Geri Dön

Açık sistem veri iletişim ağlarında kriptografik anahtar yönetimi

Başlık çevirisi mevcut değil.

  1. Tez No: 55771
  2. Yazar: ÇAĞIL DEĞERMEN
  3. Danışmanlar: DOÇ.DR. BÜLENT ÖRENCİK
  4. Tez Türü: Yüksek Lisans
  5. Konular: Elektrik ve Elektronik Mühendisliği, Electrical and Electronics Engineering
  6. Anahtar Kelimeler: Belirtilmemiş.
  7. Yıl: 1996
  8. Dil: Türkçe
  9. Üniversite: İstanbul Teknik Üniversitesi
  10. Enstitü: Fen Bilimleri Enstitüsü
  11. Ana Bilim Dalı: Belirtilmemiş.
  12. Bilim Dalı: Belirtilmemiş.
  13. Sayfa Sayısı: 79

Özet

ÖZET Günümüzde bilgisayar dünyasının gelişmesi ile birlikte terminaller arası iletişim ihtiyacı ve olanakları hızlı bir artış göstermiştir. Bu durum tüm kullanıcıların rahatlıkla eriştiği veri ağlarında güvenlik sorununu ortaya çıkarmıştır. Bu çalışmada, bilgi güvenliğinin açık sistem veri ağlarında gerçekleştirilebilmesi için gerekli kriptolojik metodlar ve bu durumda ortaya çıkan kripto anahtarlarının yönetilmesi problemi tartışılmış ve günümüzde sık olarak kullanılan IBM tabanlı kişisel bilgisayarlarda çalışabilecek şekilde tasarlanmış bir anahtar yönetim prosedürü ortaya konmuştur. Bu amaçla kriptografik işlemleri yerine getirmek üzere Veri Kriptolama Standardı (DES) seçilmiş, IBM kişisel bilgisayarlarda çalışacak olan bir yan-rassal anahtar üreteci işlevi gerçekleştirilmiş ve bu iki yazılımı kullanan anahtar yönetim prosedürleri ağ ortamlarında bulunabilecek terminaller ve host bilgisayarlar için ayrı ayrı tasarlanıp gerçeklenmiştir. Tüm prosedür ve kriptografik işlemler yazılım yolu ile C dilinde gerçeklenmiştir.

Özet (Çeviri)

