Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 425 / ECE 428 Distributed Systems Fall 2018 Indranil Gupta (Indy)

Published byΣατανᾶς Αλαφούζος Modified over 5 years ago

Similar presentations

Presentation on theme: "CS 425 / ECE 428 Distributed Systems Fall 2018 Indranil Gupta (Indy)"— Presentation transcript:

1 CS 425 / ECE 428 Distributed Systems Fall 2018 Indranil Gupta (Indy)
Lecture 27: Security All slides © IG

2 Security Threats Leakage Tampering Vandalism
Unauthorized access to service or data E.g., Someone knows your bank balance Tampering Unauthorized modification of service or data E.g., Someone modifies your bank balance Vandalism Interference with normal service, without direct gain to attacker E.g., Denial of Service attacks 2

3 Common Attacks Eavesdropping Masquerading Message tampering
Attacker taps into network Masquerading Attacker pretends to be someone else, i.e., identity theft Message tampering Attacker modifies messages Replay attack Attacker replays old messages Denial of service: bombard a port 3

4 Addressing the Challenges: CIA Properties
Confidentiality Protection against disclosure to unauthorized individuals Addresses Leakage threat Integrity Protection against unauthorized alteration or corruption Addresses Tampering threat Availability Service/data is always readable/writable Addresses Vandalism threat 4

5 Policies vs. Mechanisms
Many scientists (e.g., Hansen) have argued for a separation of policy vs. mechanism A security policy indicates what a secure system accomplishes A security mechanism indicates how these goals are accomplished E.g., Policy: in a file system, only authorized individuals allowed to access files (i.e., CIA properties) Mechanism: Encryption, capabilities, etc. 5

6 Mechanisms: Golden A’s
Authentication Is a user (communicating over the network) claiming to be Alice, really Alice? Authorization Yes, the user is Alice, but is she allowed to perform her requested operation on this object? Auditing How did Eve manage to attack the system and breach defenses? Usually done by continuously logging all operations. 6

7 Designing Secure Systems
Don’t know how powerful attacker is When designing a security protocol need to 1. Specify Attacker Model: Capabilities of attacker (Attacker model should be tied to reality) 2. Design security mechanisms to satisfy policy under the attacker model 3. Prove that mechanisms satisfy policy under attacker model 4. Measure effect on overall performance (e.g., throughput) in the common case, i.e., no attacks 7

8 Next Basic Cryptography 8

9 Basic Security Terminology
Principals: processes that carry out actions on behalf of users Alice Bob Carol Dave Eve (typically evil) Mallory (typically malicious) Sara (typically server) 9

10 Keys Key = sequence of bytes assigned to a user
Can be used to “lock” a message, and only this key can be used to “unlock” that locked message 10

11 Encryption Message (sequence of bytes) + Key  (Encryption) 
Encoded message (sequence of bytes) Encoded Message (sequence of bytes) + Key  (Decryption)  Original message (sequence of bytes) No one can decode an encoded message without the key 11

12 Two Cryptography Systems
I. Symmetric Key systems: KA = Alice’s key; secret to Alice KAB = Key shared only by Alice and Bob Same key (KAB) used to both encrypt and decrypt a message E.g., DES (Data Encryption Standard): 56 b key operates on 64 b blocks from the message 12

13 Two Cryptography Systems (2)
II. Public-Private Key systems: KApriv = Alice’s private key; known only to Alice KApub = Alice’s public key; known to everyone Anything encrypted with KApriv can be decrypted only with KApub Anything encrypted with KApub can be decrypted only with KApriv RSA and PGP fall into these category RSA = Rivest Shamir Adleman PGP = Pretty Good Privacy Keys are several 100s or 1000s of b long Longer keys => harder for attackers to break Public keys maintained via PKI (Public Key Infrastructure) 13

14 Public-Private Key Cryptography
If Alice wants to send a secret message M that can be read only by Bob Alice encrypts it with Bob’s public key KBpub(M) Bob only one able to decrypt it KBpriv(KBpub(M)) = M Symmetric too, i.e., KApub(KApriv(M)) = M 14

