Chapter 21 Distributed System Security Copyright © 2008.

Slides:

Advertisements

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

Advertisements

1 Authentication Applications Ola Flygt Växjö University, Sweden

Chapter 14 – Authentication Applications

NETWORK SECURITY.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Cryptography and Network Security

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Authentication & Kerberos

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Cryptography and Network Security Chapter 17

1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Applied Cryptography for Network Security

Chapter 8 Web Security.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Chapter 31 Network Security

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Web Security : Secure Socket Layer Secure Electronic Transaction.

Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.

IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.

Csci5233 computer security & integrity 1 Cryptography: an overview.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

KERBEROS SYSTEM Kumar Madugula.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

Pertemuan #8 Key Management Kuliah Pengaman Jaringan.

1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.

Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Computer Communication & Networks

Cryptography and Network Security

The Secure Sockets Layer (SSL) Protocol

Presentation transcript:

Chapter 21 Distributed System Security Copyright © 2008

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere2 Introduction Issues in Distributed System Security Message Security Authentication of Data and Messages Third-Party Authentication

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere3 Issues in Distributed System Security Kinds of security threats in distributed OSs: –Leakage  of message contents –Tampering  of message contents –Stealing  use of resources without authorization –Denial of service to authorized users Leakage and tampering are threats to message security Threats addressed through two means: –Message security techniques –Authentication of remote users

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere4 Security Mechanisms and Policies

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere5 Security Attacks in Distributed Systems Additionally, security attacks can be classified into: –Passive attacks and active attacks

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere6 Message Security Approaches to message security can be: –Link-oriented Tends to be expensive –Cost depends on the number of links over which a message travels –End-to-end Approach assumed in following discussions Three approaches to message security: –Private (or secret) key encryption –Public key encryption –Session keys

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere7 Message Security (continued)

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere8 Distribution of Encryption Keys KDC: Key distribution center –For public key encryption, KDC maintains a directory containing public keys of all entities in the system –When session keys are used, KDC generates a new session key on demand

Operating Systems, by Dhananjay Dhamdhere Copyright © Distribution of Public Keys Steps –Step 1: P i → KDC : E U kdc (P i, P j ) –Step 2: KDC → P i : E U i (P j, U j ) Encryption is employed merely to prevent message tampering Operating Systems, by Dhananjay Dhamdhere9

Operating Systems, by Dhananjay Dhamdhere Copyright © Distribution of Session Keys Steps –Step 1: P i → KDC : P i, P j –Step 2: KDC → P i : E V i (P j, Sk i,j, EV j (P i,Sk i,j )) –Step 3: P i → P j : E V j (P i, Sk i,j ), E SK i,j ( ) Operating Systems, by Dhananjay Dhamdhere10

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere11 Preventing Message Replay Attacks Message replay attack: intruder copies messages passing over network and “plays them back” later –Replayed message may mislead recipient into taking wrong or duplicate actions May affect data consistency May reveal confidential information Solution: use challenge-response protocol to check whether message exchange is in real time –Steps: challenge, response, detect P j → P i : E SK i,j (n) P j → P i : E SK i,j (n+1) Challenge string n is called a nonce

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere12 Mutual Authentication Processes in a communication session should validate each other’s identity at start of session –Defeats masquerading attacks

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere13 Authentication of Data and Messages Authenticity: requires process to verify that data was originated/sent by a claimed person or process –And that it has not been tampered with by intruder Latter aspect implies integrity of data To ensure integrity, use a hash or message digest –One-way hash function for which a birthday attack is infeasible Certification authority (CA) provides information concerning encryption keys used by persons or processes in a secure manner

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere14 Certification Authorities and Digital Certificates A certification authority (CA): –Assigns public and private keys to an entity After ascertaining its identity by using some means of physical verification Keys are valid for a specific period of time –Acts like a key distribution center –Keeps a record of keys assigned by it –Issues public key certificates Used to avoid man-in-the-middle attacks

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere15 Certification Authorities and Digital Certificates (continued) A public key certificate includes: –Serial number of the certificate –Owner’s distinguished name (DN) DNS name of the owner, and owner’s name, unit, locality, state, and country in a textual form –Identifying information of owner E.g., address –Owner’s public key –Date of issue and date of expiry, and issuer’s DN –Digital signature on the above information by CA

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere16 Message Authentication Codes and Digital Signature A message authentication code (MAC) is used to check the integrity of data –A one-way hashing function is used to obtain a message digest of data –It is encrypted using a secret key known only by sender and intended recipient A digital signature is used to verify authenticity of data –This identification is non-repudiable –Can also be used to detect any modifications of data after the data was created or sent by a process –Both are achieved through use of private keys

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere17 Message Authentication Codes and Digital Signature (continued)

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere18 Third-Party Authentication How does a server know whether a process wishing to act as its client was created by an authorized user? –Require each server to authenticate every user through a password Inconvenient –Use a third-party authenticator and a secure arrangement Kerberos  uses an authentication database SSL  decentralized

Operating Systems, by Dhananjay Dhamdhere Copyright © Kerberos Developed in project Athena at MIT Kerberos authentication server (KAS) uses an authentication data base Authorization is performed by giving tickets to processes –A ticket is like a capability, it authorizes a process to use a service –It contains the process and server ids, a session key for communication, and the lifetime over which it is valid At log in time, each process gets a ticket to a ticket granting server (TGS); TGS generates tickets for other servers Operating Systems, by Dhananjay Dhamdhere19

Operating Systems, by Dhananjay Dhamdhere Copyright © Kerberos (continued) When a process wishes to use a server It submits a ticket for the server and an authenticator containing a time-stamp encrypted with the session key Server checks validity of ticket, extracts the session key and checks the authenticator to ensure that the request is made in ‘real time’ Operating Systems, by Dhananjay Dhamdhere20

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere21 Kerberos (continued) Initial authentication: Obtaining ticket for server: Obtaining service:

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere22 Secure Sockets Layer (SSL) SSL is a message security protocol providing authentication and communication privacy Works on top of a reliable transport protocol such as TCP/IP Transport layer security (TLS) protocol is based on SSL 3.0 Two phases: –SSL handshake protocol –SSL record protocol

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere23 Secure Sockets Layer (SSL) Handshake protocol: –Performs server authentication –Selection of session’s cryptographic algorithms –(Optionally) performs client authentication –Enables client and server to generate shared secret Used to generate session keys Record protocol: – securely sent using a session key, where m is text of message To avoid man-in-the-middle attacks, certificate is verified and challenge-response protocol used to authenticate client

Operating Systems, by Dhananjay Dhamdhere Copyright © Operating Systems, by Dhananjay Dhamdhere24 Summary Intruders can launch a variety of attacks: leakage, tampering, masquerading, or denial of service –Leakage/tampering are threats to message security Solution: Use encryption –Private, public and session keys –Session keys are typically used Message replay attacks can be avoided using challenge-response protocol Third-party authenticators: Kerberos, SSL Digital signature: used to verify authenticity of data –Public key certificate used to securely distribute public key