Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 ·...
Transcript of Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 ·...
![Page 1: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/1.jpg)
Network Security
Conventional Encryption
Selected slides fromCSC290 Hofstra University andVitaly Shmatikov University of Texas
1
![Page 2: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/2.jpg)
Caesar Cipher
cipher: PHHW PH DIWHU WKH WRJD SDUWBplain: MEET ME AFTER THE TOGA PARTY
plain: abcdefghijklmnopqrstuvwxyz
key: defghijklmnopqrstuvwxyzabc
2
![Page 3: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/3.jpg)
Basic Types of Ciphers
Transposition ciphers – rearrange bits or characters in the dataSubstitution ciphers – replace bits, characters, or blocks of characters with substitutes
3
![Page 4: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/4.jpg)
“Rail-Fence” CipherDISGRUNTLED EMPLOYEE
D R L E O
I G U T E M L Y E
S N D P E
DRLEOIGUTE MLYESNDPE
4
![Page 5: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/5.jpg)
Encryption MethodsThe essential technology underlying virtually all automated network and computer security applications is cryptographyTwo fundamental approaches are in use:
Conventional Encryption, also known as symmetric encryptionPublic-key Encryption, also known as asymmetric encryption
5
![Page 6: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/6.jpg)
Conventional Encryption Model
6
![Page 7: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/7.jpg)
Conventional EncryptionThe only form of encryption prior to late 1970sLong historyMost widely used
7
![Page 8: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/8.jpg)
Conventional EncryptionFive components to the algorithm
Plaintext: The original message or dataEncryption algorithm: Performs various substitutions and transformations on the plaintextSecret key: Input to the encryption algorithm. Substitutions and transformations performed depend on this keyCiphertext: Scrambled message produced as output. depends on the plaintext and the secret keyDecryption algorithm: Encryption algorithm run in reverse. Uses ciphertext and the secret key to produce the original plaintext
8
![Page 9: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/9.jpg)
Conventional EncryptionMore rigorous definitionFive components to the algorithm
A Plaintext message space, MA family of enciphering transformations, EK:M → C, where K∈KA key space, KA ciphertext message space, CA family of deciphering transformations, DK: C → M, where K∈K
9
![Page 10: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/10.jpg)
Conventional EncryptionM EK DK MC
EK defined by an encrypting algorithm EDK defined by an decrypting algorithm D
For given K, DK is the inverse of EK, i.e.,DK(EK(M))=Mfor every plain text message M
10
![Page 11: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/11.jpg)
Requirements & Weaknesses
RequirementsA strong encryption algorithmSecure process for sender & receiver to obtain secret keys
Methods of AttackCryptanalysisBrute force
11
![Page 12: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/12.jpg)
CryptanalysisThe process of attempting to discover the plaintext or key
Alan Turing broke the Enigma Code in WWII
12
![Page 13: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/13.jpg)
Cryptanalysis
Security depends on the key......NOT the secrecy of the algorithmLow cost chips are possiblePrincipal security problem is maintaining the secrecy of the key!
13
![Page 14: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/14.jpg)
Cryptographic SystemsType of Transformation – substitution and/or transposition; no information must be lost, i.e., reversibleNumber of Keys Used – symmetric, single key, conventional; asymmetric, two-key, public-key encryptionPlaintext Processing – block or streamcipher
14
![Page 15: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/15.jpg)
Attacks On Encrypted Msgs
15
![Page 16: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/16.jpg)
Computationally Secure
Cost of breaking cipher exceeds value of encrypted informationTime to break cipher exceeds useful lifetime of the information
16
![Page 17: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/17.jpg)
Exhaustive Key Search
Brute Force with massively parallel processors
17
![Page 18: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/18.jpg)
English Redundancy
Delete vowels and double letters
mst ids cn b xprsd n fwr ltrs, bt th xprnc s mst nplsnt
18
![Page 19: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/19.jpg)
Simple Cryptanalysis
UZQSOVUOHXMOPVGPOZPEVSGZWSZOPFPESXUDBMETSXAIZVUEPHZHMDZSHZOWSFPAPPDTSVPQUZWYMXUZUHSXEPYEPOPDZSZUFPOMBZWPFUPZHMDJUDTMOHMQ
CIPHERTEXT:
19
![Page 20: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/20.jpg)
Letter Frequency In the English Language
20
![Page 21: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/21.jpg)
Simple Cryptanalysis
IT WAS DISCLOSED YESTERDAY THAT SEVERALINFORMAL BUT DIRECT CONTACTS HAVE BEEN MADEWITH POLITICAL REPRESENTATIVES OF THE VIET CONG IN MOSCOW
PLAINTEXT:
21
![Page 22: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/22.jpg)
20th Century Encryption
20’s & 30’s bootleggers made heavy use of cryptographyFBI create an office for code-breakingJapanese Purple MachineGerman Enigma MachineNavajo Code Talkers - Windtalkers
22
![Page 23: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/23.jpg)
Hedy Lamarr1941, Lamarr and composer George Antheil received a patent for their invention of a classified communication system that was especially useful for submarinesIt was based on radio frequencies changed at irregular periods that were synchronized between the transmitter and receiverSpread Spectrum – wireless devices
23
![Page 24: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/24.jpg)
Feistel Cipher StructureHorst Feistel of IBM, 1973Input is plaintext block of length 2w bits (usually 64) and a key KBlock is divided into two halves, L0 and R0Each round i has inputs Li-1 and Ri-1, derived from the previous round, along with subkey KiSubstitution is performed on the left half of the dataRound function F applied to right half and then XOR’d with left
24
![Page 25: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/25.jpg)
Feistel Cipher Structure
