis of usage Data encryption key: for general communication PIN-encryption key: for PIN transfer File encrypting key: for file transfer Needs a control in systems that limit the ways in which the key is used Simple plan: attached 8 bit tag with each 64 bit key One bit indicate whether the key is session or master One bit indicate whether the key is used for encryption One bit indicate whether the key is used for decryption Remaining bits are spare for future use A key distribution scenario Let us assume that user A wishes to establish a logical connection with B and requires a one-time session key to protect the data transmitted over the connection. A has a master key, Ka, known only to itself and the KDC; similarly, B shares the master key Kb with the KDC. The steps occurred are given in the figure (in next slide) A .