Download presentation
Presentation is loading. Please wait.
Published byRuby Sharp Modified over 8 years ago
1
© Chinese University, CSE Dept. Distributed Systems / 3 - 1 Distributed Systems Topic 3: Security Dr. Michael R. Lyu Computer Science & Engineering Department The Chinese University of Hong Kong
2
© Chinese University, CSE Dept. Distributed Systems / 3 - 2 Outline 1 Motivation 2 Styles of Attacks 3 Cryptography 4 Authentication, Security Protocols and Systems 5 Summary
3
© Chinese University, CSE Dept. Distributed Systems / 3 - 3 1 Motivation More vital/secret data handled by distributed components within network systems and Internet. Security: protecting data stored in and transferred between distributed components from unauthorized access. Insecurity effect: Confidential Data may be stolen, e.g.: –corporate plans. –new product designs. –medical/financial records (e.g. Access bills…) Insecurity effect: Data may be altered, e.g.: –finances made to seem better than they are. –results of tests, e.g. on drugs, altered. –examination results amended (up or down).
4
© Chinese University, CSE Dept. Distributed Systems / 3 - 4 1 Why are Distributed Systems Insecure? Distributed component rely on messages sent and received from network. Is network (especially WANs and wireless networks) secure? Is client component secure? Is client component who it claims to be? Are users of calling components really who they claim to be?
5
© Chinese University, CSE Dept. Distributed Systems / 3 - 5 1 Consequences of Insecurity Loss of confidence: above effects may reduce confidence in computerized systems. Claims for damages: legal developments may allow someone to sue if data on computer has not been guarded according to best practice. Loss of privacy: data legally stored on a computer may well be private to the person concerned (e.g. medical/personnel) record.
6
© Chinese University, CSE Dept. Distributed Systems / 3 - 6 2 Security Threats Categorization of attacks (and goals of attacks) that may be made on system. Three broad classes: –leakage: information leaving system. –tampering: unauthorized information altering. –vandalism: disturbing correct system operation. Used to specify what the system is proof, or secure, against. Attacks: Passive and Active
7
© Chinese University, CSE Dept. Distributed Systems / 3 - 7 2 Passive Attacks Eavesdropping on transmissions –Receive message copies without authority. To obtain information Release of message contents –Outsider learns content of transmission Traffic analysis –By monitoring frequency and length of messages, even encrypted, nature of communication may be guessed Difficult to detect Can be prevented
8
© Chinese University, CSE Dept. Distributed Systems / 3 - 8 2 Active Attacks Masquerading: Pretending to be a different entity without authority. Message tampering: Intercepting and altering messages. Replaying: Storing messages and sending them later. Denial of service: Flooding server resources with messages in order to deny other’s access. Hard to prevent Easy to detect –Detection may lead to deterrent
9
© Chinese University, CSE Dept. Distributed Systems / 3 - 9 2 Security Attack Scenarios Eavesdropping: Bob Alice “Let’s meet at 5pm, old place” Tom “hee hee…” Tampering: BobAlice “Let’s meet at 5pm, old place” Tom “Let’s meet at 3pm, old place” Replaying: Bob Tom “Let’s meet at 5pm today” Alice One day later: “Let’s meet at 5pm today”
10
© Chinese University, CSE Dept. Distributed Systems / 3 - 10 2 Infiltration Launch of attack requires access to the system. –Launched by legitimate users. –Launched after obtaining passwords of known users. Subtle ways of infiltration over Internet: –Viruses –Worms –Trojan Horses Ways to combat: –Keep the Operating System updated –Use a firewall
11
© Chinese University, CSE Dept. Distributed Systems / 3 - 11 3 Cryptography 1 Introduction 2 Terminology 3 Encryption 4 Secret Keys 5 Public Keys 6 RSA Encryption Algorithm
12
© Chinese University, CSE Dept. Distributed Systems / 3 - 12 3.1 Introduction Cryptography: encode message data so that it can only be understood by intended recipient. Romans used it in military communication. Given knowledge of encryption algorithm, a brute force attempt is to try every possible decoding until a valid message is produced. Computers are good at this! Modern schemes must be computationally hard to solve to remain secure.
13
© Chinese University, CSE Dept. Distributed Systems / 3 - 13 3.2 Cryptographic Terminology Plain text: the message before encoding (by encryption). Cipher text: the message after encoding. Key: information needed to convert from plain text to cipher text (or vice-versa). Function: the encryption or decryption algorithm used, in conjunction with key, to encode or decode message. Key distribution service: trusted service which hands out keys.
