Lecture 16 Page 1 CS 188,Winter 2015 Security in Distributed Systems CS 188 Distributed Systems March 5, 2015.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 10 Real world security protocols
KERBEROS LtCdr Samit Mehra (05IT 6018).
SCSC 455 Computer Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Introduction to Public Key Cryptography
Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Lecture 18 Page 1 CS 111 Online Access Control Security could be easy – If we didn’t want anyone to get access to anything The trick is giving access to.
Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Cryptography, Authentication and Digital Signatures
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.
Authentication 3: On The Internet. 2 Readings URL attacks
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
Lecture 12 Page 1 CS 236 Online Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite coasts.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Lecture 12 Page 1 CS 236, Spring 2008 Virtual Private Networks VPNs What if your company has more than one office? And they’re far apart? –Like on opposite.
1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.
Kerberos Guilin Wang School of Computer Science 03 Dec
1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Lecture 14 Page 1 CS 111 Summer 2013 Security in Operating Systems: Basics CS 111 Operating Systems Peter Reiher.
KERBEROS SYSTEM Kumar Madugula.
Lecture 3 Page 1 CS 236 Online Security Mechanisms CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.
Lecture 12 Page 1 CS 136, Spring 2009 Network Security: Firewalls CS 136 Computer Security Peter Reiher May 12, 2009.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Web Applications Security Cryptography 1
USAGE OF CRYPTOGRAPHY IN NETWORK SECURITY
Cryptography Much of computer security is about keeping secrets
Outline Using cryptography in networks IPSec SSL and TLS.
Kerberos Part of project Athena (MIT).
KERBEROS.
Presentation transcript:

Lecture 16 Page 1 CS 188,Winter 2015 Security in Distributed Systems CS 188 Distributed Systems March 5, 2015

Lecture 16 Page 2 CS 188,Winter 2015 Introduction Brief review of systems security Special security focus areas for distributed systems Some distributed systems security solutions

Lecture 16 Page 3 CS 188,Winter 2015 Review of Computer Security Security is a major concern for all computer systems Much of the attention in recent years has dealt with threats involving networks How do we think about computer security? What are the basic approaches we take?

Lecture 16 Page 4 CS 188,Winter 2015 General Security Goals Confidentiality Integrity Availability Not all systems/applications require all goals The goals may have different meanings in different contexts

Lecture 16 Page 5 CS 188,Winter 2015 Security Tools and Solutions Access control mechanisms Cryptography Authentication mechanisms Firewalls and intrusion detection

Lecture 16 Page 6 CS 188,Winter 2015 Access Control Mechanisms Some entities are allowed to access some distributed system resources –And some aren’t How, generally, do you protect those resources from improper access? Two common classes of mechanism: 1.Access control lists 2.Capabilities

Lecture 16 Page 7 CS 188,Winter 2015 Access Control Lists For each protected resource, maintain a single list Each list entry specifies a user who can access the resource –And the allowable modes of access When a user requests access to a resource, check the access control list (ACL)

Lecture 16 Page 8 CS 188,Winter 2015 A Distributed File System Fred BobAlan George John Debbie

Lecture 16 Page 9 CS 188,Winter 2015 Alan’s Been Working on the Budget Fred BobAlan George John Debbie Alan RW Now Alan wants Bob to look at it Alan RW Bob R R So Bob is granted access

Lecture 16 Page 10 CS 188,Winter 2015 What If Fred Tries to Look At It? Fred BobAlan George John Debbie Alan RW Bob R Fred’s not in the list, so he gets no access

Lecture 16 Page 11 CS 188,Winter 2015 The Fly in the Ointment Fred BobAlan George John Debbie What does Alan’s machine really see? Alan RW Bob R If it says it’s from Bob, how can Alan be sure it really is?

Lecture 16 Page 12 CS 188,Winter 2015 Implications for Distributed Systems Access control lists require a global name space of subjects –So you can check to see if someone’s on the list Remote use of access control lists requires trust –That the party making the request is who he claims to be –Or evidence that he is Can access control list credentials sent across the network be sniffed and duplicated?

