 We've actually gone through the the basic techniques we need to to set up our secure communication and computer systems We've gone through encryption That can help us provide Confidentiality and the recent couple of topics we went through Authentication so different ways to make sure that what I get Hasn't been changed along the way and it came from the right person and they are the core techniques We use to build up other security services So if I can encrypt my data for confidentiality no one can read it If I can use max or signatures or the other authentication techniques so that when I receive a message I can check no one's changed it and it's came from the right person Then that's overcome a lot of our Security attacks so they are key techniques or important techniques that we we use in computer and communication security But along the way we've always mentioned this issue of how do we get the key? How do we get a secret key? With symmetric key encryption both sides need a secret key which is shared amongst them How do they get it at the start is the problem? We said public key cryptography is one way to overcome that but it turns out with public key cryptography How do I get someone's public key? That's another issue Well, we can think if you create your own public key private key you could tell me your public key But how do I know it's your public key? Not someone pretending to be you. So there are still some issues with how do we get keys and this topic is about Not just how we get the keys, but also how do we automatically distribute them? And we'll see some protocols that we can use to communicate between computers to automatically exchange keys Note that we don't want to have to exchange keys manually in the internet today and computer networks I don't want to have to write it on a piece of paper and give it to someone I don't want to have to go to another computer and program the key in that's very resource consuming We want automatic ways automatic ways is that we can send the key across the network So that's what we'll see is the key distribution techniques, but we'll set up and look at some of the issues first Then we'll go so we'll talk about some general issues of how can we distribute keys and the challenges then we'll look at How can we distribute? Symmetric key or keys used for symmetric encryption shared secret keys How can we distribute them using symmetric encryption? Distribute a secret encrypted using a secret key The second approach will be distribute a secret using public key cryptography or asymmetric encryption And then we'll return to well, how do we actually distribute public keys and We'll finish looking at Digital certificates related to web security and other techniques and coming back to hash functions and signatures So some challenges. How do we share a secret key? How do I get someone else's public key? It's easy to generate your own key pair But then the challenge is how do I know that this public key belongs to this particular person and another thing is when to change keys We say when we encrypt our data, we use a secret key to encrypt But it's good practice not to use that same key forever Do not encrypt your data for the next 10 years using the same key. It's good practice to change the key So one of the challenges is when to change how often to change and When we look at the different answers to these challenges We'll see that there are some some things that we try to achieve or some assumptions or principles we'd like to to meet First we'll assume that we want to use encryption we Want to allow many users to communicate Right if the challenge is just two people who want to communicate then it's not so hard to distribute keys but if we want a Class of students maybe bigger than what we have today But we had 50 students in a class and we want to all communicate securely with everyone else Then we have a challenge of how to distribute keys or In a larger example, we have anyone on the internet potentially wanting to communicate with anyone else so there are many users and They wish to communicate securely So not just a small number a large number of users And we may not know who they want to communicate with in advance. I May want to communicate with any of the students So we can't predict in advance who? We're going to assume an attacker and we've done made this assumption before an attacker can intercept At any location in the network Anything sent through a communications network from source computer to destination computer will assume somehow the attacker could intercept what's sent Maybe they intercept via the the wireless channel Maybe they have access to the network equipment Or they've tapped into one of the communication lines So we'll assume somehow that they can intercept so we need to deal with that We don't want to have to exchange information keys manually. That is I don't want to have to rely on Passing a key via paper or telling someone Face-to-face what the key is and I also don't want to have to rely on at some administrator Having to go to every computer in the network and programming in a key This is what we do to Say is a physical exchange of keys someone has to physically go somewhere to do that Sometimes we'll allow that but we want to minimize those cases We'd like the key exchanges to be automatic meaning Some software running on the computers can implement a protocol that sends the keys across the network But considering that the attacker can intercept at any location. We need to send those keys across the network securely The last principle here will assume that we don't want to use a key forever The more times a key is used the greater chance of some impact of something going wrong for example the attacker discovering the key and Either through to Crypt analysis or through some mistake of the user they they released the key mistakenly So we'd like to change keys often Even if we do have a mistake or There's some attack such the attacker discovers the key. It will only impact on a small duration it will not allow the attacker to decrypt our data For times in the future So change the keys will be the way to deal with that. So one of the questions that arises if we want to Before we look at how to exchange keys, let's