14
© Chinese University, CSE Dept. Distributed Systems / 3 - 14 3.3 Encryption Encrypting data prevents unauthorized access to the data (i.e., prevents eavesdropping). If encrypted data can only be encrypted with a matching key, this can be used to prove sender’s identity (i.e., prevents masquerading). Likewise, it can be used to ensure that only intended recipients can use the data.. Two main ways: secret key and public key.
15
© Chinese University, CSE Dept. Distributed Systems / 3 - 15 3.4 Secret Keys One key is used to both encrypt and decrypt data Encryption and decryption functions are often chosen to be the same type Security should not be compromised by making function well-known as security comes from secret keys Example: Enigma Encription Machine
16
© Chinese University, CSE Dept. Distributed Systems / 3 - 16 3.4 Enigma Encryption Machine
17
© Chinese University, CSE Dept. Distributed Systems / 3 - 17 3.4 Using Secret Keys Sender and recipient exchange keys through some secure, trusted, non-network based means. Sender encodes message using encryption function and sends the message, knowing that only the holder of key (the intended recipient) can understand it. Recipient decodes message, and knows that only intended sender could generate it. Message can be captured but is of no use.
18
© Chinese University, CSE Dept. Distributed Systems / 3 - 18 3.4 Simplified Model of Secret Key (Symmetric Key) Encryption
19
© Chinese University, CSE Dept. Distributed Systems / 3 - 19 3.4 Secret Key Encryption Algorithms Historical cipher –Caesar Cipher –Monoalphabetic Cipher –Polyalphabetic Cipher Block cipher –Process plain text in fixed block sizes producing block of cipher text of equal size –Data encryption standard (DES) –Triple DES (3DES) –Advanced Encryption Standard (AES)
20
© Chinese University, CSE Dept. Distributed Systems / 3 - 20 3.4.1 Caesar Cipher Each letter in plaintext is substituted with letter that is K letters later Wrap around is allowed (i.e., z followed by letter a) If K = 3, a in plaintext becomes d in cipher text b in plaintext becomes e in cipher text —Participation Exercise: “ Dolfh, L oryh brx. Ere ” —Once it is known that Caesar cipher is being used, it is easy to break the code (only 25 possible key values).
21
© Chinese University, CSE Dept. Distributed Systems / 3 - 21 3.4.1 Attacking Caesar Cipher: Brute-Force Brute-Force attack is based on the making sense feature of the data by trying every possible key. Suppose that the cipher “ mrsxocoexsfobcsdi ” is the result of a Caesar shift cipher. Since the key space is {0, 1, …, 25}, then the possible plaintexts are: mrsxocoexsfobcsdi, nstypdpfytgpcdtej, otuzqeqgzuhqdeufk, puvarfrhavirefvgl, qvwbsgsibwjsfgwhm, rwxcthtjcxktghxin, sxyduiukdyluhiyjo, tyzevjvlezmvijzkp, uzafwkwmfanwjkalq, vabgxlxngboxklbmr, wbchymyohcpylmcns, xcdiznzpidqzmndot, ydejaoaqjeranoepu, zefkbpbrkfsbopfqv, afglcqcslgtcpqgrw, bghmdrdtmhudqrhsx, chineseuniversity, dijoftfvojwfstjuz, ejkpgugwpkxgtukva, fklqhvhxqlyhuvlwb, glmriwiyrmzivwmxc, hmnsjxjzsnajwxnyd, inotkykatobkxyoze, jopulzlbupclyzpaf, kpqvmamcvqdmzaqbg, lqrwnbndwrenabrch
22
© Chinese University, CSE Dept. Distributed Systems / 3 - 22 3.4.2 Monoalphabetic Cipher Improvement on Caesar Cipher Rather than substituting according to a regular pattern – any letter can be substituted for any other letter, as long as each letter has a unique substitute letter, and vice versa. Example of a monoalphabetic cipher Plain Text: a b c d e f g h i j k l m n o p q r s t u v w x y z Cipher Text: m n b v c x z a s d f g h j k l p o i u y t r e w q Complexity: –_______ Possible pairings of letters – so breaking code is not as easy as in the case of Caesar cipher.
