Presentation is loading. Please wait.

Presentation is loading. Please wait.

Case Study On Distributed Systems Security by Merv Wagner.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Case Study On Distributed Systems Security by Merv Wagner."— Presentation transcript:

1

2 Case Study On Distributed Systems Security by Merv Wagner

3 Historical context: the evolution of security needs

4 Goals  System security policy –Cost-benefit- Baseline  Primary objectives –Confidentiality –Integrity –Availability  Secondary objectives –Authentication –Non-repudiation  Other concerns –Access control - Audit trail –Timely service - Record keeping –Anonymity

5 Secure channels  Properties  Each process is sure of the identity of the other  Protection against repetition and reordering of data  Employs cryptography  Secrecy based on cryptographic concealment  Authentication based on proof of ownership of secrets  Cryptographic concealment is based on:  Confusion and diffusion  Conventional shared crypto keys  Public/private key pair * Principal A Secure channel Process p q Principal B The enemy Cryptography

6 Definitions  Asymmetric algorithm – public/private key cryptography that utilizes a trap-door function, such as RSA  Availability - system services are available when they are needed  Certificate - an electronic document containing a statement signed by a principal  Confidentiality - secrecy, information is only disclosed according to security policy  Integrity - information is not destroyed or corrupted and the system performs data operations correctly  DES - Data Encryption Standard adopted by National Bureau of Standards in 1977; famous cryptosystem that uses a 56-bit secret key  Digital Signature - emulates a conventional signature by using cryptography to verify to a third party that a message or document is produced by the signer  RSA - Rivest, Shamir, Adleman encryption algorithm; first public-key cryptosystem; based on the use of trap door function of two very large prime numbers  Symmetric algorithm – secret-key cryptography that uses a common key and a one- way encryption function, such as DES

7 Security notations KAKA Alice’s secret key KBKB Bob’s secret key K AB Secret key shared between Alice and Bob K Apriv Alice’s private key (known only to Alice) K Apub Alice’s public key (published by Alice for all to read) {M} K MessageM encrypted with keyK [M ]K]K MessageM signed with key K AliceFirst participant BobSecond participant CarolParticipant in three- and four-party protocols DaveParticipant in four-party protocols EveEavesdropper MalloryMalicious attacker SaraA server

8 Alice and Bob share a secret key K AB. 1.Alice uses K AB and an agreed encryption function E(K AB, M) to encrypt and send any number of messages {M i } K AB to Bob. 2.Bob reads the encrypted messages using the corresponding decryption function D(K AB, M). Alice and Bob can go on using K AB as long as it is safe to assume that K AB has not been compromised. Features Scenario 1: Secret communication with shared secret key Issues: Key distribution: How can Alice send a shared key K AB to Bob securely? Freshness of communication: How does Bob know that any {M i } isn’t a copy of an earlier encrypted message from Alice that was captured by Mallory and replayed later? *

9 Bob is a file server; Sara is an authentication service. Sara shares secret key K A with Alice and secret key K B with Bob. 1.Alice sends an (unencrypted) message to Sara stating her identity and requesting a ticket for access to Bob.  2.Sara sends a response to Alice. {{Ticket} K B, K AB } K A. It is encrypted in K A and consists of a ticket (to be sent to Bob with each request for file access) encrypted in K B and a new secret key K AB. 3.Alice uses K A to decrypt the response. 4.Alice sends Bob a request R to access a file: {Ticket} K B, Alice, R. 5.The ticket is actually {K AB, Alice} K B. Bob uses K B to decrypt it, checks that Alice's name matches and then uses K AB to encrypt responses to Alice. Features Scenario 2: Authenticated communication with a server  A ticket is an encrypted item containing the identity of the principal to whom it is issued and a shared key for a communication session.  This is a simplified version of the Needham and Schroeder (and Kerberos) protocol. *

10 Bob has a public/private key pair 1.Alice obtains a certificate that was signed by a trusted authority stating Bob's public key K Bpub 2.Alice creates a new shared key K AB, encrypts it using K Bpub using a public-key algorithm and sends the result to Bob. 3.Bob uses the corresponding private key K Bpriv to decrypt it. (If they want to be sure that the message hasn't been tampered with, Alice can add an agreed value to it and Bob can check it.) Features Scenario 3: Authenticated communication with public keys  Mallory might intercept Alice’s initial request to a key distribution service for Bob’s public-key certificate and send a response containing his own public key. He can then intercept all the subsequent messages. *

11 Alice wants to publish a document M in such a way that anyone can verify that it is from her. 1.Alice computes a fixed-length digest of the document Digest(M). 2.Alice encrypts the digest in her private key, appends it to M and makes the resulting signed document (M, {Digest(M)} K Apriv ) available to the intended users. 3.Bob obtains the signed document, extracts M and computes Digest(M). 4.Bob uses Alice's public key to decrypt {Digest(M)} K Apriv and compares it with his computed digest. If they match, Alice's signature is verified. Features Scenario 4: Digital signatures with secure digest function  Digest is a compressed form of the plaintext message *

12 Features X509 Certificate format Certificate: a statement signed by an appropriate authority. Certificates require: An agreed standard format Agreement on the construction of chains of trust Expiry dates, so that certificates can be revoked.

