1.03k likes | 1.22k Views
Security. Chapter 8. Security. Security in distributed system can be divided into two parts: A secure channel is a mechanism for ensuring communication though authentication, message integrity, and confidentiality.
E N D
Security Chapter 8
Security • Security in distributed system can be divided into two parts: • A secure channel is a mechanism for ensuring communication though authentication, message integrity, and confidentiality. • Authorization deals with ensuring that a process gets only those access rights to the resources.
Security • A dependable and trusted system should include: • Availability: Accessible and usable upon demand for authorized entities • Reliability: Continuity of service delivery • Safety: Very low probability of catastrophes • Confidentiality: No unauthorized disclosure of information • Integrity: No accidental or malicious alterations of information have been performed (even by authorized entities) • In distributed systems, security is the combination of availability, integrity, and confidentiality. A dependable distributed system is thus fault tolerant and secure.
Security Threats • Four types of security threats: • Interception refers to the situation that an unauthorized party has gained access to a service or data. • Interruption refers to the situation in which services or data become unavailable, unusable, or destroyed. • Modifications involve unauthorized changing of data or tampering with a service. • Fabrication refers to the situation in which additional data or activity are generated that would normally not exist.
Security Threats • Examples of security threats: • Interception • Channel: Reading the content of transferred messages • Object: Reading the data contained in an object • Interruption • Channel: Preventing message transfer • Object: Denial of service • Modification • Channel: Changing message content • Object: Changing an object's encapsulated data • Fabrication • Channel: Inserting messages • Object: Spoofing an object
Security Mechanisms • A security policy describes precisely which actions are allowed and which are prohibited. • To protect against security threats, we have a number of securitymechanisms at our disposal: • Encryption: Transform data into something that an attacker cannot understand (confidentiality). It is also used to check whether something has been modified (integrity). • Authentication: Verify the claim that a subject says it is : verifying the identity of a subject. • Authorization: Determining whether a subject is permitted to make use of certain services. • Auditing: Trace which subjects accessed what, and in which way. Useful only if it can help catch an attacker. • Authorization makes sense only if the requesting subject has been authenticated.
Security Policies • Policy: Prescribes how to use mechanisms to protect against attacks. Requires that a model of possible attacks is described (i.e., security architecture). • Example: Globus security architecture • There are multiple administrative domains • Local operations subject to local security policies • Global operations require requester to be globally known • Interdomain operations require mutual authentication • Global authentication replaces local authentication • Users can delegate privileges to processes • Credentials can be shared between processes in the same domain • Policy statements leads to the introduction of mechanisms for crossdomain authentication and making users globally known user proxies and resource proxies
Security Policies • Globus Example: • Consider a mobile agent in Globus that carries out a task by initiating several operations in different domains. • By authenticating an agent and subsequently checking its rights, Globus should be able to allow an agent to initiate an operation without having to contact the agent’s owner. • To allow cross-domain authentication and make a user known in remote domain, two types of representatives are introduced: • A user proxy is a process that is given permission to act on behalf of a user. • A resource proxy is a process running within a specific domain that is used to translate global operations on a resource into local operations.
Security Policies • The security architecture defines four different protocol: • Creation of user proxy • Allocation of a resource by the user in a remote domain • Allocation of a resource by a process in a remote domain • Making user known in remote domain • Three design issues are concerned: • Focus of control • Layering of security mechanisms • Simplicity
Example: Globus Security Architecture • Diagram of Globus security architecture.
Design Issue: Focus of Control • Policy: What is our focus when talking about protection? Three approaches: (a) data, (b) invalid operations, (c) unauthorized users. • We generally need all three, but each requires different mechanisms. • At which logical level are we going to implement security mechanisms? • It depends on the trust a client has in how secure the services are in a particular layer.
Focus of Control • Three approaches for protection against security threats • Protection against invalid operations • Protection against unauthorized invocations • Protection against unauthorized users
Design Issue: Layering of Security Mechanisms • An example such as Switched Multi-megabit Data Service (SMDS). • Security can be provided by placing encryption devices at each SMDS router. • These devices encrypt and decrypt packets but do not provide secure communication. • Secure Socket Layer (SSL) can be used to securely send messages across a TCP connection. • In distributed systems, security mechanisms are often placed in the middleware layer.
Layering of Security Mechanisms • The logical organization of a distributed system into several layers.
Layering of Security Mechanisms • Several sites connected through a wide-area backbone service.
