Presentation is loading. Please wait.

Presentation is loading. Please wait.

Telecom and Informatics 1 Security and Privacy in Distributed Services Trial lecture: Security and Privacy in Distributed Services Richard Torbjørn Sanders.

Published byProsper Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "Telecom and Informatics 1 Security and Privacy in Distributed Services Trial lecture: Security and Privacy in Distributed Services Richard Torbjørn Sanders."— Presentation transcript:

1 Telecom and Informatics 1 Security and Privacy in Distributed Services Trial lecture: Security and Privacy in Distributed Services Richard Torbjørn Sanders NTNU Dept. of Telematics / SINTEF ICT Richard Torbjørn Sanders NTNU Dept. of Telematics / SINTEF ICT

2 Telecom and Informatics 2 Security and Privacy in Distributed Services Main points General introduction – no detailed state-of-the-art Define what distributed services are Show how distributed services are modelled in UML Mechanisms at the service session layer General introduction – no detailed state-of-the-art Define what distributed services are Show how distributed services are modelled in UML Mechanisms at the service session layer

3 Telecom and Informatics 3 Security and Privacy in Distributed Services What is a distributed service? Daily use: Service is something that an organization or system provides to the public Within information and communication technology: Several definitions exist Daily use: Service is something that an organization or system provides to the public Within information and communication technology: Several definitions exist

4 Telecom and Informatics 4 Security and Privacy in Distributed Services Two kinds of service distribution: Client-server paradigm (web services) One-way initiatives A service as an interface Restricted Collaborative services (telecom) Multi-way initiatives A service as a collaboration General Distributed resources initiative response Distributed service logic two-way initiatives

5 Telecom and Informatics 5 Security and Privacy in Distributed Services Definition of service A service is a collaboration between roles performed by service components (actors) in order to offer functionality to the environment Actor1Actor2Actor3Actor4Actor5 Service 3Service 2 Service 1 Service role Horizontal composition (within a service) Vertical composition (within an actor)

6 Telecom and Informatics 6 Security and Privacy in Distributed Services Defining services in the Unified Modeling Language (UML) buyer : Personseller : Person Sale Actor object Peter’s phone plays Paul’s PC plays Organisation Public provideruser Role name : role type Collaboration Service Association Collaboration Role

7 Telecom and Informatics 7 Security and Privacy in Distributed Services sd successful sale Delivery Payment DeliveryPayment Delivery : buyer: seller Request (goods) Offer (quantity, quality, price) Order (quantity) Invoice (amount) : buyer: seller Request (goods) Offer (quantity, quality, price) Order (quantity) Invoice (amount) Service interactions Sequence diagram Interactions Roles sd successful sale Cash&Carry sd successful sale No Worries sd successful sale Pay On Delivery

8 Telecom and Informatics 8 Security and Privacy in Distributed Services Collaborations and roles Sale buyer : Person 1 seller : Person 1 Collaboration Role name and type Connector

9 Telecom and Informatics 9 Security and Privacy in Distributed Services Composite service Banana distribution consumergrower retailerwholesaler buyer whole : Sale seller raw : Sale buyer retail : Sale seller Collaboration use

10 Telecom and Informatics 10 Security and Privacy in Distributed Services Security and privacy Threats to citizens, organisations and society Countermeasures in the context of distributed services Safety is not treated e.g. poisonous bananas… Threats to citizens, organisations and society Countermeasures in the context of distributed services Safety is not treated e.g. poisonous bananas…

11 Telecom and Informatics 11 Security and Privacy in Distributed Services Security and privacy issues Security: Confidentiality: keeping interactions secret from others Integrity: ensuring that interactions are not hampered with Traceability: documenting that interactions have taken place Availability: are services offered as advertised? Authenticity: are the players who they say they are? Privacy: the right to choose freely what to expose Security: Confidentiality: keeping interactions secret from others Integrity: ensuring that interactions are not hampered with Traceability: documenting that interactions have taken place Availability: are services offered as advertised? Authenticity: are the players who they say they are? Privacy: the right to choose freely what to expose

12 Telecom and Informatics 12 Security and Privacy in Distributed Services Layers Service Physical Network Session Application Many security solutions exist Little done. Focus here! Security solution not possible

13 Telecom and Informatics 13 Security and Privacy in Distributed Services Confidentiality sd successful sale : buyer: seller Request (goods) Offer (quantity, quality, price) Keeping interactions secret from others Countermeasures: Avoidance through encryption at the network level Many standard solutions are available Challenges: Ease of use for the public Set up, understand consequences and scope Keeping interactions secret from others Countermeasures: Avoidance through encryption at the network level Many standard solutions are available Challenges: Ease of use for the public Set up, understand consequences and scope Eavesdropping

14 Telecom and Informatics 14 Security and Privacy in Distributed Services Integrity sd order : buyer: seller Order (goods) Invoice (amount) Ensuring that interactions are not hampered with Countermeasures: Detection through use of checksums at the network level Avoidance through encryption at the network level Many standard solutions are available Ensuring that interactions are not hampered with Countermeasures: Detection through use of checksums at the network level Avoidance through encryption at the network level Many standard solutions are available Changing content

