wireless comm systems1
-
Upload
abdulsahib -
Category
Documents
-
view
231 -
download
0
Transcript of wireless comm systems1
-
8/19/2019 wireless comm systems1
1/28
WIRELESS COMMUNICATIONS SECURITY
Dr. T.J.Owens CEng MIEE
Email: Thomas.Owens !r"nel.a#."$
Mo%"le O&er&iew
Fundamentals of Cryptography
Block 1: Basic concepts of cryptography
Block 2: Simple Ciphers and Classical Ciphers and AComplexity Measure for Security
Block 3: Modern symmetric key cryptography
Block 4: u!lic key cryptography
Securing the Mobile Phone Network
Block ": #SM $2#% &elecommunications SecurityBlock ': # (S $2)"#% Security
Block *: +ireless Application rotocol $+A % and i,mode
Block -: 3# &elecommunications Security
1
-
8/19/2019 wireless comm systems1
2/28
Securing laptop Wi-Fi connection to wirednetwork
Block .: +i,/i Security BasicsBlock 10: +
Block 11: er ie of + A and (S5
Block 12: (A678S9 & S9 7 -02)11
Block 13: ;ey Management in + A and (S5
Block 14: &;7 and A S,CCM
Securing hybrid wireless infrastructurenetworks
Block 1": Securing +iMA< net orks
Block 1': Securing con erged +i,/i and 8M&S net orks
2
-
8/19/2019 wireless comm systems1
3/28
'lo#$ (: 'asi# #on#e)*s o+ #r,)*ogra)h,
Objectives
After studying this material you should
• Appreciate that the central issue in dataencryption is the design of datatransformations that are easy, given a specific piece of secret knowledge, but extremely difficult otherwise.
• Recognise that a modern cryptosystemachieves secrecy through an algorithm whichcomputes a code from a key.
• Understand that cryptographic techni ues can protect against eavesdropping and tampering.
• !e able to calculate the Unicity "istance of acipher system and comprehend itssignificance.
•Understand how the one time pad achieves perfect secrecy.
• Appreciate that linear feedback shift registers provide a method for approximating the onetime pad.
3
-
8/19/2019 wireless comm systems1
4/28
'o"n%aries
/igure: Block diagram of a communications system)
/igure: Coding steps in a communications system)
4
SourceCoding
Encryption
SourceDecoding
ChannelCoding
Decryption Channel
Decoding
-
8/19/2019 wireless comm systems1
5/28
Cr,)*ogra)h,
Cryptosystem or cipher system is a method ofhiding the content of messages)
Cryptography is the art of creating and usingcryptosystems)
Cryptanalysis is the art of !reaking cryptosystems)
Cryptology is the study of !oth cryptography andcryptanalysis)
5
Plaintext
AliceBob
Eve
Plaintext
-
8/19/2019 wireless comm systems1
6/28
-e, hrase Ci)her
A B C 6
A t h i s m
B y k e o
C r d a ! c
6 f g l n p= u x >
6
-
8/19/2019 wireless comm systems1
7/28
Features of the E ample Cipher
(. asy encoding and decoding
/. asy to remem!er key)
0. &he use of different alpha!ets for the plaintext andciphertext)
1. ach input sym!ol mapped to t o output sym!ols)
2. (emo al of redundancy in the plain text $?i@ and ? @treated as the same letter and spaces omitted)
3. 7ndependent encoding of plaintext characters
4. Some letters from the keyphrase are discarded)
7
-
8/19/2019 wireless comm systems1
8/28
Da*a Se#"ri*, an% In+orma*ion Theor,
Cr,)*os,s*ems
Aim to transform original data $ plainte t! into anunintelligi!le form $cipherte t % !efore transmitting ito er a communication system)
&his in ol es computing an in erti!le transformation
of a message that is hard to in ert ithout somesecret kno ledge kno n as the key"
ncoding process often calledencryption and thedecoding process decryption )
An unauthorised person attempting to unauthorisedaccess to a communications system is acryptanalyst or ad#ersary )
The $e, m"s* !e *ransmi**e% +rom Ali#e *o 'o!!, a 5se#"re6 #hannel.
Cryptosystems may !e used to assure#ecrecy$%rivacy, Authenticity$&ntegrityand Anonymity$&nvisibility.
8
-
8/19/2019 wireless comm systems1
9/28
A**a#$s on Ci)her s,s*ems
assive wiretapping $ea esdropping%
Active wiretapping $tampering%
e $the cryptanalyst% kno s
• &he encryption algorithm)
• &he plaintext statistics or structure)
• ro!a!ility distri!ution of keys)
• &hecipherte t only attack : e kno sthe encryption algorithm and has someciphertext and some kno ledge of thestatistical structure of the plaintext)
• &heknown plainte t attack ) e kno sthe encryption algorithm and has someplaintext together ith its correspondingciphertext)
• &he chosen plainte t attack ) ekno s the encryption algorithm and isa!le to choose some plaintext andarrange that it is encrypted)
9
-
8/19/2019 wireless comm systems1
10/28
Dis#re*e Ran%om 7aria!les
< denotes the num!er of mouse clicks
x' ()&(* ()&(* ()&(* ()&(* ()&(* ()&(*
denotes the num!er of keystrokes y' *+ *+ *+ *+ *+
e can rite ),( xYxXP ==
$&his denotes the pro!a!ility that < and are e=ualto x%
e cannot rite )( YXP =
$&his ould implies that random aria!le < is thesame as random aria!le %
10
X Y
-
8/19/2019 wireless comm systems1
11/28
ro!a!ili*, Dis*ri!"*ion
&he probability distribution of < is the set of pairs
( )( ) ( )( ){ },,,,, 2211 x p x x p x
∑= ==++n
iin p p p p
121 1.