SUMMARY CRYPTOGRAPHIC KEY MANAGEMENT IN OSI LAYERED DATA COMMUNICATION NETWORKS Soon after the first computers were developed for scientific data processing applications, people realized that they might be applied to accounting tasks. System designers and manufacturers then tried to extend the benefits of the computer to more people and business. The application of computers to communications was inevitable. At first, system programs called operating systems made program execution in real time possible. Useful results were returned to the user with almost no noticeable delay. While such devices were satisfactory for users near the computer, they did not serve remote users. This problem was solved when it became possible to send computer data over voice-grade analog telephone lines. The development of the transmission control unit, a device capable of controlling the telephone line and attached devices, contributing to this break-through. At the same time, advances in technology, specifically the developments of microprocessors, led to the introduction of programmable communications control units and programmable device control units. These units assumed line and device control functions previously performed by applications programs. As a result, a major portion of the network management responsibility was relocated to various network devices thus allowing the host processor to perform other functions. Gradually, data communications between hosts as well as between a host and its attached devices (terminals, printers, facsimile machines, etc. ), over switched (public) or nonswitched (dedicated leased lines), become generalized such that any node (terminal, communications controller, or host processor) could communicate with other node. The microprocessor revolution also had an effect on the computational capability of terminals and control units. As the capacity of microprocessor increased, additional functions were loaded from host processors and performed by various microprocessor-driven devices. Systems evolved where data processing functions were performed by devices situated in different places and connected by transmission facilities. Thus data could be partially or wholly processed at any number of network nodes. This concept is called as distributed data processing. The common element in this development was the network architecture which established the basis for device attachment and protocols necessary for device interaction. As more network facilities are used to process and transmit data, there is an increased dependency on communications facilities provided by the general public. Likewise, the opportunity and ease with which data can be intercepted increase. An architecture XIfor networks must therefore provide a capability to implement appropriate security measures should they be required. Historically, cryptography was exclusively applied in order to hide the clear form of text by making it unreadable. The second aim of enciphering is the detection of illegally injected, removed or changed information. Cryptographic methods can be used to protect the channels which connect terminals with their host computers (or nodes) and channels that create the communication network. The computer network, from the point of view two communicating users A and B, is simply a transmission channel (Fig. 1). Usually users want their information protected against unfriendly activity. The user's activity means a single person or a group of users. For example, a group of unfriendly users could gain control over a large part of a computer network. The designers of information protection systems must build the security shield in such a way that protection measures overlap and take into account a variety of possible illegal access methods. Therefore, cryptographic protection of information is applied many times on different levels of the information flow organization. There are different types of information protection on data communication networks:. End-to-end encryption (terminal to terminal communication),. Terminal-to-host computer encryption,. Host-to-host encryption. User A Figure 1. A Computer Network From the User's Point of View xnTerminal Terminal 7 Key J Key J Figure 2. End-to-end Encryption The end-to-end encryption ensures that all information sent throughout a network is unreadable as long as it is within the computer network. Simply, a computer network, from the point of view of users A and B, is treated as a single channel (Fig. 2). In other words, such a protection may be used if users do not want to process their data. However, if the user wishes to take advantage of a variety of the computer network resources, the terminal-to-host encryption is applied in order to protect user data transmitted to (from) the host computer. Of course, in this case, a terminal and a host computer must share a suitable key (Fig. 3). Sometimes a user resides in the terminal of a foreign host computer and wishes to carry out a processing task in his own host computer. This situation, depicted in Figure 4., is somewhat similar to that of Figure 3. Terminal Host r ~l Figure 3. Terminal-to-host Encryption Since the concept of computer networks arises from the desire for uniform usage of computer resources, there is information flow between host computers. If one host computer is overworked, its tasks is switched to other computers which have a surplus of computing capacity. In order to allow for flexible working arrangements within the computer network, without endangering information protection when transmitting, the problem of key management must be solved properly with account taken of all possible places where shared keys are needed. XlllTerminal Host r n Figure 4. Terminal-to-host Encryption Via a Foreign Terminal The first problem is key distribution between two communicating parties. This distribution must be carried out by means of secure channels. Historically, secure channels were created by messengers who used to physically carry letters containing written keys. Such a channel introduces considerable delays and cannot be applied in computer networks for key distribution. There are two approaches to key distribution. The first relies on the use of a separate communication network for key distribution only. The second approach consists of using the same communication network for both information and key transmission. The secure channel is created by means of cryptography. In other words, cryptographic keys are enciphered and sent to suitable parties in the form of cryptograms (Fig. 5). Keys shared by a terminal and host i Keys shared by a host I and a host] Figure 5. An Example of Key Distribution Between a Terminal and a Host Now consider the situation where a user resides in a foreign terminal and requires to share a key with his own host computer j. The requirement is accepted by host i and the host generates a suitable key Ks. Afterwards, Ks is sent to both the user and the host computer j by means of two prearranged secure channels. Two types of key KMT and KM were used to create these channels. XIVThere are many different keys which are used simultaneously for different purposes but all of them can be classified as primary keys, secondary keys and master keys. Keys from the first class are used for one session only. These keys are applied to encipher or decipher messages sent between users and between users and their host computers. Secondary keys are used to protect information that is transmitted between terminals and hosts or between hosts. These keys are also employed to create a secure channel for session key distribution. Last, master keys serve to encrypt other keys stored inside the host computer. In order to move a key through a communication network, it must be enciphered with another key KMT to encipher Ekmt(KS). There are advantages in using a data enciphering key like KS for only a short period and then establishing a new one through the network. Since the key KS is typically used to encipher data for just one session it is called session key. When the session key is being moved out to a terminal, the KMT used to encipher it for transit is called a terminal master key. A KMT is used for a longer period than a KS and it may have to be stored at a host computer with a number of similar keys for different keys for different terminals. In order to minimize the amount of secure storage needed, all these can be enciphered under another key KM which is called host master key. Thus the storage of KMT is in the form Erm(KMT). The host master key protects the secrets of the terminal keys and these protect the data-enciphering keys KS, which in turn protect the data, in a kind of hierarchy with the master key at the top. In their protected form, the lower keys (and the enciphered data) can be stored in ordinary memory or transmitted through a communication network. The whole system that depends on the master key which therefore needs the greatest attention to its security. Usually this key is stored in a physically secure box. Key management includes every aspect of the handling of keys from their generation to their destruction. The main complexities occur in the distribution of keys and their storage, so these will occupy most of my attention in this master thesis. An ideal method of key generation would be one that the key at random - with an equal probability of choosing any of the possible key values. Unfortunately, this is difficult to achieve. Any non-randomness which could give an enemy some way of predicting a key value or finding a value with higher than normal probability would reduce the task of searching keys and make cryptanalysis easier. Fortunately, a completely uniform distribution of key values is not essential requirement. That's why only top master keys are generated, using true random processes. The methods of generating true random numbers are tossing coin, throwing dice or using random noise generators. Other keys (Session, Terminal Master, etc. keys) are generated using pseudo-random sequences. There are many examples of mathematically determined sequences which generate digits that are, to all appearances, random. Unfortunately, when a variety of statistical tests are tried, many of these“pseudo-random number generators”can be shown to have pattern in their xvoutput. Fortunately, a good cipher algorithm works well as a cipher then almost any method of using it to generate a sequence should generate random numbers, otherwise there is a pattern in the cipher which would be a weakness in the cipher. In this thesis, DES is used as a enciphering process and algorithm to help generating pseudo-random sequences. As a oneway hash fiinction to help transforming random seed values to a constant length data block, MD4 algorithm is used. These types of data then are used to obtain pseudo-random numbers. Then enciphering processes which are used in OSI layered networks are divided as terminal and host computer procedures. These procedures are implemented using IBM PC based environments in C language. Next, using encryption algorithm, pseudo-random number generator and encryption procedures to work in terminal and host computers, a proposed key management scheme for IBM PC based network environment is determined. XVI

