Information Security in Distributed Systems Distributed Systems1.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
Cryptography and Network Security Chapter 1
1 Topic 1 – Lesson 3 Network Attacks Summary. 2 Questions ► Compare passive attacks and active attacks ► How do packet sniffers work? How to mitigate?
Chapter 10: Security Threats Mechanisms Subject Object
Informationsteknologi Thursday, October 11, 2007Computer Systems/Operating Systems - Class 161 Today’s class Security.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
Computer and Network Security. Introduction Internet security –Consumers entering highly confidential information –Number of security attacks increasing.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Applied Cryptography for Network Security
Introduction (Pendahuluan)  Information Security.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
 2001 Prentice Hall, Inc. All rights reserved. Chapter 7 – Computer and Network Security Outline 7.1Introduction 7.2Ancient Ciphers to Modern Cryptosystems.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
1 Cryptography and Network Security Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed by: Somesh Jha [Lecture 1]
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Operating Systems Protection & Security.
Silberschatz and Galvin  Operating System Concepts Module 20: Security The Security Problem Authentication Program Threats System Threats Threat.
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
1 Chapter 9 E- Security. Main security risks 2 (a) Transaction or credit card details stolen in transit. (b) Customer’s credit card details stolen from.
BUSINESS B1 Information Security.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
29.1 Lecture 29 Security I Based on the Silberschatz & Galvin’s slides And Stallings’ slides.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Types of Electronic Infection
Network Security Jiuqin Wang June, 2000 Security & Operating system To protect the system, we must take security measures at two levels: Physical level:
Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
1 Network and E-commerce Security Nungky Awang Chandra Fasilkom Mercu Buana University.
Topic 5: Basic Security.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Chap1: Is there a Security Problem in Computing?.
Network Security Introduction
INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.
Network Security Celia Li Computer Science and Engineering York University.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
Chapter 40 Internet Security.
Information and Network Security
12: Security The Security Problem Authentication Program Threats
Security.
Operating System Concepts
Operating System Concepts
Presentation transcript:

Information Security in Distributed Systems Distributed Systems1

2 Subject Object Data and control stream Interruption Interception Modification Fabrication Authorization Authentication Encryption Auditing Objects: passive entities whose security attributes must be protected Subjects: active entities that access objects Threats: potential dangers which harm security Security Policy: a precise specification to describe appropriate levels of security Security Mechanism: an implementation of a given security policy ThreatsMechanisms

Distributed Systems3 Types of Threats Interception: an unauthorized subject has gained access to an object, such as stealing data, overhearing others communication, etc. Interruption: services or data become unavailable, unusable, destroyed, and so on, such as lost of file, denial of service, etc. Modification: unauthorized changing of data or tempering with services, such as alteration of data, modification of messages, etc. Fabrication: additional data or activities are generated that would normally no exist, such as adding a password to a system, replaying previously send messages, etc.

4 Methods of Attack Eavesdropping: obtaining copies of messages without authority Masquerading: sending/receiving messages using other’s identifier Tempering: stealing messages and altering their contents Replaying: storing messages and sending them at later date Infiltrating: accessing system in order to run programs that implement the attack (virus, worm, Trojan horse) Unknown yet: new attacking methods may appear later

Distributed Systems5 Trojan Horse: A piece of code that misuses its environment. The program seems innocent enough, however when executed, unexpected behavior occurs. Worms: Use spawning mechanism; standalone programs. Such facilities may exist accidentally as well as intentionally. Viruses:Fragment of code embedded in a legitimate program. Mainly effects personal PC systems. These are often downloaded via or as active components in web pages. Indirect Infiltration

Distributed Systems6 Security Mechanisms Encryption: transforming data into something an attacker cannot understand, i.e., providing a means to implement confidentiality, as well as allowing user to check whether data have been modified. Authentication: verifying the claimed identity of a subject, such as user name, password, etc. Authorization: checking whether the subject has the right to perform the action requested. Auditing: tracing which subjects accessed what, when, and which way. In general, auditing does not provide protection, but can be a tool for analysis of problems.

Distributed Systems7 : client : service : data (a) invalid operations (b) illegal invocations (c) Illegal client where Focus of Control

Distributed Systems8 encrypt/decrypt Trusted secure system kernel Authentic ation authorizat ion auditing other servers req reply ……… clients Special servers dedicated to different security issues Dedicated Security Mechanism

Distributed Systems9 Application + security Middleware + security Operation system and security Secure Comm. kernel mechanism security Application + security Middleware + security Operation system and security Secure Comm. kernel mechanism security client Layered Security Mechanism

Distributed Systems10 Secure serverNormal server client RISSC Security Mechanism RISSC (Reduced Interface for Secure System Components) Any security-critical server is placed on a separate machine isolated from end-user systems using low-level secure network interface. Clients run on different machines and can access the secured server only through these network interface.

Distributed Systems11 Cryptography Intruders and eavesdroppers in communication

Distributed Systems12 Discussion of DES The principle of DES is quite simple: initial permutation, 16 rounds of transformation, and final permutation. Even through the DES algorithm is well known, but the key or cipher is difficult to break using analytical methods. Using a brute-force attack by simply searching for a key is possible. However, for 56-bit key, there are 2 56 possible key combinations, if we could search one key in 1 µs, then we need 2283 years to try all keys. (Distributed.net broke a DES-56 within 22 hours and 15 minutes, by using 100,000 PCs). Use 3DES (K1, K2, K3), or DES-128 for high security.

Distributed Systems13 Authentication How to make the communication between clients and servers (or senders and receivers) secure? We need to authentication of communication parties. Authentication and message integrity are closely related, cannot go without each other. Commonly use authentication models: (1) based on a shared secret key (2) based on a key from KDC (Key Distribution Center) (3) based on public key

Distributed Systems14 Digital Signatures A digit signature has the same authentication and legally binding functions as a handwritten signature. An electronic document or message M can be signed by an entity A by encrypting a copy of M in a key K A and attaching it to a plain-text copy of M and A’s identifier, such as. Once a signature is attached to a electronic document, it should be possible (1) any party that receives a copy of message to verify that the document was originally signed by the signatory, and (2) the signature can not be altered either in transmit or the receivers.

Distributed Systems15 Firewalls A Firewall is a special kind reference monitor to control external access to any part of a distributed system. A Firewall disconnects any part of a distributed system from outside world, all outgoing and incoming packets must be routed through the firewall. A firewall itself should be heavily protected against any kind of security threads. Models of firewall: Packet-filtering gateway Proxy: Application-level Proxy Circuit-level Proxy

Distributed Systems16 Firewalls: Bastian structure internal network external network Bastian … protected hosts … A Bastian is a special computer which provides secure services, including authentication and access control. Bastian can be a single machine or a dual-machine.

Distributed Systems17 Firewalls: Bastian + Filtering gateway internal network external network Filtering gateway bastian … protected machines... Gateway implements IP packet filtering functions. A Bastian provides secure services.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.