11
-
8/19/2019 wireless comm systems1
12/28
Dis#re*e In+orma*ion So"r#es
A discrete information source emits an endlessstream of sym!ols dra n from an alpha!et
{ }nσ σ σ ,,, 21 =Σ
A discrete memoryless source $6MS% is a source
that emits a stream of statistically independent sym!ols from its alpha!et)
A binary memoryless source has an alpha!et oft o sym!ols
(olling a die 6MS
&ossing a coin !inary 6MS
12
-
8/19/2019 wireless comm systems1
13/28
Un#er*ain*, an% In+orma*ion
$nformation con eyed !y a message or sym!ol ith pro!a!ility p is
I p( ) = − log b p = log b 1 p( )
Entropy is the expected information or
( ) ( ) ∑∑==
−==n
iibii
n
iib p p p I p X H
11
log
B 8nit of information 8nit of ntropy2 Bit $!inary digit% BitsDsym!ol
5at $natural logarithm% 5atsDsym!ol10 Eartley EartleysDsym!ol
13
-
8/19/2019 wireless comm systems1
14/28
Ci)her*e8* onl, Cr,)*anal,sis
Consider the a!o e source and cipher system)
&he cryptanalyst kno s the plaintext sym!olpro!a!ilities $A%9 $B%9 $C%9 and $6% and thepro!a!ility distri!ution of the keys $ $k1% and $k2%are e=ually likely%)
&he cryptanalyst needs to identify the key)
&he cryptanalyst can calculate the pro!a!ilities thatany ciphertext character resulted from a particularplaintext character)
14
A
B
C
D
0.4
0.1
0.3
0.2
A
B
C
D
k1
k2
-
8/19/2019 wireless comm systems1
15/28
/or example9 if ciphertext A is o!ser ed this resultsfrom plaintext character B and k1 or plaintextcharacter A and k2)
So the pro!a!ilities of each of these may !ecalculated as
)2()()1()()2()(
)|2,(
)2()()1()()1()(
)|1,(
k P A P k P B P k P A P
Ak A P
k P A P k P B P k P B P
Ak B P
+=
+=
&his process may !e continued to !uild up a ta!leof conditional pro!a!ilities
15
-
8/19/2019 wireless comm systems1
16/28
laintext9 ;ey
Ciphertext A9 k1 A9 k2 B9 k1 B9 k2 C9 k1 C9 k2 69 k1 69 k2
A 0 0)333 0)''* 0 0 0 0 0
B 0)2" 0 0 0 0 0)*" 0 0
C 0 0 0 0)333 0 0 0)''* 0
6 0 0 0 0 0)42. 0 0 0)"*1
Suppose the follo ing plaintext has !eenenciphered using k2 then
laintext: "("!("A"(!
Ciphertext: "!"(!"A"!(
n seeing the ciphertext the cryptanalyst calculates
the pro!a!ility of the t o possi!le correspondingplaintexts $s1 and s2% using the ta!le as follo s:
&he ciphertext contains one A9 three Bs9 t o Cs andfour 6s)
16
-
8/19/2019 wireless comm systems1
17/28
Calculating the product of the rele ant conditionalpro!a!ilities for each key gi es
Π 1 4423 1057.1429.0667.025.0667.0 −×=×××
Π 2 3423 1066.1571.0333.075.033.0 −×=×××
&hen
914.01066.11057.1
1066.1)|2(
086.01066.11057.1
1057.1)|1(
34
3
21
2
34
4
21
1
=×+×
×=
Π+ΠΠ
=
=×+×
×=
Π+ΠΠ
=
−−
−
−−
−
s s P
s s P
laintexts- "("!("A"(! and the key as k - )
17
-
8/19/2019 wireless comm systems1
18/28
Shannon )ro)ose% *wo meas"res o+ *hese#"ri*, o+ a #i)her s,s*em:
Co&er Time: &his is the time estimated to !reak thesystem ith unlimited access to plaintext andciphertext9 !ut using current computing technology)
Uni#i*, Dis*an#e: &his is the amount of ciphertextre=uired for the key to !e identified uni=uely)
Uni#i*, Dis*an#e
/or a source / ith an alpha!et of siFe Σ andpro!a!ility distri!ution Σ p p p ,,2,1 the entropy is theexpected information:
ibi
ib p p X H log)(1
∑Σ
=
−=
5o let 0 ) denote a random plaintext of length)gi ing ciphertext( ) of length) !y application of keyk x from key set* )
/or any ciphertext the minimum num!er9n9 ofcipher text sym!ols needed !efore only one keycould ha e generated that ciphertext is:
18
-
8/19/2019 wireless comm systems1
19/28
)(lg)( X H
K H n−Σ
≥
&he unicity distance is gi en !y the e=uality of thisexpression) /or k e=uipro!a!le keys this is
)(lglg
X H
k
n −Σ=
19
-
8/19/2019 wireless comm systems1
20/28
In+ini*e Uni#i*, Dis*an#e
7f the unicity distance is infinite then e ould ha ea perfectly secure system)
+e ha e t o choices:
1) Make the denominator Fero9 Σ= lg)( X H )
&his is only true if the message is randomlygenerated or is perfectly compressed9 neitherof hich is possi!le)
2) Make the numerator infinite9 ∞=)( K H )&his ould seem to re=uire a key of infinitesiFe)