consider a communications network and look at well, where should we encrypt our data? And we use a simple example of a network to illustrate two basic approaches. Here's my network. We have Let's say inside an organization. We have ten computers ten hosts from a through to J and Those hosts are connected gather by some simple communications network. We maybe have some ethernet switches SW for a switch and Some routers to build up some in subnet. So we have a simple internet here Just made up for this example. There's no significance to the number or all the links and We assume that we want to allow any host to communicate with any other host and securely I'd like to allow a to talk to F to send packets to F Which are encrypted and similar a may want to send to I and H may want to send to D So we have ten hosts. We want to allow any of them to communicate So the first question here is where should we encrypt data? Assuming the attacker can intercept we've got two basic approaches for When we have data to send which device in this network encrypts it and which device decrypts What's the options? What could we do? So where where were the first point? I've got data. Let's say I'm a computer a I want to send a computer F What what's an option for I've got the data? When do I encrypt it? Which device encrypts it first? A has the data we could send it to R1 unencrypted and then encrypt it at the router and send What's the problem with that if someone intercepted on the switch or one of these links they would see the data So we should encrypt from From a a should do the first level of encrypt at the start Because if they don't and they send it across a link Then potentially an attacker could intercept across say the link from a to switch one Maybe a is the desktop computer here switch one is Down on the third floor So there's a cable going in the attacker would need to tap into that cable and they could intercept what was sent from that computer a So if we encrypt on computer a where do we decrypt at? The receiving computer F So that's maybe the obvious approach if I want to communicate with F Then I encrypt the data at a Send it by the intermediate devices switch one router one and so on it gets to F and F decrypts This is what we'll call when I think it's on one of the later slides end-to-end encryption or host-to-host encryption Encrypt on the original source Decrypt on the final destination the original source as a host So in terms of the communications on the end points of the communications But sometimes we don't need that and coming back to the original solution may be encrypted router one Well, if we could trust this portion of the the network if I did trust the link from a to switch one and switch one to our one I Knew that it was a cable. I could see the cable I know that no one can intercept and tap into that cable because it's in my office or it's in my home Then maybe we don't need to encrypt at a and send to the switch encrypted Maybe like the original solution or idea was encrypted say a router R1 send the data unencrypted by switch one to R1 and then encrypt at the router and then send on Maybe to F and decrypt at F So that's a possibility that has a disadvantage of if someone can intercept between a and router R1 We lose our security. What's the advantage of that? What's a good thing about encrypting at router R1 as opposed to a Overhead is a general answer. What what about the overhead? Efficiency is a general answer. What about the efficiency? Efficiency of what reduce time time to do what maybe there's some overhead of Sending the encrypted packet. So maybe if we the encrypted packet is larger than the unencrypted but unlikely So sending across the link may not change much It's the same amount of data just encrypted or not What else could be a an advantage of encrypting at R1 not at user a? performance performance of what? performance of Doing what? Try to answer with a sentence as opposed to one word key performance efficiency What about? Right, all right a couple of issues encrypting takes time so performance of Encrypting on the computer not communications across the link, but inside the computer If we encrypt it use a computer a a has to do some processing Maybe computer a is slower than router R1 R1 is a dedicated device with some built-in hardware for an encryption Maybe it's more Better for the overall performance for R1 to encrypt Maybe a is a very low-powered device Which doesn't have any specialized hardware to encrypt So we sort of offload the the heavy processing the encryption to some higher-powered device That's one aspect of it although that becomes Less beneficial the more users connected by R1 Note that we don't just want to consider a what if B wants to send a F Encrypta R1 now R1 needs to encrypt the packets of A and B and C D and E So R1 needed would need to encrypt the packets of all of the users inside its subnet. So that's a lot of Processing just by R1 to encrypt everyone else's packets But another advantage of using the router R1 is that we don't need to set up any security features on all of our hosts Computers a through to E. They don't care about encryption Maybe the applications the software running on those computers. They don't have to have the keys to do the encryption They don't need to participate in any key exchange All of the security setup is left to the router So the administrator of the network needs to set up the router To maybe have the correct keys to encrypt and decrypt But the hosts Do not have any security set up They just send unencrypted to the router then the router deals with the encryption So this centralization of the security setup is a significant advantage there This approach is Done in some virtual private networks, which I think we'll not get to cover but The concept is that say within an organization within SIT. We have many hosts a through to E Then we have a router that connects us to the outside world The communications between our hosts internally we trust We trust the links in SIT we we set up the network so physically no one can get access It's very hard. So we don't worry about encryption internally We don't need to set up every one's host to support encryption We just set up the router such that