WWW.ABSTRACT.DISLIB.INFO
FREE ELECTRONIC LIBRARY - Abstracts, online materials
 
<< HOME
CONTACTS



Pages:   || 2 |

«Chapter 2 Communication Security and Key Safety In order to allow a secure communication system to function properly, users must keep some secret, ...»

-- [ Page 1 ] --

Chapter 2

Communication Security and Key Safety

In order to allow a secure communication system to function properly, users must

keep some secret, which is often referred as a cryptographic key or in short, a key.

Safety of key is a premise of communication security because once adversary knows

the key, the users’ communications will no longer be protected.

For centuries, the above understanding of the relationship between key safety and

communication security holds as an axiom. However, the prerequisite of key safety is difficult to guarantee in practice. There are numerous vulnerabilities that allow the adversary to obtain the key and then compromise communication security. The decisive role of key safety becomes an inherent weakness in many practical systems.

This entire monograph is devoted to present dynamic secrets as an approach to relieve the tension between the possibility of key theft and the demand for communication security guarantee. In this chapter, we briefly review typical secure communication systems and their design principles. This background review explains the motivation and the basis of our research.

Section 2.1 presents a series of historical ciphers and then reviews the Kerckhoffs’ guidelines for cryptosystem design.

These guidelines have served as a main frame for many secure communication systems from nineteenth century to modern days. We compare Kerckhoffs’ guidelines with the art of locksmith. The comparison demonstrates that the key safety is a single point of failure to communication security. Section 2.2 illustrates the practical challenges of key safety protection by presenting a collection of attacks that allow adversary to obtain key.

2.1 Secure Communication System Design and Locksmith The history of secure communication systems can be dated back at least 2,500 years ago. The Spartans invented a cipher namely scytale and used this cipher to protect confidential messages transfer in war time. As shown in Fig. 2.1a, a scytale consists of a wooden rod and a strip of parchment. The message sender wraps the parchment S. Xiao et al., Dynamic Secrets in Communication Security, 5 DOI: 10.1007/978-1-4614-7831-7_2, © Springer Science+Business Media New York 2014 6 2 Communication Security and Key Safety Fig. 2.1 Ancient systems for secure communication: a a scytale, b a Caesar’s cipher disk strip around the rod and then writes his message along the rod’s axis direction. The unwrapped parchment strip is carried by a messenger to the recipient, who has a rod of the same diameter as the rod used by the sender. The recipient re-wraps the parchment strip and read the message. The rod diameter is a secret between the sender and the recipient and blocks their enemy from read the message.

The famous Julius Caesar used another method to secure thecommunications in his army. When writing a confidential message to his generals, Caesar substitutes every letter by a different letter in the alphabet. The substitution rule was kept as a secret between Caesar and his generals. In this way, even if the encrypted message is intercepted by his enemies, they may discard the encrypted message as meaningless scrambled letters. The cipher that substitutes each letter with a letter some fixed number of positions down the alphabet is named after Julius Caesar as Caesar’s cipher.

Figure 2.1b shows a Caesar’s cipher disk that helps quickly encrypt and decrypt messages.

There are many other ancient systems that provide communication security. Generally, these systems are fundamentally weak when judged by modern standard because they are easily crackable when adversary learns the system construction.

For example, the scytale system is easily defeated if the enemy of Spartans knows that decryption is to re-wrap the parchment on a rod. It is not difficult for the enemy to make a rough guess of the rod’s diameter and decrypt the messages. Caesar’s enemy only needs to try several times to find the exact offset between the plaintext message alphabet and the encrypted message alphabet. Once the enemy finds the offset, the secure communication is no longer secure.

In 1883, Dutch linguist and cryptographer Auguste Kerckhoffs proposed six cryptosystem design guidelines [58]. He suggested to divide a cryptosystem into two parts:

the key and the system. More importantly, he emphasized that the communication security must remain intact even if the system construction is known by enemy. In other words, Key safety is the sole premise of communication security. This design principle is later recognized as Kerckhoffs’ principle.

Kerckhoffs’ principle distinguishes modern cipher designs from ancient ciphers such as the scytale and Caesar’s cipher. A famous modern cipher example is Enigma, used to protect the German military communications in World War II.

2.1 Secure Communication System Design and Locksmith 7 The Berlin headquarter encrypts messages using the Enigma machine and broadcast the encrypted messages through radio signals. Then the German submarine fleets, often referred as the U-boat, would perform their battle tasks according to the received messages.