Things to consider:-Block size (64)-Key Size (128)-# of rounds (16)-SubKey Generation-Round function
25
![Page 26: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/26.jpg)
Data Encryption Standard (DES)
Adopted in 1977, reaffirmed for 5 years in 1994, by NBS(NIST)Plaintext is 64 bits (or blocks of 64 bits), key is 56 bitsPlaintext goes through 16 iterations, each producing an intermediate value that is used in the next iterationDES is now too easy to crack to be a useful encryption method
26
![Page 27: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/27.jpg)
Strength of DES
Concerns about the algorithm itself
Concerns about 56-bit key – this is the biggest worry
27
![Page 28: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/28.jpg)
Strength of DESDES is the most studied encryption algorithm in existenceNo one has succeeded in discovering a fatal weakness1998, DES Cracker from Electronic Frontier Foundation, built for $250,000Solution: Use a bigger key
28
![Page 29: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/29.jpg)
Triple DESC = EK3
[DK2[EK1
[P ]]]
29
![Page 30: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/30.jpg)
Triple DESAlternative to DES, uses multiple encryption with DES and multiple keysWith three distinct keys, 3DES has an effective key length of 168 bits, so it is essentially immune to brute force attacksBackward compatible with DESPrincipal drawback of DES is that the algorithm is relatively sluggish in software
30
![Page 31: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/31.jpg)
Advanced Encryption Standard
NIST call for proposals in 1997Nov, 2001 – Rijndael [rain´ dow]Symmetric block cipher (128 bits) and key lengths 128, 192, 256Two Flemish cryptographers: Joan Daeman and Vincent Rijmen
31
![Page 32: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/32.jpg)
Overview of AES
4Transformations:Substitute BytesShift RowsMix ColumnsAdd Round Key
32
![Page 33: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/33.jpg)
AES URLS
http://csrc.nist.gov/CryptoToolkit/aes/rijndael/ -NIST AES
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ - Rijndael Home Page
http://www.esat.kuleuven.ac.be/~rijmen/rijndael/Rijndael_Anim.zip - Great Animation
33
![Page 34: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/34.jpg)
IDEAInternational Data Encryption Algorithm
1991 by Swiss Federal Institute of TechnologyUses 128-bit keyComplex functions replace S-boxesHighly resistant to cryptanalysisUsed in PGP
34
![Page 35: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/35.jpg)
Blowfish
1993 by Bruce SchneierEasy to implement; high execution speedVariable key length up to 448 bitsUsed in a number of commercial applications
35
![Page 36: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/36.jpg)
RC5
1994 by Ron Rivest, one of the inventors of RSA algorithmDefined in RFC2040Suitable for hardware and softwareSimple, fast, variable length key, low memory requirementsHigh security
36
![Page 37: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/37.jpg)
CAST-128
1997, Entrust TechnologiesRFC 2144Extensively reviewedVariable key length, 40-128 bitsUsed in PGP
37
![Page 38: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/38.jpg)
Conventional Encryption Algorithms
38
![Page 39: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/39.jpg)
Encrypting a Large MessageSo, we’ve got a good block cipher, but our plaintext is larger than 128-bit block sizeElectronic Code Book (ECB) mode
Split plaintext into blocks, encrypt each one separately using the block cipher
Cipher Block Chaining (CBC) modeSplit plaintext into blocks, XOR each block with the result of encrypting previous blocks
Also various counter modes, feedback modes, etc.
![Page 40: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/40.jpg)
ECB Mode
Identical blocks of plaintext produce identical blocks of ciphertextNo integrity checks: can mix and match blocks
plaintext
ciphertext
blockcipher
blockcipher
blockcipher
blockcipher
blockcipher
![Page 41: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/41.jpg)
CBC Mode: Encryption
Identical blocks of plaintext encrypted differentlyLast cipherblock depends on entire plaintext
plaintext
ciphertext
blockcipher
blockcipher
blockcipher
blockcipher
⊕Initializationvector(random) ⊕ ⊕ ⊕
Sent with ciphertext(preferably encrypted)
![Page 42: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/42.jpg)
CBC Mode: Decryptionplaintext
ciphertext
decrypt decrypt decrypt decrypt
⊕Initializationvector ⊕ ⊕ ⊕
![Page 43: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/43.jpg)
Cipher Block Chaining Mode
Input to algorithm is the XOR of current plaintext block and preceding ciphertext blockRepeating patterns are not exposed
43
![Page 44: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/44.jpg)
ECB vs. CBC (due to Bart Preneel)
AES in ECB mode AES in CBC mode
Similar plaintextblocks producesimilar ciphertextblocks (not good!)
![Page 45: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/45.jpg)
Location of Encryption Devices
Link EncryptionEach vulnerable communications link is equipped on both ends with an encryption deviceAll traffic over all communications links is securedVulnerable at each switch
45
![Page 46: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/46.jpg)
Location of Encryption Devices
End-to-end EncryptionThe encryption process is carried out at the two end systemsEncrypted data are transmitted unaltered across the network to the destination, which shares a key with the source to decrypt the dataPacket headers cannot be secured
46
![Page 47: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/47.jpg)
Location of Encryption Devices
47
![Page 48: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/48.jpg)
Key DistributionBoth parties must have the secret keyKey is changed frequentlyRequires either manual delivery of keys, or a third-party encrypted channelMost effective method is a Key Distribution Center (e.g. Kerberos)
48
![Page 49: Network Securitymicl-easj.dk/IT Security/Overheads/Conventional... · 2018-04-20 · “rail-fence” cipher disgruntled employee. d r l e o . i g u t e m l y e. s n d p e. drleoigute](https://reader035.fdocuments.us/reader035/viewer/2022062914/5e6819feb151c441db6c0b45/html5/thumbnails/49.jpg)
Key Distribution
49