Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG.

Published byBetty Sharp Modified over 9 years ago

Similar presentations

Presentation on theme: "CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG."— Presentation transcript:

1 CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG

2 Leakage –Unauthorized access to service or data –E.g., Someone knows your bank balance Tampering –Unauthorized modification of service or data –E.g., Someone modifies your bank balance Vandalism –Interference with normal service, without direct gain to attacker –E.g., Denial of Service attacks Security Threats

3 Eavesdropping –Attacker taps into network Masquerading –Attacker pretends to be someone else, i.e., identity theft Message tampering –Attacker modifies messages Replay attack –Attacker replays old messages Denial of service: bombard a port Common Attacks

4 Confidentiality –Protection against disclosure to unauthorized individuals –Addresses Leakage threat Integrity –Protection against unauthorized alteration or corruption –Addresses Tampering threat Availability –Service/data is always readable/writable –Addresses Vandalism threat Addressing the Challenges: CIA Properties

5 Many scientists (e.g., Hansen) have argued for a separation of policy vs. mechanism A security policy indicates what a secure system accomplishes A security mechanism indicates how these goals are accomplished E.g., –Policy: in a file system, only authorized individuals allowed to access files (i.e., CIA properties) –Mechanism: Encryption, capabilities, etc. Policies vs. Mechanisms

6 Authentication –Is a user (communicating over the network) claiming to be Alice, really Alice? Authorization –Yes, the user is Alice, but is she allowed to perform her requested operation on this object? Auditing –How did Eve manage to attack the system and breach defenses? Usually done by continuously logging all operations. Mechanisms: Golden A’s

7 Don’t know how powerful attacker is When designing a security protocol need to 1. Specify Attacker Model: Capabilities of attacker (Attacker model should be tied to reality) 2. Design security mechanisms to satisfy policy under the attacker model 3. Prove that mechanisms satisfy policy under attacker model 4. Measure effect on overall performance (e.g., throughput) in the common case, i.e., no attacks Designing Secure Systems

8 Basic Cryptography Next

9 Principals: processes that carry out actions on behalf of users –Alice –Bob –Carol –Dave –Eve (typically evil) –Mallory (typically malicious) –Sara (typically server) Basic Security Terminology

10 Key = sequence of bytes assigned to a user –Can be used to “lock” a message, and only this key can be used to “unlock” that locked message Keys

11 Message (sequence of bytes) + Key  (Encryption)  Encoded message (sequence of bytes) Encoded Message (sequence of bytes) + Key  (Decryption)  Original message (sequence of bytes) No one can decode an encoded message without the key Encryption

12 I. Symmetric Key systems: –K A = Alice’s key; secret to Alice –K AB = Key shared only by Alice and Bob –Same key (K AB ) used to both encrypt and decrypt a message E.g., DES (Data Encryption Standard): 56 b key operates on 64 b blocks from the message Two Cryptography Systems

13 II. Public-Private Key systems: –K Apriv = Alice’s private key; known only to Alice –K Apub = Alice’s public key; known to everyone –Anything encrypted with K Apriv can be decrypted only with K Apub –Anything encrypted with K Apub can be decrypted only with K Apriv RSA and PGP fall into these category –RSA = Rivest Shamir Adleman –PGP = Pretty Good Privacy –Keys are several 100s or 1000s of b long –Longer keys => harder for attackers to break –Public keys maintained via PKI (Public Key Infrastructure) Two Cryptography Systems (2)

14 If Alice wants to send a secret message M that can be read only by Bob –Alice encrypts it with Bob’s public key –K Bpub ( M) –Bob only one able to decrypt it –K Bpriv ( K Bpub ( M) ) = M –Symmetric too, i.e., K Apub ( K Apriv ( M) ) = M Public-Private Key Cryptography

15 Shared keys reveal too much information –Hard to revoke permissions from principals –E.g., group of principals shares one key  want to remove one principal from group  need everyone in group to change key Public/private keys involve costly encryption or decryption –At least one of these 2 operations is costly Many systems use public/private key system to generate shared key, and use latter on messages Shared/Symmetric vs. Public/Private

