ECE151 Lecture 13: Security in Distributed Systems, Study notes of Electrical and Electronics Engineering

A set of lecture notes from ece151, focusing on security in distributed systems. It covers the basics of security, secure channels, access control, dependability, security mechanisms, policies, focus of control, and cryptography. The document also discusses authentication, integrity, confidentiality, and digital signatures.

Typology: Study notes

Pre 2010

Uploaded on 09/17/2009

koofers-user-r95
koofers-user-r95 🇺🇸

5

(2)

10 documents

1 / 31

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ECE151 – Lecture 13
ECE151 – Lecture 13
Chapter 8
Security
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f

Partial preview of the text

Download ECE151 Lecture 13: Security in Distributed Systems and more Study notes Electrical and Electronics Engineering in PDF only on Docsity!

ECE151 – Lecture 13

Chapter 8

Security

Overview

Introduction

Secure channels

Access control

Security management

Security Threats

Subject: Entity capable of issuing a request for a service provided by an object Channel: The carrier of requests and replies for services Object: Entity providing services to subjects. Channels and objects are subject to security threats : Threat Channel Object Interruption Preventing message Denial of service transfer Inspection Reading the content Reading the data of transferred contained in an messages object Modification Changing message Changing an object’s content encapsulated data Fabrication Inserting messages Spoofing an object

Security Mechanisms

Issue: To protect against security threats, we have a number of security mechanisms at our disposal: Encryption: Transform data into something that an attacker cannot understand (confidentiality). It is also used to check whether something has been modified (integrity). Authentication: Verify the claim that a subject says it is S : verifying the identity of a subject. Authorization: Determining whether a subject is permitted to make use of certain services. Auditing: Trace which subjects accessed what, and in which way. Useful only if it can help catch an attacker. Note: authorization makes sense only if the requesting subject has been authenticated

Example: Globus Security Architecture

Diagram of Globus security architecture. Policy statements lead to the introduction of mechanisms for cross-domain authentication and making users globally known => user proxies and resource proxies

Focus of Control

Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized users Note: We generally need all three, but each requires different mechanisms What is our focus when talking about protection of data?

Layering of Security Mechanisms

Several sites connected through a wide-area backbone service.

Distribution of Security Mechanisms

The principle of RISSC as applied to secure distributed systems.

Cryptography

Notation used in this chapter.

Private key of A Public key of A KA, B Secret key shared by A and B Notation Description K A

K A !

Cryptographic Functions

Essence: Make the encryption method E public, but

let the encryption as a whole be parameterized by

means of a key S (Same for decryption)

One-way function: Given some output m

out

of E

S

it is (analytically or) computationally infeasible

to find m

in

: E

S

( m

in

) = m

out

Weak collision resistance: Given a pair ( m, E

S

( m )),

it is computationally infeasible to find an m* ≠ m

such that E

S

( m* ) = E

S

( m )

Strong collision resistance: It is computationally

infeasible to find any two different inputs m and m*

such that E

S

( m ) = E

S

( m* )

Secure Channels

Goal: Set up a channel allowing for secure

communication between two processes:

They both know who is on the other side

(authenticated).

They both know that messages cannot be tampered

with (integrity).

They both know messages cannot leak out

(confidentiality).

Authentication versus Integrity

Note: Authentication and data integrity rely on each other: Consider an active attack by Trudy on the communication from Alice to Bob. Authentication without integrity: Alice’s message is authenticated, and intercepted by Trudy, who tampers with its content, but leaves the authentication part as is. Authentication has become meaningless. Integrity without authentication: Trudy intercepts a message from Alice, and then makes Bob believe that the content was really sent by Trudy. Integrity has become meaningless. Question: What can we say about confidentiality versus authentication and integrity?

Authentication

Authentication based on a shared secret key, but using

three instead of five messages.

This is not sound

Authentication

The reflection attack.