Presentation is loading. Please wait.

Presentation is loading. Please wait.

© Chinese University, CSE Dept. Distributed Systems / 3 - 1 Distributed Systems Topic 3: Security Dr. Michael R. Lyu Computer Science & Engineering Department.

Similar presentations


Presentation on theme: "© Chinese University, CSE Dept. Distributed Systems / 3 - 1 Distributed Systems Topic 3: Security Dr. Michael R. Lyu Computer Science & Engineering Department."— Presentation transcript:

1 © Chinese University, CSE Dept. Distributed Systems / 3 - 1 Distributed Systems Topic 3: Security Dr. Michael R. Lyu Computer Science & Engineering Department The Chinese University of Hong Kong

2 © Chinese University, CSE Dept. Distributed Systems / 3 - 2 Outline 1 Motivation 2 Styles of Attacks 3 Cryptography 4 Authentication, Security Protocols and Systems 5 Summary

3 © Chinese University, CSE Dept. Distributed Systems / 3 - 3 1 Motivation  More vital/secret data handled by distributed components within network systems and Internet.  Security: protecting data stored in and transferred between distributed components from unauthorized access.  Insecurity effect: Confidential Data may be stolen, e.g.: –corporate plans. –new product designs. –medical/financial records (e.g. Access bills…)  Insecurity effect: Data may be altered, e.g.: –finances made to seem better than they are. –results of tests, e.g. on drugs, altered. –examination results amended (up or down).

4 © Chinese University, CSE Dept. Distributed Systems / 3 - 4 1 Why are Distributed Systems Insecure?  Distributed component rely on messages sent and received from network.  Is network (especially WANs and wireless networks) secure?  Is client component secure?  Is client component who it claims to be?  Are users of calling components really who they claim to be?

5 © Chinese University, CSE Dept. Distributed Systems / 3 - 5 1 Consequences of Insecurity  Loss of confidence: above effects may reduce confidence in computerized systems.  Claims for damages: legal developments may allow someone to sue if data on computer has not been guarded according to best practice.  Loss of privacy: data legally stored on a computer may well be private to the person concerned (e.g. medical/personnel) record.

6 © Chinese University, CSE Dept. Distributed Systems / 3 - 6 2 Security Threats  Categorization of attacks (and goals of attacks) that may be made on system.  Three broad classes: –leakage: information leaving system. –tampering: unauthorized information altering. –vandalism: disturbing correct system operation.  Used to specify what the system is proof, or secure, against.  Attacks: Passive and Active

7 © Chinese University, CSE Dept. Distributed Systems / 3 - 7 2 Passive Attacks  Eavesdropping on transmissions –Receive message copies without authority.  To obtain information  Release of message contents –Outsider learns content of transmission  Traffic analysis –By monitoring frequency and length of messages, even encrypted, nature of communication may be guessed  Difficult to detect  Can be prevented

8 © Chinese University, CSE Dept. Distributed Systems / 3 - 8 2 Active Attacks  Masquerading: Pretending to be a different entity without authority.  Message tampering: Intercepting and altering messages.  Replaying: Storing messages and sending them later.  Denial of service: Flooding server resources with messages in order to deny other’s access.  Hard to prevent  Easy to detect –Detection may lead to deterrent

9 © Chinese University, CSE Dept. Distributed Systems / 3 - 9 2 Security Attack Scenarios Eavesdropping: Bob Alice “Let’s meet at 5pm, old place” Tom “hee hee…” Tampering: BobAlice “Let’s meet at 5pm, old place” Tom “Let’s meet at 3pm, old place” Replaying: Bob Tom “Let’s meet at 5pm today” Alice One day later: “Let’s meet at 5pm today”

10 © Chinese University, CSE Dept. Distributed Systems / 3 - 10 2 Infiltration  Launch of attack requires access to the system. –Launched by legitimate users. –Launched after obtaining passwords of known users.  Subtle ways of infiltration over Internet: –Viruses –Worms –Trojan Horses  Ways to combat: –Keep the Operating System updated –Use a firewall