Enigma is a complicated electric-mechanical device that consists of some wired boards and rotors. The key of encryption and decryption is the initial rotor positions.





Berlin sender set rotors to some secret initial positions and feed the plaintext message into the machine. The output of Enigma machine is the encrypted message. The U-boat receiver will set his Enigma machine to some corresponding rotor initial positions and then input the encrypted message. The machine output will be the decrypted, plaintext message.

Capturing the Enigma machine alone does not allow the Allies to completely crack the German military secure communication system. It took some of the world’s smartest minds such as Alan Turing working days and nights to analyze the structure and the cryptographic properties of the Enigma machine and decrypt some Enigmaencrypted messages. In order to efficiently decrypt the targeted German military communications, it was also vital to have special military missions that brought back the German codebooks that contain the initial rotor positions.

The cracking of the Enigma cipher was a grand victory. The Allies were then able to stop the German U-boats from sinking their Atlantic transport ships. The Allies were also able to send fake battlefield information to the German commanders and lure them to make wrong decisions. It was conjectured that the World War II would have been ended in 1948 instead of 1945, had the Enigma cipher not been cracked [117].

On the other hand, the cracking process of the Enigma machine is a proof of the effectiveness of Kerckhoffs’ guidelines. The key-system separation design significantly increased the difficulty of cracking the Enigma cipher. It is necessary to have knowledge on both the system structure and the key to break the communication security. Many modern day secure communication system designs adopt Kerckhoffs’ principle. The cryptographic algorithms and protocols used in the system are documented publicly and left key safety as the necessary and sufficient condition for communication security. Such a system is referred as an open cryptosystem in the context of communication security. Most civilian secure communication systems and a large number of military secure communication systems are open cryptosystems.

The open system design of secure communication systems reminds us of another craft with long history, the locksmith. Just like the key-system separation in the open system design of secure communication systems, a door lock consists of two components, the lock body installed on the door and the key. The search for strong cryptographic algorithms and protocols is like the search for lock structures that are resistant to lock-picking. With a strong lock body, key safety is the prerequisite for security. Key theft is disastrous to both secure communication systems and door locks.

Unlike lock body, which is often vulnerable to lock picking and brute force break in, modern day cryptographic algorithms and protocols can be extremely sophisticated and resistant to cryptanalysis attacks. A good example is AES Rijndael 8 2 Communication Security and Key Safety algorithm, the current NIST standard for electronic data encryption [91]. It was proposed in 1998 and standardized in 2001. No publicly known efficient cryptanalysis attack to AES Rijndael has been developed for more than a decade. The adversary who defeats AES by cryptanalysis must surpass all the public research efforts on AES throughout these years. The open system principle eliminates weak cryptographic designs by opening them up to the public tests.

However, it is more complicated to protect a cryptographic key than to safeguard a lock key. A lock key is a physical entity that the key owner can effectively check if it is stolen. Moreover, a lock key can be made with special three dimension structure and contains rare materials. Duplicating a carefully designed lock key is difficult and costly. Even if a thief knows the shape and build of the lock key, he may not be able to create one. On the other side, a cryptographic key is merely a piece of information.

Unless adversary confessed or caused noticeable security damage, the cryptographic key owner would not be able to recognize that his key is known to adversary. The duplication of a cryptographic key only requires copying a bit string. An adversary may duplicate a cryptographic key remotely with negligible duplication cost.

In modern day secure communications, although cryptanalysis attacks are still a viable techniques to compromise the communication security, it is often more cost-effective for adversary to focus on obtaining the cryptographic key.

2.2 Challenges to Ensure Key Safety

Attacks that threaten key safety can be generally classified into two types. One type of attacks is key cracking. Adversary attempts to deduce the key from information available to him. For example, the adversary may analyze eavesdropped cipher texts that are encrypted from some known plain texts and try to calculate the key. Another type of attacks is key stealing. Adversary obtains the key through an unauthorized access to the key. In later chapters, we use key theft to represent the incident that adversary obtains the key, regardless of the type of attacks.

2.2.1 Key Cracking

Exhaustive search is a trivial yet effective key cracking attack. Adversary first eavesdrop a short segment of key related information such as the key’s hash value in an authentication process, then he try out possible key values in the key space to find the value that produces the hash value. Exhaustive search attack is extremely effective against human memorable passwords. Research work in [126] estimates that the majority of human created passwords have less than 20 bits of entropy by NIST standard tests (NIST SP800-63). With today’s computing technology, exhaustive search attack can reveal a large amount of passwords in several hours [68, 69].

