1 / 52

Security

Security. Chapter 8. Types of Threats. Interception Interruption Modification Fabrication. Security Mechanisms. Encryption Authentication Authorization Auditing. Example: Globus Security Architecture. Diagram of Globus security architecture. Focus of Control.

josie
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Chapter 8

  2. Types of Threats • Interception • Interruption • Modification • Fabrication

  3. Security Mechanisms • Encryption • Authentication • Authorization • Auditing

  4. Example: Globus Security Architecture • Diagram of Globus security architecture.

  5. Focus of Control • Three approaches for protection against security threats • Protection against invalid operations • Protection against unauthorized invocations • Protection against unauthorized users

  6. Layering of Security Mechanisms (1) • The logical organization of a distributed system into several layers.

  7. Layering of Security Mechanisms (2) • Several sites connected through a wide-area backbone service.

  8. Distribution of Security Mechanisms • The principle of RISSC as applied to secure distributed systems.

  9. Cryptography (1) • Intruders and eavesdroppers in communication.

  10. Cryptography (2) • Notation used in this chapter.

  11. Symmetric Cryptosystems: DES (1) • The principle of DES • Outline of one encryption round

  12. Symmetric Cryptosystems: DES (2) • Details of per-round key generation in DES.

  13. Public-Key Cryptosystems: RSA • Generating the private and public key requires four steps: • Choose two very large prime numbers, p and q • Compute n = p x q and z = (p – 1) x (q – 1) • Choose a number d that is relatively prime to z • Compute the number e such that e x d = 1 mod z

  14. Hash Functions : MD5 (1) • The structure of MD5

  15. Hash Functions : MD5 (2) • The 16 iterations during the first round in a phase in MD5.

  16. Authentication (1) • Authentication based on a shared secret key.

  17. Authentication (2) • Authentication based on a shared secret key, but using three instead of five messages.

  18. Authentication (3) • The reflection attack.

  19. Authentication Using a Key Distribution Center (1) • The principle of using a KDC.

  20. Authentication Using a Key Distribution Center (2) • Using a ticket and letting Alice set up a connection to Bob.

  21. Authentication Using a Key Distribution Center (3) • The Needham-Schroeder authentication protocol.

  22. Authentication Using a Key Distribution Center (4) • Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol.

  23. Authentication Using Public-Key Cryptography • Mutual authentication in a public-key cryptosystem.

  24. Digital Signatures (1) • Digital signing a message using public-key cryptography.

  25. Digital Signatures (2) • Digitally signing a message using a message digest.

  26. Secure Replicated Services • Sharing a secret signature in a group of replicated servers.

  27. General Issues in Access Control • General model of controlling access to objects.

  28. Access Control Matrix • Comparison between ACLs and capabilities for protecting objects. • Using an ACL • Using capabilities.

  29. Protection Domains • The hierarchical organization of protection domains as groups of users.

  30. Firewalls • A common implementation of a firewall.

  31. Protecting the Target (1) 8-27 • The organization of a Java sandbox.

  32. Protecting the Target (2) 8-28 • A sandbox • A playground

  33. Protecting the Target (3) 8-29 • The principle of using Java object references as capabilities.

  34. Protecting the Target (4) • The principle of stack introspection.

  35. Key Establishment • The principle of Diffie-Hellman key exchange.

  36. Key Distribution (1) • Secret-key distribution

  37. Key Distribution (2) • Public-key distribution (see also [menezes.a96]).

  38. Secure Group Management • Securely admitting a new group member.

  39. Capabilities and Attribute Certificates (1) • A capability in Amoeba.

  40. Capabilities and Attribute Certificates (2) • Generation of a restricted capability from an owner capability.

  41. Delegation (1) • The general structure of a proxy as used for delegation.

  42. Delegation (2) • Using a proxy to delegate and prove ownership of access rights.

  43. Example: Kerberos (1) • Authentication in Kerberos.

  44. Example: Kerberos (2) • Setting up a secure channel in Kerberos.

  45. SESAME Components • Overview of components in SESAME.

  46. Privilege Attribute Certificates (PACs) • The organization of a SESAME Privilege Attribute Certificate.

  47. Electronic Payment Systems (1) • Payment systems based on direct payment between customer and merchant. • Paying in cash. • Using a check. • Using a credit card.

  48. Electronic Payment Systems (2) • Payment systems based on money transfer between banks. • Payment by money order. • Payment through debit order.

  49. Privacy (1) • Information hiding in a traditional cash payment.

  50. Privacy (2) Information Party • Information hiding in a traditional credit-card system (see also [camp.lj96a])

More Related