Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Reliability Issues in Distributed Systems Chan Hing Wing, Anthony MPhil Term 1, CSE CUHK December 11, 1998.

Similar presentations

Presentation on theme: "Security and Reliability Issues in Distributed Systems Chan Hing Wing, Anthony MPhil Term 1, CSE CUHK December 11, 1998."— Presentation transcript:


2 Security and Reliability Issues in Distributed Systems Chan Hing Wing, Anthony MPhil Term 1, CSE CUHK December 11, 1998

3 Presentation Outline n Introduction n Distributed system security u Common requirements and approaches u The SSL protocol u CORBA Security n Distributed system reliability u Common requirements and approaches n Summary n Questions and Answers

4 Introduction n Distributed systems developed rapidly over the past two decades n E.g., WWW, automatic teller machines, distant learning n As distributed systems become widely used, their security and reliability becomes very important n Distributed Systems: hardware (autonomous computers, the linking network) and software (distributed system software)  Security and Reliability both have hardware aspect and software aspect

5 Distributed System Security Hardware Vs Software: n Hardware security: keys, locks, cards, visitor monitoring, etc. (not main focus) n Software security: (in terms of user requirements) u integrity: message transmitted over network must be identical to the original u confidentiality: message transmitted must not be readable to unintended entities u availability: the system must not be unavailable due to security attacks u accountability: user actions that is security- critical must be traceable

6 Common Approaches n Cryptography DataSecret-form data encryption decryption  The secret-form data must be unreadable without prior knowledge of a secret / key (confidentiality), but recoverable with knowledge of the secret (availability)  Usually the secret-form data cannot be decrypted successfully if it is tampered  it can be used to ensure the integrity of data, (e.g., message authentication codes (MACs), digital signatures)

7 Common Approaches n Cryptography (cont’d) u Secret-key cryptography: the same key is used in encryption and decryption, e.g., DES, block/stream ciphers, MACs u Public-key cryptography: different keys are used, e.g., RSA, digital signatures u Public keys (PK) Vs Secret keys (SK) F PK do not require distribution of shared secret  more convenient for distributed systems F PK rely heavily on the computational unfeasibility to solve some hard problems (e.g., factoring, travelling salesman)  breakable if these problems were solved

8 Common Approaches n Authentication u the process of verifying a claimed identity u the entity to be authenticated may be a person (e.g., in password checking), a message (i.e., integrity) or a program (e.g., client/server authentication) u usually make use of cryptography, in which a secret (key) of the entity of the owner of it is used to verify its identity u authentication protocols F ways for two components in a DS to ensure each other is the intended entity F usually by negotiating a short-term key for communication (e.g., Needham/Schroeder)

9 Common Approaches n Authorization / Access Control u the process of granting suitable rights to legitimate users u usually by means of access control lists (ACLs) (e.g., permissions in UNIX NFS) n Logging u logging security-critical activities of users (e.g., “su” logs in UNIX), so that any internal security attacks can be accounted for

10 The SSL protocol n Secure Socket Layer, by Netscape n Provides security for applications over the insecure Internet n Overview: Application data protocol SSL handshake protocol SSL record protocol Reliable transport protocol (e.g., TCP) SSL record protocol Application data protocol SSL handshake protocol Application 1 (e.g., telnet, ftp) Application 2

11 The SSL Protocol - The Three Components n Record protocol u encapsulate higher level protocols u divide messages into blocks u compresses message blocks u applies MAC to message blocks u encrypts and transmits message blocks n SSL handshake protocol u allow the client to authenticate the server, and the server to authenticate the client u negotiate an encryption algorithm and key for application data transmission n Application data protocol u transmits data from applications to the record layer, which then sends the data securely

12 The SSL Handshake Protocol CLIENTSERVER “Hello! I want to connect with you. I understand encryption algorithms like DES, RC4, IDEA, etc.…” “Hello, then let’s use DES. This is my certificate. Please check. Please also send yours.” (Client authenticate server by verifying server’s certificate...) “Alright, here is my certificate, and I’ve generated a DES master key. Here I encrypt it with your public key and send it to you I’m finished..” (Server decrypts the DES key received from client…) Ok, I received your key. I’m finished Data encrypted with the DES master key An authentication protocol A sample session: (Server authenticate client by verifying client’s certificate...)

