Distributed System Security 4/22/04 CPSC 550 Brian Williams.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

Public Key Infrastructure and Applications
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Digital Signatures and applications Math 7290CryptographySu07.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Cryptographic Technologies
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Diffie-Hellman Key Exchange
C HAPTER 13 Asymmetric Key Cryptography Slides adapted from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern,
Public Key Model 8. Cryptography part 2.
13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.
1 Fluency with Information Technology Lawrence Snyder Chapter 17 Privacy & Digital Security Encryption.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.
Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Networks Management and Security Lecture 3.
Computer and Internet Security. Introduction Both individuals and companies are vulnerable to data theft and hacker attacks that can compromise data,
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
BASIC CRYPTOGRAPHIC CONCEPTS. Public Key Cryptography  Uses two keys for every simplex logical communication link.  Public key  Private key  The use.
Computer and Network Security Rabie A. Ramadan Lecture 6.
Encryption.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Encryption Questions answered in this lecture: How does encryption provide privacy? How does encryption provide authentication? What is public key encryption?
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Digital Signatures, Message Digest and Authentication Week-9.
1 Network Security Basics. 2 Network Security Foundations: r what is security? r cryptography r authentication r message integrity r key distribution.
Lecture 2: Introduction to Cryptography
15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.
Private key
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
EE 122: Lecture 24 (Security) Ion Stoica December 4, 2001.
Fall 2006CS 395: Computer Security1 Key Management.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Information Security message M one-way hash fingerprint f = H(M)
Public-Key, Digital Signatures, Management, Security
Chapter 3 - Public-Key Cryptography & Authentication
Fluency with Information Technology Lawrence Snyder
Presentation transcript:

Distributed System Security 4/22/04 CPSC 550 Brian Williams

Distributed System Security: Goals ● Complete Protection Against All Possible Attacks ● Attacks: – Leakage ● Attacker intecepts message he/she is unauthorized to access – Tampering ● Attacker intercepts and alters a network message, giving benefit to the attacker – Vandalism ● Attacker intercepts and alters a network message, but without benefit to the attacker

Distributed System Security: Goals Computer 1 Computer 2 Attacker Encryption System Security reduces to data encryption

Distributed System Security: Definitions ● Public Key – Encryption key that is well-known and/or not hidden from third parties ● Private Key – Encryption key that is known only by the message sender and/or receiver ● Public Key Encryption – An encryption scheme that make use of a public key ● Secret Key Encryption – An encryption scheme that implores only private keys

Distributed System Security: Definitions ● One Way Function – A one-to-one mathematical function that is easily computable, but whose inverse is very difficult to compute ● Secure Digest Function – A function that takes an argument M, and returns a fixed length “digest” V, such that V1 is probably much different than V2, for distinct M1, M2.

Distributed System Security: Naming Conventions ● Alice – First participant in network communication ● Bob – Second participant in network communication ● Carol – Third Participant (when applicable) ● Dave – Fourth Participant (when applicable) ● Eve – Eavesdropper ● Mallory – Malicious Attacker ● Sara – A Server

Distributed System Security: Structure ● Always prepare for worst-case scenarios ● We Assume – Our System Interfaces are exposed ● Attacker can send message to any address on the network – Our Network is insecure ● Attacker can spoof the address of any message he/she sends with any address value – Our algorithms and their source code are availible to the attackers – Attackers have the best computing equipment made during the lifetime of our system

Distributed System Security: Structure (2) ● Private Key Encryption – Alice & Bob share knowledge of a secret key K – Alice encrypts her message M, with E(M,K) – Bob decrypts Alices message by D(E(M,K)) = M ● Public Key Encryption – Bob creates two keys, Kd and Ke – Bob sends Alice Ke – Alice encrypts her message with E(M,Ke) – Bob decrypts the message with D(E(M,Ke),Kd) = M – Mallory cannot find Kd, even though she knows Ke

