1 / 102

Security

Security. Chapter 8. Security. Security in distributed system can be divided into two parts: A secure channel is a mechanism for ensuring communication though authentication, message integrity, and confidentiality.

seth-bright
Download Presentation

Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Chapter 8

  2. Security • Security in distributed system can be divided into two parts: • A secure channel is a mechanism for ensuring communication though authentication, message integrity, and confidentiality. • Authorization deals with ensuring that a process gets only those access rights to the resources.

  3. Security • A dependable and trusted system should include: • Availability: Accessible and usable upon demand for authorized entities • Reliability: Continuity of service delivery • Safety: Very low probability of catastrophes • Confidentiality: No unauthorized disclosure of information • Integrity: No accidental or malicious alterations of information have been performed (even by authorized entities) • In distributed systems, security is the combination of availability, integrity, and confidentiality. A dependable distributed system is thus fault tolerant and secure.

  4. Security Threats • Four types of security threats: • Interception refers to the situation that an unauthorized party has gained access to a service or data. • Interruption refers to the situation in which services or data become unavailable, unusable, or destroyed. • Modifications involve unauthorized changing of data or tampering with a service. • Fabrication refers to the situation in which additional data or activity are generated that would normally not exist.

  5. Security Threats • Examples of security threats: • Interception • Channel: Reading the content of transferred messages • Object: Reading the data contained in an object • Interruption • Channel: Preventing message transfer • Object: Denial of service • Modification • Channel: Changing message content • Object: Changing an object's encapsulated data • Fabrication • Channel: Inserting messages • Object: Spoofing an object

  6. Security Mechanisms • A security policy describes precisely which actions are allowed and which are prohibited. • To protect against security threats, we have a number of securitymechanisms at our disposal: • Encryption: Transform data into something that an attacker cannot understand (confidentiality). It is also used to check whether something has been modified (integrity). • Authentication: Verify the claim that a subject says it is : verifying the identity of a subject. • Authorization: Determining whether a subject is permitted to make use of certain services. • Auditing: Trace which subjects accessed what, and in which way. Useful only if it can help catch an attacker. • Authorization makes sense only if the requesting subject has been authenticated.

  7. Security Policies • Policy: Prescribes how to use mechanisms to protect against attacks. Requires that a model of possible attacks is described (i.e., security architecture). • Example: Globus security architecture • There are multiple administrative domains • Local operations subject to local security policies • Global operations require requester to be globally known • Interdomain operations require mutual authentication • Global authentication replaces local authentication • Users can delegate privileges to processes • Credentials can be shared between processes in the same domain • Policy statements leads to the introduction of mechanisms for cross­domain authentication and making users globally known user proxies and resource proxies

  8. Security Policies • Globus Example: • Consider a mobile agent in Globus that carries out a task by initiating several operations in different domains. • By authenticating an agent and subsequently checking its rights, Globus should be able to allow an agent to initiate an operation without having to contact the agent’s owner. • To allow cross-domain authentication and make a user known in remote domain, two types of representatives are introduced: • A user proxy is a process that is given permission to act on behalf of a user. • A resource proxy is a process running within a specific domain that is used to translate global operations on a resource into local operations.

  9. Security Policies • The security architecture defines four different protocol: • Creation of user proxy • Allocation of a resource by the user in a remote domain • Allocation of a resource by a process in a remote domain • Making user known in remote domain • Three design issues are concerned: • Focus of control • Layering of security mechanisms • Simplicity

  10. Example: Globus Security Architecture • Diagram of Globus security architecture.

  11. Design Issue: Focus of Control • Policy: What is our focus when talking about protection? Three approaches: (a) data, (b) invalid operations, (c) unauthorized users. • We generally need all three, but each requires different mechanisms. • At which logical level are we going to implement security mechanisms? • It depends on the trust a client has in how secure the services are in a particular layer.

  12. Focus of Control • Three approaches for protection against security threats • Protection against invalid operations • Protection against unauthorized invocations • Protection against unauthorized users

  13. Design Issue: Layering of Security Mechanisms • An example such as Switched Multi-megabit Data Service (SMDS). • Security can be provided by placing encryption devices at each SMDS router. • These devices encrypt and decrypt packets but do not provide secure communication. • Secure Socket Layer (SSL) can be used to securely send messages across a TCP connection. • In distributed systems, security mechanisms are often placed in the middleware layer.