Design Issue: Layering of Security Mechanism • Whether security mechanisms are actually used is related to the trust a user has in those mechanisms. If you do not trust those mechanisms, you can implement your own mechanisms. • Dependencies between services regarding trust lead to the notion of a Trusted Computing Base (TCB). A TCB is the set of mechanisms needed to enforce a policy. • Trusted Computing Base: What is the set of mechanisms needed to enforce a policy. • The smaller, the better. • Where to place mechanisms? Simplicity.
Distribution of Security Mechanisms • The principle of RISSC as applied to secure distributed systems. • (any security-critical server is placed on a separate machine)
Crypotography • The original form of the message that is sent is called the plaintext (P). The encrypted form is referrred to as the ciphertext (C). • Three types of intruders: • Passive intruder only listens to messages. • Active intruder can alter messages. • Active intruder can insert messages.
Cryptography • Intruders and eavesdroppers in communication.
Crypotography • Symmetric (secret-key) system: Use a single key to (1) encrypt the plaintext and (2) decrypt the ciphertext. Requires that sender and receiver share the secret key. • Asymmetric (public-key) system: Use different keys for encryption and decryption, of which one is private, and the other public. • Hashing system: Only encrypt data and produce a fixedlength digest. There is no decryption; only comparison is possible.
Cryptographic Functions • Usually, the encryption method E is made public, but let the encryption as a whole be parameterized by means of a key k (same for decryption). • Properties of Hash functions: • Oneway function: Given some output mout of ES , it is (analytically or) computationally infeasible to find min • Weak collision resistance: Given an input m and its associated output h = H(m) it is computationally infeasible to find an m’ such that H(m) = H(m’). • Strong collision resistance: given only H, it is computationally infeasible to find any two different inputs m and m’ such that H(m) = H(m’).
Cryptography • Notation used in this chapter.
Symmetric Cryptosystems • Substitute Cipher: each letter or group of letter is replaced by another letter or group of letters • Caesar cipher: rotate the letter (a D, b E, c F, z C). • Example: attack DWWDFN • Monoalphabetic substitution • Each letter replaced by different letter Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM • Disadvantage: It does not smooth out frequencies in the cipher text. • Polyalphabatic cipher – use multiple cipher alphabets.
Secret-Key Cryptography • Transition cipher: reorder the letters, but don't disguise them. • select a key MEGABUCK 7 4 5 1 2 8 3 6 p l e a s e t r a n s f e r o n e h u n d r e d afnsedtoelnhesurndpaeerr Plain text cipher text
Transposition Ciphers • A transposition cipher.
Symmetric Cryptosystems: DES • Data Data Encryption Standard (DES) was developed by IBM and adopted as a US national standard in 1977. • The encryption function maps a 64-bit plaintext input into a 64-bit encrypted output using a 56-bit master key. • The algorithm has 16 key-dependent stages known as rounds where each round uses a different 48-bit key for encryption and was time-consuming. • The DES algorithm is difficult to break using analytical methods ((the rationale behind the design has never been clearly explained). Using a brute-force attack will do the job because the key length is 56 bits. In June 1997, it was successfully cracked. Only used for the protection of low-value information.
Symmetric Cryptosystems: DES • The principle of DES • Outline of one encryption round
Symmetric Cryptosystems: DES • Details of per-round key generation in DES.
Symmetric Cryptosystems: AES • Triple-DES: apply DES three times with another two different keys. Give strength against brute-force attacks. • In 1997, the US NIST (National Institute of Standards and Technology)issued an invitation for Advanced Encryption Standard (AES). • NIST announced the approval of the Federal Information Processing Standard (FIPS) for the Advanced Encryption Standard, FIPS-197. • This standard specifies Rijndael algorithm (blocks of 128 bits) as a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information. • The algorithm has been designed to be fast enough so that it can even be implemented on smart cards.
Public-Key Cryptosystems: RSA • RSA, named after its inventors Rivest, Shamir, and Adlemean, a public-key cryptographic algorithm. • The security of RSA comes from the fact that no methods are known to efficiently find the prime factors to large numbers. • For example, 2100 can be written as 2100 = 2 x 2 x 3 x 5 x 5 x 7 making 2, 3, 5, and 7 the prime factors in 2100. • In RSA, the private and public keys are constructed from very large prime numbers. It turns out breaking RSA is equivalent to finding those two prime numbers.