Lecture 16 Page 13 CS 188,Winter 2015 Capabilities Each subject keeps a set of data items that specify his allowable accesses Essentially, a set of tickets Possession of the capability for an object implies that access is allowed

Lecture 16 Page 14 CS 188,Winter 2015 Capabilities in Our Distributed File System Fred Bob George John Debbie Alan So Alan can open the lock on the budget file

Lecture 16 Page 15 CS 188,Winter 2015 Giving Bob Access Fred Bob George John Debbie Alan Ask a locksmith to copy your “key” Then give the copy to Bob When Bob needs to access the file, he sends his key with the request

Lecture 16 Page 16 CS 188,Winter 2015 Fred Bob George John Debbie Alan The Fly in the Ointment What if John is eavesdropping? Or what if Debbie breaks into Bob’s machine?

Lecture 16 Page 17 CS 188,Winter 2015 Implications for Distributed Systems Capabilities will be sent over the network to obtain access remotely Can we trust the sender not to forge capabilities? Can they be sniffed on the network and duplicated?

Lecture 16 Page 18 CS 188,Winter 2015 Cryptography Hiding information in plain sight By transforming the secret data into something else –Changing it back later Even if the attacker can see the transformed data, he can’t understand the underlying secret Core technology for network security

Lecture 16 Page 19 CS 188,Winter 2015 Basics of Cryptography Most cryptographic algorithms use a key to perform encryption and decryption –Referred to as K The key is a secret Without the key, decryption is hard With the key, decryption is easy

Lecture 16 Page 20 CS 188,Winter 2015 Secret Key Cryptography Also known as symmetric cryptography Sender and receiver share a single secret key Used to encrypt and decrypt AES is best known example Widely used –Due to relative speed of operations

Lecture 16 Page 21 CS 188,Winter 2015 Public Key Cryptography Also known as asymmetric cryptography Each user of cryptography has public/private key pair –Everyone knows the public key –Only user knows the private key To send message to user X, encrypt it with his public key Decryption only possible with private key RSA is best-known example Slower than symmetric crypto, but has other advantages

Lecture 16 Page 22 CS 188,Winter 2015 Uses of Cryptography for Distributed Systems Protecting messages on the wire Setting up secure channels between processes Saving data at insecure sites Solving some of those access control problems (like forging credentials)

Lecture 16 Page 23 CS 188,Winter 2015 Difficult Issues in Cryptography for Distributed Systems Performance –Encryption/decryption often slow Key distribution Dealing with encrypted data

Lecture 16 Page 24 CS 188,Winter 2015 Authentication Mechanisms Necessary to be sure that the nodes/users/processes/etc. you’re talking to are who they claim to be Distributed systems require methods that work over networks Preferably with the minimal required trust of remote sites Cryptography is usually involved

Lecture 16 Page 25 CS 188,Winter 2015 Firewalls and Intrusion Detection Firewalls filter network traffic –Intended to prevent “bad packets” from reaching your machines Intrusion detection systems watch what’s happening –Intended to detect when other security mechanisms have failed

Lecture 16 Page 26 CS 188,Winter 2015 Special Security Foci For Distributed Systems Two big threat categories: 1.Legitimate users of the system are usually limited in what they can do 2.Illegitimate users must be prevented from doing anything on the system Different mechanisms may be useful for each class

Lecture 16 Page 27 CS 188,Winter 2015 Limiting Legitimate Users I need an access control mechanism that allows legitimate users –To do what they need –But not to do what they aren’t allowed Needs to be secure, quick, flexible, scalable

Lecture 16 Page 28 CS 188,Winter 2015 Preventing Illegitimate Users Those not participants in the distributed system must be shut out Even if they can use the networks we work across Even if they can access participating nodes for other purposes “Shutting out” includes ensuring they can’t interrupt system activities

Lecture 16 Page 29 CS 188,Winter 2015 Distributed Systems Security Solutions Firewalls Virtual private networks Kerberos

Lecture 16 Page 30 CS 188,Winter 2015 Firewalls A machine to protect a network from malicious external attacks Typically a machine that sits between a LAN/WAN and the Internet Running special software to regulate network traffic

Lecture 16 Page 31 CS 188,Winter 2015 What Firewalls Do Examine each incoming packet Decide to let the packet through or drop it –Criteria could be simple or complex Perhaps log the decision Maybe send rejected packets elsewhere