  14. Layering of Security Mechanisms • The logical organization of a distributed system into several layers.

  15. Layering of Security Mechanisms • Several sites connected through a wide-area backbone service.

  16. Design Issue: Layering of Security Mechanism • Whether security mechanisms are actually used is related to the trust a user has in those mechanisms. If you do not trust those mechanisms, you can implement your own mechanisms. • Dependencies between services regarding trust lead to the notion of a Trusted Computing Base (TCB). A TCB is the set of mechanisms needed to enforce a policy. • Trusted Computing Base: What is the set of mechanisms needed to enforce a policy. • The smaller, the better. • Where to place mechanisms? Simplicity.

  17. Distribution of Security Mechanisms • The principle of RISSC as applied to secure distributed systems. • (any security-critical server is placed on a separate machine)

  18. Crypotography • The original form of the message that is sent is called the plaintext (P). The encrypted form is referrred to as the ciphertext (C). • Three types of intruders: • Passive intruder only listens to messages. • Active intruder can alter messages. • Active intruder can insert messages.

  19. Cryptography • Intruders and eavesdroppers in communication.

  20. Crypotography • Symmetric (secret-key) system: Use a single key to (1) encrypt the plaintext and (2) decrypt the ciphertext. Requires that sender and receiver share the secret key. • Asymmetric (public-key) system: Use different keys for encryption and decryption, of which one is private, and the other public. • Hashing system: Only encrypt data and produce a fixed­length digest. There is no decryption; only comparison is possible.

  21. Cryptographic Functions • Usually, the encryption method E is made public, but let the encryption as a whole be parameterized by means of a key k (same for decryption). • Properties of Hash functions: • One­way function: Given some output mout of ES , it is (analytically or) computationally infeasible to find min • Weak collision resistance: Given an input m and its associated output h = H(m) it is computationally infeasible to find an m’ such that H(m) = H(m’). • Strong collision resistance: given only H, it is computationally infeasible to find any two different inputs m and m’ such that H(m) = H(m’).

  22. Cryptography • Notation used in this chapter.

  23. Symmetric Cryptosystems • Substitute Cipher: each letter or group of letter is replaced by another letter or group of letters • Caesar cipher: rotate the letter (a  D, b  E, c  F, z  C). • Example: attack  DWWDFN • Monoalphabetic substitution • Each letter replaced by different letter Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM • Disadvantage: It does not smooth out frequencies in the cipher text. • Polyalphabatic cipher – use multiple cipher alphabets.

  24. Secret-Key Cryptography • Transition cipher: reorder the letters, but don't disguise them. • select a key MEGABUCK 7 4 5 1 2 8 3 6 p l e a s e t r a n s f e r o n e h u n d r e d  afnsedtoelnhesurndpaeerr Plain text  cipher text

  25. Transposition Ciphers • A transposition cipher.

  26. Symmetric Cryptosystems: DES • Data Data Encryption Standard (DES) was developed by IBM and adopted as a US national standard in 1977. • The encryption function maps a 64-bit plaintext input into a 64-bit encrypted output using a 56-bit master key. • The algorithm has 16 key-dependent stages known as rounds where each round uses a different 48-bit key for encryption and was time-consuming. • The DES algorithm is difficult to break using analytical methods ((the rationale behind the design has never been clearly explained). Using a brute-force attack will do the job because the key length is 56 bits. In June 1997, it was successfully cracked. Only used for the protection of low-value information.

  27. Symmetric Cryptosystems: DES • The principle of DES • Outline of one encryption round

  28. Symmetric Cryptosystems: DES • Details of per-round key generation in DES.

  29. Symmetric Cryptosystems: AES • Triple-DES: apply DES three times with another two different keys. Give strength against brute-force attacks. • In 1997, the US NIST (National Institute of Standards and Technology)issued an invitation for Advanced Encryption Standard (AES). • NIST announced the approval of the Federal Information Processing Standard (FIPS) for the Advanced Encryption Standard, FIPS-197. • This standard specifies Rijndael algorithm (blocks of 128 bits) as a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information. • The algorithm has been designed to be fast enough so that it can even be implemented on smart cards.

  30. Public-Key Cryptosystems: RSA • RSA, named after its inventors Rivest, Shamir, and Adlemean, a public-key cryptographic algorithm. • The security of RSA comes from the fact that no methods are known to efficiently find the prime factors to large numbers. • For example, 2100 can be written as 2100 = 2 x 2 x 3 x 5 x 5 x 7 making 2, 3, 5, and 7 the prime factors in 2100. • In RSA, the private and public keys are constructed from very large prime numbers. It turns out breaking RSA is equivalent to finding those two prime numbers.

