III.  ENCRYPTION SCHEME SELECTION

 32
Standard (TripleDES) and Advanced Encryption Standard (AES), which have 
been approved for use by National Institute of Standards and Technology (NIST), 
and are publicly available. 
The key disadvantages of symmetric encryption are the need to pre-share 
the keys among the senders and recipients and the keys must be exchanged 
securely via some trusted communications channel or through some key 
exchange mechanisms. In an infrastructure setup like GSM, this is manageable 
because all the subscribers share common keys with the service provider. If the 
subscribers need to communicate with each other, the service provider acts as 
the middleman and encrypts/decrypts the messages, as required. However, if 
symmetric encryption were to be used at the application layer, the key exchange 
would have to be managed separately and this can be quite a challenge because 
all the users of a group must use the same key. If the key is compromised, a new 
key must be redistributed to every user. If there is a need to partition the 
communications into sub-groups, different sets of keys must be created and 
distributed for each sub-group. A separate key is still required for the entire 
group. This complexity grows as the number of users and sub-groups increases.
Secure key exchange mechanisms, such as Internet Key Exchange (IKE) 
and Secure Socket Layer, have been developed to facilitate key exchanges 
across public networks. However, these protocols assume relatively high 
bandwidth, real-time connectivity between the sender and recipient. For example, 
the set up of an SSL session requires an exchange of at least four messages, as 
shown in Figure 12, before the secure session is established. For SMS, sending 
each message may take a few seconds. The exchange of four SMS messages 
for each session will affect the usability severely. 
Therefore, the ability to deploy symmetric encryption at the application 
layer for SMS will depend on the ability to exchange keys securely. The key 
exchange can take place through physical transfer via storage devices, or if the 
device is cradled and connected to a PC, with a VPN connection. In order to 
reduce the key distribution complexity, a star topology may be adopted, such that 

 33
all the clients will send all SMS messages to an application server for relay. The 
disadvantage of such a set up is the delay in transmission of messages because 
each message is effectively transmitted twice. However, it offers the advantage 
of simplifying key exchange. 
compute 
K=f(S, R
Alice
, R
Bob
)
Choose secret, S, 
compute 
K=f(S, R
Alice
, R
Bob
)
Alice
Bob
I want to talk, cipher I support, R
Alice
certificate, cipher I choose, R
Bob
{S}
Bob
, {keyed hash of handshake msgs)
{keyed hash of handshake msgs)
Data protected with keys derived from K
Figure 12. Secure Socket Layer (From Ref. [29]) 

Download 1,13 Mb.

Do'stlaringiz bilan baham: