What is end – to – end security?The Problems with WAP and the need for End-to-end securityComparison CriteriaWTLS Handshake protocolITLS Handshake protocolITLS Handshake protocolWTLS Record protocolITLS Record protocolWTLS vs ITLSModified ITLSThe modified ITLS Record ProtocolThe modified ITLS Handshake ProtocolConclusionGeorge Mason UniversityECE-646 Cryptography and Computer-Network SecurityWNWN--1:Comparison of ITLS and 1:Comparison of ITLS and WTLS in endWTLS in end--toto--end wireless end wireless security networksecurity networkMembers: Younhee KimChun Kit WongWhat is end What is end ––to to ––end security?end security?zzEndEnd--toto--end security is to secure data from an end security is to secure data from an endend--point to another endpoint to another end--point point zzSecure sensitive data in wireless business Secure sensitive data in wireless business transactionstransactionszzIntroduce the endIntroduce the end--toto--end support protocolend support protocolzzWireless Transfer Layer Security (WTLS)Wireless Transfer Layer Security (WTLS)zzIntegrated Transfer Layer Security(ITLS)Integrated Transfer Layer Security(ITLS)The Problems with WAP and the The Problems with WAP and the need for Endneed for End--toto--end securityend securityComparison CriteriaComparison CriteriazzHandshake protocolHandshake protocolzzAuthenticationAuthenticationzzKey exchangeKey exchangezzRecord protocolRecord protocolzzConfidentialityConfidentialityzzIntegrityIntegrityWTLS Handshake protocolWTLS Handshake protocolGatewayClientServerHelloCertificate*ServerKeyExchange*CertificateRequest*ServerHelloDone[ChangeCipherSpec]FinishedClientHelloCertificate*ClientKeyExchange*CertificateVerify*[ChangeCipherSpec]FinishedApplication DataPropose acceptable cipher suitesChoose cipher suite and prepare key exchange parametersVerify parameters and prepare own key exchange and verification parametersComplete authentication of client (if possible)Complete authentication of serverServerTLS/SSL HandshakeITLS ITLS Handshake protocolHandshake protocolServerWAP G/WClient_versionRandom_numberSession_idClient_key_idsTrusted_key_idsCipher_suitesCompression_methodsSequence_numberKey_refreshClient_versionRandom_numberSession_idCipher_suitesCompression_methodsClientClientHelloClientHelloServerHelloCertificate*ServerKeyExchange*CertificateRequest*ServerHelloDoneServerHelloCertificate*IntCertificate*ServerKeyExchange*CertificateRequest*ServerHelloDoneCertificate*ClientKeyExchange*IntClientKeyExchange*CertificateVerify*ChangeCipherSpecContinue…ITLSITLSHandshake protocolHandshake protocolServerClient WAP G/WFinishCertificate*ClientKeyExchange*CertificateVerify*ChangeCipherSpecFinishChangeCipherSpecFinishHash_HandshakeChangeCipherSpecFinishWTLS Record protocolWTLS Record protocolRMe’SMeSMe==E(EKc,gw,(SMo+HMAC(MSc,gw,SMoE(EKc,gw,(SMo+HMAC(MSc,gw,SMo))))))SMoSMo==D(EKc,gw,SMeD(EKc,gw,SMe))SMeSMe’’==E(EKgw,s,(SMo+HMAC(MSgw,s,SMoE(EKgw,s,(SMo+HMAC(MSgw,s,SMo))))))SMoSMo==D(EKgw,s,SMeD(EKgw,s,SMe’’))RMoRMo==D(EKc,gw,RMeD(EKc,gw,RMe))RMoRMo==D(EKc,s,RMeD(EKc,s,RMe’’))RMeRMe==E(EKc,gw,(RMo+HMAC(MSc,gw,RMoE(EKc,gw,(RMo+HMAC(MSc,gw,RMo))))Client