any communications to the outside world are encrypted across the public internet especially So that's an approach used in virtual private networks So two variations there first end-to-end or host to host But we could Offload the encryption from a host to some intermediate network device like the router What about another option? Encrypt across every link a wants to send to f a encrypts the data Sends it to switch one switch one decrypts the data that was communications across one link Switch one realizes I have to send a router R1 encrypt the data Send it to R1 R1 does the routing and realizes The path needs to go by switch three After it receives and decrypts from switch one it encrypts again and sends to switch three switch three decrypts Encrypts to sends to R2 and so on every link in the network at Each endpoint of the link we encrypt the data and at the receiving endpoint decrypt It could be done across each individual link or across subnets Across subnets would be a encrypts the data sends via switch one to R1 R1 decrypts R1 encrypts sends via switch three to R2 R2 decrypts and encrypts again So that's a another approach referred to as link encryption link level encryption What's the problem with that delay due to what Encryption and decryption takes time each device receives the packet decrypts and then encrypts again Receives decrypts encrypts that takes time. So there's this extra processing at all the intermediate devices along the path There's one problem. What's another problem? respect to security Easy to intercept where? It's encrypted across each link. So even if we intercept we can't see the packet in the link. What else for respect to security? What's the problem? So the problem is or the example is Every link we encrypt at the source decrypt at the receiver then across this next link do the same and so on What's the problem with that with respect to security? Too many weak points to attack. Well, maybe that We wrote we must make sure that every link is using encryption Let's say we forget to enable encryption from R1 to S3 S which three we rely on Every link to be correctly set up to be secure Well, so that's that's one security issue that if we if we're missing a link Or it will come to keys in a moment. All right, so that's another point will come up But the first security issue we must have all links in the path to be Securely set up. All right, so if we make a mistake and forget about or miss Miss or set up the security wrongly so that it's not using encryption Then that makes a weak point in our path. So we must have encryption across every link We'll talk about keys in a moment another problem what's Where would you try to intercept if you're the attacker? When they when the device receives and decrypts and encrypts again? That is a encrypts Sends across the link if you intercept on that link Maybe you tap into the wire or you listen on the wireless then you can't get the data because it's encrypted But then the data of the packet arrives at switch one and switch one inside its CPU using its RAM Decrypts gets the plain text and then encrypts again. So this is done inside the computer the switch So if you can get physical access to that switch There's a point in time when the plain text is available Because the software must decrypt get the plain text then encrypt So when that plain text say stored in RAM or processed by the software it is vulnerable to an interception So you must trust the devices in this case If an attacker can get access to the devices they can intercept the data Problems with performance a couple of problems with security What's the benefit of doing this link level encryption? Is anything good about it? Why would we do it? What's a good point? Let's look at the number of keys needed if we want to allow anyone to exchange let's assume we're using symmetric key encryption and when we encrypt something both end points need to have a shared secret key and For now, let's assume those shared secret keys were exchanged manually So we'll look at we want to have as few shared secret keys as possible Such that the effort to exchanging them is as small as possible So what we'll do is count the keys available In a couple of scenarios will consider this scenario of link level encryption first Try and draw it here's our network Let's assume we're doing encryption across each Link so we can think a has some data They encrypt. I will not write this for all cases they encrypt with some key. I'll just denote key one The data D. I think there's no need to write this. We'll see the calculations which will be important in a moment We encrypt it say at this point Inside computer a and Then we're assuming that when the switch gets it at this point it decrypts using the same key The cipher text. I shouldn't have used D here. Maybe I should have used P for plain text. Okay, that's better D for data. I thought So this is there the assumption for the first case every link We're going to encrypt at the sender on that link and decrypt at the receiver and then switch one When they need to realize they send to R1 they before they send it They encrypt The plain text Using a different key We'll assume we're using different keys for each link and then R1 will receive and decrypt using the same key K2 That is we must decrypt with the same key as the the sender used This is link level encryption We know there's some problems with this performance is a problem Security is a problem if we can't trust the devices What's the advantage? First we want to allow any host to communicate with any other host B B and G may want to communicate E and C may want to communicate How many keys do we need in this network? We're using link level encryption. How many keys are needed? six twenty any other solutions I Want to allow any host to talk to any other host we're using link level encryption each link has its own Key associated with it There are 20 links Assuming we use the same key in both directions across each link then we'd need 20 different keys Between a and switch one one key between B and switch one. Let's say a different key One per link Let's keep track of how many we need and see how it compares to other solutions Every link one key will call this link level encryption I think