Benzer Tezler

  1. Tez No

    859636

    Secure and coordinated beamforming in 5G and beyond systems using deep neural networks

    5G ve ötesi sistemlerde derin sinir ağları kullanarak güvenli ve koordineli hüzmeleme

    UTKU ÖZMAT

    Doktora

    İngilizce

    İngilizce

    2024

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilişim Uygulamaları Ana Bilim Dalı

    DR. ÖĞR. ÜYESİ MEHMET AKİF YAZICI

    DR. ÖĞR. ÜYESİ MEHMET FATİH DEMİRKOL

  2. Tez No

    798400

    Group authentication and its application

    Grup kimlik doğrulama ve uygulaması

    SEVDA ALIMADADNEZHAD

    Yüksek Lisans

    İngilizce

    İngilizce

    2023

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilişim Uygulamaları Ana Bilim Dalı

    PROF. DR. ENVER ÖZDEMİR

  3. Tez No

    872335

    Low-cost security protocols for resource-constrained Internet of Things devices

    Kaynakları kısıtlı Nesnelerin İnterneti cihazları için düşük maliyetli güvenlik protokolleri

    YILDIRAN YILMAZ

    Doktora

    İngilizce

    İngilizce

    2019

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve KontrolUniversity of Southampton

    Siber Güvenlik Ana Bilim Dalı

    PROF. DR. BASEL HALAK

  4. Tez No

    488058

    Ağ trafiğinin analizi, anomali tespiti ve değerlendirme

    Analysis of network traffic, anomaly detection and evaluation

    AKIN ASLAN

    Yüksek Lisans

    Türkçe

    Türkçe

    2017

    Bilgisayar Mühendisliği Bilimleri-Bilgisayar ve Kontrolİstanbul Teknik Üniversitesi

    Bilişim Uygulamaları Ana Bilim Dalı

    DOÇ. DR. ENVER ÖZDEMİR

  5. Tez No

    656727

    Cooperative vehicular communication systems with physical layer security and noma techniques

    Fiziksel katman güvenliği ve noma teknikleri ile işbirliklikli araçlar arası iletişim sistemleri

    SEMİHA KOŞU

    Yüksek Lisans

    İngilizce

    İngilizce

    2021

    Elektrik ve Elektronik Mühendisliğiİstanbul Teknik Üniversitesi

    İletişim Sistemleri Ana Bilim Dalı

    PROF. DR. LÜTFİYE DURAK ATA

    DR. SERDAR ÖZGÜR ATA

Geri Dön