Outline for Today’s Lecture Administrative: –Happy Thanksgiving –Sign up for demos. Objective: –Peer-to-peer file systems Mechanisms employed Issues Some.

Slides:

Advertisements

Similar presentations

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Advertisements

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.

Security Chapters 14,15. The Security Environment Threats Security goals and threats.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Cryptographic Technologies

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Chapter 9 Security Environment Basics of Cryptography Protection Mechanisms Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall,

Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

FARSITE: Federated, Available, and Reliable Storage for an Incompletely Trusted Environment.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Network Security. Cryptography Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy:

Pond: the OceanStore Prototype Sean Rhea, Patric Eaton, Dennis Gells, Hakim Weatherspoon, Ben Zhao, and John Kubiatowicz University of California, Berkeley.

Security 0 The Secure Environment. Security 1 The Secure Environment Security goals (C.I.A.) and threats.

Information Security Fundamentals Major Information Security Problems and Solutions Department of Computer Science Southern Illinois University Edwardsville.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

Cryptography, Authentication and Digital Signatures

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

Security Michael Foukarakis – 13/12/2004 A Survey of Peer-to-Peer Security Issues Dan S. Wallach Rice University,

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Not only business information, but a large amount of personal information too is now digitized and stored in computer connected to the internet. System.

Network Security David Lazăr.

11-Basic Cryptography Dr. John P. Abraham Professor UTPA.

Confidentiality Confidentiality is maintained so long as private keys are secure. Authenticity is possible via public-key encryption by encrypting messages.

Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Outline for Today’s Lecture Administrative: Objective: –Peer-to-peer file systems Mechanisms employed Issues Some examples.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

4-Jun-164/598N: Computer Networks Differentiated Services Problem with IntServ: scalability Idea: segregate packets into a small number of classes –e.g.,

Chapter 8 – Network Security Two main topics Cryptographic algorithms and mechanisms Firewalls Chapter may be hard to understand if you don’t have some.

Outline Objective: –Access Control Mechanisms. The Security Environment Threats Security goals and threats.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

Lecture 2: Introduction to Cryptography

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

CSIT324 OS &WEB INTERFACE SECURITY Introduction. C OURSE O UTLINE Concepts Security environment: Threats, intruders, accidental data loss. Cryptography.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

P2P Storage/Bandwidth Sharing: Fairness and Security.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Security Outline Encryption Algorithms Authentication Protocols

Chapter 9 Security 9.1 The security environment

Fundamental Concepts in Security and its Application Cloud Computing

Presentation transcript:

Outline for Today’s Lecture Administrative: –Happy Thanksgiving –Sign up for demos. Objective: –Peer-to-peer file systems Mechanisms employed Issues Some examples

The Security Environment Threats Security goals and threats

Intruders Common Categories 1.Casual prying by nontechnical users 2.Snooping by insiders 3.Determined attempt to make trouble (or personal gain) 4.Commercial or military espionage

Accidental Data Loss Common Causes 1.Acts of God -fires, floods, wars 2.Hardware or software errors -CPU malfunction, bad disk, program bugs 3.Human errors -data entry, wrong tape mounted, rm *

Reliability Mechanisms (Redundancy) Replication of data, geographically distributed –As simple as backups –First-class replication (Coda) –Voting schemes Error detection-correction –Erasure codes (encode n blocks into >n blocks, requiring r blocks to recover original content of original n) –Parity bits, checksums

Basics of CryptographyCryptography Relationship between the plaintext and the ciphertext

Secret-key crypto called symmetric-key crypto –If keys are long enough there are OK algorithms –Secret key must be shared by both parties Secret-Key Cryptography

Public-Key Cryptography All users pick a public key/private key pair –publish the public key –private key not published Public key is (usually*) the encryption key Private key is (usually*) the decryption key RSA

One-Way Functions Function such that given formula for f(x) –easy to evaluate y = f(x) But given y –computationally infeasible to find x Example: Hash functions – produce fixed size result –MD5 –SHA

Digital Signatures (b) Computing a signature block –Hash is fixed length – apply private key as encryption key* What the receiver gets –Use public key as decryption key* on signature block to get hash back –Compute the hash of document part –Do these match? Assumes E(D(x)) = x when we usually want D(E(x))=x Public key must be known by receiver somehow – certificate

Distributing Public Keys Certificate authority –Trusted 3 rd party –Their public key known Send name and public key, digitally signed by ca

Byzantine Generals Problem Reaching consensus among geographically separated (distributed) players if some of them are compromised. Generals of army units need to agree on a common plan of attack (consensus) Traitorous generals will lie (faulty or malicious) Generals communicate by sending messages directly general-to-general through runners between units (they won’t all see the same intell) Solutions are for all loyal generals to reach consensus, in spite of liars (up to some % of generals being bad)

Solution with Digital Sigs Iteratively execute “rounds” of message exchanges As each message passes by, the receiving general digitally signs it and forwards it on. Each General maintains the set of orders received Inconsistent orders indicate traitor

Peer-to-peer File Systems

Issues Goal is to have no centralized server and to utilize desktop-level idle resources. Trust – privacy, security, data integrity –Using untrusted hosts Availability – –Using lower “quality” resources –Using machines that may regularly go off-line Fairness – freeloaders who just use and don’t contribute any resources –Using voluntarily contributed resources

Issues Goal is to have no centralized server and to utilize desktop-level idle resources. Trust – privacy, security, data integrity –Using untrusted hosts -- crypto solutions Availability – –Using lower “quality” resources -- replication –Using machines that may regularly go off-line Fairness – freeloaders who just use and don’t contribute any resources –Using voluntarily contributed resources – use economic incentives

Farsite Microsoft Research – intended to look like NTFS Desktops on LAN (not Internet-scale) 3 roles: client, member of directory group, file host Directory metadata managed by Byzantine replication File hosts store encrypted replicated file data Directory group stores secure hash of content to validate authenticity of file Multiple namespace tree roots with namespace certificate provided by CA File performance by local caching under leasing system

NTFS File Encryption Operation of the encrypting file system K retrieved user's public key

PAST Rice Univ. and MSR Cambridge UK Based on Internet-based overlay Not traditional file system semantics File is associated with fileID upon insertion into PAST and can have k replicas –fileID is secure hash of filename, owner’s public key, random salt # –K nodes whose nodeIDs are “closest” to msb of fileID Instead of directory lookup, retrieve by knowing fileID

PASTRY Overlay Network k Route k Nodes assigned 1- dimensional IDs in hash space at random (e.g., hash on IP address) Each node has log n neighbors & maintains routing table Lookup with fileID k is routed to live node with nodeID close to k

LOCKSS Lots of Copies Keeps Stuff Safe (HPLabs, Stanford, Harvard, Intel) Library application for L-O-N-G term archival of digital library content (deal with bit rot, obsolescence of format, malicious users). Continuous audit and repair of replicas based on taking polls of sites with copies of content (comparing digest of content and repairing my copy if it differs from consensus). Rate-limited and churn of voter lists to deter attackers from compromising enough copies to force a malicious “repair”.