1 / 41

Understanding Distributed Systems Security

Explore why distributed systems are insecure, including threats like leakage, tampering, and vandalism, and learn about security requirements, policies, mechanisms, and designing secure systems. Understand modern cryptography requirements and challenges.

despiritu
Download Presentation

Understanding Distributed Systems Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS542: Topics inDistributed Systems Security

  2. Why are Distributed Systems insecure? • Distributed component rely on messages sent and received from network. • Is network (especially WAN networks) secure? • Packets can be intercepted and modified at network layer! • Is client component secure? • Is client component who it claims to be? • Are users of calling components really who they claim to be?

  3. Security Threats Leakage: An unauthorized party gains access to a service or data. Attacker obtains knowledge of a withdrawal or account balance, e.g., via eavesdropping Tampering: Unauthorized change of data, tampering with a service Attacker changes the variable holding your personal data Vandalism: Interference with proper operation, without gain to the attacker Attacker does not allow any transactions to your account E.g., DOS=denial of service

  4. How Attacks are Carried Out Attacks on Communication Channel / Network Eavesdropping – Obtaining copies of messages without authority. Masquerading – Sending or receiving messages with the identity of another principal (user or corporation). Identity theft. Message tampering – Intercepting messages and altering their contents before passing them onto the intended recipient. Replaying– Intercepting messages and sending them at a later time. Denial of Service Attack– flooding a channel or other resources (e.g., port) with messages.

  5. Addressing the Challenges Leakage: An unauthorized party gains access to a service or data. Confidentiality : protection against disclosure to unauthorized individuals. Tampering: Unauthorized change of data, tampering with a service Integrity : protection against alteration or corruption. Vandalism: Interference with proper operation, without gain to the attacker Availability : protection against interference with the means to access the resources.

  6. Security Requirements • Authentication: ensures that sender and receiver are who they are claiming to be • Data integrity: ensure that data is not changed from source to destination • Confidentiality: ensures that data is read only by authorized users • Non-repudiation: ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity. The sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message

  7. Security Policies & Mechanisms A Security Policyindicates which actions each entity (user, data, service) is allowed or prohibited to take. E.g., Only an owner is allowed to make transactions to his account. A Security Mechanismimplements and enforces the policy

  8. Security Mechanisms • Encryption / decryption: transforming data into something an attacker cannot understand and vice-versa, i.e., providing a means to implement confidentiality, as well as allowing user to check whether data have been modified. • Authentication: verifying the claimed identity of a subject, such as user name, password, etc. • Authorization: checking whether the subject has the right to perform the action requested. verify access rights of principal for resource. • Auditing: tracing which subjects accessed what, when, and which way. In general, auditing does not provide protection, but can be a tool for analysis of problems. Mainly an offline analysis tool, often ex-post.

  9. Designing Secure Systems Need to make worst-case assumptions about attackers: exposed interfaces, insecure networks, algorithms and program code available to attackers, attackers may be computationally very powerful Typically design system to withstand a known set of attacks (Attack Model or Attacker Model) Tradeoff between security and performance impact Designing Secure Systems Traditionally done as a layer on top of existing protocols. Three phases: Design security protocol Analyze Protocol Behavior when under attacks Measure effect on overall performance if there were no attacks (the common-case)

  10. Familiar Names in the Security Literature Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.

  11. Notational Conventions Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.

  12. Cryptographic Terminology • Plaintext: the message before encryption. • Ciphertext: the message after encryption. • Key: information needed to convert from plain text to cipher text (or vice-versa). • Function: the encryption or decryption algorithm used, in conjunction with key, to encrypt or decrypt message. • Key distribution: How to distribute keys between senders and receivers

  13. Requirements for modern cryptography • Kerkhoff’s principle: knowledge of encryption algorithm should not be an advantage • With computers a brute force attempt is possible, i.e. try every possible substitution until a valid message is produced. • Computers are good at this, modern schemes must be computationally hard to solve to remain secure. • 15 May 1973 American National Bureau of standards requests proposals for encryption standard • Data Encryption Standard, DES, developed. Standard describes DEA, Data Encryption Algorithm • Since November 26, 2001, there’s AES, based on Rijndael

