Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed Operating Systems CS551 Colorado State University at Lockheed-Martin Lecture 9 -- Spring 2001.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Distributed Operating Systems CS551 Colorado State University at Lockheed-Martin Lecture 9 -- Spring 2001."— Presentation transcript:

1 Distributed Operating Systems CS551 Colorado State University at Lockheed-Martin Lecture 9 -- Spring 2001

2 11 April 2001CS-551, Lecture 92 CS551: Lecture 9 n Topics – Distributed Security (Chapter 11) n Cryptography & Digital Signatures n Authentication n Access Controls (Firewalls) – Other Algorithms

3 11 April 2001CS-551, Lecture 93 Terms n Computer security: “frequently consists of two parts: authentication and access control” n Authentication: “involves the verification and identification of a valid user” n Access control: “strives to prevent unwanted tampering with data files and system resources”

4 11 April 2001CS-551, Lecture 94 Terms, continued n Encryption: “encoding data using a key in such a manner that an eavesdropper cannot easily read the data” n Plaintext: “ the original data” n Ciphertext: “the encrypted data” n Decryption: “going from ciphertext to plaintext”

5 11 April 2001CS-551, Lecture 95 Terms, concluded n Computationally secure: “An encryption algorithm is computationally secure if the system cannot be broken by systematic analysis with available resources.” n Private key versus public key n Symmetric versus asymmetric encryption

6 11 April 2001CS-551, Lecture 96 Simple Encryption n Cereal box code ring n See Java assignment on encryption – Caesar cipher – Polyalphabetic cipher

7 11 April 2001CS-551, Lecture 97 Figure 11.1 Alice and Bob Use Cryptography. Read I as J in Cypher text

8 11 April 2001CS-551, Lecture 98 Symmetric Encryption n “encryption algorithms where the encryption and the decryption algorithm utilize the same key” n Examples: – Caesar cipher – Polyalphabetic cipher n Key must be private n “Secret-key encryption” n Q: how to communicate the key? – Diffie-Hellman key exchange

9 11 April 2001CS-551, Lecture 99 Figure 11.5 Diffie-Hellman Key exchange.

10 11 April 2001CS-551, Lecture 910 DES: Data Encryption Standard n Popular private key encryption method n US standard (NIST 1977) n Based on IBM’s LUCIFER system n 64-bit key (8 for error detection) n Encrypts data in blocks of 64 bits n 70,000,000,000,000,000 possible keys n Three-phrase encryption and decryption

11 11 April 2001CS-551, Lecture 911 DES Phase 1: Initial Permutation n A permutation of the 64-bit block, changing the order of bits within each block n Each 64-bits broken up into two halves – L 0, left half – R 0, right half n See DES Permutation Table – E.g. the new first bit was the 58 th bit – The new last bit was the 7 th bit

12 11 April 2001CS-551, Lecture 912 Table 11.1 DES Initial Permutation [NIST77].

13 11 April 2001CS-551, Lecture 913 DES Phase 2: Shifting (16 times) n Table-dependent n Each shift uses different subblock of key n Which subblock is used is determined by – another set of tables – its own shifting algorithm n The subscripts of the left and right halves are incremented with each shift

14 11 April 2001CS-551, Lecture 914 DES Phase 3: Inverse Permutation n Similar to Phase 1 – Permutes order of bits within each block n Employs the DES Inverse Permutation table n Generates the final ciphertext n See figure 11.2

15 11 April 2001CS-551, Lecture 915 Table 11.2 DES Inverse Permutation [NIST77].

16 11 April 2001CS-551, Lecture 916 Figure 11.2 The Three Phases of DES.

17 11 April 2001CS-551, Lecture 917 Triple DES n Enhanced security n Employs three 64-bit keys n DES is used three times on the data, each time with a different key – E(P, k 1 ) = C 1 – E(C 1, k 2 ) = C 2 – E(C 2, k 3 ) = C 3 (ciphertext)

18 11 April 2001CS-551, Lecture 918 Figure 11.3 Triple DES.