23
© Chinese University, CSE Dept. Distributed Systems / 3 - 23 3.4.2 Cryptanalysis: Simple Example Mono-alphabetic substitution ciphers can be broken by simple frequency analysis The relative frequency of letters in English text is distinct (shown in table) Ciphertext frequencies can be used to guess plaintext letters Letter:abcdefghijklm Frequency:7134133238<1 43 Letter:nopqrstuvwxyz Frequency:873<1869311 2
24
© Chinese University, CSE Dept. Distributed Systems / 3 - 24 3.4.2 Deducing the Keyword
25
© Chinese University, CSE Dept. Distributed Systems / 3 - 25 3.4.2 Cryptanalysis It is the art and science of breaking ciphers, ciphertexts, or keys. Brute-force: A cryptanalysis where all possible keys are tested, and then the result possible plaintext are analyzed. Statistical analysis: single-letter appearance frequency; “ q ” is mostly followed by “ u ” ; multi-letter frequency. Known plaintext-ciphertext combination.
26
© Chinese University, CSE Dept. Distributed Systems / 3 - 26 3.4.3 Polyalphabetic Encryption Use multiple monoalphabetic/Caesar ciphers Use a specific monoalphabetic/Caesar cipher to encode a letter in a specific position in the plain text message This implies that same letter appearing in different positions in the plaintext might be encoded differently. Example: 2 Caesar ciphers; K = 5, K = 19 For every 5 bits in the plain text use the 2 Caesar ciphers in the following pattern: C1, C2, C2, C1, C2
27
© Chinese University, CSE Dept. Distributed Systems / 3 - 27 3.4.3 Example: Vigenere Cipher In the Vigenere cipher, the character in the ciphertext is chosen from a two-dimensional table (26 x 26), in which each row is a permutation of 26 characters (A to Z).
28
© Chinese University, CSE Dept. Distributed Systems / 3 - 28 3.5 Public Key Cryptography symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if never “met”)? public key cryptography radically different approach sender, receiver do not share secret key public encryption key known to all private decryption key known only to receiver
29
© Chinese University, CSE Dept. Distributed Systems / 3 - 29 3.5 Public Key Cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public key plaintext message K (m) B + K B + Bob’s private key K B - m = K ( K (m) ) B + B -
30
© Chinese University, CSE Dept. Distributed Systems / 3 - 30 3.5 Using Public Keys Recipient generates key pair. Public key is published by trusted service. Sender gets public key, and uses this to encode a message. Recipient decodes the message. Replies can be encoded using sender’s public key from the trusted distribution service if two- way security is needed. Message can be captured but is of no use.
31
© Chinese University, CSE Dept. Distributed Systems / 3 - 31 3.5 Public Keys Gives 'one-way' security. Two keys generated, one used with decryption algorithm (private key) and one with encryption algorithm (public key). Generation of the private key, given only the public key, is computationally hard. Do not need secure key transmission mechanism for key distribution.
32
© Chinese University, CSE Dept. Distributed Systems / 3 - 32 3.5 Public Key Cryptosystems Some examples of public-key cryptosystems are: Elgamal (named for its inventor, Taher Elgamal) RSA (named for its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman) Diffie-Hellman (named, you guessed it, for its inventors) DSA, the Digital Signature Algorithm, (invented by David Kravitz).
33
© Chinese University, CSE Dept. Distributed Systems / 3 - 33 3.5 RSA Public Key Encryption Algorithm need K ( ) and K ( ) such that BB.. given public key K, it should be impossible to compute private key K B B Requirements: 1 2 RSA: Rivest, Shamir, Adelson algorithm + - K (K (m)) = m B B - + + -
34
© Chinese University, CSE Dept. Distributed Systems / 3 - 34 3.6 RSA: Choosing Keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (e,n). Private key is (d,n). K B + K B -
35
© Chinese University, CSE Dept. Distributed Systems / 3 - 35 3.6 RSA: Encryption, Decryption 0. Given (e,n) and (d,n) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens! c
36
© Chinese University, CSE Dept. Distributed Systems / 3 - 36 3.6 RSA: Why is that m = (m mod n) e mod n d (m mod n) e mod n = m mod n d ed Useful number theory result: If p,q prime and n = pq, then: x mod n = x mod n yy mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 )
37
© Chinese University, CSE Dept. Distributed Systems / 3 - 37 3.6 An RSA Example Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, (p-1)(q-1) relatively prime). d=29 (so ed-1 exactly divisible by (p-1)(q-1)). letter m m e c = m mod n e k 12 1524832 17 encrypt: c m = c mod n d 17 481968572106750915091411825223071697 12 c d letter k decrypt:
38
© Chinese University, CSE Dept. Distributed Systems / 3 - 38 3.6 Public Key Security It is based on mathematically well-known hard problems. So deducing the private key from the public key is as hard as the equivalent problem. For instance, RSA is based on “ integer multiplication and factoring ” as a One Way Function ( 1589762001 69873203 = 110872143408559203 ). p,qp,q N (=pq)
39
© Chinese University, CSE Dept. Distributed Systems / 3 - 39 Ron Rivest, Adi Shamir, and Leonard Adleman 2002 Turing Award: For their ingenious contribution for making public-key cryptographypublic-key cryptography useful in practice.