  14. Cryptography Encoding (encryption) of a message that can only be read (decryption) by a key. In shared key cryptography (symmetric cryptography) the sender and the recipient know the key, but no one else does. E.g., DES (Data Encryption Standard) – 56 b key operates on 64 b blocks of data. Notation: KAB (M). How do Alice and Bob get the shared key KAB to begin with? In public/private key pairs messages are encrypted with a published public key, and can only be decrypted by a secret private decryption key. E.g., RSA / PGP keys – at least 512 b long Code for E & D is “open-source” (hence known to attacker) D(K, {M}K)=M E(K,M)={M}K {M}K Bob Alice Decryption Encryption Plain Text (M) Decryption KBpriv, D Plain Text (M) Encryption KBpub, E

  15. Cryptography Shared versus public/private: Shared reveals information to too many principles; may need key distribution and revocation/repudiation mechanisms In electronic commerce or wide area applications, public/private key pairs are preferred to shared keys. Public/private key encrypt/decrypt ops are costly May use hybrid: pub/pri generates a shared key. Presentation of many next few protocols independent of which keying scheme, viz., shared or pub/priv

  16. Symmetric Key • Both the sender and the receiver use the same secret keys Plaintext Plaintext Internet Encrypt with secret key Decrypt with secret key Ciphertext

  17. DES/AES: SymmetricEncryption • One key is used to both encrypt and decrypt data • Encryption and decryption functions are often chosen to be the same • Security should not be compromised by making function well-known as security comes from secret keys

  18. DES/AES: Using Secret Keys • Sender and recipient exchange keys through some secure, trusted, non-network based means. • Sender encodes message using function and sends, knowing that only the holder of the key (the intended recipient) can make sense of it. • Recipient decodes message & knows that only a key-holding sender could have generated it. • Message can be captured but is of no use.

  19. Data Encryption Standard (DES) • DES encrypts a 64-bit block of plain text using a 56-bit key • Three phases • Permute the 64 bits in the block • Apply a given operation 16 times on the 64 bits • Permute the 64 bits using the inverse of the original permutation 1st phase IP(input) Round 1 . . . key 2nd phase Round 16 3rd phase IP-1(input)

  20. Initial Permutation (IP) • IP: bit 58 of input becomes 1st bit, bit 50 becomes 2nd bit, etc 58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7 • IP-1: inverse of IP, e.g., IP(1) = 58, IP-1 (58) = 1 40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25

  21. 2nd Phase: Operation in each round • 16 rounds • Each round i select a 48 bit key Kifrom the original 56 bit key K. Perform (F is a given function): 0 63 63 32 31 0 Li-1 Ri-1 Ki F + Li Ri

  22. Discussion of DES • Even through the DES algorithm is well known, but the key or cipher is difficult to break using analytical methods. • Using a brute-force attack by simply searching for a key is possible. However, for 56-bit key, there are 256 possible key combinations, if we could search one key in 1 µs, then we need 2283 years to try all keys. (Distributed.net broke a DES-56 within 22 hours and 15 minutes, by using 100,000 PCs). • Use 3DES (K1, K2, K3), or DES-128 for high security.

  23. Encrypting Larger Messages • Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext Block1 Block2 Block3 Block4 IV + + + + DES DES DES DES Cipher1 Cipher2 Cipher3 Cipher4

  24. Cipher block chaining (CBC) Each plaintext block is combined with the preceding ciphertext block using XOR i.e., ciphertextn+1 = plaintextn+1  ciphertextn For decryption, the opposite is done, since XOR is idempotent, it works. Weaknesses: if the same message is sent to multiple locations, they’ll be the same and the attacker may infer. To add different piece of plaintext at the beginning of each message