19 11 April 2001CS-551, Lecture 919 Asymmetric Encryption n Involves two keys – A public key, k u – A private key, k r n E(P, k u ) = C and D(C, k r ) = P OR n E(P, k r ) = C and D(C, k u ) = P n Do not decrypt ciphertext with same key as encryption key n Mathematically difficult to obtain one key from the other n Example: Diffie-Hellman, 1976

20 11 April 2001CS-551, Lecture 920 Figure 11.4 Public-Key Cryptography. Output is ???? Where K r != K u Does not use K r Appears to use K u

21 11 April 2001CS-551, Lecture 921 RSA n By Rivest, Shamir, and Adleman (1978) n A public-key encryption algorithm n Patented n Three phases

22 11 April 2001CS-551, Lecture 922 RSA Phase 1 n Determining public and private keys 1. Choose two large prime numbers, P and Q 2. Compute N = P * Q 3. Compute F(N) = (P – 1) (Q – 1) 4. Choose e: 1 <= e <= N–1; GCD (e, F(N)) = 1 5. Compute d, where ed = 1 (mod F(N)) 6. Make d and N public as they make up the public key

23 11 April 2001CS-551, Lecture 923 RSA Phases 2 and 3 n Phase 2: Encrypting the message, M – 1 <= M <= N – 1 – C = M e (mod N), ciphertext n Phase 3: Decrypting the ciphertext, C – C d (mod N) = M, original message

24 11 April 2001CS-551, Lecture 924 RSA Example n Phase 1: 1. Alice chooses P=5, Q=11 2. So, N = P*Q = 55 3. F(N) = (P - 1) (Q - 1) = 40 4. Choose e = 7 [GCD(40,7) = 1] 5. Determine D = 23 since 7*23 (mod 40) = 161 (mod 40) = 1

25 11 April 2001CS-551, Lecture 925 RSA Example, continued n Phase 2 1. Send message M = 25 2. Compute C = M e (mod N) = 25 7 (mod 55) = 610,351,625 (mod 55) = 20 (ciphertext)

26 11 April 2001CS-551, Lecture 926 RSA Example, concluded n Phase 3 1. C = 20 2. C d (mod N) = M So 20 23 (mod 55) = 8388608 *10 23 (mod 55) = 25 = M

27 11 April 2001CS-551, Lecture 927 Figure 11.5 Diffie-Hellman Key exchange.

28 11 April 2001CS-551, Lecture 928 Diffie-Hellman Example 1. Alice and Bob agree to let p=11, a=7 2. Alice generates x=5, where 2 <= 5 <= 11-1 3. Alice computes a x (mod p) = 7 5 (mod 11) = 16807 (mod 11) = 10 and sends 10 to Bob 4. Bob generates y=8, where 2 <= 8 <= 11 5. Bob computes a y (mod p) = 7 8 (mod 11) = 5,764,801 (mod 11) = 9 and sends 9 to Alice 6. Bob computes (a x ) y (mod p) = (7 5 ) 8 (mod 11) = 7 5*8 (mod 11) 7. Alice computes (a y ) x (mod p) = (7 8 ) 5 (mod 11) = 7 8*5 (mod 11)

29 11 April 2001CS-551, Lecture 929 Digital Signatures with Public-Key Encryption n Employs RSA n May use private key to encrypt – Entire file (expensive) – Just signature n Advantage: no key distribution problems n Recipient may use public key to decrypt and verify origin n Only proper public key will decrypt

30 11 April 2001CS-551, Lecture 930 Authentication n Several steps necessary n First step is verifying identity of user n Three methods – User password – User key – Uniqueness of user (fingerprint, retina pattern) n Note: these methods work on centralized systems as well

31 11 April 2001CS-551, Lecture 931 Authentication in a DS n Concerns: – Eavesdropping – Multiple password management – Replay – Trust n Common solution: certificates

32 11 April 2001CS-551, Lecture 932 Certificates n “a computer-generated, frequently time- valid, authenticated packet of information” n Time-valid => prevents later replay – Can be done with timestamp or nonce – Nonce: “a random value unique for each communication” n Two approaches: – List of certificates, e.g. X.509 – Centralized certificate distribution center

33 11 April 2001CS-551, Lecture 933 Figure 11.6 Certificate List Utilized in Secure RPC.

