Encryption and Secure Computer Networks

G. J. Popek and C. S. Kline @ UCLA

ACM Computing Surveys, December 1979, pages 331-356. Only sections 1-3

Attacks unique to computer networks

Tapping of lines

Introduction of forged messages

Replay of valid messages

Disruption of network

Error Detection and Duplicate or Missing Blocks

Probability of an error being undetected with k check bits is (1/2k)

Stream Vs. Block Cipher

Stream cipher, to cipher a bit of the message, uses:

the entire preceding portion of the message

the key

the current bit

Block cipher, to cipher a block of the message, uses:

the key

the current block

Strong stream ciphers are more easily constructed that strong block ciphers

Block stream ciphers make updating blocks easy

Minimum Mechanism and Authority

Have a minimum trusted mechanism and minimum centralized authority to reduce the chance of errors

Limitations of Encryption

Processing on the data is done in clear-text, which must be somehow protected from internal threats

Keys may be passed among entities (like capabilities in HYDAR), resulting in sharing the key between entities. Selective revocation of keys is difficult

Encryption can detect modification of data, but can't prevent it

Key must be maintained as long as the data encrypted with the key are valid

This leads formidable effort to store and maintain keys in a secure way

One way is to encrypt keys with a master key and

store those keys in a less secure and cheaper place

maintain the master key in an absolutely secure way

Conventional-key distribution

Initial distribution of keys is difficult since secure distribution depends upon receivers having the key of the sender. This can be broken by securely distributing the key over a previously secure conduit

Centralized key control: Fig 1

All communication is facilitated by a centralized key distribution center, which may be replicated for availability

Transmission between A and B begin by A requesting a communication key from the KDC. The KDC returns the key in a message encrypted by A's key. Inside the message, is the original request to the KDC for verification purposes and a message for A to send to B which contains the connection key encrypted in B's key. The two then exchange IDs for authentication

Fully distributed key control

There are many KDCs that act on the behalf of a small set of nodes

The KDCs for each node in a communication agree on a key and distribute to all the participating senders

One KDC chooses a key and sends it to other KDCs through preestablished secure channel

Each KDC sends the agreed key to its nodes 

If there are n KDCs, then nC2 secure channels should be established

Hierarchical key distribution

There is a hierarchy of KDCs. Only the minimal set of KDCs are involved in each communication session

Communication between KDCs is done through the youngest common ancestor KDC

Less keys need to be known and stored since KDCs communicate along the tree hierarchy to develop secure connection keys for lower level KDCs or end nodes

Public key-based distribution

Assume each entity has made its public key known to the key authority (KA) and the key authority has a public key known to all

Suppose A and B want to communicate (Fig 2):

A->KA : {timestamp1, "want to talk to B"}

KA->A : {Bpub, timestamp1, "want to talk to B"}KApriv

A->B : {A, idA}Bpub

B->KA : {timestamp2, "want to talk to A"}

KA->B : {Apub, timestamp2, "want to talk to A"}KApirv

B->A : {idA, idB}Apub

A->B : {idB}Bpub

Public keys can be cached, eliminating four of the seven message above

Another way is to use certificate of KA