660 likes | 947 Views
Distributed Operating Systems CS551. Colorado State University at Lockheed-Martin Lecture 9 -- Spring 2001. CS551: Lecture 9. Topics Distributed Security (Chapter 11) Cryptography & Digital Signatures Authentication Access Controls (Firewalls) Other Algorithms. Terms.
E N D
Distributed Operating SystemsCS551 Colorado State University at Lockheed-Martin Lecture 9 -- Spring 2001
CS551: Lecture 9 • Topics • Distributed Security (Chapter 11) • Cryptography & Digital Signatures • Authentication • Access Controls (Firewalls) • Other Algorithms CS-551, Lecture 9
Terms • Computer security: “frequently consists of two parts: authentication and access control” • Authentication: “involves the verification and identification of a valid user” • Access control: “strives to prevent unwanted tampering with data files and system resources” CS-551, Lecture 9
Terms, continued • Encryption: “encoding data using a key in such a manner that an eavesdropper cannot easily read the data” • Plaintext: “ the original data” • Ciphertext: “the encrypted data” • Decryption: “going from ciphertext to plaintext” CS-551, Lecture 9
Terms, concluded • Computationally secure: “An encryption algorithm is computationally secure if the system cannot be broken by systematic analysis with available resources.” • Private key versus public key • Symmetric versus asymmetric encryption CS-551, Lecture 9
Simple Encryption • Cereal box code ring • See Java assignment on encryption • Caesar cipher • Polyalphabetic cipher CS-551, Lecture 9
Figure 11.1 Alice and Bob Use Cryptography. Read I as J in Cypher text CS-551, Lecture 9
Symmetric Encryption • “encryption algorithms where the encryption and the decryption algorithm utilize the same key” • Examples: • Caesar cipher • Polyalphabetic cipher • Key must be private • “Secret-key encryption” • Q: how to communicate the key? • Diffie-Hellman key exchange CS-551, Lecture 9
Figure 11.5 Diffie-Hellman Key exchange. CS-551, Lecture 9
DES: Data Encryption Standard • Popular private key encryption method • US standard (NIST 1977) • Based on IBM’s LUCIFER system • 64-bit key (8 for error detection) • Encrypts data in blocks of 64 bits • 70,000,000,000,000,000 possible keys • Three-phrase encryption and decryption CS-551, Lecture 9
DES Phase 1: Initial Permutation • A permutation of the 64-bit block, changing the order of bits within each block • Each 64-bits broken up into two halves • L0, left half • R0, right half • See DES Permutation Table • E.g. the new first bit was the 58th bit • The new last bit was the 7th bit CS-551, Lecture 9
Table 11.1 DES Initial Permutation [NIST77]. CS-551, Lecture 9
DES Phase 2: Shifting (16 times) • Table-dependent • Each shift uses different subblock of key • Which subblock is used is determined by • another set of tables • its own shifting algorithm • The subscripts of the left and right halves are incremented with each shift CS-551, Lecture 9
DES Phase 3: Inverse Permutation • Similar to Phase 1 • Permutes order of bits within each block • Employs the DES Inverse Permutation table • Generates the final ciphertext • See figure 11.2 CS-551, Lecture 9
Table 11.2 DES Inverse Permutation [NIST77]. CS-551, Lecture 9
Figure 11.2 The Three Phases of DES. CS-551, Lecture 9
Triple DES • Enhanced security • Employs three 64-bit keys • DES is used three times on the data, each time with a different key • E(P, k1) = C1 • E(C1, k2) = C2 • E(C2, k3) = C3(ciphertext) CS-551, Lecture 9
Figure 11.3 Triple DES. CS-551, Lecture 9
Asymmetric Encryption • Involves two keys • A public key, ku • A private key, kr • E(P, ku) = C and D(C, kr) = P OR • E(P, kr) = C and D(C, ku) = P • Do not decrypt ciphertext with same key as encryption key • Mathematically difficult to obtain one key from the other • Example: Diffie-Hellman, 1976 CS-551, Lecture 9
Figure 11.4 Public-Key Cryptography. Output is ???? Does not use Kr Appears to use Ku Where Kr != Ku CS-551, Lecture 9
RSA • By Rivest, Shamir, and Adleman (1978) • A public-key encryption algorithm • Patented • Three phases CS-551, Lecture 9
RSA Phase 1 • Determining public and private keys • Choose two large prime numbers, P and Q • Compute N = P * Q • Compute F(N) = (P – 1) (Q – 1) • Choose e: 1 <= e <= N–1; GCD (e, F(N)) = 1 • Compute d, where ed = 1 (mod F(N)) • Make d and N public as they make up the public key CS-551, Lecture 9
RSA Phases 2 and 3 • Phase 2: Encrypting the message, M • 1 <= M <= N – 1 • C = Me (mod N), ciphertext • Phase 3: Decrypting the ciphertext, C • Cd (mod N) = M, original message CS-551, Lecture 9
RSA Example • Phase 1: • Alice chooses P=5, Q=11 • So, N = P*Q = 55 • F(N) = (P - 1) (Q - 1) = 40 • Choose e = 7 [GCD(40,7) = 1] • Determine D = 23 since 7*23 (mod 40) = 161 (mod 40) = 1 CS-551, Lecture 9