34 11 April 2001CS-551, Lecture 934 Figure 11.7 Three-Way X.509 Authentication.

35 11 April 2001CS-551, Lecture 935 Figure 11.8 Chaining Certificate Authorities in X.509.

36 11 April 2001CS-551, Lecture 936 Figure 11.9 Kerberos Phase 1 Details. ID T = Ticket Granting Service’s ID ID C = Client’s ID ID S = Server’s ID N i = Nonce value K C = Client’s private key K S = Application Server’s key K T = Ticket Granting Service’s private key K 1 = System Ticket K 2 = Service Ticket T S = Starting Time Stamp T E = Ending Time Stamp E(a,K) = Applications on encryption algorithm to a with key K

37 11 April 2001CS-551, Lecture 937 Figure 11.10 Kerberos Phase 2 Details.

38 11 April 2001CS-551, Lecture 938 Figure 11.11 Kerberos Phase 3 Details.

39 11 April 2001CS-551, Lecture 939 Access Control (Firewalls) n Firewall: “should be immune to security threats and prevent all security threats from passing through the wall and to the system(s) it protects” n Categories – Packet-filtering gateways – Proxy services n Both types may be used together

40 11 April 2001CS-551, Lecture 940 Packet Filtering Gateways n “involves a security engineer who must explicitly state what may pass through the wall … what internal information may go out of the firewall as well as what outside locations are allowed … may specify what internal computer services may be shared with the outside world.” n “generally implemented on the router that connects the internal system to the outside world”

41 11 April 2001CS-551, Lecture 941 Firewall Routers n “provide a better user interface” n “easier to configure for security-based filtering” n Uses source/destination IP addresses n Checks IP addresses against table of rules

42 11 April 2001CS-551, Lecture 942 Proxy Servers n “represents an internal client’s services to the outside world” n Two basic types – Application-level gateway proxy services – Circuit-level proxy services

43 11 April 2001CS-551, Lecture 943 Application-level gateways n Bastion hosts n Dual-homed hosts

44 11 April 2001CS-551, Lecture 944 Circuit-level gateways n Transparent to user

45 11 April 2001CS-551, Lecture 945 Firewall Architectures n Bastion host architecture n Filtering host architecture n Filtering subnet architecture

46 11 April 2001CS-551, Lecture 946 Figure 11.12 Bastion Host Firewall Architecture.

47 11 April 2001CS-551, Lecture 947 Figure 11.13 Filtering Host Firewall Architecture.

48 11 April 2001CS-551, Lecture 948 Figure 11.14 Filtering Subnet Firewall Architecture.

49 11 April 2001CS-551, Lecture 949 Agreement Protocols n Distributed processes sometimes must agree n If some sites are faulty, this can be difficult – Need to identify/isolate the faults n Model assumptions: – n PEs, at most m PEs are faulty – PEs can communicate directly with each other – Receiver can always determine sender of a msg – Communication medium is reliable – PEs can fail

50 11 April 2001CS-551, Lecture 950 Synchronous Computation n A step (or round) consists of the following: – Receive messages – Compute – Send messages n PEs in lockstep n This model is assumed

51 11 April 2001CS-551, Lecture 951 Asynchronous Computation n No synchronization – At any time, a PE can n Send messages n Compute n Receive messages n Agreement problem is unsolvable in this case

52 11 April 2001CS-551, Lecture 952 PE Failure Model (modes) n Crash fault – PE stops, does not restart n Omission fault – PE omits to send a message that it should have n Malicious fault – Random behavior n E.g. sends fictitious messages n If a non-faulty PE doesn’t receive a message, it can make up a message