Distributed System Security: History ● Encryption algorithms date back as far as the Ancient Greeks – Military commanders needed to hide their plans from the enemy ● National Bureau of Standards calls for official encryption algorithm in 1973 – Adopts “Lucifer” algorithm in 1976 ● Now known as Data Encryption Standard (DES) – National Security Agency restricts key sizes to 56 bits

Distributed System Security: History ● Researchers at Stanford announce Diffie- Hellman-Merkle algorithm in 1976 – Allows for secret key exchange over an insecure channel ● Ronald Rivest, Adi Shamir and Leonard Adleman announce RSA algorithm in 1997 – First public key encryption algorithm

Distributed System Security: Diffie-Hellman-Merkle Algorithm ● Alice and Bob generate seperate and secret keys Ka and Kb ● Alice generates another number g, and sends it to Bob ● Alice computers g^Ka (mod n) and sends it Bob, while Bob computers g^Kb (mod n) and sends it to Alice ● Alice computes (g^Kb)^Ka (mod n) and Bob computes (g^Ka)^Kb (mod n)

Distributed System Security: RSA Algorithm ● Alice finds two large prime numbers p, q ● Alice computes n=p*q and  =(p-1)*(q-1) ● Alice picks a random number e, between 1 and  -1 such that e is relatively prime to  ● Alice computes d, where e*d = 1 (mod n) ● Alice sends e and n to Bob ● Bob encrypts his message as E=M^e (mod n) ● Alice decrypts his message with D = E^d (mod n)

Distributed System Security: Remaining Vunerabilities ● Remaing System Vunerabilities – 1) Mallory can still send messages to Bob, spoofed with Alice's address – 2) Mallory can copy messages that Alice sent, and replay them to Bob at a later time – 3) Mallory can intercept the messages containing the initial key exchange and replace Alice's messages with her own

Distributed System Security: Vunerablity Solutions ● Attack 1: Spoofed messages – Bob attaches a checksum to the end of all his messages before encrypting them ● Attack 2: Message Replay – Bob attaches a timestamp to each of his messages ● Attack 3: Man-in-the-Middle – Bob and Alice must be able to authenticate each other's first unencrypted messages

Distributed System Security: Man-in-the-Middle Attack ● Digital Signature – Bob encrypts his message with his private key – Alice et. al. can decrypt the message with Bob's public key – Only Bob has the private key needed to encrypt the message, so the message must have been from Bob ● Digital Certificate – Trusted Authority distributes public keys, which they have digitally signed

Distributed System Security: Features ● Security – System trust is reduced to ● Trust in Trusted Authority ● Encryption Algorithm ● Passwords don't need to be transmitted – Verify identity through “challenges” ● Hybrid Methods – Speed of Secret Key with convenience of Public Key

Distributed System Security: Applications ● PGP – “Pretty Good Privacy” – Freeware file and encryption program – 128-bit RSA Public Key Encryption & 128-bit MD5 digest function ● Secure Sockets Layer (SSL) – Operating system and encryption algorithm independent network protocol layer

Distributed System Security: Significant Points ● Today's Systems are strong – Virtually unbounded levels of encryption through increased key size – New encryption methods based on the properties of elliptic curves are faster and stronger for a given key size – Trusted authorities and digital signatures insure identity of data sources

Distributed System Security: Signficant Points ● Weakest Security Link Today: the User – Ignorance of Security Issues – Complacency towards Security ● Focus must be on education of end users – Users must understand their role in security – Users must not become complacent towards security issues

Distributed System Security:References ● George Coulouris, Jean Dollimore, Tim Kingberg. Distributed Systems: Concepts and Design 2001 ● Rita C. Summers. Secure Computing 1997 ● Simon Singh. The Code Book 1999 ● Alan O. Freier, Philip Karlton, Paul C. Kocher, The SSL Protocol Version ● Ian Blake, Gadiel Seroussi, Nigel Smart. Elliptic Curves in Cryptography 1999

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.