Network Monitoring

In most multiaccess networks, it is trivially easy for a host to set its network interface into "promiscuous mode", and copy all data frames which pass across the network.

This is called eavesdropping or (in some circles) packet snarfing. Once the host has copies of all the frames it desires, it can then analyse them to discover the data they contain.

Most data transfers across the Internet are not encoded (or encrypted) in any way Ð the data is simply sent as plain text. Thus it is simple to observe messages transmitted by others. This is the origin of the (oft repeated, and generally true) assertion that "The Internet is insecure".

An area where this insecurity can present a serious problem is password authentication. At Bendigo, students can use the TELNET protocol to connect to the various Unix systems. The password which is typed by the student is transmitted across the LAN as plain text, and can be observed by any other student using freely available PC software. You need to always be aware of this!
The solution is encryption - encoding the message so that it is unintelligible to the intruder.

Encryption is a vast technical, scientific and political topic. We will look briefly at a few aspects.


Cryptography Basics

A message to be encrypted (known as plaintext) is transformed by the use of a function parameterised by a key, thus:

The security of the cyphertext depends on:


The Basic Algorithms

Substitution Cyphers
the simplest technique, whereby each character in the message is replaced by another using some rule. The order of the encrypted characters is the same as in the plaintext. There are many examples of this technique. Most fall into the general category of monoalphabetic substitution, where the output alphabet is the same as the input.
Transposition Cyphers
here the order of the plaintext characters is changed, but the characters themselves are not.
Simple implementations of both of these are (regardless of key length) susceptible to various well known attacks, and are not regarded as secure for any serious use. The modern defence is to use basically the same ideas, but with much more complex algorithms (see next slide).

Another approach (although rarely used) is the one-time pad, (or Vernam Cypher) where a simple algorithm is used in conjunction with a key of the same length as the message, and employing a brand new key for every message transmitted message. This is, in every respect, unbreakable, but rather impractical for real-world use in most cases (although see s/key).


DES - The Data Encryption Standard

DES is a block cypher, which operates on 64-bit data fragments, using a 56-bit key. The basic DES algorithm is described as follows:

Note that DES is designed so that decryption is performed by the exact same algorithm as encryption (using the same key - hence single key), except performed in reverse.

The effectiveness of DES is based on the complexity of the 19 stages. In the above diagram, two identical 64-bit plaintexts will result in identical cyphertexts. This is called the Electronic Code Book (ECB) mode of operation.


DES In Practice

The ECB mode of operation is now rarely used, since it is now generally agreed that it is breakable given sufficient resources.

In the Chain Block Cypher (CBC) mode, each block of plaintext is exclusive-ORed (XOR) with the cyphertext output from the previous encryption operation. Thus, the next block of cyphertext is a function of its corresponding plaintext, the 56-bit key and the previous block of cyphertext. Identical blocks of plaintext no longer generate identical cyphertext, which makes this system much more difficult to break.

The CBC mode of DES is the normal technique used for encryption in modern business data communications.

A variation on CBC is used where the message may not be a multiple of 64 bits, or where interactive (character at a time) encryption and decryption is desired. This is called Cypher Feedback Mode (CBM), and uses shift registers to permit one byte at a time to be encrypted or decrypted.


Public Key Systems

DES works well, but relies on both parties having a copy of the same key. This can be a big problem. In 1978, Rivest, Shamir and Adelman (RSA) developed a solution called Public Key Cryptography. Details of the underlying theory are outside the scope of this unit, but the fundamental concepts are:

Other Encryption Applications

Authentication is the problem of proving that someone you are communicating with is who you believe they are. Digital Signatures are a form of authentication applied to electronic documents.

Clipper, Key Escrow and the Whole Political Thing

The USA and other governments are very interested in encryption. Over the last few years, the USA has proposed several variations of Clipper encryption systems. Difficulties:
If you are interested in further study of this area, have a look at my incomplete list of cryptography resources on the Web.
This lecture is also available in PostScript format. The tutorial for this lecture is Tutorial #17.
[Previous Lecture] [Lecture Index] [Next Lecture]
Phil Scott