2.2 Challenges to Ensure Key Safety 9 The exhaustive search attack can be defended by generating the cryptographic key using a pseudo random number generator (PRNG) and then storing the key in a secure storage device. The pseudo random key values spreads in a large key space. The exhaustive search would take an unreasonably long time, e.g. more than a thousand years, to find the key.

PRNG is an algorithm that expands a short numeric seed to a long sequence of apparently random numeric values. The algorithm design defects, the implementation flaws, and the insufficient randomness in the seed value are vulnerabilities that an adversary may exploit for key cracking. For example, research works in [35] and [87] study the weakness in the key generation algorithms to predict the pseudo random key values with high probability. Reference [124] shows that various implementation flaws can shrink the key space considerably and allow the adversary to exhaustive search the key in a limited key space. A famous incident was the implementation flaw found in the OpenSSL library in Debian Linux operating system. A function that is supposedly to keep supplying entropy to the numeric seed of the PRNG has been neglected in the implementation. Therefore, the adversary may predict the outcomes of the PRNG and then explicitly calculate the cryptographic keys generated in the system [18].

The countermeasure to the exhaustive search attack and the PRNG related attacks is to generate the key with sufficient true randomness, which is the randomness contained in physical phenomenon such as the coin flipping and the dice rolling. In mission critical secure communication systems, the cryptographic keys are required to be generated by a true random number generator (TRNG), i.e. a device that collect random bits from random physical phenomenon.

The downside of true random number generator (TRNG) is its cost and portability. Coin flipping and dice rolling are too slow to generate random bits for practical applications. In order to generate a stream of truly random bits in high speed, dangerous radioactive materials or expensive quantum optical devices will be used [41].

Our current technology does not allow TRNG to be efficiently and economically implemented into our daily communication devices, such as the laptop computers and the mobile phones.

Even if the key is generated with sufficient entropy, i.e. true randomness, the adversary may crack the key through cryptanalysis attack to the cipher that uses the key. For example, Refs. [63] and [99] studies the methods to reveal the key from the encrypted texts by exploiting cipher vulnerabilities. A notable incidence of such key cracking attacks is the cryptanalysis to the RC4 cipher, which is widely used in wireless LAN security [104]. Because a vulnerable design of the RC4 cipher was standardized in the wired equivalent privacy (WEP) mode of wireless LAN security, adversary can crack the wireless key within several minutes using a laptop computer [135].



Pages:   || 2 |


Similar works:

«SAN LEANDRO UNIFIED SCHOOL DISTRICT SAN LEANDRO, CALIFORNIA 94579 www.sanleandro.k12.ca.us SPECIAL MEETING OF THE BOARD OF EDUCATION MINUTES February 23, 2010 The Board of Education of the San Leandro Unified School District met in special session on February 23, 2010, held at the Bancroft Middle School Gymnasium, 1150 Bancroft Avenue, San Leandro, California 94577. The meeting was called to order at 5:34 p.m. by President Mike Katz-Lacabe. BOARD MEMBERS PRESENT Mrs. Pauline Cutter (arrived at...»

«OCTOBER TERM, 2008 1 (Slip Opinion) Syllabus NOTE: Where it is feasible, a syllabus (headnote) will be released, as is being done in connection with this case, at the time the opinion is issued. The syllabus constitutes no part of the opinion of the Court but has been prepared by the Reporter of Decisions for the convenience of the reader. See United States v. Detroit Timber & Lumber Co., 200 U. S. 321, 337.SUPREME COURT OF THE UNITED STATES Syllabus FLORES-FIGUEROA v. UNITED STATES CERTIORARI...»

«Peter Buse 40, 000 roses – or the perversity of Polaroid I It is not easy to date precisely the beginning of the SX-70 era. There are at least three possible candidates for the honor. The Polaroid SX-70 Land camera first got into the hands of the public in November 1972 in Miami. In the ballroom of the Fontainebleau hotel, after screenings of a short film by Charles and Ray Eames explaining the camera, and a television commercial in which Laurence Olivier demonstrated how to use it, the...»

«Source-Receptor Relationships for Ozone and Fine Particulates in the Eastern United States Jhih-Shyang Shih, Alan J. Krupnick, Michelle S. Bergin and Armistead G. Russell May 2004 • Discussion Paper 04–25 Resources for the Future 1616 P Street, NW Washington, D.C. 20036 Telephone: 202–328–5000 Fax: 202–939–3460 Internet: http://www.rff.org © 2004 Resources for the Future. All rights reserved. No portion of this paper may be reproduced without permission of the authors. Discussion...»