13 Certificates as credentials  Certificates can act as credentials –Evidence for a principal's right to access a resource  The two certificates shown could act as credentials for Alice to operate on her bank account –She would need to add her public key certificate *

14 Features Certificates 1.Certificate type:Account number 2.Name:Alice 3.Account:6262626 4.Certifying authority:Bob’s Bank 5.Signature:{Digest(field 2 + field 3)} K Bpriv Alice’s bank account certificate Public-key certificate for Bob's Bank 1.Certificate type:Public key 2.Name:Bob’s Bank 3.Public key:K Bpub 4.Certifying authority:Fred – The Bankers Federation 5.Signature: {Digest(field 2 + field 3)} K Fpriv *

15 Structure Cryptographic Algorithms  Symmetric (secret key) E(K, M) = {M} K D(K, E(K, M)) = M Same key for E and D M must be hard (infeasible) to compute (one-way function) Usual form of attack is brute-force: try all possible key values  Asymmetric (public key) Separate encryption and decryption keys: K e, K d D(K d. E(K e, M)) = M depends on the use of a trap-door function to make the keys. E has high computational cost. Very large keys > 512 bits  Hybrid protocols - used in SSL (now called TLS) Uses asymmetric crypto to transmit the symmetric key that is then used to encrypt a session. * Message M, key K, published encryption functions E, D

16 Structure Cipher block chaining and stream ciphers n n+3n+2n+1 XOR E(K, M) n-1n-2 n-3 plaintext blocks ciphertext blocks Cipher block chaining (CBC) XOR E(K, M) number generator n+3n+2n+1 plaintext stream ciphertext stream buffer keystream Stream cipher Most algorithms work on 64-bit blocks. Weakness of simple block cipher:- repeated patterns can be detected. *

17 Symmetric encryption algorithms These are all programs that perform confusion and diffusion operations on blocks of binary data DES: The US Data Encryption Standard (1977). No longer strong in its original form. 56-bit key Triple-DES: applies DES three times with two different keys. 112-bit key AES: A proposed US Advanced Encryption Standard (1997). 128/256-bit key. *

18 Asymmetric encryption algorithms RSA: The first practical algorithm (Rivest, Shamir and Adelman 1978) and still the most frequently used. Key length is variable, 512-2048 bits. Asymmetric algorithms are ~1000 x slower and are therefore not practical for bulk encryption, but their other properties make them ideal for key distribution and for authentication uses. Depend on the use of trap-door functions A trap-door function is a one-way function with a secret exit - e.g. product of two large numbers; easy to multiply, very hard to factor *

19 Implementation Digital signatures Requirement: –To authenticate stored document files as well as messages –To protect against forgery –To prevent the signer from repudiating a signed document (denying their responsibility) Encryption of a document in a secret key constitutes a signature -Impossible for others to perform without knowledge of the key -Strong authentication of document -Strong protection against forgery -Weak against repudiation (signer could claim key was compromised) *

20 Implementation Secure digest functions -Encrypted text of document makes an impractically long signature -So we encrypt a secure digest instead -Secure digest function computes a fixed-length hash H(M) that characterizes the document M -H(M) should be: -Fast to compute -Hard to invert -MD5: Developed by Rivest (1992). Computes a 128-bit digest -SHA: (1995) based on Rivest's MD4 but made more secure by producing a 160-bit digest *

21 Implementation Digital signatures with public keys Signing h H(doc) D(K pub,{h}) h' h = h'?authentic:forged Verifying M H(M) 128 bits h E(K pri, h) {h} Kpri M signed doc M {h} Kpri *

22 Implementation Low-cost signatures with a shared secret key Signing Verifying M K M K h = h'?authentic:forged h M signed doc H(M+K) h h' H(M+K) * Signer and verifier share a secret key K MAC: Message Authentication Code

23 Performance of encryption and secure digest algorithms Key size/hash size (bits) Extrapolated speed (kbytes/sec.) Optimized speed (kbytes/s) TEA128700- DES563507746 Triple-DES 1121202842 IDEA1287004469 RSA 512 7- RSA2048 1- MD5128174062425 SHA 16075025162 Algorithm Public key Secret key Digest speeds are for a Pentium II processor at 330 MHZ

24 Application Kerberos authentication and key distribution service  Secures communication with servers on a local network –Developed at MIT in the 1980s to provide security across a large campus network > 5000 users –Based on Needham - Schroeder protocol  Standardized and now included in many operating systems –Internet RFC 1510, OSF DCE –BSD UNIX, Linux, Windows 2000, NT, XP, etc. –Available from MIT  Kerberos server creates a shared secret key for any required server and sends it (encrypted) to the user's computer  User's password is the initial secret shared with Kerberos *

