Distributed System Security - Distributed Operating Systems - Lecture Slides, Slides of Computer Science

These are the Lecture Slides of Distributed Operating Systems which includes Neumann Bottleneck, Networked Information, Memory Hierarchy, Evidence, Latency, Communication, Intelligent Service, Communication Latency, Routing Path etc.Key important points are: Distributed System Security, Goals, Complete Protection Against, Attacks, Leakage, Tampering, Vandalism, Attacker Intercepts, Network Message, Benefit to the Attacker

Typology: Slides

2012/2013

Uploaded on 03/27/2013

ekana
ekana 🇮🇳

4

(44)

370 documents

1 / 19

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Distributed System Security
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13

Partial preview of the text

Download Distributed System Security - Distributed Operating Systems - Lecture Slides and more Slides Computer Science in PDF only on Docsity!

Distributed System Security

Distributed System Security: Goals

● Complete Protection Against All Possible Attacks

● Attacks:

  • Leakage ● Attacker intecepts message he/she is unauthorized to access
  • Tampering ● Attacker intercepts and alters a network message, giving benefit to the attacker
  • Vandalism ● Attacker intercepts and alters a network message, but without benefit to the attacker

Definitions

● Public Key – Encryption key that is well-known and/or not hidden from third parties

● Private Key – Encryption key that is known only by the message sender and/or receiver

● Public Key Encryption – An encryption scheme that make use of a public key

● Secret Key Encryption – An encryption scheme that implores only private keys

Definitions

● One Way Function – A one-to-one mathematical function that is easily computable, but whose inverse is very difficult to compute

● Secure Digest Function – A function that takes an argument M, and returns a fixed length “digest” V, such that V1 is probably much different than V2, for distinct M1, M2.

Structure

● Always prepare for worst-case scenarios

● We Assume

  • Our System Interfaces are exposed ● Attacker can send message to any address on the network
  • Our Network is insecure ● Attacker can spoof the address of any message he/she sends with any address value
  • Our algorithms and their source code are availible to the attackers
  • Attackers have the best computing equipment made during the lifetime of our system Docsity.com

Structure (2)

● Private Key Encryption

  • Alice & Bob share knowledge of a secret key K
  • Alice encrypts her message M, with E(M,K)
  • Bob decrypts Alices message by D(E(M,K)) = M

● Public Key Encryption

  • Bob creates two keys, Kd and Ke
  • Bob sends Alice Ke
  • Alice encrypts her message with E(M,Ke)
  • Bob decrypts the message with D(E(M,Ke),Kd) = M
  • Mallory cannot find Kd, even though she knows KeDocsity.com

Distributed System Security: History

● Researchers at Stanford announce Diffie- Hellman-Merkle algorithm in 1976

  • Allows for secret key exchange over an insecure channel

Ronald Rivest, Adi Shamir and Leonard Adleman announce RSA algorithm in 1997

  • First public key encryption algorithm

Diffie-Hellman-Merkle Algorithm

● Alice and Bob generate seperate and secret keys Ka and Kb

● Alice generates another number g, and sends it to Bob

● Alice computers g^Ka (mod n) and sends it Bob, while Bob computers g^Kb (mod n) and sends it to Alice

● Alice computes (g^Kb)^Ka (mod n) and Bob computes (g^Ka)^Kb (mod n)

Remaining Vunerabilities

● Remaing System Vunerabilities

    1. Mallory can still send messages to Bob, spoofed with Alice's address
    1. Mallory can copy messages that Alice sent, and replay them to Bob at a later time
    1. Mallory can intercept the messages containing the initial key exchange and replace Alice's messages with her own

Vunerablity Solutions

● Attack 1: Spoofed messages

  • Bob attaches a checksum to the end of all his messages before encrypting them

● Attack 2: Message Replay

  • Bob attaches a timestamp to each of his messages

● Attack 3: Man-in-the-Middle

  • Bob and Alice must be able to authenticate each other's first unencrypted messages

Distributed System Security: Features

● Security

  • System trust is reduced to ● Trust in Trusted Authority ● Encryption Algorithm ● Passwords don't need to be transmitted
  • Verify identity through “challenges” ● Hybrid Methods
  • Speed of Secret Key with convenience of Public Key

Applications

● PGP

  • “Pretty Good Privacy”
  • Freeware file and e-mail encryption program
  • 128-bit RSA Public Key Encryption & 128-bit MD digest function

● Secure Sockets Layer (SSL)

  • Operating system and encryption algorithm independent network protocol layer

Signficant Points

● Weakest Security Link Today: the User

  • Ignorance of Security Issues
  • Complacency towards Security

● Focus must be on education of end users

  • Users must understand their role in security
  • Users must not become complacent towards security issues