11 © Chinese University, CSE Dept. Distributed Systems / 3 - 11 3 Cryptography 1 Introduction 2 Terminology 3 Encryption 4 Secret Keys 5 Public Keys 6 RSA Encryption Algorithm

12 © Chinese University, CSE Dept. Distributed Systems / 3 - 12 3.1 Introduction  Cryptography: encode message data so that it can only be understood by intended recipient.  Romans used it in military communication.  Given knowledge of encryption algorithm, a brute force attempt is to try every possible decoding until a valid message is produced.  Computers are good at this!  Modern schemes must be computationally hard to solve to remain secure.

13 © Chinese University, CSE Dept. Distributed Systems / 3 - 13 3.2 Cryptographic Terminology  Plain text: the message before encoding (by encryption).  Cipher text: the message after encoding.  Key: information needed to convert from plain text to cipher text (or vice-versa).  Function: the encryption or decryption algorithm used, in conjunction with key, to encode or decode message.  Key distribution service: trusted service which hands out keys.

14 © Chinese University, CSE Dept. Distributed Systems / 3 - 14 3.3 Encryption  Encrypting data prevents unauthorized access to the data (i.e., prevents eavesdropping).  If encrypted data can only be encrypted with a matching key, this can be used to prove sender’s identity (i.e., prevents masquerading).  Likewise, it can be used to ensure that only intended recipients can use the data..  Two main ways: secret key and public key.

15 © Chinese University, CSE Dept. Distributed Systems / 3 - 15 3.4 Secret Keys  One key is used to both encrypt and decrypt data  Encryption and decryption functions are often chosen to be the same type  Security should not be compromised by making function well-known as security comes from secret keys  Example: Enigma Encription Machine

16 © Chinese University, CSE Dept. Distributed Systems / 3 - 16 3.4 Enigma Encryption Machine

17 © Chinese University, CSE Dept. Distributed Systems / 3 - 17 3.4 Using Secret Keys  Sender and recipient exchange keys through some secure, trusted, non-network based means.  Sender encodes message using encryption function and sends the message, knowing that only the holder of key (the intended recipient) can understand it.  Recipient decodes message, and knows that only intended sender could generate it.  Message can be captured but is of no use.

18 © Chinese University, CSE Dept. Distributed Systems / 3 - 18 3.4 Simplified Model of Secret Key (Symmetric Key) Encryption

19 © Chinese University, CSE Dept. Distributed Systems / 3 - 19 3.4 Secret Key Encryption Algorithms  Historical cipher –Caesar Cipher –Monoalphabetic Cipher –Polyalphabetic Cipher  Block cipher –Process plain text in fixed block sizes producing block of cipher text of equal size –Data encryption standard (DES) –Triple DES (3DES) –Advanced Encryption Standard (AES)

20 © Chinese University, CSE Dept. Distributed Systems / 3 - 20 3.4.1 Caesar Cipher  Each letter in plaintext is substituted with letter that is K letters later  Wrap around is allowed (i.e., z followed by letter a)  If K = 3, a in plaintext becomes d in cipher text b in plaintext becomes e in cipher text —Participation Exercise: “ Dolfh, L oryh brx. Ere ” —Once it is known that Caesar cipher is being used, it is easy to break the code (only 25 possible key values).

