860 likes | 1.12k Views
Security I – General principles. First, we will look at general methods of making a secure connection, which are widely applicable. Then, look at the specifics for grid computing, which has additional security requirements and constraints. Basic Principles. Secure Connections.
E N D
First, we will look at general methods of making a secure connection, which are widely applicable. • Then, look at the specifics for grid computing, which has additional security requirements and constraints.
Secure Connections • Secure connections are needed in many computer related activities, including e-business and grid computing.
Dealing with users and resources Two critically important factors are: • Authentication • Process of deciding whether a particular identity is who he says he is (applies to humans and systems) • Authorization • Process of deciding whether a particular identity can access a particular resource • Access control Broader aspect of authorization controlling specific types of access.
AuthenticationPassword-Based • User enters a user name and password. • User name and password sent through network to server. • Server validates name and password and responds.
Name and Password • Consider a login prompt: login% abw There is no such user login%
Name and Password • A different login prompt behavior: login% abw password% ****** authentication failed login% • Second version a little more secure because it reveals less information to a potential intruder, but ...
Name and Password • Since name and password sent in plain text, vulnerable to interference and being stolen. • Need a system in which in one can be sure of sender.
Two aspects: • Send information in an encrypted form. • Have a trusted third party or some sure way of proving identity.
Data Confidentiality • Information exchange needs to protected against eavesdroppers. • Make data in a form that makes it unreadable except by the parties that are to read it.
Cryptography Basic idea: Encryption • Convert the original message (clear text, or plain text) to the encrypted message (ciphertext) Decryption • Reverse process of retrieving plaintext from encrypted text
Can either: • Make encryption/decryption algorithm(s) hidden, so that an intruder cannot know it, or, better: • Use known algorithms and use a hidden key with the algorithms.
Cryptography algorithms with keys • Converts data into scrambled binary patterns, using a large binary number called a key. • A key is also used to convert the scrambled patterns back to the original data. • Algorithms are well-known - it is a specific key(s) that must be kept secure.
Secret Key Cryptography • Sender and receiver has a same secret key in their possession. • Sender uses secret key to encrypt data. • Receiver uses same key to decrypt data. • Known as symmetric cryptography. Key is called a symmetric key.
Encryption and Decryption My message that must be kept secret 1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE My message that must be kept secret Original data Cipher data Original data Same key
Simple Secret-Key Example Data (“abra”) has binary representation: 01100001011000100011100101100001 Choose random string of bits as key: 10011101010010001111010101011100 Exclusive-OR patterns to get encrypted message: 11111100001010101000011100111101 To get original message back, use same algorithm and key!Practical algorithms much more complex.
Common Symmetric Key Cryptography Systems • Data Encryption Standard (DES) 56-bit key plus 8 parity bits - IBM 1970’s. • Triple-DES 112 bit key plus 16 parity bits or 168-bit plus 24 parity bits. • RC2 and RC4 variable sized key, often 40 to 128 bits.
Problemswith Symmetric Key Cryptography • Need a way of both sender and receiver to obtain secret key without anyone else knowing the key. • Need a different key for each receiver that a sender may communicate with.
Advantagesof Symmetric Key Cryptography • Fast encryption/decryption (compared to asymmetric key cryptography (see next). Used because of speed in conjunction with asymmetric key cryptography.
Public-Key Cryptography • Public invention due to Whitfield Diffie & Martin Hellman at Stanford Univ. in 1976 (known earlier in classified community, UK) • Probably most significant advance in the 3000 year history of cryptography • Uses clever application of number theoretic concepts of functions • Complements rather than replaces secret key cryptography
Public Key Cryptography(Asymmetric key pair) Two keys are formed: • a public key to encrypt the transmission, and • a private key to decrypt the transmission (or vice versa).
Encryption and Decryption Receiver’s My message that must be kept secret 1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE My message that must be kept secret Public key Private Key Original data Cipher data Original data
Public Key and Private Key • Public and private keys are pairs such that a message encrypted with the public key can only be decrypted with the private key (and vice versa). • Public key, as name suggests, is available to all. • Private key only known by it’s owner. • Not possible to find the private key from the public key for all practical purposes.
Public Key CryptographyExampleRivest, Shanir, and Adleman (RSA) RSA algorithm invented by Ronald L. Rivest, Adi Shamir, and Leonard Adleman in 1977. Variable sized key, usually between 512 - 2048 bits.