  31. Public-Key Cryptosystems: RSA • Generating the private and public key requires four steps: • Choose two very large prime numbers, p and q • Compute n = p x q and z = (p – 1) x (q – 1) • Choose a number d that is relatively prime to z (that is, such that d has no common factors with z) • Compute the number e such that e x d = 1 mod z • Group P into blocks such that C=Pe (mod n) and P=Cd(mod n) where 0 <= P < n

  32. Public-Key Cryptography • Example: • p=13 q=17  n = 13 x 17 = 221 • z = (13 – 1) x (17 – 1) = 192. • let d=5 (prime to z) • e x d = 1 mod 192 = 1, 193, 385, ... • 385 is divisible by d • e = 385/5 = 77 • Example: • p=3 q=11  n = 3 x 11 = 33 • z = (3 – 1) x (11 – 1) = 20. • let d=7 (prime to z) • 7 x e mod 20 = 1  e=3 • C = P3 (mod 33), P = C7 (mod 33)

  33. RSA • An example of the RSA algorithm.

  34. Public-Key vs. Secret-Key Cryptosystems • Compare RSA to DES: • Encrypting message using RSA is much slower than DES • RSA is most used for exchange only shared keys

  35. Pretty Good Privacy (PGP) • Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. • It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route. • Available both as freeware and in a low-cost commercial version, • PGP is the most widely used privacy-ensuring program by individuals and is also used by many corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail security. • PGP can also be used to encrypt files being stored so that they are unreadable by other users or intruders. .

  36. Hash Functions : MD5 • MD5 (Message Digest 5) is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input which may be a message of any length. • MD5, which was developed by Professor Ronald L. Rivest of MIT, is intended for use with digital signature applications, which require that large files must be compressed by a secure method before being encrypted with a secret key, under a public key cryptosystem. • MD5 is currently a standard, Internet Engineering Task Force (IETF) Request for Comments (RFC) 1321.

  37. Hash Functions : MD5 • The structure of MD5

  38. Hash Functions : MD5 • The 16 iterations during the first round in a phase in MD5.

  39. Secure Channels • Goal: Set up a channel allowing for secure communication between two processes. • They both know who is on the other side (authenticated). • They both know that messages cannot be tampered with (integrity). • They both know messages cannot leak away (confidentiality).

  40. Authentication versus Integrity • Note: Authentication and data integrity rely on each other. Consider an active attack by Trudy on the communication from Alice to Bob. • Authentication without integrity: Alice's message is authenticated, and intercepted by Trudy, who tampers with its content, but leaves the authentication part as is. Authentication has become meaningless. • Integrity without authentication: Trudy intercepts a message from Alice, and then makes Bob believe that the content was really sent by Trudy. Integrity has become meaningless. • Question: What can we say about confidentiality versus authentication and integrity?

  41. Authentication: Secret Keys • 1: Alice sends ID to Bob • 2: Bob sends challenge RB (i.e. a random number) to Alice • 3: Alice encrypts RB with shared key KA,B . Now Bob knows he's talking to Alice • 4: Alice send challenge RA to Bob • 5: Bob encrypts RA with KA,B . Now Alice knows she's talking to Bob • Note: We can improve the protocol by combining steps 1&4, and 2&3. This costs only the correctness.

  42. Authentication (1) • Authentication based on a shared secret key.

  43. Authentication (2) • Authentication based on a shared secret key, but using three instead of five messages.

  44. Authentication: The Reflection Attack • 1: Chuck sends (A (Alice ID), RC) to Bob. • 2: Bob sends (RB, ,KA,B (RC)) to Chuck. • 3: Chuck sends (A, RB) to Bob. • 4: Bob sends (RB2, ,KA,B (RB)) to Chuck. • 5: Chuck KA,B (RB) to Bob. • 6: Bob thought Chuck is Alice.

  45. Authentication (3) • The reflection attack.

  46. The principle of using a KDC • The problem of using a shared key is scalability. • Key Distribution Center (KDC) is used for key distribution and shares a secret key with each host. • KDC operation: • Alice send (A, B) to the KDC. • The KDC send KA,KDC (KA,B ) to Alice and KB,KDC (KA,B ) Bob. • Drawbacks: Alice may want to start setting up a new secure channel and KDC is required to get Bob into the loop. • Solution: Pass KB,KDC (KA,B ) to Alice and let Alice send it to Bob. The message KB,KDC (KA,B ) is known as a ticket.

  47. Authentication Using a Key Distribution Center (1) • The principle of using a KDC.

  48. Authentication Using a Key Distribution Center (2) • Using a ticket and letting Alice set up a connection to Bob.

  49. Authentication Using a Key Distribution Center • Figure 8-16 is an example Needham-Schroeder authentication protocol. • The challenge RA1 that Alice sends to the KDC is known as nonce. A nonce is a random number that is used only once and used to uniquely related two messages.

  50. Authentication Using a Key Distribution Center (3) • The Needham-Schroeder authentication protocol.

More Related