21 © Chinese University, CSE Dept. Distributed Systems / 3 - 21 3.4.1 Attacking Caesar Cipher: Brute-Force  Brute-Force attack is based on the making sense feature of the data by trying every possible key.  Suppose that the cipher “ mrsxocoexsfobcsdi ” is the result of a Caesar shift cipher.  Since the key space is {0, 1, …, 25}, then the possible plaintexts are: mrsxocoexsfobcsdi, nstypdpfytgpcdtej, otuzqeqgzuhqdeufk, puvarfrhavirefvgl, qvwbsgsibwjsfgwhm, rwxcthtjcxktghxin, sxyduiukdyluhiyjo, tyzevjvlezmvijzkp, uzafwkwmfanwjkalq, vabgxlxngboxklbmr, wbchymyohcpylmcns, xcdiznzpidqzmndot, ydejaoaqjeranoepu, zefkbpbrkfsbopfqv, afglcqcslgtcpqgrw, bghmdrdtmhudqrhsx, chineseuniversity, dijoftfvojwfstjuz, ejkpgugwpkxgtukva, fklqhvhxqlyhuvlwb, glmriwiyrmzivwmxc, hmnsjxjzsnajwxnyd, inotkykatobkxyoze, jopulzlbupclyzpaf, kpqvmamcvqdmzaqbg, lqrwnbndwrenabrch

22 © Chinese University, CSE Dept. Distributed Systems / 3 - 22 3.4.2 Monoalphabetic Cipher  Improvement on Caesar Cipher  Rather than substituting according to a regular pattern – any letter can be substituted for any other letter, as long as each letter has a unique substitute letter, and vice versa.  Example of a monoalphabetic cipher  Plain Text: a b c d e f g h i j k l m n o p q r s t u v w x y z  Cipher Text: m n b v c x z a s d f g h j k l p o i u y t r e w q  Complexity: –_______ Possible pairings of letters – so breaking code is not as easy as in the case of Caesar cipher.

23 © Chinese University, CSE Dept. Distributed Systems / 3 - 23 3.4.2 Cryptanalysis: Simple Example  Mono-alphabetic substitution ciphers can be broken by simple frequency analysis  The relative frequency of letters in English text is distinct (shown in table)  Ciphertext frequencies can be used to guess plaintext letters Letter:abcdefghijklm Frequency:7134133238<1 43 Letter:nopqrstuvwxyz Frequency:873<1869311 2

24 © Chinese University, CSE Dept. Distributed Systems / 3 - 24 3.4.2 Deducing the Keyword

25 © Chinese University, CSE Dept. Distributed Systems / 3 - 25 3.4.2 Cryptanalysis  It is the art and science of breaking ciphers, ciphertexts, or keys.  Brute-force: A cryptanalysis where all possible keys are tested, and then the result possible plaintext are analyzed.  Statistical analysis: single-letter appearance frequency; “ q ” is mostly followed by “ u ” ; multi-letter frequency.  Known plaintext-ciphertext combination.

26 © Chinese University, CSE Dept. Distributed Systems / 3 - 26 3.4.3 Polyalphabetic Encryption Use multiple monoalphabetic/Caesar ciphers Use a specific monoalphabetic/Caesar cipher to encode a letter in a specific position in the plain text message This implies that same letter appearing in different positions in the plaintext might be encoded differently. Example: 2 Caesar ciphers; K = 5, K = 19 For every 5 bits in the plain text use the 2 Caesar ciphers in the following pattern: C1, C2, C2, C1, C2

27 © Chinese University, CSE Dept. Distributed Systems / 3 - 27 3.4.3 Example: Vigenere Cipher  In the Vigenere cipher, the character in the ciphertext is chosen from a two-dimensional table (26 x 26), in which each row is a permutation of 26 characters (A to Z).

28 © Chinese University, CSE Dept. Distributed Systems / 3 - 28 3.5 Public Key Cryptography symmetric key crypto  requires sender, receiver know shared secret key  Q: how to agree on key in first place (particularly if never “met”)? public key cryptography  radically different approach  sender, receiver do not share secret key  public encryption key known to all  private decryption key known only to receiver

29 © Chinese University, CSE Dept. Distributed Systems / 3 - 29 3.5 Public Key Cryptography plaintext message, m ciphertext encryption algorithm decryption algorithm Bob’s public key plaintext message K (m) B + K B + Bob’s private key K B - m = K ( K (m) ) B + B -

30 © Chinese University, CSE Dept. Distributed Systems / 3 - 30 3.5 Using Public Keys  Recipient generates key pair.  Public key is published by trusted service.  Sender gets public key, and uses this to encode a message.  Recipient decodes the message.  Replies can be encoded using sender’s public key from the trusted distribution service if two- way security is needed.  Message can be captured but is of no use.

