Distributed Systems. Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community.

Slides:

Advertisements

Similar presentations

DNSSEC in Windows Server. DNS Server changes Provide DNSSEC support in the DNS server – Changes should allow federal agencies to comply with SC-20 and.

Advertisements

Review iClickers. Ch 1: The Importance of DNS Security.

 IPv6 Has built in security via IPsec (Internet Protocol Security). ◦ IPsec Operates at OSI layer 3 or internet layer of the Internet Protocol Suite.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

High Performance Computing Course Notes Grid Computing.

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

Deployment of the Light Weight IPv6 protocols In the Internet of Things(IoT) draft-fu-lwig-iot-usecase-00 Qiao Fu China Mobile

Lecture 18 Page 1 CS 236 Online DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.

1 DNSSEC From a protocol bug to a security advantage Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

1 © NOKIA Presentation_Name.PPT / DD-MM-YYYY / Initials Company Confidential The Internet offers no inherent security services to its users; the data transmitted.

IPv6: The Next Generation Internet Dipen Chauhan.

1 SecSpider: Distributed DNSSEC Monitoring Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

1 The State and Challenges of the DNSSEC Deployment Eric Osterweil Michael Ryan Dan Massey Lixia Zhang.

Chapter 3 : Distributed Data Processing

DNS Security Extensions (DNSSEC) Ryan Dearing. Topics History What is DNS? DNS Stats Security DNSSEC DNSSEC Validation Deployment.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

Internet Protocol Security (IPSec)

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

Identity Management and DNS Services Tianyi XING.

Brian Shiers January 6 th, Publisher Word Excel PowerPoint OneNote Outlook Access InfoPath SharePoint Workspace Excel OneNote PowerPoint Word.

Host Mobility for IP Networks CSCI 6704 Group Presentation presented by Ye Liang, ChongZhi Wang, XueHai Wang March 13, 2004.

1 DNSSEC at ESnet ESCC/Internet2 Joint Techs Workshop July 19, 2006 R. Kevin Oberman Network Engineer Lawrence Berkeley National Laboratory.

TELE 301 Lecture 11: DNS 1 Overview Last Lecture –Scheduled tasks and log management This Lecture –DNS Next Lecture –Address assignment (DHCP)

Computer Networks: Domain Name System. The domain name system (DNS) is an application-layer protocol for mapping domain names to IP addresses Vacation.

IIT Indore © Neminath Hubballi

Grid Computing Security A Taxonomy Fletcher Liverance, 5 May 2009 IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta.

DISTRIBUTED COMPUTING

An Introduction to Encrypting Messages on the Internet Mike Kaderly INFS 750 Summer 2010.

Presented by: Sanketh Beerabbi University of Central Florida COP Cloud Computing.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

1 4/23/2007 Introduction to Grid computing Sunil Avutu Graduate Student Dept.of Computer Science.

SAM-21 Fortress Model and Defense in Depth Some revision on Computer Architecture.

11 SECURING NETWORK COMMUNICATION Chapter 9. Chapter 9: SECURING NETWORK COMMUNICATION2 OVERVIEW  List the major threats to network communications. 

1 DNSSEC Transforming a protocol bug into an admin tool Lutz Donnerhacke db089309: 1c1c 6311 ef09 d819 e029 65be bfb6 c9cb.

1 Madison, Wisconsin 9 September14. 2 Security Overlays on Core Internet Protocols – DNSSEC and RPKI Mark Kosters ARIN Engineering.

2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

Enabling the Future Service-Oriented Internet (EFSOI 2008) Supporting end-to-end resource virtualization for Web 2.0 applications using Service Oriented.

Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

DNS Security Extension 1. Implication of Kaminsky Attack Dramatically reduces the complexity and increases the effectiveness of DNS cache poisoning –No.

Chapter 3 Selecting the Technology. Agenda Internet Technology –Architecture –Protocol –ATM IT for E-business –Selection Criteria –Platform –Middleware.

MICROSOFT TESTS /291/293 Fairfax County Adult Education Courses 1477/1478/1479.

By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.

Lecture 18 Page 1 CS 236, Spring 2008 DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses –E.g., thesiger.cs.ucla.edu.

Ch 6: DNSSEC and Beyond Updated DNSSEC Objectives of DNSSEC Data origin authentication – Assurance that the requested data came from the genuine.

1 TCS Confidential. 2 Objective : In this session we will be able to learn:  What is Cloud Computing?  Characteristics  Cloud Flavors  Cloud Deployment.

DNS Cache Poisoning (pretending to be the authoritative zone) ns.example.co m Webserver ( ) DNS Caching Server Client I want to access

Internet infrastructure 1. Infrastructure Security r User expectations  Reliable service  Reliable endpoints – although we know of spoofing and phishing.

Security of the Internet of Things: perspectives and challenges

Doc.: IEEE /0122r0 Submission January 2012 Dorothy Stanley, Aruba NetworksSlide 1 IEEE IETF Liaison Report Date: Authors:

Windows Vista Configuration MCTS : Advanced Networking.

