Slides for Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 3, © Addison-Wesley 2001.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

Distributed Systems Security Overview Douglas C. Sicker Assistant Professor Department of Computer Science and Interdisciplinary Telecommunications Program.
Web security: SSL and TLS
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Transport Layer Security (TLS) Protocol Introduction to networks and communications(CS555) Prof : Dr Kurt maly Student:Abhinav y.
CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
Security 2 Outline Various Attacks to Computer Security Cryptography Authentication & Key Distribution Access Control Logic of Authentication.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Copyright © George Coulouris, Jean Dollimore, Tim Kindberg This material is made available for private study and for direct.
Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
CS Distributed Computing Systems Chapter 7: Security Chin-Chih Chang, From Coulouris, Dollimore and Kindberg Distributed Systems:
McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
Case Study On Distributed Systems Security by Merv Wagner.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Security 2 Distributed Systems Lecture# 15. Overview Cryptography Symmetric Assymeteric Digital Signature Secure Digest Functions Authentication.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
BR1 Protection and Security B. Ramamurthy Chapters 18 and 19.
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.
Announcement Final exam: Wed, June 9, 9:30-11:18 Scope: materials after RSA (but you need to know RSA) Open books, open notes. Calculators allowed. 1.
Lecture 25-1 Computer Science 425 Distributed Systems CS 425 / CSE 424 / ECE 428 Fall 2010 Indranil Gupta (Indy) November 27, 2012 Lecture 25 Security.
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
Security Source: George Colouris, Jean Dollimore, Tim Kinderberg & Gordon Blair (2012). Distributed Systems: Concepts & Design (5th Ed.). Essex: Addison-Wesley.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:
9/21/2015B.Ramamurthy1 Security Chapter 7. 9/21/2015B.Ramamurthy2 Introduction What is the security model of your system? There are many issues: 1. Security.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
SECURITY Chapter 7.3 – 7.5 Presentation by Deepthi Reddy.
Web Security : Secure Socket Layer Secure Electronic Transaction.
Midterm Review Cryptography & Network Security
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
Distributed systems – Part 2  Security 2&3&4&5 Anila Mjeda.
From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, © Addison-Wesley 2012 Slides for Chapter 11: Security.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
Network Security David Lazăr.
From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, © Addison-Wesley 2012 Exercises for Chapter 11: Security.
IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of Information Management National Taiwan University.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, © Addison-Wesley 2012 Slides for Chapter 11: Security.
@Yuan Xue CS 285 Network Security Secure Socket Layer Yuan Xue Fall 2013.
Cryptography CSS 329 Lecture 13:SSL.
Slides for Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 4 © Pearson Education
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Secure Sockets Layer (SSL)
Chapter 9 Security 9.1 The security environment
Chapters 14,15 Security.
Fundamental Concepts in Security and its Application Cloud Computing
Chapter 7: Security Introduction Overview of security techniques
Slides for Chapter 11: Security
Security Chapter 7 11/21/2018 B.Ramamurthy.
Enabling Technology1: Cryptography
Security Chapter 7 1/14/2019 B.Ramamurthy.
Security Chapter 11 2/16/2019 B.Ramamurthy.
Security Chapter 7 2/22/2019 B.Ramamurthy.
Chapters 14,15 Security.
Security Chapter 7 2/28/2019 B.Ramamurthy.
Protection and Security
Security Chapter 7 4/8/2019 B.Ramamurthy.
Security Chapter 7 4/29/2019 B.Ramamurthy.
Presentation transcript:

Slides for Chapter 7: Security From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edition 3, © Addison-Wesley 2001

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.1 Historical context: the evolution of security needs

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.2 Familiar names for the protagonists in security protocols AliceFirst participant BobSecond participant CarolParticipant in three- and four-party protocols DaveParticipant in four-party protocols EveEavesdropper MalloryMalicious attacker SaraA server

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.3 Cryptography notations KAKA Alice’s secret key KBKB Bob’s secret key K AB Secret key shared between Alice and Bob K Apriv Alice’s private key (known only to Alice) K Apub Alice’s public key (published by Alice for all to read) {M} K MessageM encrypted with keyK [M]K]K MessageM signed with key K

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.4 Alice’s bank account certificate 1.Certificate type:Account number 2.Name:Alice 3.Account: Certifying authority:Bob’s Bank 5.Signature:{Digest(field 2 + field 3)} K Bpriv

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.5 Public-key certificate for Bob’s Bank 1.Certificate type:Public key 2.Name:Bob’s Bank 3.Public key:K Bpub 4.Certifying authority:Fred – The Bankers Federation 5.Signature: {Digest(field 2 + field 3)} K Fpriv

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.6 Cipher block chaining n n+3n+2n+1 XOR E(K, M) n-1n-2 n-3 plaintext blocks ciphertext blocks

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.7 Stream cipher XOR E(K, M) number generator n+3n+2n+1 plaintext stream ciphertext stream buffer keystream

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.8 TEA encryption function void encrypt(unsigned long k[], unsigned long text[]) { unsigned long y = text[0], z = text[1];1 unsigned long delta = 0x9e3779b9, sum = 0; int n;2 for (n= 0; n < 32; n++) {3 sum += delta;4 y += ((z > 5) + k[1]);5 z += ((y > 5) + k[3]);6 } text[0] = y; text[1] = z; 7 }

