8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

Slides:



Advertisements
Similar presentations
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Advertisements

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Sri Lanka Institute of Information Technology
Cryptographic Security CS5204 – Operating Systems1.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Distributed Systems CS Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Applied Cryptography for Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Strategies for securing Distributed Systems
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Chapter 20: Network Security Business Data Communications, 4e.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
Dr. Lo’ai Tawalbeh 2007 INCS 741: Cryptography Chapter 1:Introduction Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus
Cryptography and Network Security
Eng. Wafaa Kanakri Second Semester 1435 CRYPTOGRAPHY & NETWORK SECURITY Chapter 1:Introduction Eng. Wafaa Kanakri UMM AL-QURA UNIVERSITY
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Cryptography, Authentication and Digital Signatures
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Security Chapter 8.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
Chapter 21 Distributed System Security Copyright © 2008.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Information Security By:-H.M.Patel. Information security There are three aspects of information security Security service Security mechanism Security.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
11.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 11 Message Integrity and Message Authentication.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Csci5233 computer security & integrity 1 Cryptography: an overview.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Information Security in Distributed Systems Distributed Systems1.
Introduction to SECURITY By, Harsha Thota Advisor: Dr. Zhang.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Network Security Celia Li Computer Science and Engineering York University.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
Security. Cryptography (1) Intruders and eavesdroppers in communication.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Introduction to Security
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Presentation transcript:

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic techniques fundamental to security in DSs, such as symmetric crytosystem and asymmetric crytosystem; To fully study the two main parts in security in DS: secure channel and authorization (access control), using main techniques of encryption, authentication, and access control; To gain an understanding of the major methods in security management.

8.2 Introduction The security problems in DS arise from the openness of Internet and distributed systems. Security measures must be incorporated into computer systems whenever they are potential targets for malicious or mischievous attacks. Security in computer systems is strongly related to the notion of dependability that we justifiably trust to deliver its services. Confidentiality and integrity are two major properties in such systems.

8.3

8.4

8.5

8.6

8.7

8.8

8.9

8.10

8.11 Security: Dependability Revisited In distributed systems, security is the combination of availability, integrity, and confidentiality. A dependable distributed system is thus fault tolerant and secure. PropertyDescription AvailabilityAccessible and usable upon demand for authorized entities ReliabilityContinuity of service delivery SafetyVery low probability of catastrophes ConfidentialityNo unauthorized disclosure of information IntegrityNo accidental or malicious alterations of information have been performed (even by authorized entities)

8.12

8.13 Definitions Subject: Entity capable of issuing a request for a service provided by an object Channel: The carrier of requests and replies for services offered to subjects Object: Entity providing services to subjects

8.14 Security Model: Threats and forms of attack Masquerading –assuming the identity of another user/principal Eavesdropping (Interception) –obtaining private or secret information Message tampering (Modification) –altering the content of messages in transit Replaying (Fabrication) –storing secure messages and sending them at a later date Denial of service (Interruption) –flooding a channel or other resource, denying access to others *

8.15 Types of Threats ThreatChannelObject InterruptionPreventing message transferDenial of service InspectionReading the content of transferred messages Reading the data contained in an object ModificationChanging message contentChanging an object's encapsulated data FabricationInserting messagesSpoofing an object

8.16 Security Policy and Mechanisms Security policy is a set of requirements and guidelines to ensure a desired level of security for the activities that are performed in the system. Security mechanisms are employed to implement the security policy. Security in DSs can be roughly divided into two major parts: secure channel and authorization. Secure channel: to ensure secure communication, including authentication, message confidentiality and integrity. Authorization (access control): to ensure that a process gets only those access rights to the resources in a DS it is entitled to.

8.17 Security Policies Globus security architecture 1.Multiple administrative domains 2.Local operations subject to local security policies 3.Global operations require requester be globally known 4.Interdomain operations require mutual authentication 5.Global authentication replaces local authentication 6.Access control is via local security 7.Users can delegate privileges to processes 8.Credentials can be shared between processes in the same domain

8.18 Important Security Mechanisms Encryption: Using cryptographic techniques, encryption transforms data into something an attacker cannot understand (for confidentiality). It also provide support for integrity checks. Authentication: It is used to verify the claimed identity of a user, client, server and so on. Authorization: It is necessary to check whether a client is authorized to perform the action required. Auditing: It is used to trace which clients accessed what, and in which way, for late security analysis.

8.19 Example: Globus Security Architecture

8.20 Focus of Control 3 approaches for protection against security threats: a)Invalid operations b)Unauthorized invocations c)Unauthorized users

8.21 Security Mechanism Layering The logical organization of a distributed system into several layers.

8.22 Security Mechanism Layering Several sites connected through a wide-area backbone service.

8.23 Trusted Computing Base The set of mechanisms needed to enforce a security policy –The smaller, the better –Includes OS –Physical security of machines

8.24 Distribution of Security Mechanisms The principle of RISSC as applied to secure distributed systems.

8.25 Simplicity Simpler systems inspire trust Security mechanisms can be complex –Keys –Certificates –Authentication & access control Applications needing security often complex themselves

8.26 Cryptography (1) Intruders and eavesdroppers in communication.

8.27 Cryptosystem Types Symmetric system: Use single key to encrypt the plaintext and decrypt the ciphertext. Sender and receiver share secret key. Asymmetric system: Use different keys for encryption and decryption, of which one is private, and the other public. Hashing system: Only encrypt data and produce a fixed-length digest. –No decryption –Only comparison –Detect message alteration

8.28 Cryptographic Functions Make the encryption method E public, but let the encryption be parameterized by means of a key S One-way function: Given some output m out of E S, it is computationally infeasible to find m in :E S (m in )=m out Weak collision resistance: Given a pair, it is computationally infeasible to find an m* ≠ m such that E S (m*) = E S (m) Strong collision resistance: It is computationally infeasible to find any two different inputs m and m* such that E S (m) = E S (m*)

8.29 Cryptography (2) Notation used in this chapter. NotationDescription K A, B Secret key shared by A and B Public key of A Private key of A

8.30 Symmetric Cryptosystems: DES (1) a)The principle of DES b)Outline of one encryption round

8.31 Symmetric Cryptosystems: DES (2) Details of per-round key generation in DES.

8.32 Public-Key Cryptosystems: RSA Generating the private and public key requires four steps: 1.Choose two very large prime numbers, p and q 2.Compute n = p x q and z = (p – 1) x (q – 1) 3.Choose a number d that is relatively prime to z 4.Compute the number e such that e x d = 1 mod z

8.33 Hash Functions : MD5 (1) The structure of MD5

8.34 Hash Functions : MD5 (2) The 16 iterations during the first round in a phase in MD5.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.