16 How to use cryptography to implement I.Authentication II.Digital Signatures III.Digital Certificates Next

17 Two principals verify each others’ identities Two flavors –Direct authentication: directly between two parties –Indirect authentication: uses a trusted third- party server Called authentication server E.g., A Verisign server I. Authentication

18 Direct Authentication Using Shared Key Bob Time Alice Message Instruction or Step A R B = Nonce = random number K AB (R B ) R A = Nonce = random number Bob calculates K AB (R B ) and matches with reply. Alice is the only one who could have replied correctly. K AB (R A ) Alice knows Bob is Bob (has K AB )

19 Why Not Optimize Number of Messages? Bob Time Alice Message Instruction or Step A, R A R B, K AB (R A ) K AB (R B ) Bob calculates K AB (R B ) and matches with reply. Alice is the only one who could have replied correctly. Alice knows Bob is Bob

20 Unfortunately, This Subject to Replay Attack Bob Time Eve (Malicious) Message Instruction or Step A, R A R B, K AB (R A ) K AB (R B ) Bob calculates K AB (R B ) and matches with reply. Bob thinks Eve is Alice. A, R B R B2, K AB (R B ) Eve starts 2 nd sessionEve finishes 1 st sessionEve starts 1 st session

21 Indirect Authentication Using Authentication Server and Shared Keys Bob Time Alice Message Instruction or Step A, B K A,AS (K A,B ), K B,AS (K A,B ) = A Ticket A, K B,AS (K A,B ) AS Alice and Bob only ones who can decrypt portions of the ticket and obtain K A,B

22 Just like “real” signatures –Authentic, Unforgeable –Verifiable, Non-repudiable To sign a message M, Alice encrypts message with her own private key –Signed message: [M, K Apriv (M)] –Anyone can verify, using Alice’s public key, that Alice signed it To make it more efficient, use a one-way hash function, e.g., SHA-1, MD-5, etc. Signed message: [M, K Apriv (Hash(M))] Efficient since hash is fast and small; don’t need to encrypt/decrypt full message II. Digital Signatures

23 Just like “real” certificates Implemented using digital signatures Digital Certificates have –Standard format –Transitivity property, i.e., chains of certificates –Tracing chain backwards must end at trusted authority (at root) III. Digital Certificates

24 1.Certificate Type: Account 2.Name: Alice 3.Account number: 12345 4.Certifying Authority: Charlie’s Bank 5.Signature –K Cpriv (Hash(Name+Account number)) Example: Alice’s Bank Account Alice Charlie

25 1.Certificate Type: Public Key 2.Name: Charlie’s Bank 3.Public Key: K Cpub 4.Certifying Authority: Banker’s Federation 5.Signature –K Fpriv (Hash(Name+Public key)) Charlie’s Bank, in Turn has another Certificate Alice Charlie Banker’s Fed

26 1.Certificate Type: Public Key 2.Name: Banker’s Federation 3.Public Key: K Fpub 4.Certifying Authority: Verisign 5.Signature –K verisign priv (Hash(Name+Public key)) Banker’s Federation, Has Another Certificate From the Root Server Alice Charlie Banker’s Fed Verisign

27 Access Control Matrix –For every combination of (principal,object) say what mode of access is allowed –May be very large (1000s of principals, millions of objects) –May be sparse (most entries are “no access”) Access Control Lists (ACLs) = per object, list of allowed principals and access allowed to each Capability Lists = per principal, list of files allowed to access and type of access allowed –Could split it up into capabilities, each for a different (principal,file) IV. Authorization

28 Security Challenges Abound –Lots of threats and attacks CIA Properties are desirable policies Encryption and decryption Shared key vs Public/private key systems Implementing authentication, signatures, certificates Authorization Security: Summary

Download ppt "CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG."

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.

Computer Security Dept. of Computer Science CS 5200 Fall 2005 Dr. Scott Cannon.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Cryptographic Technologies

Cryptographic Technologies
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.

CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.

Similar presentations

Ads by Google