15 Shared/Symmetric vs. Public/Private
Shared keys reveal too much information Hard to revoke permissions from principals E.g., group of principals shares one key  want to remove one principal from group  need everyone in group to change key Public/private keys involve costly encryption or decryption At least one of these 2 operations is costly Many systems use public/private key system to generate shared key, and use latter on messages 15

16 Next How to use cryptography to implement Authentication
Digital Signatures Digital Certificates 16

17 I. Authentication Two principals verify each others’ identities
Two flavors Direct authentication: directly between two parties Indirect authentication: uses a trusted third-party server Called authentication server E.g., A Verisign server 17

18 Direct Authentication Using Shared Key
Alice knows Bob is Bob Alice A RB = Nonce = random number KAB(RB) RA = Nonce = random number KAB(RA) (has KAB) Time Bob Bob calculates KAB (RB ) and matches with reply. Alice is the only one who could have replied correctly. (has KAB) 18 Message Instruction or Step

19 Why Not Optimize Number of Messages?
Alice knows Bob is Bob Alice A, RA RB, KAB(RA) KAB(RB) Time Bob Bob calculates KAB (RB ) and matches with reply. Alice is the only one who could have replied correctly. 19 Message Instruction or Step

20 Unfortunately, This Subject to Replay Attack
Eve starts 1st session Eve starts 2nd session Eve finishes 1st session Eve (Malicious) A, RA RB, KAB(RA) A, RB RB2, KAB(RB) KAB(RB) Time Bob Bob calculates KAB (RB ) and matches with reply. Bob thinks Eve is Alice. 20 Message Instruction or Step

21 Indirect Authentication Using Authentication Server and Shared Keys
Alice A, B KA,AS(KA,B), KB,AS(KA,B) = A Ticket A, KB,AS(KA,B) Time Bob Alice and Bob only ones who can decrypt portions of the ticket and obtain KA,B AS 21 Message Instruction or Step

22 II. Digital Signatures Just like “real” signatures
Authentic, Unforgeable Verifiable, Non-repudiable To sign a message M, Alice encrypts message with her own private key Signed message: [M, KApriv(M)] Anyone can verify, using Alice’s public key, that Alice signed it To make it more efficient, use a one-way hash function, e.g., SHA-1, MD-5, etc. Signed message: [M, KApriv(Hash(M))] Efficient since hash is fast and small; don’t need to encrypt/decrypt full message 22

23 III. Digital Certificates
Just like “real” certificates Implemented using digital signatures Digital Certificates have Standard format Transitivity property, i.e., chains of certificates Tracing chain backwards must end at trusted authority (at root) 23

24 Example: Alice’s Bank Account
Certificate Type: Account Name: Alice Account number: 12345 Certifying Authority: Charlie’s Bank Signature KCpriv(Hash(Name+Account number)) Alice Charlie 24

25 Charlie’s Bank, in Turn has another Certificate
Certificate Type: Public Key Name: Charlie’s Bank Public Key: KCpub Certifying Authority: Banker’s Federation Signature KFpriv(Hash(Name+Public key)) Alice Charlie Banker’s Fed 25

26 Banker’s Federation, Has Another Certificate From the Root Server
Alice Charlie Banker’s Fed Verisign Certificate Type: Public Key Name: Banker’s Federation Public Key: KFpub Certifying Authority: Verisign Signature Kverisign priv(Hash(Name+Public key)) 26

27 IV. Authorization Access Control Matrix
For every combination of (principal,object) say what mode of access is allowed May be very large (1000s of principals, millions of objects) May be sparse (most entries are “no access”) Access Control Lists (ACLs) = per object, list of allowed principals and access allowed to each Maintained at server Capability Lists = per principal, list of files allowed to access and type of access allowed Could split it up into capabilities, each for a different (principal,file) Can be handed (like certificates) to clients 27

28 Security: Summary Security Challenges Abound
Lots of threats and attacks CIA Properties are desirable policies Encryption and decryption Shared key vs Public/private key systems Implementing authentication, signatures, certificates Authorization 28

29 Announcements HW4 due this Thursday at start of class 29

Download ppt "CS 425 / ECE 428 Distributed Systems Fall 2018 Indranil Gupta (Indy)"

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG.

CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.

CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Secure e-mail r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Similar presentations

Ads by Google