40
© Chinese University, CSE Dept. Distributed Systems / 3 - 40 3.6 RSA: Another Important Property The following property will be very useful later: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same!
41
© Chinese University, CSE Dept. Distributed Systems / 3 - 41 3.6 Public-Key Cryptography
42
© Chinese University, CSE Dept. Distributed Systems / 3 - 42 4 Authentication 1.Motivation 2.Types of Authentication 3.Key Distribution 4.Authentication and Key Distribution: Needham/Schroeder Protocol
43
© Chinese University, CSE Dept. Distributed Systems / 3 - 43 4.1 What is Authentication? Authentication: Proving you are who you claim to be. In centralized systems: Password check at session start. In distributed systems: –Ensuring that each message came from claimed source. –Ensuring that each message has not been altered. –Ensuring that each message has not been replayed.
44
© Chinese University, CSE Dept. Distributed Systems / 3 - 44 4.2 Types of Authentication (Client Side) Authentication can be used to ensure a number of different aspects of an interaction. Proving that a client of a server is who it claims to be. This can be refined to proving that the end user has the right to use a service.
45
© Chinese University, CSE Dept. Distributed Systems / 3 - 45 4.2 Types of Authentication (Server Side) Proving both client and server are who they say they are. This is needed to prevent impostor services from collecting information or disrupting (vandalizing) the system. This is really just an extension of the idea of authentication a client.
46
© Chinese University, CSE Dept. Distributed Systems / 3 - 46 4.2 Types of Authentication (Overall) Securing communication from eavesdropping. Authentication will usually involve encrypting data. This can be used just at the start to prove the identity of ends of the communication link.
47
© Chinese University, CSE Dept. Distributed Systems / 3 - 47 4.2 Message Authentication Protection against active attacks –Falsification of data –Masquerading Message is authentic if it is genuine and comes from the alleged source Authentication allows receiver to verify that message is authentic –Message has not altered –Message is from authentic source –Message timeline
48
© Chinese University, CSE Dept. Distributed Systems / 3 - 48 4.3 Key Distribution Options: KK ey selected by A and delivered to B TT hird party selects key and delivers to A and B UU se old key to encrypt and transmit new key from A to B UU se old key to transmit new key from third party to A and B
49
© Chinese University, CSE Dept. Distributed Systems / 3 - 49 4.3 Automatic Key Distribution Session Key –Used for duration of one logical connection –Destroyed at end of session –Used for user data Permanent key –Used for distribution of keys Key distribution center –Determines which systems may communicate –Provides one session key for that connection Security service module (SSM) –Performs end to end encryption –Obtains keys for host
50
© Chinese University, CSE Dept. Distributed Systems / 3 - 50 4.3 Automatic Key Distribution for Connection-Oriented Protocols
51
© Chinese University, CSE Dept. Distributed Systems / 3 - 51 4.4 Needham/Schroeder Protocol: Authentication & Key Distribution Provides a secure way for pairs of components to obtain keys to be used during communication. Based on an authentication server (key distribution center): –maintains a name and a secret key for each component. –can generate keys for peer-to-peer communications. Secret keys are used for communication with authentication server.
52
© Chinese University, CSE Dept. Distributed Systems / 3 - 52 4.4 Needham/Schroeder Protocol Authentication Server CS 1: C, S, N C 2: {N C,S,K CS,{K CS,C} K S } K C 3: {K CS,C} K S 4: {N S } K CS 5: {N S -1} K CS C: Client Name S: Server Name K C :Client´s secret key K S : Server´s secret key K CS : Secret key for client/server communication N x : Nonce generated by x {M} K :Message encrypted in key K
53
© Chinese University, CSE Dept. Distributed Systems / 3 - 53 5 Summary Threats, Methods of Attack, Infiltration Cryptology: –Secret Keys –Public Keys RSA Algorithm Authentication Needham/Schroeder Protocol for Authentication and Key Distribution Read Textbook Chapter 11
Similar presentations
© 2025 SlidePlayer.com Inc.
All rights reserved.