Download Distributed Systems Security - Distributed Operating Systems - Lecture Slides and more Slides Computer Science in PDF only on Docsity!
Case Study
On
Distributed Systems Security
Docsity.com
Historical context: the evolution of
security needs
1965-75 1975-89 1990-99 Current
Platforms Multi-user timesharing computers
Distributed systems based on local networks
The Internet, wide- area services
The Internet + mobile devices
Shared resources
Memory, files Local services (e.g. NFS), local networks
Email, web sites, Internet commerce
Distributed objects, mobile code
Security requirements
User identification and authentication
Protection of services Strong security for commercial transactions
Access control for individual objects, secure mobile code
Security management environment
Single authority, single authorization database (e.g. /etc/ passwd)
Single authority, delegation, repli- cated authorization databases (e.g. NIS)
Many authorities, no network-wide authorities
Per-activity authorities, groups with shared responsibilities
Docsity.com
Secure channels
Properties
Each process is sure of the identity of the other
Protection against repetition and reordering of data
Employs cryptography
Secrecy based on cryptographic concealment
Authentication based on proof of ownership of secrets
Cryptographic concealment is based on:
Confusion and diffusion
Conventional shared crypto keys
Public/private key pair
Principal A
Process p (^) Secure channel Process q
The enemy^ Principal^ B
Cryptography
Docsity.com
Definitions
- Asymmetric algorithm – public/private key cryptography that utilizes a trap-door function, such as RSA
- Availability - system services are available when they are needed
- Certificate - an electronic document containing a statement signed by a principal
- Confidentiality - secrecy, information is only disclosed according to security policy
- Integrity - information is not destroyed or corrupted and the system performs data operations correctly
- DES - Data Encryption Standard adopted by National Bureau of Standards in 1977; famous cryptosystem that uses a 56-bit secret key
- Digital Signature - emulates a conventional signature by using cryptography to verify to a third party that a message or document is produced by the signer
- RSA - Rivest, Shamir, Adleman encryption algorithm; first public-key cryptosystem; based on the use of trap door function of two very large prime numbers
- Symmetric algorithm – secret-key cryptography that uses a common key and a one-way encryption function, such as DES
Docsity.com
Bob is a file server; Sara is an authentication service. Sara shares secret key K A
with Alice and secret key K B with Bob.
1. Alice sends an (unencrypted) message to Sara stating her identity and
requesting a ticket for access to Bob.
2. Sara sends a response to Alice. {{Ticket} KB, KAB} KA. It is encrypted in K A
and consists of a ticket (to be sent to Bob with each request for file access)
encrypted in K B and a new secret key K AB.
3. Alice uses K A to decrypt the response.
4. Alice sends Bob a request R to access a file: {Ticket} KB, Alice, R.
5. The ticket is actually {K AB, Alice} KB. Bob uses K B to decrypt it, checks
that Alice's name matches and then uses K AB to encrypt responses to Alice.
Features
Scenario 2: Authenticated communication
with a server
- A ticket is an encrypted item containing the identity of the principal to whom it is issued and a shared key for a communication session.
- This is a simplified version of the Needham and Schroeder (and Kerberos) protocol.
Docsity.com *
Bob has a public/private key pair <K Bpub , K Bpriv>
1. Alice obtains a certificate that was signed by a trusted authority
stating Bob's public key K Bpub
2. Alice creates a new shared key K AB , encrypts it using K Bpub using a
public-key algorithm and sends the result to Bob.
3. Bob uses the corresponding private key K Bpriv to decrypt it.
(If they want to be sure that the message hasn't been tampered with, Alice can add an agreed value to it and Bob can check it.)
Features
Scenario 3: Authenticated communication
with public keys
- Mallory might intercept Alice’s initial request to a key distribution service for
Bob’s public-key certificate and send a response containing his own public key.
He can then intercept all the subsequent messages.
Docsity.com *
Features
X509 Certificate format
Subject (^) Distinguished Name, Publ ic Key
Issuer Distinguished Name, Signature Period of validity Not Before Date, Not Aft er Date Admi nistrat ive information Version, Serial Number Extended Informati on
Certificate: a statement signed by an appropriate authority.
Certificates require:
- An agreed standard format
- Agreement on the construction of chains of trust
- Expiry dates, so that certificates can be revoked.
Docsity.com
Certificates as credentials
• Certificates can act as credentials
– Evidence for a principal's right to access a resource
• The two certificates shown could act as credentials
for Alice to operate on her bank account
– She would need to add her public key certificate
Docsity.com *
Structure
Cryptographic Algorithms
E(K, M) = {M} (^) K D(K, E(K, M)) = M Same key for E and D M must be hard (infeasible) to compute (one-way function) Usual form of attack is brute-force: try all possible key values
Separate encryption and decryption keys: Ke , Kd
D(K (^) d. E(K (^) e, M)) = M depends on the use of a trap-door function to make the keys. E has high computational cost. Very large keys > 512 bits
- Hybrid protocols - used in SSL (now called TLS)
Uses asymmetric crypto to transmit the symmetric key that is then used to encrypt a session.
Message M, key K, published encryption functions E, D
Docsity.com
Structure
Cipher block chaining and stream ciphers
Most algorithms work on 64-bit blocks. Weakness of simple block cipher:- repeated patterns can be detected.
n
n+3 n+2 n+1 XOR E(K, M)
n-3 n-2 n-
plaintext blocks
ciphertext blocks
Cipher block chaining (CBC)
XOR
generatornumber n+3^ n+2^ n+1^ E(K, M)
plaintext stream
ciphertext stream
buffer
keystream
Stream cipher
Docsity.com *
Asymmetric encryption algorithms
RSA: The first practical algorithm (Rivest, Shamir and Adelman 1978) and still the
most frequently used. Key length is variable, 512-2048 bits.
Asymmetric algorithms are ~1000 x slower and are therefore not practical for bulk
encryption, but their other properties make them ideal for key distribution and
for authentication uses.
Depend on the use of trap-door functions
A trap-door function is a one-way function with a secret exit - e.g. product of two large numbers; easy to multiply, very hard to factor
Docsity.com *
Implementation
Digital signatures
Requirement:
- To authenticate stored document files as well as messages
- To protect against forgery
- To prevent the signer from repudiating a signed document (denying their responsibility)
Encryption of a document in a secret key constitutes a signature
- Impossible for others to perform without knowledge of the key
- Strong authentication of document
- Strong protection against forgery
- Weak against repudiation (signer could claim key was compromised)
Docsity.com *
Implementation
Digital signatures with public keys
Signing
H(doc)^ h
D(Kpub,{h}) (^) h'
Verifying^ h = h'?authentic:forged
M
H(M)
128 bits
h (^) E(Kpri, h) {h}Kpri
M
signed doc
M
{h}Kpri
Docsity.com *
Implementation
Low-cost signatures with a shared secret
key
Signing
Verifying
M
K
M
K
h = h'?authentic:forged
h
M
signed doc H(M+K) h
h'
H(M+K)
Signer and verifier
share a secret key K
MAC: Message Authentication Code
Docsity.com