RSA Algorithm • Find P and Q, two large prime numbers (e.g., 1024-bit). • Choose E such that: • E is greater than 1, • E is less than PQ, and • E and (P-1)(Q-1) have no prime factors in common (relatively prime). E does not have to be prime, but it must be odd. (P-1)(Q-1) can't be prime because it's an even number.
RSA Algorithm (cont.) • Compute D such that (DE - 1) is evenly divisible by (P-1)(Q-1). Simply find an integer X that causes D = (X(P-1)(Q-1) + 1)/E to be an integer, then use that value of D.
RSA Algorithm (cont.) Encryption function is: C = (TE) mod PQ where: • C is the encrypted message (ciphertext) a positive integer), • T is the message being encrypted plaintext (a positive integer). T must be less than the modulus, PQ.
RSA Algorithm (cont.) Decryption function is: T = (CD) mod PQ where: • C is the encrypted message (ciphertext) a positive integer), • T is the message being encrypted plaintext (a positive integer).
RSA Algorithm (cont.) • Your public key is the pair (PQ, E). • Your private key is the number D (reveal it to no one). PQ called the modulus E is the public exponent. D is the secret exponent. No known easy methods of calculating D, P, or Q given only (PQ, E) (your public key) if P and Q are very large (1024 bit or more).
Though it is widely suspected to be true, it is not yet proven that no easy methods of factoring exist. • It is not yet proven that the only way to crack RSA is to factor PQ. • See http://en.wikipedia.org/wiki/RSA for interesting attempts to break code.
Example of the RSA Algorithm First prime number: P = 61 Second prime number Q = 53 Modulus: PQ = 3233 Public exponent: E = 17 Private exponent: D = 2753 Destroy P and Q after computing E and D. Your public key is (E, PQ). Your private key is D.
Example of the RSA Algorithm (cont.) Encryption function encrypt(T) = (TE) mod PQ = (T17) mod 3233 Decryption function decrypt(C) = (CD) mod PQ = (C2753) mod 3233
Example of the RSA Algorithm (cont.) To encrypt the plaintext value 123, do this: encrypt(123) = (12317) mod 3233 = 855 To decrypt the ciphertext value 855, do this: decrypt(855) = (8552753) mod 3233 = 123
Aside • Idea of public key schemes was published in 1977 by Diffie & Hellman. • Concept previously described in a classified report in 1970 by James Ellis (UK). Subsequently declassified in 1987. • In classified documents, RSA discovered first, then Diffie-Hellman, opposite to the order of public discovery!
How secure is public key encryption? • Like secret key schemes, brute force exhaustive search attack is always theoretically possible but • Requires the use of very large numbers • Hence slower than secret key schemes
Aside • One grid computing project done last year was breaking codes by exhaustive search.
Sequential Search From : Parallel Programming: Techniques and Application Using Networked Workstations and Parallel Computers 2nd edition, by Barry Wilkinson & Michael Allen, Prentice Hall 2004.
Using Multiple Identical Grid Services Searching each sub-space in parallel Solution found
Non-repudiation • Public key cryptography can provide for non-repudiation • Sender cannot deny they sent out a message if encrypted with their private key. Can be read with their public key.
Non-repudiation Sender’s My message that must be kept secret 1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE My message that must be kept secret Public Key Private key Original data Cipher data Original data
Question - Why is it not sufficient to simply encrypt with receiver’s public key and decrypt with receiver’s private key: Receiver’s My message that must be kept secret 1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE My message that must be kept secret Public key Private Key Original data Cipher data Original data
Answer • Anyone has access access to the public key and could send the message.
Public Key CryptographyDouble Encryption Transmitted data Sender Receiver My message that must be kept secret yuicfhkh[pa2354mghdas67f My message that must be kept secret Receiver’s private Key Original data Receiver’s public key Original data Sender’s private Key Sender’s public key Slow but secure.
Problem with Public Key Cryptography used alone • Slow • Can only send encrypted data for decryption to one destination at a time (not broadcast). This aspect does not seem to be addressed in the literature. Maybe not a big deal.
Problem with Public Key Cryptography used alone • If you want to send data to a destination that only it could decrypt, one would use its public key to encrypt, but: Cannot be sure that a particular sender is sending the message encrypted with the public key as everyone knows this key.
Data Confidentially and Data Integrity • Data Confidentiality - information exchange needs to protected against eavesdroppers. • Data Integrity - need to assure that message was not modified in transit (intentionally or by accident).
Achieving Data Confidentially and Data Integrity • “Encrypt” data in a form that makes it unreadable except by the parties that are to read it, and • Attach a binary pattern with the message computed from the message, which changes if the message has been altered.