15 Telecom and Informatics 15 Security and Privacy in Distributed Services Traceability sd order : buyer: seller Order (goods) Invoice (amount) Ensuring that messages or sessions are not repudiated Countermeasures: Prevention through digital signatures at the network level Standard solutions are available Ensuring that messages or sessions are not repudiated Countermeasures: Prevention through digital signatures at the network level Standard solutions are available Deny exchange

16 Telecom and Informatics 16 Security and Privacy in Distributed Services Availability sd successful sale : buyer: seller Request (goods) {no answer} Ensuring that services are offered as advertised “Denial of service attack” Countermeasures: Blocking requests from bogus sources at the network level Not easy to identify bogus sources Role request mechanisms at the session layer Ensuring that services are offered as advertised “Denial of service attack” Countermeasures: Blocking requests from bogus sources at the network level Not easy to identify bogus sources Role request mechanisms at the session layer Denial of service

17 Telecom and Informatics 17 Security and Privacy in Distributed Services Role request pattern - session layer requesting : ActorTypeA requested : ActorTypeB ActorStateMachine 1. Request (seller, buyer) 3. Confirm (seller) Buyer 2. Play (seller) Seller connector Requests from illegitimate or infected actors should be discarded Easier than at the network level? Requests from illegitimate or infected actors should be discarded Easier than at the network level?

18 Telecom and Informatics 18 Security and Privacy in Distributed Services Authenticity sd successful sale : buyer: seller Request (goods) Offer (quantity, quality, price) Ensuring that role players are who they say they are Countermeasures: Certificates and authentication protocols at the network level Can be cumbersome Trusted mechanism at the session layer better? Ensuring that role players are who they say they are Countermeasures: Certificates and authentication protocols at the network level Can be cumbersome Trusted mechanism at the session layer better? Masquerading / phishing

19 Telecom and Informatics 19 Security and Privacy in Distributed Services Session layer support for authenticity requesting : ActorTypeA requested : ActorTypeB ActorStateMachine 1. Request (seller, buyer) 3. Confirm (seller) Buyer 2. Play (seller) Seller seller Ensure proper identity of the parties Or support sessions between anonymous (but trusted) parties Mechanism supported by a trusted session layer Ensure proper identity of the parties Or support sessions between anonymous (but trusted) parties Mechanism supported by a trusted session layer Ensure identities of parties

20 Telecom and Informatics 20 Security and Privacy in Distributed Services Emerging security threats Dynamic role playing (role learning) adds new security threats

21 Telecom and Informatics 21 Security and Privacy in Distributed Services Role learning pattern X: GadgetW: SalesServer Request (seller, buyer) Confirm (sellerPOD) Buyer Seller POD : ServiceBroker Lookup(sellerPOD, Buyer) Result(idBuyerPOD, provider) Export (BuyerPOD) provider :ServiceRoleProvider Import (idBuyerPOD) CA’ Buyer POD buyer Buyer POD Is the service role provider to be trusted? Downloading “Trojan horses” - viruses Is the service role provider to be trusted? Downloading “Trojan horses” - viruses Request (sellerPOD, buyerPOD) buyerPOD sellerPOD

22 Telecom and Informatics 22 Security and Privacy in Distributed Services Privacy “The right to be let alone” (1890) “The right to choose freely what to expose” (1967) Protect information concerning persons and organisations Interests, actions, geographical position Contact lists Role playing capabilities “People are not concerned about privacy as long as the threat does not become tangible” Trade-off between privacy and availability / functionality “Amazon recommends…” “The right to be let alone” (1890) “The right to choose freely what to expose” (1967) Protect information concerning persons and organisations Interests, actions, geographical position Contact lists Role playing capabilities “People are not concerned about privacy as long as the threat does not become tangible” Trade-off between privacy and availability / functionality “Amazon recommends…”

23 Telecom and Informatics 23 Security and Privacy in Distributed Services Session layer support for privacy requesting : ActorTypeA requested : ActorTypeB ActorStateMachine 1. Request (seller, buyer) 3. Confirm (seller) 2. Play (seller) Seller seller Mechanism supported by a trusted session layer Protect private information e.g. about role playing preferences Buyer

24 Telecom and Informatics 24 Security and Privacy in Distributed Services Conclusion Security and privacy issues partially dealt with by existing mechanisms Distributed Services face new threats role learning disclosing role preferences Trusted session layer support can be beneficial Ensure sessions between legitimate actors Support anonymity when desired Must protect personal data such as role preferences Trusted third party provider necessary! Security and privacy issues partially dealt with by existing mechanisms Distributed Services face new threats role learning disclosing role preferences Trusted session layer support can be beneficial Ensure sessions between legitimate actors Support anonymity when desired Must protect personal data such as role preferences Trusted third party provider necessary!

Download ppt "Telecom and Informatics 1 Security and Privacy in Distributed Services Trial lecture: Security and Privacy in Distributed Services Richard Torbjørn Sanders."

Similar presentations

Network Security Chapter 1 - Introduction.

Network Security Chapter 1 - Introduction.
Security Controls and Systems in E-Commerce

Security Controls and Systems in E-Commerce
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Cryptography and Network Security

Cryptography and Network Security
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996.

Tools and Techniques of Encryption Jeremy Malcolm A presentation to WASCAL on 29 May 1996.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google