53 11 April 2001CS-551, Lecture 953 Authenticated Messages n Also called signed messages n A message cannot be forged or modified by a faulty PE n Non-authenticated messages – PE can forge or modify a message n As it relays it to the next node

54 11 April 2001CS-551, Lecture 954 Performance n Time – Number of rounds to reach agreement n Message traffic – Number of messages needed to reach agreement n Storage overhead – Amount of information stored at each node

55 11 April 2001CS-551, Lecture 955 Types of Agreement Problems n Byzantine Agreement Problem n Consensus Problem n Interactive Consistency Problem Recall Lamport’s Byzantine Generals paper

56 11 April 2001CS-551, Lecture 956 Byzantine Agreement Problems n An arbitrary (source) PE broadcasts a value n Solution: – Agreement n All non-faulty PEs agree on one value – Validity n If source PE is non-faulty, then agree on source’s initial value – If source is faulty, can agree on any value – Faulty PE can agree or not (don’t care)

57 11 April 2001CS-551, Lecture 957 Consensus Problems n All PEs broadcast initial values to all PEs n Solution: – Agreement n All non-faulty PEs agree on one value – Validity n If all non-faulty PEs start with same value, they will agree on that value

58 11 April 2001CS-551, Lecture 958 Interactive Consistency Problem n All PEs broadcast initial values to all PEs n Solution: – Agreement n All non-faulty PEs agree on vector v 1, v 2, …, v n – Validity n If i th PE is non-faulty and its value is v i, then all non-faulty PEs end with v i as i th value

59 11 April 2001CS-551, Lecture 959 How the problems compare n Byzantine is special case of interactive problem – Only uses one of the vector values n If each PE runs a copy of Byzantine, then this is the same as solving the interactive problem n Can use interactive to solve consensus problem – Can agree to use a majority value in vector n So, can derive all solutions from a solution to the Byzantine problem – So only consider the Byzantine

60 11 April 2001CS-551, Lecture 960 Byzantine Solutions n All PEs must exchange messages to reach consensus – Send their own values – Relay received values – Faulty PEs will be confusing n Limit on number of faulty PEs

61 11 April 2001CS-551, Lecture 961 Limit on Faulty PEs n Limit: m <= floor ( (n-1) / 3 ) n Need m+1 rounds of message exchanges (at least) n E.g if n = 4, then m <= 1 – If m = 1, then each non-faulty PE gets 3 messages n It can take the majority value – The faulty PE will always be outvoted

62 11 April 2001CS-551, Lecture 962 Lamport – Shostak - Pease n Given n PEs and less than m faulty PEs – n >= 3m + 1 n Recursive algorithm – OM(0) – Oral Message Algorithm n Source sends its value to all other PEs n Each PE uses the value it receives for the source

63 11 April 2001CS-551, Lecture 963 Lamport-Shostak-Pease: Example P0P0 P2P2 P3P3 P1P1 OM(0) 7 7 7 7

64 11 April 2001CS-551, Lecture 964 L-S-P: Example, continued P0P0 P2P2 P3P3 P1P1 OM(1) 7 7 3 7 7 7 7 7 7 2 P 2 is faulty

65 11 April 2001CS-551, Lecture 965 L-S-P: Example, continued P0P0 P2P2 P3P3 P1P1 OM(1) 7 7,3,7 7,2,7 7,7,7

66 11 April 2001CS-551, Lecture 966 L-S-P: Example, concluded P0P0 P2P2 P3P3 P1P1 OM(1) 7 7 7 7 Now try an example with N=7 and M=2

Download ppt "Distributed Operating Systems CS551 Colorado State University at Lockheed-Martin Lecture 9 -- Spring 2001."

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.

8: Network Security8-1 Symmetric key cryptography symmetric key crypto: Bob and Alice share know same (symmetric) key: K r e.g., key is knowing substitution.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Similar presentations

Ads by Google