Lecture 16 Page 32 CS 188,Winter 2015 Firewalls and Distributed Systems Firewalls must separate the distributed system from everything else Easy if distributed system is on its own LAN Less easy if it’s a scattered group of nodes across the Internet –That requires lots of firewalls with consistent configurations

Lecture 16 Page 33 CS 188,Winter 2015 Virtual Private Networks Use encryption to convert a shared line to a private line Set up a firewall at each installation’s network Set up shared encryption keys between the firewalls Encrypt all traffic using those keys

Lecture 16 Page 34 CS 188,Winter 2015 Actual Use of Encryption in VPNs VPNs run over the Internet Internet routers can’t handle fully encrypted packets Obviously, VPN packets aren’t entirely encrypted They are encrypted in a tunnel mode Gives owners flexibility and control

Lecture 16 Page 35 CS 188,Winter 2015 VPNs and Distributed Systems Not needed if your distributed system is inside a single LAN Very helpful if your nodes are scattered across the Internet In that case, set up VPNs between all remote sets of nodes Which is easier if there are few virtual “links” in your system

Lecture 16 Page 36 CS 188,Winter 2015 Illustrating the Issue Scenario 1

Lecture 16 Page 37 CS 188,Winter 2015 Illustrating the Issue Scenario 2 How many tunnels do we need to set up if everyone talks to everyone?

Lecture 16 Page 38 CS 188,Winter 2015 Key Management and VPNs All security of the VPN relies on key secrecy Anyone who knows the key is “inside” the VPN How do you communicate the key? –In early implementations, manually –Modern VPNs use special key exchange protocols or servers

Lecture 16 Page 39 CS 188,Winter 2015 Kerberos Provides authentication and authorization for distributed systems Originally developed at MIT Uses trusted third parties –And symmetric cryptography –Extensions use PK Goal: authenticate parties and provide them access to approved services

Lecture 16 Page 40 CS 188,Winter 2015 The Kerberos Model Clients and servers sit on the (usually local) network Clients want to interact securely with servers –Using a fresh key for each session Servers want assurances that clients are authorized Kerberos handles both concerns Scalability is an issue

Lecture 16 Page 41 CS 188,Winter 2015 Obtaining Keys and Services Through Kerberos The client needs to get a key to give to the server and use himself –Key will prove authorization, too Obtained from a ticket-granting server –Essentially, a server who hands out keys to talk to other servers But the ticket-granting server needs authentication of the client Which is obtained from the Kerberos server

Lecture 16 Page 42 CS 188,Winter 2015 What’s the Point of the Ticket- Granting Server? Scalability –Most requests for keys for servers go to ticket-granting server –There can be lots of them And issues of trust –Different ticket-granting servers can work with different servers and clients –So not everyone needs to trust one ticket- granting server

Lecture 16 Page 43 CS 188,Winter 2015 Players in the Kerberos Protocol The client The server The Ticket-Granting Service - someone the server trusts to authenticate the clients The Kerberos Server - someone everyone trusts

Lecture 16 Page 44 CS 188,Winter 2015 Kerberos Participants Client Server Kerberos Ticket-Granting Server

Lecture 16 Page 45 CS 188,Winter 2015 Client Requests a Ticket- Granting Ticket From Kerberos Client Server Kerberos I need to talk to the Ticket-Granting Server Ticket-Granting Server

Lecture 16 Page 46 CS 188,Winter 2015 Kerberos Sends the Client a Ticket-Granting Ticket Client Server Kerberos Ticket-Granting Server

Lecture 16 Page 47 CS 188,Winter 2015 Client Asks TGS for a Server Ticket Client Server Kerberos Ticket-Granting Server Ticket-Granting Server checks ticket validity

Lecture 16 Page 48 CS 188,Winter 2015 TGS Sends Ticket to Client Client Server Kerberos Ticket-Granting Server

Lecture 16 Page 49 CS 188,Winter 2015 Client Requests Service Client Server Kerberos Ticket-Granting Server Server checks ticket