25 System architecture of Kerberos Server Client DoOperation Authentication database Login session setup Ticket- granting service T Kerberos Key Distribution Centre Server session setup Authen- tication service A 1. Request for TGS ticket 2. TGS ticket 3. Request for server ticket 4. Server ticket 5. Service request Request encrypted with session key Reply encrypted with session key Service function Step B Step A Step C C S

26 Application Secure Socket Layer (SSL)  Key distribution and secure channels for internet commerce –Hybrid protocol; depends on public-key cryptography –Originally developed by Netscape Corporation (1994) –Extended and adopted as an Internet standard with the name Transport Level Security (TLS) –Provides the security in all web servers and browsers and in secure versions of Telnet, FTP and other network applications  Design requirements –Secure communication without prior negotiation or help from 3rd parties –Free choice of crypto algorithms by client and server –communication in each direction can be authenticated, encrypted or both

27 SSL protocol stack SSL Handshake protocol SSL Change Cipher Spec SSL Alert Protocol Transport layer (usually TCP) Network layer (usually IP) SSL Record Protocol HTTPTelnet SSL protocols:Other protocols: * negotiates cipher suite, exchanges certificates and key masters changes the secure channel to a new spec implements the secure channel

28 Client A Server B ClientHello ServerHello SSL handshake protocol Establish protocol version, session ID, cipher suite, compression method, exchange random start values Certificate Certificate Request ServerHelloDone Optionally send server certificate and request client certificate Certificate Certificate Verify Send client certificate response if requested Change Cipher Spec Finished Change Cipher Spec Finished Change cipher suite and finish handshake

29 SSL record protocol Application data abcdefghi abcdefghi Record protocol units Fragment/combine Compressed units Compress MAC Hash Encrypted Encrypt TCP packet Transmit *

30 Significance  Distributed systems require increased security  Goal of confidentiality, integrity and availability  New systems must build security in during design  Cryptographic algorithms are means to achieve distributed security –Secret-key (symmetric) - DES –Public/private key (asymmetric) – RSA  Need for increased bit length of keys to maintain cryptographic security  Digital signatures/Certificates  Kerboros/Secure Socket Layer  More Internet communications will be secure in the future

31 Summary  Essential to protect the information in distributed systems  Achieved by access control mechanisms and secure channels  Public-key and secret-key cryptography provide the basis for authentication and secure communication  Kerberos and SSL are widely-used system components that support secure and authenticated communication *

32 References  Anderson, James P.; "Computer Security Technology Planning Study"; ESD-TR-73-51, Vol I; Electronic Systems Division, Air Force Systems Command; Hanscom AFB, MA; Oct 1972.  Brassard, Gilles; Modern Cryptology A Tutorial; Springer-Verlag; New York; 1988.  Coulouris, George; Dollimore, Jean; Kindberg, Tim; "Teaching Material Slides"; Based on: Distributed Systems Concepts and Design; Pearson Education Ltd; Harlow, England; 2001.  Coulouris, George; Dollimore, Jean; Kindberg, Tim; Distributed Systems Concepts and Design; Pearson Education Ltd; Harlow, England; 2001.  Lampson, B.W.; "Dynamic Protection Structures"; AFIPS Conf. Proc. 35; FJCC; 1969, pg 27- 38.  Langsford, Alwyn; Moffett, Jonathan D.; Distributed Systems Management; Addison- Wesley; Wokingham, England; 1993.  Moreno, April L.; "Distributed Systems Security: Java, CORBA, and COM+"; SANS Institute Information Security Reading Room; http://www.sans.org; Sept 14, 2002.http://www.sans.org  Summers, Rita C.; Secure Computing Threats and Safeguards; McGraw-Hill; New York; 1997.  Weissman, Clark; "Security Controls in the ADEPT-50 Timesharing System"; AFIPS Conf. Proc. 35; FJCC; 1969, pg 119-133.

Download ppt "Case Study On Distributed Systems Security by Merv Wagner."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Distributed Systems Security Overview Douglas C. Sicker Assistant Professor Department of Computer Science and Interdisciplinary Telecommunications Program.

Distributed Systems Security Overview Douglas C. Sicker Assistant Professor Department of Computer Science and Interdisciplinary Telecommunications Program.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Security 2 Outline Various Attacks to Computer Security Cryptography Authentication & Key Distribution Access Control Logic of Authentication.

Security 2 Outline Various Attacks to Computer Security Cryptography Authentication & Key Distribution Access Control Logic of Authentication.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Copyright © George Coulouris, Jean Dollimore, Tim Kindberg 2001 This material is made available for private study and for direct.

Copyright © George Coulouris, Jean Dollimore, Tim Kindberg This material is made available for private study and for direct.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Cryptographic Technologies

Cryptographic Technologies
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

Similar presentations

Ads by Google