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.9 TEA decryption function void decrypt(unsigned long k[], unsigned long text[]) { unsigned long y = text[0], z = text[1]; unsigned long delta = 0x9e3779b9, sum = delta << 5; int n; for (n= 0; n < 32; n++) { z -= ((y > 5) + k[3]); y -= ((z > 5) + k[1]); sum -= delta; } text[0] = y; text[1] = z; }

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.10 TEA in use void tea(char mode, FILE *infile, FILE *outfile, unsigned long k[]) { /* mode is ’e’ for encrypt, ’d’ for decrypt, k[] is the key.*/ char ch, Text[8]; int i; while(!feof(infile)) { i = fread(Text, 1, 8, infile);/* read 8 bytes from infile into Text */ if (i <= 0) break; while (i < 8) { Text[i++] = ' ';}/* pad last block with spaces */ switch (mode) { case 'e': encrypt(k, (unsigned long*) Text); break; case 'd': decrypt(k, (unsigned long*) Text); break; } fwrite(Text, 1, 8, outfile);/* write 8 bytes from Text to outfile */ }

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 RSA Encryption - 1 To find a key pair e, d: 1. Choose two large prime numbers, P and Q (each greater than 10100), and form: N = P x Q Z = (P–1) x (Q–1) 2. For d choose any number that is relatively prime with Z (that is, such that d has no common factors with Z). We illustrate the computations involved using small integer values for P and Q: P = 13, Q = 17 –> N = 221, Z = 192 d = 5 3.To find e solve the equation: e x d = 1 mod Z That is, e x d is the smallest element divisible by d in the series Z+1, 2Z+1, 3Z+1,.... e x d = 1 mod 192 = 1, 193, 385, is divisible by d e = 385/5 = 77

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 RSA Encryption - 2 To encrypt text using the RSA method, the plaintext is divided into equal blocks of length k bits where 2 k < N (that is, such that the numerical value of a block is always less than N; in practical applications, k is usually in the range 512 to 1024). k = 7, since 27 = 128 The function for encrypting a single block of plaintext M is: E'(e,N,M) = M e mod N for a message M, the ciphertext is M 77 mod 221 The function for decrypting a block of encrypted text c to produce the original plaintext block is: D'(d,N,c) = c d mod N Rivest, Shamir and Adelman proved that E' and D' are mutual inverses (that is, E'(D'(x)) = D'(E'(x)) = x) for all values of P in the range 0 ≤ P ≤ N. The two parameters e,N can be regarded as a key for the encryption function, and similarly d,N represent a key for the decryption function. So we can write K e = and K d =, and we get the encryption function: E(K e, M) ={M} K (the notation here indicating that the encrypted message can be decrypted only by the holder of the private key K d ) and D(K d, ={M} K ) = M.

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.11 Digital signatures with public keys

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.12 Low-cost signatures with a shared secret key

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.13 X509 Certificate format

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.14 Performance of encryption and secure digest algorithms Key size/hash size (bits) Extrapolated speed (kbytes/sec.) PRB optimized (kbytes/s) TEA DES Triple-DES IDEA RSA RSA MD SHA

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.15 The Needham–Schroeder secret-key authentication protocol HeaderMessageNotes 1. A->S: A, B, N A A requests S to supply a key for communication with B. 2. S->A:{N A, B, K AB, {K AB, A} K B } K A S returns a message encrypted in A’s secret key, containing a newly generated key K AB and a ‘ticket’ encrypted in B’s secret key. The nonce N A demonstrates that the message was sent in response to the preceding one. A believes that S sent the message because only S knows A’s secret key. 3. A->B: A sends the ‘ticket’ to B. 4. B->A: B decrypts the ticket and uses the new key K AB to encrypt another nonce N B. 5. A->B: A demonstrates to B that it was the sender of the previous message by returning an agreed transformation of N B. {K AB, A} K B {N B } K AB {N B - 1} K AB

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.16 System architecture of Kerberos Server Client DoOperation Authentication database Login session setup Ticket- granting service T Kerberos Key Distribution Centre Server session setup Authen- tication service A 1. Request for TGS ticket 2. TGS ticket 3. Request for server ticket 4. Server ticket 5. Service request Request encrypted with session key Reply encrypted with session key Service function Step B Step A Step C C S

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.17 SSL protocol stack SSL Handshake protocol SSL Change Cipher Spec SSL Alert Protocol Transport layer (usually TCP) Network layer (usually IP) SSL Record Protocol HTTPTelnet SSL protocols:Other protocols:

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.18 SSL handshake protocol

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.19 SSL handshake configuration options ComponentDescriptionExample Key exchange method the method to be used for exchange of a session key RSA with public-key certificates Cipher for data transfer the block or stream cipher to be used for data IDEA Message digest function for creating message authentication codes (MACs) SHA

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.20 SSL record protocol Application data abcdefghi abcdefghi Record protocol units Compressed units MAC Encrypted TCP packet Fragment/combine Compress Hash Encrypt Transmit

Instructor’s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 © Addison-Wesley Publishers 2000 Figure 7.21 Millicent architecture Vendor ValueScrip IDCustomer IDExpirydatePropertiesCertificate Scrip layout

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.