Lecture 16 Page 50 CS 188,Winter 2015 Tickets and Authenticators A Kerberos ticket is used to pass information to a server securely An authenticator is an additional credential passed along with the ticket –Used to pass timestamp information about lifetime of a key

Lecture 16 Page 51 CS 188,Winter 2015 What’s In a Ticket T C,S = s, {c,a,v,K C,S } K S s is the server c is the client a is the client’s network address v is a timestamp K C,S is a session key K S is the server’s key

Lecture 16 Page 52 CS 188,Winter 2015 Kerberos in More Detail: Step 1 Client Server Kerberos Ticket-Granting Server Alice, Tracy Alice Tracy Sidney

Lecture 16 Page 53 CS 188,Winter 2015 Kerberos Sends Client Ticket- Granting Ticket Alice Sidney Kerberos Tracy {K Alice,Tracy }K Alice, What’s in the ticket? T Alice,Tracy = Tracy, {Alice, xxx.xxx.xxx.xxx,T Now, K Alice,Tracy }K Tracy

Lecture 16 Page 54 CS 188,Winter 2015 So What Has the Client Got? K Alice is derived from her password Which gets a session key allowing her to communicate securely with the TGS –K Alice,Tracy And she has a ticket for the TGS –Not directly usable by Alice –But the TGS (Tracy) can use it to authenticate Alice

Lecture 16 Page 55 CS 188,Winter 2015 Client Asks TGS for a Server Ticket Alice Sidney Kerberos Tracy {A Alice,Tracy }K Alice,Tracy Tracy, An authenticator

Lecture 16 Page 56 CS 188,Winter 2015 What Has the TGS Got? It can decrypt the ticket created by the Kerberos server –Obtaining K Alice,Tracy and other information –Authenticating that the transmission went through Kerberos server And it’s got the authenticator

Lecture 16 Page 57 CS 188,Winter 2015 Why the Authenticator? We want to avoid involving the Kerberos server every time a client needs a ticket So the ticket-granting ticket will be used multiple times Authenticator protects against replay attacks involving the multi-use ticket-granting ticket

Lecture 16 Page 58 CS 188,Winter 2015 TGS Sends Ticket to Client Alice Sidney Tracy {K Alice,Sidney }K Alice,Tracy What’s in the ticket? T Alice,Sidney = Sidney, {Alice, xxx.xxx.xxx.xxx,T Now1, K Alice,Sidney }K Sidney Kerberos

Lecture 16 Page 59 CS 188,Winter 2015 Now What Has the Client Got? She can decrypt the part of the message containing the new session key –So she’s ready to communicate She can’t decrypt the ticket –That’s in a key only the server Sidney knows –But Sidney can use it

Lecture 16 Page 60 CS 188,Winter 2015 Client Requests Service Alice Sidney Kerberos Tracy {A Alice,Sidney }K Alice,Sidney Alice creates a new authenticator to show freshness

Lecture 16 Page 61 CS 188,Winter 2015 What Does the Server Have? He can decrypt the ticket from the TGS –Since it’s in his key The ticket contains the session key –And authentication information He can then decrypt the authenticator –Which ensures a session isn’t being replayed (by timestamp) He can then determine authorization

Lecture 16 Page 62 CS 188,Winter 2015 Why Is There Both a Kerberos Server and a TGS? The TGS handles normal interactions between clients and servers The Kerberos server bootstraps interactions with the TGS –A ticket-granting ticket can be reused with a TGS over some time Compromise of the TGS has limited effects

Lecture 16 Page 63 CS 188,Winter 2015 Why Is There Both a Ticket and An Authenticator? The ticket is reusable –It has a timespan Typically 8 hours The authenticator is one-use-only –Supposedly –And its timestamp must be within the ticket’s timespan

Lecture 16 Page 64 CS 188,Winter 2015 Potential Weaknesses in Kerberos Timestamp-based attacks Password-guessing attacks Replacement of Kerberos software –The server is probably well protected –But are the clients? –Not unique to Kerberos

Lecture 16 Page 65 CS 188,Winter 2015 Conclusion We’ve only scratched the surface of distributed systems security issues But touched on some particularly important ones The high level concerns are: –Keep outsiders out –Control what insiders can do

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.