Gateway ServerEncryptDecryptSMeSMe’RMeSMoDecryptEncryptRMoDecryptEncryptSMoWTLS TLSSMoRMoRMeRMe’’==E(EKgw,s,(RMo+HMAC(MSgw,s,RMoE(EKgw,s,(RMo+HMAC(MSgw,s,RMo))))))ITLS Record protocolITLS Record protocolClient Gateway ServerEncrypt*2DecryptEncryptDecrypt*2RMeRMoSMoSMe2SMeSMoDecryptEncryptRMoRMe2SMeSMe==E(EKc,s,(SMo+HMAC(MSc,s,SMoE(EKc,s,(SMo+HMAC(MSc,s,SMo))))))SMe2=SMe2=E(EKc,gw,(SMe+HMAC(MSc,gw,SMeE(EKc,gw,(SMe+HMAC(MSc,gw,SMe))))))SMeSMe=D(EKc,gw,SMe2)=D(EKc,gw,SMe2)SMoSMo==D(EKc,s,SMeD(EKc,s,SMe))RMeRMe==E(EKc,s,(RMo+HMAC(MSc,s,RMoE(EKc,s,(RMo+HMAC(MSc,s,RMo))))))RMe2=RMe2=E(EKc,gw,(RMe+HMAC(MSc,gw,RMeE(EKc,gw,(RMe+HMAC(MSc,gw,RMe))))))RMeRMe=D(EKc,gw,RMe2)=D(EKc,gw,RMe2)RMoRMo==D(EKc,s,RMeD(EKc,s,RMe))WTLS WTLS vsvsITLSITLSWTLS ITLSPerformance TwtlsTitlsis about 2* TwtlsAuthentication•Client authenticate the gateway •Gateway authenticate the server•Client authenticates the gateway and the serverConfidentiality •Secret key (client, gateway)•Secret key (gateway, server)•Plain text in the gateway•Secret key (client, gateway)•Secret key (client, server)•Still cipher text in the gatewayIntegrity •Gateway can verify the modification in the middle.•The end receivers can verify the modification•Gateway can’t verify the modification.•The end receivers can verify the modificationClient ServerEncryptDecryptDecryptDecryptSMe2SMeRMeRMe2SMoRMoDecryptEncryptSMoRMoGatewayWTLSEncryptEncryptClient ServerEncrypt*2DecryptEncryptDecrypt*2SMe2SMeRMeRMe2SMoRMoDecryptEncryptSMoRMoGatewayITLSModified ITLSModified ITLSzzWhy do we need to modify the current Why do we need to modify the current ITLS?ITLS?zzImpractical to implement ITLSImpractical to implement ITLSzzHeavy loads for mobile deviceHeavy loads for mobile devicezzLimited resourcesLimited resourceszzEncrypt and decrypt twiceEncrypt and decrypt twiceThe modified ITLS Record ProtocolThe modified ITLS Record ProtocolClient Gateway ServerEncrypt*2DecryptDecryptDecryptSMe2RMeSMeRMe2RMoSMoRMoDecryptEncrypt*2SMoThe modified ITLS Handshake ProtocolThe modified ITLS Handshake ProtocolClient WAP G/W ServerFinishCertificate*ClientKeyExchange*CertificateVerify*GatewayKeyExchange*ChangeCipherSpecFinishChangeCipherSpecFinishHash_HandshakeChangeCipherSpecFinishNote: * means optional fieldThe header of the following diagram is the same as ITLS.Please refer the Figure 1.NEW!!!ConclusionConclusionzzBenefits of Modified ITLSBenefits of Modified ITLSzzBetter performance than ITLSBetter performance than ITLSzzReduce the number of client decryptions Reduce the number of client decryptions zzRetain the strengths of current ITLSRetain the strengths of current ITLSzzNo plaintext leak in gatewayNo plaintext leak in gatewayWNWN--1:Comparison of ITLS and WTLS in end1:Comparison of ITLS and WTLS in end--toto--end wireless security networkend wireless security networkThank you for your kind attention.Thank you for your kind attention.Any comments/questions?Any
View Full Document