13 The SSL Protocol - Implementation n SSLeay u A commonly used implementation of the SSL protocol (2.0 and 3.0) u Written by Eric Young in Australia u Contains library functions for making SSL communications (e.g., SSL_connect, SSL_free, SSL_get_certificate, SSL_get_cipher) u Includes many encryption algorithms: F ciphers (e.g., DES, RC4, RC2, IDEA) F digests (MD5, MD4, SHA-1) F public keys (RSA, DSA, Diffie-Hellman) u Applications built on top of SSLeay: SSLtelnet, SSLftp, SSLhttpd, etc., by Tim Hudson in Australia u Patches (< 100 K size) to some existing server and client programs that support SSLeay

14 CORBA Security n Security is provided as a kind of CORBA services (not part of the core ORB) n Two levels of security defined: u level 1: does not change IDL definition; applications are unaware of the security mechanism. Users may be authenticated before calling an application, and then security is enforced automatically during object invocation u level 2: new IDL definition introduced; applications can make use of objects such as credentials and Principal-Authenticators to define their own security policies

15 ORB CORBA Security n The security model: Client Server Security Implementation enforcing security policy User requests All object invocations are mediated by the security implementation No specific security policy defined in the model, so that a wide variety of different policies can be defined according to different needs Message protection, access control device, etc. Message protection, access control device, etc.

16 CORBA Security n Principals u Human users or system entities (e.g., the client acting for a user) registered in and authentic to the system n Credentials u Each principal in a CORBA environment with Security Service is associated with credentials u Credentials contain security attributes of an object, e.g., its identity and privileges (like gate-passes) u Credentials are used for access controls, authentication, etc. u An object may have several credentials, representing privileges in different domains

17 CORBA Security n Delegation u Passing of credentials from one object to another, so that the receiving object (intermediate) can invoke a third object (target) on behalf of the passing object (invoker) u Options of delegation: F no delegation F simple delegation F composite delegation F combined delegation F traced delegation invoker intermediate targe Client credentials Client credentials / intermediate credentials / mixed, according to different options

18 CORBA Security n Non-repudiation service u provide services that make users / principals accountable for their actions n Implementation: SSL services come with Orbix; separate purchase for Visigenic Object AObject B Evidence generation & verification Evidence storage & retrieval Delivery Authority Non-repudiation service Adjudicator Dispute/judgement Service requests / responses

19 Distributed System Reliability n Reliability: broad meaning (dependability): u security u availability u fault tolerance u recoverability u correctness u consistency u timeliness

20 Reliability n A narrower definition (J. Stankovic): u Fault: a mechanical or algorithmic defect which may generate an error u Error: an item of information which will produce a failure u Failure: an event at which a system violates its specifications  Reliability: the degree of tolerance against errors and faults

21 Reliability Hardware Vs Software: n Hardware reliability u hardware redundancy, high-quality IC, wires, UPS, etc. (not main focus) n Software reliability u fault tolerance u error recovery u data / code redundancy

22 Common Approaches n Replication u keeping > 1 copies of data / programs in system, increase availability u Fault masking: F masking out the effects of faults by data / program redundancy in replicas u Majority voting: F process requests on different servers, and produce the most possible results by voting on results from different servers n Crash recovery u E.g., by logging, checkpointing

23 Common Approaches n Reliable transmission protocols u protocols with error detection, correction e.g., TCP/IP n Concurrency control u locking u ordering

24 Summary n Security requirements and approaches in distributed systems u The SSL protocol u CORBA Security Service n Reliability requirements and approaches in distributed systems

25 Next Steps n Know more about distributed system reliability n Study the CORBA Security Service specification; investigate existing implementations of the spec. n Probably implement a system that demonstrates security & reliability in the CORBA environment

26 The End Questions and Answers session

Download ppt "Security and Reliability Issues in Distributed Systems Chan Hing Wing, Anthony MPhil Term 1, CSE CUHK December 11, 1998."

Similar presentations

Ads by Google