Distributed Systems Security Overview Douglas C. Sicker Assistant Professor Department of Computer Science and Interdisciplinary Telecommunications Program

Network Security What well cover: –What is network security? –What are the goals? –What are the threats? –What are the solutions? –How do they operate? This is a lot of info and it might take a few reads to stick.

Network Security Some issues with the book… Assumes malicious intent as the reason for needing security. –Is this valid? Focus on the protocols (not surprising) –However, the real problems with security are mostly outside of the technical space (see the Economist articles). –What else should we consider? For example, more depth on security models, security policy, assurance, insurance, risk assessment… –Lastly, keep in mind that even the best protocols can be misapplied.

Network Security What do we seek? –Confidentially –Integrity –Availability –Non-repudiation –Accounting Mnemonic CIA Lets start with some general threats –Leakage –Tampering –Vandalism

Network Security Attacks –Guessing passwords –Exploiting program operation –Intercepting messages –Message replay –Birthday attack –Overloading resources (DDoS) Whats the easy method of attack?

Network Security Secure design Its a bit of a fallacy, even formal models fail –Why? There was early work in secure OS. –What do you think derailed this work? Often the goal is to avoid disasters and minimize problems Whats the threat, whats the attack and how do we avoid it? Some things to consider –Whats it worth? –Whats it timeliness?

Network Security Cryptology, Cryptography, Cryptanalysis Encryption Decryption Whats a key? –Secret –Private –Public Some uses of cryptographic methods –Secrecy –Authentication –Signature

Network Security Some Important Notation Ka Kab Kapriv Kapub M {M}K [M]K n H Some Characters Alice and Bob Eve Mallory Sue or Sara

Network Security Secrecy and integrity (shared secret) AMAM AE(Kab,M) A:B{M}Kab BD(Kab,M) Problems:

Network Security Authentication (shared secrets) Ticket –An encrypted item generally provided by an authentication server that contains an identity and a shared key generated for that session. 1.A:S request a ticket to talk to B 2.S:A {{ticket}Kb, Kab}Ka Ticket ={Kab, Alice} 3.A:B {Ticket}Kb, Alice, R Problems?

Network Security Secrecy and authentication (Public Keys) 1.A obtains Kbpub 2.A:B keyname, {Kab}Kbpub 3.B decrypts with Kbpriv 4.Now A and B can use Kab This is actually a hybrid technique. (why?) Problems?

Network Security Digital Signature A verification that a message has not been altered. Generally, the DS is on a digest, not the whole message –A Digest is a fixed length value computed by a hash function 1.A creates a digest Digest (M) 2.A:B M, {Digest (M)}Kapriv 3.B uses Kapub to decrypt B now computes digest on M and compares

Network Security Certificate –A document signed by a trusted principal Certificate Chain –A hierarchy of trust Requirements of certificates –Standardized format –Agreed chain construction –Problem: revocation (somewhat solved with expiry dates)

Figure 7.5 Public-key certificate for Bobs Bank 1.Certificate type:Public key 2.Name:Bobs Bank 3.Public key:K Bpub 4.Certifying authority:Fred – The Bankers Federation 5.Signature: {Digest(field 2 + field 3)} K Fpriv

Network Security Access control –Process of deciding whether to allow a principal to carry out an operation or a certain resource. Protection Domain –Abstraction indicating the rights and resources –Really just a set of processes that share access to a resource. –Implemented by capabilities and ACL Credentials –Set of evidence provided by a principal –Delegation – giving authority to another principal

Network Security Cryptographic algorithms Block ciphers –message is divided into blocks, encrypted and sent –Problem: repeating patterns Cipher Block Chaining (CBC) –Combine plaintext with previous cipher text (XOR) –Problem: beginning or trailing repetition (solution?) Stream cipher –Used with realtime communication –Bit by bit encryption –Keystream generator (obscure data)

Figure 7.6 Cipher block chaining n n+3n+2n+1 XOR E(K, M) n-1n-2 n-3 plaintext blocks ciphertext blocks Decryption?

