Distributed Systems CS 15-440 Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.

Slides:



Advertisements
Similar presentations
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Advertisements

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Sri Lanka Institute of Information Technology
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Block Ciphers: Workhorses of Cryptography COMP 1721 A Winter 2004.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
©Brooks/Cole, 2003 Chapter 16 Security. ©Brooks/Cole, 2003 Define four aspects of security in a network: privacy, authentication, integrity, and nonrepudiation.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
RSA Implementation. What is Encryption ? Encryption is the transformation of data into a form that is as close to impossible as possible to read without.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
10/1/2015 9:38:06 AM1AIIS. OUTLINE Introduction Goals In Cryptography Secrete Key Cryptography Public Key Cryptograpgy Digital Signatures 2 10/1/2015.
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Cryptography, Authentication and Digital Signatures
Midterm Review Cryptography & Network Security
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
Encryption.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
24-Nov-15Security Cryptography Cryptography is the science and art of transforming messages to make them secure and immune to attacks. It involves plaintext,
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Cryptography services Lecturer: Dr. Peter Soreanu Students: Raed Awad Ahmad Abdalhalim
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Introduction to Security
Presentation transcript:

Distributed Systems CS Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud

Today…  Last Sessions  Programming Models  Guest Lecture about Grid Computing  Today’s session  Security  Introduction  Cryptography, Secure Channels  Announcement  Changes in the lecture sequence:  This week: Security  From next Monday: Virtualization 2

Why Security in Distributed Systems? Distributed Systems rely on sharing of resources across different networked entities Most vital/secret data handled by distributed components A single security flaw compromises the whole system Malware and viruses can spread from one part of the system to another easily Users across the world may have access to the system Cyber criminals, hackers Security lapses result in Loss of confidence, Claims for damages, Loss of privacy 3

Overview 4 Introduction Threats, policies and mechanisms Cryptography Secure Channels Authentication Message Integrity and Confidentiality Access Control Access Control Matrix Protection Domains Security Management Key Management Authorization Management Today’s lecture

Overview Security Introductory Concepts Security threats Policy and Mechanisms Cryptographic Systems Secure Channels 5

Introduction to Security What services do you expect from secure Distributed Systems? Secure DS should provide Confidentiality of Information Information is disclosed only to authorized parties Integrity of Information Alterations to system’s assets is made only in an authorized way 6 Secure DS are immune against possible security threats that compromise confidentiality and integrity

Security Threats What are the security threats when two entities communicate? 7 Alice Bob Let us meet at 12 PM Eve/ Chuck

Types of Security Threats (1) 1.Interception Unauthorized party has gained access to a service or data Example: Illegal copying of files, Eavesdropping over network 2.Interruption Services or data become unavailable, unusable or destroyed Example: Denial-of-Service (DoS) Attacks 8 Alice Bob Alice: Let us meet at 12 PM Eve Alice Bob Eve Alice: Let us meet at 12 PM (*##0DF * DF !34#*

Types of Security Threats (2) 3.Modification Unauthorized changing of data or tampering with services Example: Changing a program to secretly log the activities 4.Fabrication Additional data or activity is generated that would normally not exist Example: Replay attacks 9 Alice Bob Alice: Let us meet at 12 PM Eve Alice Bob Eve Alice: Let us meet at 12 PM Alice: Let us meet at 3 PM

Security Policy and Mechanisms To build a secure DS, we need to 10 Describe the security requirements: which actions the entities are allowed to take which actions are prohibited Formulate Security PoliciesBuild Security Mechanisms Specifies what is to be done Specifies how policies are implemented Implement mechanisms to: Protect data transferred Verify identity of an entity Secure access permissions

Security Mechanisms Four core components of security mechanisms 1.Encryption Transform the data to something that attacker cannot understand 2.Authentication Verifies the claimed identity of the user, host or other entity 3.Authorization Verifies if the entity is authorized to perform an operation 4.Auditing To trace which clients accessed what, and which way 11 Cryptographic Algorithms and Secure Channels Access Control

Overview Security Introductory Concepts Cryptographic Systems Types of systems Cryptographic hash functions Protocols Secure Channels 12

Intruder Cryptographic systems 13 Cryptography is the study of techniques for secure communication in the presence of third parties Sender Receiver P Plain text message K Encryption key Encryption Algorithm C=E K (P) Cipher text Decryption Algorithm K Decryption key P=D K (C) Passive Intruder Active Intruder Communication Channel C C C’ Passive Intruder can listen to C Active Intruder can listen and modify C, and insert messages C=E K (P)  C is obtained by encrypting the plain text P with key K P=D K (C)  P is obtained by decrypting the cipher text P with key K