you have this on your slides or one of the later slides. Maybe not the numbers There are 20 links, so we'd need 20 separate keys How did those devices get those keys? Let's say the network administrator Went to every device and programmed them in so it was manual distribution That is I run the network, so I went went to computer a and I generated a random key and then I went to switch one and For the interface that computer a is connected to I programmed in that same key k1 and I did it for every other link, so I did that 20 times through my network and and Ignoring those issues of performance and the fact that we must trust each device We now have secure communications from different hosts Let's try the other approach and go to the extreme where the very first solution. We said a encrypts The receiver decrypts That is the second approach will consider end-to-end encryption Where a encrypts the data Get some ciphertext with some key K1 Our plain text they send the ciphertext across the path and F decrypts Using the key k1 This is called end-to-end encryption and that was the first suggestion or one of the first suggestions for a solution How many keys needed? If we use end-to-end encryption We want to allow anyone to communicate with anyone. I've given an example a talk to F, but what if you are G? six keys I Think that's not enough. How many keys are needed in the network? 25 how do you get 25? Five times five Why five times five? Well in this case For a to talk to F They need one shared secret key k1 Now let's assume again that if F wants to talk to a Do we need another key or not? So we need to define so if we say no there then We just consider in one direction so then How many other computers does a need to share a secret with? Every other so there's nine correct a needs to share with nine other computers Alright, so there's nine and now consider B B needs to share with nine other computers But we've already counted with a So there's an eight eight others that B needs to share with so there's nine plus eight and C needs to share with nine others But we've already counted C with B and a so with seven So it becomes nine plus eight plus seven plus six and what's the equation for that? Not factorial is not so hard What is the equation? if you did the statistics lesson at the the start of the course so this is the case of end-to-end encryption and To end and we'll make it as another case here The hosts will explain the meaning of that when we consider the next case There are ten devices So if you calculate it becomes ten times nine divided by two 45 keys the general formula with n entities the number of pairs is n times n minus one divided by two With n entities there are n by n minus one divided by two pairs Assuming a B is the same as B a so that's a nice formula to remember the number of pairs So we have 45 keys so in terms of key distribution the administrator if we use link-level encryption I need to go around and program in 20 keys But if I wanted to implement end-to-end encryption between all the hosts I would need to program in 45 keys There's the disadvantage or the advantage of link-level less keys in this case to distribute The link-level approach. We don't have so many keys to distribute between the entities any questions on the difference between Link-level and end-to-end at this stage and to end mean the computers or the hosts Okay, this n by n minus one over two is a good formula to remember regarding pairs It comes up in many network issues Let's consider another case of the end-to-end encryption Here I said that I wanted to if they wanted to talk to F. They needed one key but What encrypts data? Is it the hardware or the software? Where is the encryption performed? It depends so there's basically two options we could have Maybe the two simple options is I could have my computer using hardware or software and the operating system encrypts the data or Maybe more commonly today an application encrypts the data So in this first approach I assume that everything That a sent to F was encrypted using the same key But if we consider that these computers are running applications Often we have multiple applications on each computer So let's consider another case Let's say we have end-to-end Still encrypt on the source and destination computers But each computer has multiple applications and just to put a number to it Let's say I have five different software applications running that may want to Do encryption? Maybe to visualize that what I mean here computer a In on computer a there are there's application one Maybe a web browser application to an email client Just to put a number to a five different networked applications And computer F Also has five apps running maybe the web server Insta messaging client and so on and in this case we're assuming that The application does the encryption not the operating system or any hardware if my web browser application one wants to talk to the web server then the client application encrypts the data using a key and Sends is decrypted by the corresponding application on computer F using the same key So between application one and application one on the other computer we use one key Between a different type of application. We use a separate key so we can think There's one key to be shared between the application each set of applications Application one does not communicate with application to application one may be a web browser Application to maybe an instant messaging client. They don't talk to each other But they each type of application uses a different key How many keys do we need in total in our network? How many keys needed now? every computer Has five applications running on it and wants to be able to talk between to any other computer using One of those five applications How many keys in total? 