Public-Key Cryptosystems: RSA • Generating the private and public key requires four steps: • Choose two very large prime numbers, p and q • Compute n = p x q and z = (p – 1) x (q – 1) • Choose a number d that is relatively prime to z (that is, such that d has no common factors with z) • Compute the number e such that e x d = 1 mod z • Group P into blocks such that C=Pe (mod n) and P=Cd(mod n) where 0 <= P < n
Public-Key Cryptography • Example: • p=13 q=17 n = 13 x 17 = 221 • z = (13 – 1) x (17 – 1) = 192. • let d=5 (prime to z) • e x d = 1 mod 192 = 1, 193, 385, ... • 385 is divisible by d • e = 385/5 = 77 • Example: • p=3 q=11 n = 3 x 11 = 33 • z = (3 – 1) x (11 – 1) = 20. • let d=7 (prime to z) • 7 x e mod 20 = 1 e=3 • C = P3 (mod 33), P = C7 (mod 33)
RSA • An example of the RSA algorithm.
Public-Key vs. Secret-Key Cryptosystems • Compare RSA to DES: • Encrypting message using RSA is much slower than DES • RSA is most used for exchange only shared keys
Pretty Good Privacy (PGP) • Pretty Good Privacy (PGP) is a popular program used to encrypt and decrypt e-mail over the Internet. • It can also be used to send an encrypted digital signature that lets the receiver verify the sender's identity and know that the message was not changed en route. • Available both as freeware and in a low-cost commercial version, • PGP is the most widely used privacy-ensuring program by individuals and is also used by many corporations. Developed by Philip R. Zimmermann in 1991, PGP has become a de facto standard for e-mail security. • PGP can also be used to encrypt files being stored so that they are unreadable by other users or intruders. .
Hash Functions : MD5 • MD5 (Message Digest 5) is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input which may be a message of any length. • MD5, which was developed by Professor Ronald L. Rivest of MIT, is intended for use with digital signature applications, which require that large files must be compressed by a secure method before being encrypted with a secret key, under a public key cryptosystem. • MD5 is currently a standard, Internet Engineering Task Force (IETF) Request for Comments (RFC) 1321.
Hash Functions : MD5 • The structure of MD5
Hash Functions : MD5 • The 16 iterations during the first round in a phase in MD5.
Secure Channels • Goal: Set up a channel allowing for secure communication between two processes. • They both know who is on the other side (authenticated). • They both know that messages cannot be tampered with (integrity). • They both know messages cannot leak away (confidentiality).
Authentication versus Integrity • Note: Authentication and data integrity rely on each other. Consider an active attack by Trudy on the communication from Alice to Bob. • Authentication without integrity: Alice's message is authenticated, and intercepted by Trudy, who tampers with its content, but leaves the authentication part as is. Authentication has become meaningless. • Integrity without authentication: Trudy intercepts a message from Alice, and then makes Bob believe that the content was really sent by Trudy. Integrity has become meaningless. • Question: What can we say about confidentiality versus authentication and integrity?
Authentication: Secret Keys • 1: Alice sends ID to Bob • 2: Bob sends challenge RB (i.e. a random number) to Alice • 3: Alice encrypts RB with shared key KA,B . Now Bob knows he's talking to Alice • 4: Alice send challenge RA to Bob • 5: Bob encrypts RA with KA,B . Now Alice knows she's talking to Bob • Note: We can improve the protocol by combining steps 1&4, and 2&3. This costs only the correctness.
Authentication (1) • Authentication based on a shared secret key.
Authentication (2) • Authentication based on a shared secret key, but using three instead of five messages.
Authentication: The Reflection Attack • 1: Chuck sends (A (Alice ID), RC) to Bob. • 2: Bob sends (RB, ,KA,B (RC)) to Chuck. • 3: Chuck sends (A, RB) to Bob. • 4: Bob sends (RB2, ,KA,B (RB)) to Chuck. • 5: Chuck KA,B (RB) to Bob. • 6: Bob thought Chuck is Alice.
Authentication (3) • The reflection attack.
The principle of using a KDC • The problem of using a shared key is scalability. • Key Distribution Center (KDC) is used for key distribution and shares a secret key with each host. • KDC operation: • Alice send (A, B) to the KDC. • The KDC send KA,KDC (KA,B ) to Alice and KB,KDC (KA,B ) Bob. • Drawbacks: Alice may want to start setting up a new secure channel and KDC is required to get Bob into the loop. • Solution: Pass KB,KDC (KA,B ) to Alice and let Alice send it to Bob. The message KB,KDC (KA,B ) is known as a ticket.
Authentication Using a Key Distribution Center (1) • The principle of using a KDC.
Authentication Using a Key Distribution Center (2) • Using a ticket and letting Alice set up a connection to Bob.
Authentication Using a Key Distribution Center • Figure 8-16 is an example Needham-Schroeder authentication protocol. • The challenge RA1 that Alice sends to the KDC is known as nonce. A nonce is a random number that is used only once and used to uniquely related two messages.
Authentication Using a Key Distribution Center (3) • The Needham-Schroeder authentication protocol.