31 © Chinese University, CSE Dept. Distributed Systems / 3 - 31 3.5 Public Keys  Gives 'one-way' security.  Two keys generated, one used with decryption algorithm (private key) and one with encryption algorithm (public key).  Generation of the private key, given only the public key, is computationally hard.  Do not need secure key transmission mechanism for key distribution.

32 © Chinese University, CSE Dept. Distributed Systems / 3 - 32 3.5 Public Key Cryptosystems Some examples of public-key cryptosystems are:  Elgamal (named for its inventor, Taher Elgamal)  RSA (named for its inventors, Ron Rivest, Adi Shamir, and Leonard Adleman)  Diffie-Hellman (named, you guessed it, for its inventors)  DSA, the Digital Signature Algorithm, (invented by David Kravitz).

33 © Chinese University, CSE Dept. Distributed Systems / 3 - 33 3.5 RSA Public Key Encryption Algorithm need K ( ) and K ( ) such that BB.. given public key K, it should be impossible to compute private key K B B Requirements: 1 2 RSA: Rivest, Shamir, Adelson algorithm + - K (K (m)) = m B B - + + -

34 © Chinese University, CSE Dept. Distributed Systems / 3 - 34 3.6 RSA: Choosing Keys 1. Choose two large prime numbers p, q. (e.g., 1024 bits each) 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). 5. Public key is (e,n). Private key is (d,n). K B + K B -

35 © Chinese University, CSE Dept. Distributed Systems / 3 - 35 3.6 RSA: Encryption, Decryption 0. Given (e,n) and (d,n) as computed above 1. To encrypt bit pattern, m, compute c = m mod n e (i.e., remainder when m is divided by n) e 2. To decrypt received bit pattern, c, compute m = c mod n d (i.e., remainder when c is divided by n) d m = (m mod n) e mod n d Magic happens! c

36 © Chinese University, CSE Dept. Distributed Systems / 3 - 36 3.6 RSA: Why is that m = (m mod n) e mod n d (m mod n) e mod n = m mod n d ed Useful number theory result: If p,q prime and n = pq, then: x mod n = x mod n yy mod (p-1)(q-1) = m mod n ed mod (p-1)(q-1) = m mod n 1 = m (using number theory result above) (since we chose ed to be divisible by (p-1)(q-1) with remainder 1 )

37 © Chinese University, CSE Dept. Distributed Systems / 3 - 37 3.6 An RSA Example Bob chooses p=5, q=7. Then n=35, z=24. e=5 (so e, (p-1)(q-1) relatively prime). d=29 (so ed-1 exactly divisible by (p-1)(q-1)). letter m m e c = m mod n e k 12 1524832 17 encrypt: c m = c mod n d 17 481968572106750915091411825223071697 12 c d letter k decrypt:

38 © Chinese University, CSE Dept. Distributed Systems / 3 - 38 3.6 Public Key Security  It is based on mathematically well-known hard problems.  So deducing the private key from the public key is as hard as the equivalent problem.  For instance, RSA is based on “ integer multiplication and factoring ” as a One Way Function ( 1589762001  69873203 = 110872143408559203 ). p,qp,q N (=pq)

39 © Chinese University, CSE Dept. Distributed Systems / 3 - 39 Ron Rivest, Adi Shamir, and Leonard Adleman 2002 Turing Award: For their ingenious contribution for making public-key cryptographypublic-key cryptography useful in practice.

40 © Chinese University, CSE Dept. Distributed Systems / 3 - 40 3.6 RSA: Another Important Property The following property will be very useful later: K ( K (m) ) = m B B - + K ( K (m) ) B B + - = use public key first, followed by private key use private key first, followed by public key Result is the same!