Eo e er9 for a message ofn sym!ols e onlyneed n randomly generated sym!ols of the key
Σ= lg)( n K H )
&hen the unicity distance is greater thann and
e need more ciphertext characters than the na aila!le to !reak the cipher)
&his is the !asis of a pro a!ly un!reaka!lecipher)
er+e#* Se#re#,
20
-
8/19/2019 wireless comm systems1
21/28
&his gi es perfect secrecy if: K C M ==
ie &he num!er of keys e=uals the num!er ofmessages)
A E8# amount of key data re=uired)
21
-
8/19/2019 wireless comm systems1
22/28
The One Time a%
1he only cipher that provides perfect secrecy
+ach key is used only once
Mixer CipherTextPlainText
Random
Sequence
&he one time pad is so called !ecause the senderat one time had a pad of paper upon each page of hich there is a truly random se=uence of sym!ols)
A page is destroyed after use so that each key isused only once)
&he mixing function can !e as simple as additionmodulo 2)
22
-
8/19/2019 wireless comm systems1
23/28
A))ro8ima*ing *he One Time a%
& is impractical !ecause e cannotmathematically generate truly random se=uences)
seudorandom se=uences9 or pseudonoise9 used)
Im)lemen*a*ion Using Shi+* Regis*ers
+e can approximate a one,time pad !y generatingan extremely long psuedorandom se=uence $oflength 10010 or more% and then com!ining theelements of this se=uence ith plaintext sym!ols ina ery simple ay)
&he psuedorandom se=uence generator in astream cipher consists of memory9 hich holds itscurrent state9 and a next state function9 hichcomputes a ne state at each step)
&he output of the se=uence generator is some
function of its state)
23
-
8/19/2019 wireless comm systems1
24/28
7n the follo ing illustrations the arro s go !oth ays
!et een the State !ox and the 5ext State /unction!ox !ecause the next state is a function of thecurrent state)
A closely related cipher system is the cipherfeed!ack $C/B% configuration here the ciphertextis fed !ack into the keystream se=uence generator)
&hus the ciphertext in a message depends on allthe preceding ciphertext in the message)
&his can pro ide message authentication Gpre enting an ad ersary tampering ith a messageundetected)
24
-
8/19/2019 wireless comm systems1
25/28
Mixer CipherTextPlainText inchunks o f afew bits
Next StateFunction
StateKey
Initial
State
SelectFunction
Keystream
Mixer CipherTextPlainText inchunks o f afew bits
Next StateFunction
StateKey
Initial
State
SelectFunction
Keystream
Stream Ci !er Ci !er "ee#$a%& 'o#e
+ireless technologies use stream ciphers !ecause they approximate the one,time pad and!ecause they only re=uire an encryption card not an encryption and a decryption card)
25
-
8/19/2019 wireless comm systems1
26/28
'inar, Linear 9ee%!a#$ Shi+* Regis*ers
Binary /S(s are used to generate ery longse=uences of pseudorandom num!ers)
Binary inear /eed!ack Shift (egister
&he shift register is a se=uence of !its $if it is n,!itslong9 it is called an n,!it shift register%)
ach time a ne !it is needed9 all !its in the shift
register are shifted 1 to the right)
&he ne left,most !it is computed as a function ofthe other !its in the register) &he output of the shiftregister is 1 !it9 often the least significant !it)
The Se#"ri*, o+ L9SRs
26
Sn-1
Sn-2
S1
S0
+ + + +
Appropriate connections made here to generate se=uence
-
8/19/2019 wireless comm systems1
27/28
/S(s are not secure !ecause of their linearity)
nly n2 consecuti e !its from the register arere=uired to attack an /S( ith n stages re=uires)
&o o!tain the state and feed!ack coefficients of theregister re=uires only one matrix in ersion since eare sol ing n2 linear e=uations)
27
-
8/19/2019 wireless comm systems1
28/28
Nonlinear Me*ho%s
Com!ine the output of t o or more registers non,linearly)
Many nonlinear com!inations of /S(s ha e !eenproposed !ut all ha e some eaknesses making
them insecure)
&he idea of a nonlinear /S( has more merit9ho e er9 and the /B mode of the 6 S !lockcipher to !e seen in !lock 4 is essentially anonlinear /S()
Bluetooth deploys a stream cipher !uilt using anonlinear com!ination of /S(s)