Types of Cryptographic Systems Two types 1.Symmetric Cryptosystem (Shared-key system) 2.Asymmetric Cryptosystem (Public-key system) 14

Symmetric Cryptographic System 15 Alice Bob

Public-key Cryptographic System 16

Encryption in Public-key system Scenario: Alice (A) wants to send to Bob (B) Problem: Only Bob should be able to decrypt the message Approach: At A: Encrypt using B’s public key At B: Decrypt using B’s private key 17 A A B B Drawback: How does ‘B’ know that ‘A’ sent the message?

Authentication in Public-key system Scenario: Alice (A) wants to send a message to Bob (B) Problem: Bob wants to make sure that message came from Alice (and not from some intruder) Approach: At A: Encrypt using A’s private key At B: Decrypt using A’s public key 18 A A B B Drawback: How to ensure that ONLY ‘B’ gets the message?

Combining encryption and authorization Scenario: Alice (A) wants to send a message to Bob (B) Many algorithms use a combination of the above two methods to: Ensure that only Bob can decrypt the message Bob can verify that Alice has sent the messages Approach: Encrypt/Decrypt using a combination of keys A widely used method in many secure algorithms 19 A A B B What happens if intruder ‘C’ modifies message ‘m’ sent by ‘A’? Some part of message ‘m’ should contain data that is verifies the message

Cryptographic Hash Functions 20

Properties of Cryptographic Hash Functions 21

Encryption/Decryption Functions 22

Additional Properties of Encryption/Decryption Functions 23 * Property names given are meant for understanding, and is not widely used in the community

Overview Security Introductory Concepts Cryptographic Systems Types of systems Symmetric systems Public-key systems Cryptographic hash functions ProtocolsDESRSAHybrid Secure Channels 24

Protocols in Cryptosystems We will study three protocols in cryptosystems Data Encryption Standard (DES) Encryption/Decryption in Symmetric Cryptosystems RSA protocol Encryption/Decryption in Public-Key cryptosystems Hybrid Cryptographic protocol A combination of Symmetric and Public-Key based system 25

DES Protocol KMKM KMKM DES Encryption Algorithm... KMKM KMKM DES Decryption Algorithm 64-bit plain-text 64-bit Cipher-text 64-bit plain-text 56-bit key

DES Encryption Algorithm 1.Permute a 64-bit block 2.16 rounds of identical operations 3.In each round i i.Divide the block into 2 halves L i and R i ii.Extract 48-bit key K i from K M iii.Mangle the bits in L i and R i using K i to produce R i+1 iv.Extract R i as L i+1 4.Perform an inverse permutation on the block L 16 -R 16 to produce the encrypted output block L1R1 KMKM KMKM K1K1 K1K1 f(L1,R1,K1) L2R2 Input blockMaster Key Round 1 Round 16 K 16 f(L16,R16,K16) L16R16 L15R15... Encrypted output block

Discussion about DES DES encryption and decryption is relatively fast DES has disadvantages of a Symmetric Cryptosystem Requires sender and receiver to exchange K M For N-user system, DES needs N(N-1)/2 master key pairs History of DES: DES was invented in 1974 In 1997, it was shown that DES can be easily cracked using brute-force attacks Triple-DES is in use in some systems It applies DES three times using two keys 28

RSA protocol Invented by Rivest, Shamir and Adleman (RSA) as a protocol for Public-key systems Approach: 1.Choose two very large prime numbers, p and q 2.Compute n = pq 3.Compute z = (p-1)(q-1) 4.Choose a number e that is relatively prime to z e is co-prime to z 5.Compute the number d such that de % z = 1 This is equivalent to finding de = 1 + kz for some integer k Depending on the requirement, d and e can be used as public and private keys d is used for decryption; e is used for encryption 29 Example * n = 7*19 = 133 z = 6*18 = 108 e=5 p=7; q=19 d=65 for m=325 * The numbers chosen in the example are for illustration. Prime numbers with 100s of digits are chosen in the actual RSA algorithm

Example: RSA protocol for encryption (1) Scenario: Alice (A) wants to send to Bob (B) Problem: Only Bob should be able to decrypt the message Given d and e are the two keys computed by RSA, which row indicates correct choice of keys? 30 A A B B Correct/ Incorrect AliceBob de ed de ed x x Correct x