41 © Chinese University, CSE Dept. Distributed Systems / 3 - 41 3.6 Public-Key Cryptography

42 © Chinese University, CSE Dept. Distributed Systems / 3 - 42 4 Authentication 1.Motivation 2.Types of Authentication 3.Key Distribution 4.Authentication and Key Distribution: Needham/Schroeder Protocol

43 © Chinese University, CSE Dept. Distributed Systems / 3 - 43 4.1 What is Authentication? Authentication: Proving you are who you claim to be.  In centralized systems: Password check at session start.  In distributed systems: –Ensuring that each message came from claimed source. –Ensuring that each message has not been altered. –Ensuring that each message has not been replayed.

44 © Chinese University, CSE Dept. Distributed Systems / 3 - 44 4.2 Types of Authentication (Client Side)  Authentication can be used to ensure a number of different aspects of an interaction.  Proving that a client of a server is who it claims to be.  This can be refined to proving that the end user has the right to use a service.

45 © Chinese University, CSE Dept. Distributed Systems / 3 - 45 4.2 Types of Authentication (Server Side)  Proving both client and server are who they say they are.  This is needed to prevent impostor services from collecting information or disrupting (vandalizing) the system.  This is really just an extension of the idea of authentication a client.

46 © Chinese University, CSE Dept. Distributed Systems / 3 - 46 4.2 Types of Authentication (Overall)  Securing communication from eavesdropping.  Authentication will usually involve encrypting data.  This can be used just at the start to prove the identity of ends of the communication link.

47 © Chinese University, CSE Dept. Distributed Systems / 3 - 47 4.2 Message Authentication  Protection against active attacks –Falsification of data –Masquerading  Message is authentic if it is genuine and comes from the alleged source  Authentication allows receiver to verify that message is authentic –Message has not altered –Message is from authentic source –Message timeline

48 © Chinese University, CSE Dept. Distributed Systems / 3 - 48 4.3 Key Distribution Options: KK ey selected by A and delivered to B TT hird party selects key and delivers to A and B UU se old key to encrypt and transmit new key from A to B UU se old key to transmit new key from third party to A and B

49 © Chinese University, CSE Dept. Distributed Systems / 3 - 49 4.3 Automatic Key Distribution  Session Key –Used for duration of one logical connection –Destroyed at end of session –Used for user data  Permanent key –Used for distribution of keys  Key distribution center –Determines which systems may communicate –Provides one session key for that connection  Security service module (SSM) –Performs end to end encryption –Obtains keys for host

50 © Chinese University, CSE Dept. Distributed Systems / 3 - 50 4.3 Automatic Key Distribution for Connection-Oriented Protocols

51 © Chinese University, CSE Dept. Distributed Systems / 3 - 51 4.4 Needham/Schroeder Protocol: Authentication & Key Distribution  Provides a secure way for pairs of components to obtain keys to be used during communication.  Based on an authentication server (key distribution center): –maintains a name and a secret key for each component. –can generate keys for peer-to-peer communications.  Secret keys are used for communication with authentication server.

52 © Chinese University, CSE Dept. Distributed Systems / 3 - 52 4.4 Needham/Schroeder Protocol Authentication Server CS 1: C, S, N C 2: {N C,S,K CS,{K CS,C} K S } K C 3: {K CS,C} K S 4: {N S } K CS 5: {N S -1} K CS C: Client Name S: Server Name K C :Client´s secret key K S : Server´s secret key K CS : Secret key for client/server communication N x : Nonce generated by x {M} K :Message encrypted in key K

53 © Chinese University, CSE Dept. Distributed Systems / 3 - 53 5 Summary  Threats, Methods of Attack, Infiltration  Cryptology: –Secret Keys –Public Keys  RSA Algorithm  Authentication  Needham/Schroeder Protocol for Authentication and Key Distribution  Read Textbook Chapter 11


Download ppt "© Chinese University, CSE Dept. Distributed Systems / 3 - 1 Distributed Systems Topic 3: Security Dr. Michael R. Lyu Computer Science & Engineering Department."

Similar presentations


Ads by Google