  25. A Scheme of Cipher Block Chaining Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.

  26. Stream ciphers CBC is inappropriate for some apps., e.g., encryption of telephone conversations ==> Stream ciphers solve this problem Main idea is to construct a keystream generator. It’s analogous to adding “noise” to the system

  27. A Stream Cipher Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.

  28. DES Properties • Provide confidentiality • No mathematical proof, but practical evidence suggests that decrypting a message without knowing the key requires exhaustive search • To increase security use triple-DES, i.e., encrypt the message three times

  29. Secret Key Encryption • Disadvantage: Number of keys needed increases quadratically by number of objects (one key per pair of communicating objects…) • Another problem with private key: • Key distribution • Public Key (Asymmetric) Encryption overcomes these problem

  30. Public-Key Cryptosystems: RSA Asymmetric algorithm: a private and a public key are used First proposed by Diffie and Hellman Basis: Trap-door functions Are special type of one-way-functions that has a secret exit, it is easy to compute it in one-way but it is infeasible to compute the inverse if the secret is unknown Two keys, Ke and Kd D(Kd, E(Ke, M)) = M RSA (Rivest, Shamir, and Adelman) Algorithm

  31. Public-Key Cryptography: RSA (Rivest, Shamir, Adleman) • Sender uses a public key • Advertised to everyone • Receiver uses a private key Plaintext Plaintext Internet Encrypt with public key Decrypt with private key Ciphertext

  32. Asymmetric Encryption • Gives 'one-way' security. • Two keys generated, one used with decryption algorithm (private key) and one with encryption algorithm (public key). • Generation of private key, given public key is computationally hard. • Does not need secure key transmission mechanism for key distribution.

  33. Asymmetric Encryption: Using Public Keys • Recipient generates key pair. • Public key is published by trusted service. • Sender gets public key, and uses it to encode message. • Recipient decrypts message with its private key. • Replies can be encoded using sender’s public key from the trusted distribution service. • Message can be captured but is of no use.

  34. RSA Algorithm Generating the private and public key requires four steps: Choose two very large prime numbers, p and q Compute n = p x q and z = (p – 1) x (q – 1) Choose a number d that is relatively prime to z Compute the number e such that e x d = 1 mod z

  35. Generating Public and Private Keys • Publickey consist of pair (n, e) • Private key consists of pair (n, d)

  36. RSA Encryption and Decryption • Encryption of message block m: • c = memod n • Decryption of ciphertext c: • m = cd mod n

  37. Example (1/2) • Choose p = 7 and q = 11  n = p*q = 77 • Compute encryption key e: (p-1)*(q-1) = 6*10 = 60  chose e = 13 (13 and 60 are relatively prime numbers) • Compute decryption key d such that 13*d = 1 mod 60  d = 37 (37*13 = 481)

  38. Example (2/2) • n = 77; e = 13; d = 37 • Send message block m = 7 • Encryption: c = me mod n = 713 mod 77 = 35 • Decryption: m = cd mod n = 3537 mod 77 = 7

  39. Properties • Confidentiality • A receiver B computes n, e, d, and sends out (n, e) • Everyone who wants to send a message to A uses (n, e) to encrypt it • How difficult is to recover d ? (Someone that can do this can decrypt any message sent to B!) • Recall that d is relatively prime to (p-1)*(q-1) • So to find d, you need to find prime factors p and q • This is provably very difficult

  40. Public Key Encryption • Transmission of message is secure • as only B has the matching private key to decrypt message • Differences between public and secret key • One pair of keys generated for every object, so number of keys is linear to number of objects • Because different functions: • use of public keys is more complicated for reply messages. A must generate pair of keys and publish its public key, which B acquires to encrypt reply message

  41. Pretty Good Privacy • Public Key encryption used in PGP • Generally available, and can be used for • encryption of messages • digital signatures. • PGP combines DES and RSA • DES fast, but symmetric, hence key distribution problem • RSA slower, but no key distribution problem • Solution: Use RSA to encrypt and distribute key for DES encryption!!!

More Related