Score:0

Security in a pipeline

bn flag

I am new to cryptography, I am trying to design a secure pipeline environment for the fast transfer of messages. To reduce the Key size I am planning to encrypt the messages with AES session keys (for a session or an epoch) and within each session, I am planning to encrypt each message with lightweight keys like DES (correct me if I am wrong). But one fundamental issue I am facing is how to make this channel resilient under DOS attack? Do I need to delete some messages or provide a timeline to all the messages in the channel after which it will burn eg: Time to live?

kelalaka avatar
in flag
Lightweight? Did you see PRINCE, PRESENT, SIMON, etc?
Student forlife avatar
bn flag
@kelalaka As I have mentioned I am still a newbie so I will explore these models. I am also curious to understand what are the attacks possible in the above setting
kelalaka avatar
in flag
For the DOS part, AFAIK [security.se] might suit better.
Student forlife avatar
bn flag
@kelalaka thank you I will explore more, other than that I don't think so there should be other attacks right?
Score:1
in flag

I am new to cryptography,

Yes, we can see that how you use the terminology.

I am new to cryptography, I am trying to design a secure pipeline environment for the fast transfer of messages.

Another word for "pipeline" is "channel" and the transfer of messages is also known as "transport". So you need a secure channel for a transport layer security. TLS as the name suggests is just that.

To reduce the Key size I am planning to encrypt the messages with AES session keys (for a session or an epoch) and within each session, I am planning to encrypt each message with lightweight keys like DES.

So according to this text you are encrypting the messages both with AES and DES? DES uses 56 bit keys (though usually stored in 64 bits / 8 bytes including parity bits). So yes, the keys are indeed "lightweight", but the cipher itself is definitely not. The somewhat secure triple DES is slower than AES, and that's not the most lightweight cipher; moreover, it requires 168/192 bit keys.

Modern cryptographers roll their eyes when the words "DES" are muttered for any new protocol or paper. A modern lightweight (stream) cipher - as mentioned in the comments - usually makes much more sense.

But one fundamental issue I am facing is how to make this channel resilient under DOS attack?

Although you could try and perform a minimal number of operations in advance - e.g. validate a MAC over a message counter - the resilience against DOS attacks is usually performed at a lower level; once you need to perform encryption / decryption it may well be too.

Do I need to delete some messages or provide a timeline to all the messages in the channel after which it will burn eg: Time to live?

You could use TTL. But TTL seems mainly interesting if you're going to forward messages, for instance - and we don't know if your protocol is designed to do that.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.