1 / 37

Outline

Outline. Announcement Authentication Cryptography Authentication Quiz #3 at the end of today’s class. Announcement. You must do your demo before 4:30pm, April 29, 2003 Name server: program1 Prefix table Logical Prefix Server IP Server Port Remote directory

hvalle
Download Presentation

Outline

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Outline • Announcement • Authentication • Cryptography • Authentication • Quiz #3 at the end of today’s class

  2. Announcement • You must do your demo before 4:30pm, April 29, 2003 • Name server: program1 • Prefix table Logical Prefix Server IP Server Port Remote directory / 128.186.120.34 1281 /tmp/XXX/cop5611-DFS /program1 128.186.120.53 1282 /tmp/XXX/cop5611-DFS /linprog1 128.186.120.33 1280 /tmp/liux/cop5611-DFS /program3 128.186.120.55 1285 /tmp/XXX/cop5611-DFS • You need to have your servers running before you come to my office • I will test your system through your client program and based on your report COP 5611 - Operating Systems

  3. Introduction • The fundamental problem to security in distributed systems is the use of cryptographic techniques • Access matrix model can be used to prevent unauthorized accesses if the users that claimed to be are true • However, in distributed systems, the user authentication becomes a big problem COP 5611 - Operating Systems

  4. Introduction – cont. COP 5611 - Operating Systems

  5. Potential Threats • A threat to a system in which an intruder can have access to only the ciphertext is called a ciphertext-only attack • A threat to a system in which an intruder can have access to both ciphertext and a considerable amount of corresponding plaintext is called a known-plaintext attack • A threat to a system in which an intruder can obtain ciphertext corresponding to plaintext of his choice is referred to as a chosen-plaintext attack COP 5611 - Operating Systems

  6. Design Principles • Shannon’s principle • Shannon’s principle of diffusion – Spread the correlation and dependencies among key-string variables over substrings as much as possible • Shannon’s principle of confusion – Change a piece of information so that the output has no obvious relation to the input • Exhaustive search principle • The determination of the key requires an exhaustive search of the an extremely large space COP 5611 - Operating Systems

  7. Private Key Cryptography • Data encryption standard (DES) • It is a block cipher that crypts 64-bit data blocks using a 56-bit key • Two basic operations • Permutation • Substitution • Three stages • Initial permutation stage • Complex transformation stage • Final permutation stage COP 5611 - Operating Systems

  8. Private Key Cryptography – cont. COP 5611 - Operating Systems

  9. Private Key Cryptography – cont. COP 5611 - Operating Systems

  10. Private Key Cryptography – cont. COP 5611 - Operating Systems

  11. Public Key Cryptography • Private key cryptography and conventional cryptographic techniques require the distribution of secret keys • Known as the key distribution problem • Public key cryptography solves the key distribution problem by making the encryption procedure and the associated key available in the public domain COP 5611 - Operating Systems

  12. Public Key Cryptography – cont. • Now it is possible for two users to have a secure communication even they have not communicated before • Implementation issues • One-way functions COP 5611 - Operating Systems

  13. RSA Method • The encryption key is a pair (e, n) • The decryption key is a pair (d, n) COP 5611 - Operating Systems

  14. RSA Method – cont. • Generating the private and public key requires four steps • Choose two very large prime numbers, p and q • Compute n = p x q and z = (p – 1) x (q – 1) • Choose a number d that is relatively prime to z • Compute the number e such that e x d = 1 mod z COP 5611 - Operating Systems

  15. Authentication • In distributed systems, authentication means verifying the identity of communicating entities to each other • The assumption is that the communication network is not secure in that an intruder can copy and play back a message on the network • The textbook called it “interactive secure connections” COP 5611 - Operating Systems

  16. Authentication – cont. • Authentication based on a shared secret key. COP 5611 - Operating Systems

  17. Authentication – cont. • Authentication based on a shared secret key, but using three instead of five messages. COP 5611 - Operating Systems

  18. Authentication – cont. • The reflection attack. COP 5611 - Operating Systems

  19. Authentication Using a Key Distribution Center • The principle of using a KDC. COP 5611 - Operating Systems

  20. Authentication Using a Key Distribution Center – cont. • Using a ticket and letting Alice set up a connection to Bob. COP 5611 - Operating Systems

  21. Authentication Using a Key Distribution Center – cont. • The Needham-Schroeder authentication protocol. COP 5611 - Operating Systems

  22. Authentication Using a Key Distribution Center – cont. • Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol. COP 5611 - Operating Systems

  23. Authentication Using Public-Key Cryptography • Mutual authentication in a public-key cryptosystem. COP 5611 - Operating Systems

  24. Message Integrity and Confidentiality • Message integrity means that messages are protected against modification • Confidentiality ensures that messages cannot be intercepted and read by eavesdroppers • Digital signatures • A user cannot forge the signature of other users • A sender of a signed message cannot deny the validity of his signature on the message • A recipient of a signed message cannot modify the signature in the message COP 5611 - Operating Systems

  25. Digital Signatures • Digital signing a message using public-key cryptography. COP 5611 - Operating Systems

  26. Digital Signatures – cont. COP 5611 - Operating Systems

  27. Digital Signatures – cont. • Digitally signing a message using a message digest. COP 5611 - Operating Systems

  28. Key Establishment • The principle of Diffie-Hellman key exchange. COP 5611 - Operating Systems

  29. Key Distribution COP 5611 - Operating Systems

  30. Key Distribution – cont. COP 5611 - Operating Systems

  31. Kerberos COP 5611 - Operating Systems

  32. Kerberos – cont. • Setting up a secure channel in Kerberos. COP 5611 - Operating Systems

  33. Electronic Payment Systems • Payment systems based on direct payment between customer and merchant. • Paying in cash. • Using a check. • Using a credit card. COP 5611 - Operating Systems

  34. Electronic Payment Systems – cont. • Payment systems based on money transfer between banks. • Payment by money order. • Payment through debit order. COP 5611 - Operating Systems

  35. E-cash COP 5611 - Operating Systems

  36. Secure Electronic Transactions COP 5611 - Operating Systems

  37. Summary • Cryptography is a fundamental problem in security of distributed systems • Based on private keys • Based on public keys • Authentication in distributed systems • There are still a lot of challenges and research issues in this area COP 5611 - Operating Systems

More Related