Multicast in Information-Centric Networking March 2012.

Using Digital Signature with DNS. DNS structure Virtually every application uses the Domain Name System (DNS). DNS database maps: –Name to IP address.

Security Issues with Domain Name Systems

DNS Security Advanced Network Security Peter Reiher August, 2014

Grid Computing.

DNS Cache Poisoning Attack

Chapter 19 Domain Name System (DNS)

Network Services.

DNS Security The Domain Name Service (DNS) translates human-readable names to IP addresses E.g., thesiger.cs.ucla.edu translates to DNS.

Chapter 15 - IP: Software To Create A Virtual Network

Presentation transcript:

Distributed Systems

Outline  Services: DNSSEC  Architecture Models: Grid  Network Protocols: IPv6  Design Issues: Security  The Future: World Community Grid

Services: DNSSEC

DNS  Large distributed database for name-to-ip resolution (ex: DNS Query)DNS Query  Was not originally designed with security in mind – naturally has security flaws:  Packet interception  DNS cache poisoning / Name chaining  ID guessing [RFC 3833, 2004]

 DNSSEC – suite of IETF specifications for securing information provided by DNS and IP.  Authentication of origin  Data integrity  Backwards compatibility [RFC 3833, 2004]

 RFC 2065 published in 1997, but problems have existed since then and are still being worked out  Did not scale well for the internet  Backwards compatibility  Who should own TLD root keys  Complexity of deployment  Proposed Standard is currently RFC 4033

 Works by digitally signing DNS responses to lookups using public-key cryptography.  DNS records RRSIG, DNSKEY, DS, and NSEC DNS records created.  RRSIG is the digital signature of the response. Verified using the public key found in DNSKEY record.  DS records are for designated signers.

 Start with a trusted DNS root. Look up the DS record for TLD to verify the DNSKEY records for that TLD.  Next, check if DS record for site.com exists in the TLD zone, and if so, use that to verify the DNSKEY found in the site.com zone.  Finally, verify RRSIG record found in the A records for [RFC 4033, 2005]

Architectural Model: Grid

Grid Architecture  Use idle machine for more efficient use of the resources such as cpu, memory, storage, bandwidth, databases, etc.  Geographically dispersed  Must be provisioned to determine location, availability, and scheduling of resources. [IT Pro, 2004]

Related Terms: Comparison  Utility Computing: Leased like a utility from a company. Expect providers to switch to using grids (Sun, for example)  Cluster computing: machines usually closely coupled and connected through high speed network – generally in the same room.  P2p: considered to be an application that uses grid services for file sharing, whereas the grid can allow for sharing of any resource type.

 Cloud computing: Very similar to grid. So similar it’s difficult to pull out the differences and different people state different things…  Overall, many sources mention “on-demand” for cloud computing, whereas grid computing focuses on one problem at a time. [IT Pro, 2004]

 Not all applications are efficient on a grid – must have high levels of parallelism in order to be effective and overcome the overhead involved with grid computing.

Network Protocols: IPv6

 Defined in 1998 by Internet Engineering Task Force (IETF), RFC 2460  Main feature is much larger number of addresses  IPv4 uses 32 bits, allowing for 2 32 addresses, whereas IPv6 uses 128 bits (2 128 addresses)  Other changes include network security, improved routing, extensibility, among others. [Geer, 2005]

 Many benefits available from the extensive amount of IP addresses. Ex:  Distributed applications on cell phones  Japanese windshield wipers for taxi cabs  Track devices for warranties, upgrade / repair, emergencies  Smart homes [Geer, 2005]

 Main difficulty is making the switch from IPv4 to IPv6.  Difficult to mix the two  Users generally do not feel the push to switch, especially since NAT has become widespread

Design Issues: Security

 Secure communications between two machines:  Grid Security Infrastructure (GSI)  Mutual authentication  Public key cryptography  Certificates  Single sign-on [Globus]

 In grid computing, we can protect the host by:  Sandboxing  Virtualization  Flexible kernel [Chakrabarti et. al., 2008]  Can we protect the privacy of the grid user?

The Future: World Community Grid (Or Cloud)

World Community Grid  An idea where the grid exists across the internet, and the world is all connected to the grid  Would allow millions of idle processors to be used more efficiently

 Will be very difficult to achieve  Security (unknown users connecting to unknown machines)  Network issues  Control

References  RFC 3833: Threat Analysis of the Domain Name System, The Internet Society, August 2004  RFC 4033: DNS Security Introduction and Requirements, The Internet Society, March 2005    "Grid computing 101: what's all the fuss about?," IT Professional, vol.6, no.2, pp , March-April 2004  D. Geer, “In Brief: IPv6 and Distributed Applications,” IEEE Distributed Systems Online, vol. 6, no.12, December 2005  Chakrabarti, A.; Damodaran, A.; Sengupta, S., “Grid Computing Security: A Taxonomy,” Security & Privacy, IEEE, vol. 6, no.1, pp.44-51, Jan-Feb. 2008