225 why? one pair of computers and We write I think you're on the right track. We have Each pair of computers needs five separate keys because they have five different applications They potentially want to support and we have 45 pairs of computers 45 times five there are 45 pairs and Each pair requires up to five different keys one for application one another one for app to and so on So we get 225 keys now I Am the network administrator. We're not using any automatic key distribution at the moment It's all manual what I need to go do is go to every computer all ten computers for each of those five applications program in a key Put it in the configuration of the application or somewhere on the computer and I need to do distribute now 225 keys The more keys we need to manually to distribute the worse it is We want to be able to distribute as few as possible What if? What if we allowed any application to talk to any other application? That is app one can talk to app one or app two or app three or app four or eight app five on computer F How many keys? 450 why I Think it's let more than 450 in that case We have five applications on each computer and any of those applications wants to be able to talk to any of the other applications in essence in the network we have 50 Entities wanting to communicate Every computer has five ten computers. There are 50 entities. We want to allow communications between any 50 So this is the extreme case Not quite 11,000. We've still got five apps But we want to allow any app to communicate with any other app e.g. One to two one to three and so on essentially we have 50 entities 50 applications in our network wanted to communicate 50 pairs five times ten app one on computer a Wants to talk to app one on computer F or app two on F or app three on F or App one on G or app two on G or and you see that in total There are 50 entities wanted to communicate the number of pairs amongst 50 entities 50 times 49 divided by 2 This is a contrived example in that the number of applications are just made up at five here And in fact, we only have a small network the point is As we want to be able to support communication encrypted communication between applications and To end between applications the number of keys that we need to distribute is too many in the even this small network to Manually distribute. It's hard for me as the admin to go around and program in 1,225 keys This network only had ten computers Let's say our campus at SIT Has how many computers if you think of the lab computers the office computers? Let's say it's a thousand if we wanted to use end-to-end encryption inside SIT Even if it was just between hosts not applications, we'd need About half a million less than slightly less than half a million keys In a network without with a thousand computers We need about a half a million keys to be distributed if we want to allow any Communicate with any other computer if we wanted encryption between applications. That's even more So the point is if we want end-to-end encryption, there are too many keys to manually distribute We need some automatic way to send them between computers Any questions to finish this example? Okay Don't worry about why there was five applications. It's just an example here five Okay So Back to our slides Generally, we distinguish between link level encryption and end-to-end encryption With end-to-end encryption it may be between the hosts One computer encrypts the other computer decrypts or it may be between applications on hosts one application encrypts The other one on the other computer decrypts or a second application on the same source computer may use a different key So we did some calculations there Link level encryption we encrypt data across individual links Each link shares a key. There are not so many keys necessary So it's easier to set that up in a small network. We don't need to manually distribute so many keys But it has some performance disadvantages of the decrypted encrypted each device and It requires all devices to support encryption So it's not so common in large networks Maybe in smaller networks or networks under the control entirely of one organization And to end encryption We encrypt at the end points only It's better for security because we don't need to trust the devices along the path Even if we can't trust them. We still have our data encrypted But the problem is we have many possible keys that we need to distribute and we need some automatic ways to distribute those keys We've gone through the calculations that what we just did We saw with link level. There's not so many but end-to-end many keys needed So how do we exchange keys? There is some general approaches Manual exchange. I'm the network administrator. I go to all 10 computers programming keys myself And then tomorrow because we'll see later We want to change keys on a regular basis tomorrow morning I go to all 10 computers and program new keys and every morning I go there and program all new keys Now you get a job as the SIT network admin. You've got a thousand computers every morning You go in and program thousands of keys Manual exchange is not possible if we have a large number of devices to To to configure it's very inconvenient But we may be able to rely on it for Small cases a small number of keys need to be exchanged So an extension of the manual exchange instead of exchanging all of those keys manually We will have two types of keys. We'll distinguish between master and session keys and A second approach we'll see some examples will manually exchange master keys between devices But then use that master key to encrypt another key and Automatically exchange that other key called a session key Across a network. So the idea is we manually set up a small number of keys The master keys to get started But then when we want to encrypt our data, we'll encrypt the data using a session key where that session key can change Because we'll use a communications protocol to distribute that session key We'll see this concept come up in a key distribution center on one of the latest slides So that will be one option. The other way is to use what we know about public key cryptography like Diffie Hellman and Other techniques to automatically exchange keys Use Diffie Hellman to exchange a secret between two entities And that can be automatic the problem being it relies on using a public key and The question now becomes how do I know that other person's public key? So we'll come up to that when we come to the topic on the Public use of public key crypto So we'll go through these last two options option two and option three option one Well, we just said it's only possible in small networks