«Summer 1997 Dear FOOT Leaders, It is that time of the year again. I have finished another school year, the FOOT trips are already full for August and I am back on the Vineyard trying to unwind. As usual, we have a great new group of leaders for this year. And, as usual, the FOOT program keeps getting more and more popular. We added two more trips this year, so we are up to running 33 trips simultaneously. I need a huge master board that monitors everyone’s movements during the FOOT week. Some...»

«Air Cadet League of Canada Alberta Provincial Committee 2013 ANNUAL GENERAL MEETING & CONFERENCE Saturday, October 26th 2013 – Edmonton Coast Holiday Inn Call to Order: 08:30 a.m.1. Flags, O CANADA 2. MOMENT OF SILENCE 3. Announcements/Housekeeping reviewed by Kevin Robinson, and he further noted our Silent Auction items proceeds will be going to new mower shed at the Netook Gliding field. Also the 50/50 proceeds from the conference will also go to this replacement shed. The Chairman urged...»

«Researcher Guide to SONA SYSTEMS RESEARCHER/P.I. DOCUMENTATION Introduction System Basics Principal Investigator Special Note Participant ID Codes Special Note Getting Started Logging In Retrieving a Lost Password Logging Out Changing Your Password and Other Information Email Address Options Working with Studies Web-Based (Online) Studies Using the SURVEY CODE Feature Studies for Pay Two-Part Studies Adding a Study Updating a Study Deleting a Study Timeslot Usage Summary Bulk Mail Summary...»

«Case 8:08-cv-02396-SCB-TGW Document 23 Filed 11/19/2009 Page 1 of 15 UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA TAMPA DIVISION LAUREN FRAZIER, Plaintiff, v. Case No. 8:08-cv–02396–T–24 TGW HSBC MORTGAGE SERVICES, INC., Defendant. / ORDER This Court now considers a motion for partial summary judgment filed by Plaintiff Lauren Frazier (Doc. 16) and a motion for summary judgment filed by Defendant HSBC Mortgage Services, Inc. (“HSBC”). (Doc. 17). Both motions were opposed....»

«A Clockwork Orange: The Intersection Between a Dystopia and Human Nature By Samantha Moya An archetypal depiction of a dystopia is one dominated by bleakness and roboticism, a totalitarian government enforcing upon the people a lifestyle that lulls them into a state of obedience. Anthony Burgess’ 1963 novel, A Clockwork Orange, is a nightmarish vision of future Britain, one in which behavioral modification is taken to dangerous extremes in the quest for preserving the order of a disconnected...»

«TUESDAY, JUNE 16, 2015 REGULAR COUNCIL MEETING 6:30 P.M.REGULAR COUNCIL MEETING 1. CALL TO ORDER: Mayor Whiting called the City of Hilshire Village Council Meeting to order at 6:35 P.M. at 8301 Westview, Houston, Texas 77055.1.1 Invocation: was given by Council Member Maddock.1.2 Pledge of Allegiance:1.3 Present: were Mayor Shannon Whiting, Mayor Pro Tem Stephanie Post, Council Members Mike Gordy, Russell Herron, Paul Maddock and David Gunn. Also present were City Secretary Susan Blevins, Chief...»

«Rakesh Mohan: Statistical system of India – some reflections Inaugural address by Dr Rakesh Mohan, Deputy Governor of the Reserve Bank of India, on the Statistics Day and Annual Conference on Financial Statistics, Reserve Bank of India, Department of Statistical Analysis and Computer Services, Mumbai, 29 June 2007. Assistance of A K Ray and Abhiman Das in preparing the speech is gratefully acknowledged. * * * I am delighted and honoured to be at this auspicious occasion of the first...»

«(पै ोिलयम,कोयलाएवंसबंिधतउत्पादिवभाग) ं (PETROLEUM, COAL & RELATED PRODUCTS DEPARTMENT) िदनांक :06अ टूबर 2016 सदभ: पीसीडी21/ आईएस 11805 ं यापकप रचालनसशोधनमसौदा ं तकनीकसिमितपीसीडी21 ेिषती 1 पे ोिलयम,कोयलाएवसबिधतउत्पादिवभागप रषद)...»





 
<<  HOME   |    CONTACTS
2017 www.abstract.dislib.info - Abstracts, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.