Example: RSA protocol for encryption (2) At the sender: Split the message into fixed-length blocks of size s (0 <= s < n) For each block m i Sender calculates the encrypted message c i such that c i =m i e (mod n) Send c i to the receiver At the receiver: Receive c i from sender For each block c i Compute actual message m i = c i d (mod n) Merge all c i ’s to obtain the complete message 31 Example s = 132 m i = 6 Calculated Values p=7; q=19; n=133; d=65; e=5 c i = 6 5 (mod 133) = 62 m i = (mod 133) = 6

Discussion about RSA RSA has advantages of Public-key system Harder to break the code For a N-user system, RSA needs only 2N keys Computation time of RSA is much larger than DES Approximately times slower 32

Hybrid Cryptographic protocols Large scale distributed systems use a combination of symmetric and public-key protocols Leveraging the advantages of both schemes Encryption based on Public-key are more secure Authenticate using RSA Exchange the “secret key” using RSA for a session Encryption based on Symmetric keys are faster Exchange large data using the above “secret key” 33

Beyond Cryptographic Mechanisms Many users, clients and servers need to dynamically send messages in a distributed system How can an end-to-end secure distributed system be built using the cryptographic mechanisms? How can each message and user be protected against security threats? How do clients and processes authenticate? What protocols are needed for these? What is their complexity? 34

Overview Security Introductory Concepts Cryptographic Systems Types of systems Cryptographic hash functions Protocols Secure Channels Authentication Shared Secret Key based Authentication Authentication using a Key Distribution Center Authentication using Public-key Cryptography Message Integrity and Confidentiality 35

Secure Channels A Secure Channel is an abstraction of secure communication between communication parties in a DS A Secure Channel protects senders and receivers against: Interception By ensuring confidentiality of the sender and receiver Modification and Fabrication of messages By providing mutual authentication and message integrity protocols We will study Authentication Confidentiality and Message Integrity 36

Authentication Consider a scenario where Alice wants to set up a secure channel with Bob Alice sends a message to Bob (or trusted third party) for mutual authentication Message integrity should be ensured for all communication between Alice and Bob Generate a “session key” to be used between Alice and Bob Session-keys ensure integrity and confidentiality When the channel is closed, the session key is destroyed 37

Types of Mutual Authentication Protocols 1.Shared Secret Key based Authentication 2.Authentication using a Key Distribution Center 3.Authentication using Public-key Cryptography 38

Types of Mutual Authentication Protocols 1.Shared Secret Key based Authentication 2.Authentication using a Key Distribution Center 3.Authentication using Public-key Cryptography 39

Shared Secret Key based Authentication The scheme is also known as “Challenge-Response protocol” Let K A,B be the shared secret key between Alice and Bob The Challenge-Response Protocol 1.‘A’ sends her identity to ‘B’ 2.‘B’ sends a challenge R B back to ‘A’ 3.‘A’ responds to the challenge by encrypting R B with K A,B (denoted by K A,B (R B )), and sending it back to ‘B’ 4.‘A’ challenges ‘B’ by sending R A 5.‘B’ responds to the challenge by sending the encrypted message K A,B (R A ) 40 Alice Bob A RBRB K A,B (R B ) RARA K A,B (R A ) A and B are mutually authenticated

A Possible Optimization Will the below 3-step protocol work? 41 Alice Bob A, R A R B,K A,B (R A ) K A,B (R B ) Bob Chuck (pretending to be Alice) A, R C R B,K A,B (R C ) Session 1 A, R B R B2,K A,B (R B ) Session 2 K A,B (R B ) Session 1 Reflection Attack (?)

Lessons from Shared Secret Key based Authentication Use different challenges for the initiator and responder Recall: Chuck reflected the same challenge that the responder had posed Do not provide valuable information before authentication Recall: Bob provided K A,B (R B ) without authenticating Chuck Tweaking security protocols for efficiency often affects the correctness of the protocol 42

Summary Security Introductory Concepts Security threats Policy and Mechanisms Cryptographic Systems Types of systems Symmetric systems Public-key systems Cryptographic hash functions Protocols DESRSAHybrid Secure Channels Authentication Shared Secret Key based Authentication Authentication using a Key Distribution Center Authentication using Public-key Cryptography Message Integrity and Confidentiality 43

Next Class Secure Channel Two Authentication Protocols: Using Key Distribution Center Public-key based Message Integrity and Confidentiality Access Control Security Management 44

References [1] [2] [3] 45

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.