RSA Example, continued • Phase 2 • Send message M = 25 • Compute C = Me (mod N) = 257 (mod 55) = 610,351,625 (mod 55) = 20 (ciphertext) CS-551, Lecture 9
RSA Example, concluded • Phase 3 • C = 20 • Cd (mod N) = M So 2023 (mod 55) = 8388608 *1023 (mod 55) = 25 = M CS-551, Lecture 9
Figure 11.5 Diffie-Hellman Key exchange. CS-551, Lecture 9
Diffie-Hellman Example • Alice and Bob agree to let p=11, a=7 • Alice generates x=5, where 2 <= 5 <= 11-1 • Alice computes ax (mod p) = 75 (mod 11) = 16807 (mod 11) = 10 and sends 10 to Bob • Bob generates y=8, where 2 <= 8 <= 11 • Bob computes ay (mod p) = 78 (mod 11) = 5,764,801 (mod 11) = 9 and sends 9 to Alice • Bob computes (ax)y (mod p) = (75)8 (mod 11) = 75*8 (mod 11) • Alice computes (ay)x (mod p) = (78)5 (mod 11) = 78*5 (mod 11) CS-551, Lecture 9
Digital Signatures with Public-Key Encryption • Employs RSA • May use private key to encrypt • Entire file (expensive) • Just signature • Advantage: no key distribution problems • Recipient may use public key to decrypt and verify origin • Only proper public key will decrypt CS-551, Lecture 9
Authentication • Several steps necessary • First step is verifying identity of user • Three methods • User password • User key • Uniqueness of user (fingerprint, retina pattern) • Note: these methods work on centralized systems as well CS-551, Lecture 9
Authentication in a DS • Concerns: • Eavesdropping • Multiple password management • Replay • Trust • Common solution: certificates CS-551, Lecture 9
Certificates • “a computer-generated, frequently time-valid, authenticated packet of information” • Time-valid => prevents later replay • Can be done with timestamp or nonce • Nonce: “a random value unique for each communication” • Two approaches: • List of certificates, e.g. X.509 • Centralized certificate distribution center CS-551, Lecture 9
Figure 11.6 Certificate List Utilized in Secure RPC. CS-551, Lecture 9
Figure 11.7 Three-Way X.509 Authentication. CS-551, Lecture 9
Figure 11.8 Chaining Certificate Authorities in X.509. CS-551, Lecture 9
Figure 11.9 Kerberos Phase 1 Details. IDT = Ticket Granting Service’s ID IDC = Client’s ID IDS = Server’s ID Ni = Nonce value KC = Client’s private key KS = Application Server’s key KT = Ticket Granting Service’s private key K1 = System Ticket K2 = Service Ticket TS = Starting Time Stamp TE = Ending Time Stamp E(a,K) = Applications on encryption algorithm to a with key K CS-551, Lecture 9
Figure 11.10 Kerberos Phase 2 Details. CS-551, Lecture 9
Figure 11.11 Kerberos Phase 3 Details. CS-551, Lecture 9
Access Control (Firewalls) • Firewall: “should be immune to security threats and prevent all security threats from passing through the wall and to the system(s) it protects” • Categories • Packet-filtering gateways • Proxy services • Both types may be used together CS-551, Lecture 9
Packet Filtering Gateways • “involves a security engineer who must explicitly state what may pass through the wall … what internal information may go out of the firewall as well as what outside locations are allowed … may specify what internal computer services may be shared with the outside world.” • “generally implemented on the router that connects the internal system to the outside world” CS-551, Lecture 9
Firewall Routers • “provide a better user interface” • “easier to configure for security-based filtering” • Uses source/destination IP addresses • Checks IP addresses against table of rules CS-551, Lecture 9
Proxy Servers • “represents an internal client’s services to the outside world” • Two basic types • Application-level gateway proxy services • Circuit-level proxy services CS-551, Lecture 9
Application-level gateways • Bastion hosts • Dual-homed hosts CS-551, Lecture 9
Circuit-level gateways • Transparent to user CS-551, Lecture 9
Firewall Architectures • Bastion host architecture • Filtering host architecture • Filtering subnet architecture CS-551, Lecture 9
Figure 11.12 Bastion Host Firewall Architecture. CS-551, Lecture 9
Figure 11.13 Filtering Host Firewall Architecture. CS-551, Lecture 9
Figure 11.14 Filtering Subnet Firewall Architecture. CS-551, Lecture 9
Agreement Protocols • Distributed processes sometimes must agree • If some sites are faulty, this can be difficult • Need to identify/isolate the faults • Model assumptions: • n PEs, at most m PEs are faulty • PEs can communicate directly with each other • Receiver can always determine sender of a msg • Communication medium is reliable • PEs can fail CS-551, Lecture 9
Synchronous Computation • A step (or round) consists of the following: • Receive messages • Compute • Send messages • PEs in lockstep • This model is assumed CS-551, Lecture 9