Network Security Shannon –The E –Confusion (obscure) –Diffusion (randomize) Symmetric Algorithms –TEA –DES –IDEA –AES Asymmetric Algorithms –RSA –Diffie Hellman

Network Security Cryptographic algorithms Secret key (Symmetric) D (K, E(K,M)) = M If you know M and {M}K, a brute force attack takes 2 n-1 (average) 2 n (maximum) Public/private key (Asymmetric) Involves a trapdoor or secret exit Generally a mathematical concept –Product of 2 large primes (easy), Factoring that product (hard) –Function of a curve

Figure 7.10 TEA in use void tea(char mode, FILE *infile, FILE *outfile, unsigned long k[]) { /* mode is e for encrypt, d for decrypt, k[] is the key.*/ char ch, Text[8]; int i; while(!feof(infile)) { i = fread(Text, 1, 8, infile);/* read 8 bytes from infile into Text */ if (i <= 0) break; while (i < 8) { Text[i++] = ' ';}/* pad last block with spaces */ switch (mode) { case 'e': encrypt(k, (unsigned long*) Text); break; case 'd': decrypt(k, (unsigned long*) Text); break; } fwrite(Text, 1, 8, outfile);/* write 8 bytes from Text to outfile */ }

Figure 7.9 TEA decryption function void decrypt(unsigned long k[], unsigned long text[]) { unsigned long y = text[0], z = text[1]; unsigned long delta = 0x9e3779b9, sum = delta << 5; int n; for (n= 0; n < 32; n++) { z -= ((y > 5) + k[3]); y -= ((z > 5) + k[1]); sum -= delta; } text[0] = y; text[1] = z; }

Network Security Digital Signature –Authenticate –Unforgeable –Nonrepudiation =>Bind identity to document Two mechanisms –Digital signature (Private or public) –Digital function (Secure hash)

Digital signatures with public keys 1.A generates Kapub and Kapriv (Makes Kapub available) 2.A computes digest M => H(M); S= {H(M)}Kapriv 3.A:B M, S 4.B decrypts S with Kapub => H(M); computes H(M) and compares

Low-cost signatures with a shared secret key 1.A generates K; sends it to B (securely) 2.A computes h=H(M+K) 3.A:B M,h 4.B computes H(M+K) and compares

Network Security Characteristics of a Secure Digest Function 1.Given M, it is easy to compute h 2.Given h, it is hard to compute M 3.Given H(M), it should be very hard to find H(M)=H(M 1 ) MD5 and SHA are examples of secure digests

Network Security Certificate standards and authorities X.509 –provides the standard format; binds public key to a subject based on a trusted signature –Includes a validity period Certificate Authority –Provided by a certificate authority –Verisign …

Network Security Pragmatics Review the book for info on performance of protocols Politics of security are quite messy –Government resistance International front Criminal front –Many issues to consider, even as a technologist –Corporate drivers versus Government (national and public safety drivers) –Corporate and government versus civil liberties

Figure 7.15 The Needham–Schroeder secret-key authentication protocol HeaderMessageNotes 1. A->S: A, B, N A A requests S to supply a key for communication with B. 2. S->A: {N A, B, K AB, {K AB, A} K B } K A S returns a message encrypted in As secret key, containing a newly generated key K AB and a ticket encrypted in Bs secret key. The nonce N A demonstrates that the message was sent in response to the preceding one. A believes that S sent the message because only S knows As secret key. 3. A->B: A sends the ticket to B. 4. B->A: B decrypts the ticket and uses the new key K AB to encrypt another nonce N B. 5. A->B: A demonstrates to B that it was the sender of the previous message by returning an agreed transformation of N B. {K AB, A} K B {N B } K AB {N B - 1} K AB

Figure 7.16 System architecture of Kerberos Server Client DoOperation Authentication database Login session setup Ticket- granting service T Kerberos Key Distribution Centre Server session setup Authen- tication service A 1. Request for TGS ticket 2. TGS ticket 3. Request for server ticket 4. Server ticket 5. Service request Request encrypted with session key Reply encrypted with session key Service function Step B Step A Step C C S

Network Security Kerberos -MIT extension of N&S 1.C:A C,T,n 2.A:C {Kct,n}Kc, {ticket(C,T)}Kt {ticket(C,T)}Kt = {C,T,t1,t2,Kct}Kt 3.C:T{auth(C)}Kct, {ticket(C,T)}Kt, S, n {auth(C)}Kct = {C,t}Kct 4.T:C {Kcs,n}Kct, {ticket(C,S)}Ks 5.C:S{auth(C)}Kcs, {(ticket(C,S)}Ks, request, n 6.S:C {n}Kcs, reply