Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed Systems Fall 2016

Published byKory Melton Modified over 7 years ago

Similar presentations

Presentation on theme: "Distributed Systems Fall 2016"— Presentation transcript:

1 15-440 Distributed Systems Fall 2016
L-23 Security

2 Today's Lecture Internet security weaknesses
Establishing secure channels (Crypto 101) Key distribution

3 What is “Internet Security” ?
Denial-of-Service Password Cracking Traffic modification Worms & Viruses Trojan Horse DNS Poisoning * This list is pretty broad, some things are actual incidents that may cause harm, while others are vulnerabilities that lead to more complex attacks that cause harm. From such a list, we might define Internet security broadly as preventing bad things that can happen when someone is using the Internet. Phishing Spyware IP Spoofing Route Hijacks Traffic Eavesdropping End-host impersonation Spam Internet Security: Prevent bad things from happening on the internet!

4 Internet Design Decisions: (ie: how did we get here? )
Origin as a small and cooperative network ( largely trusted infrastructure) Global Addressing (every sociopath is your next-door neighbor) Connection-less datagram service (can’t verify source, hard to protect bandwidth) Assumption is still true, even now when Internet is a huge collection of independent ISPs.

5 Internet Design Decisions: (ie: how did we get here? )
Anyone can connect ( ANYONE can connect) Millions of hosts run nearly identical software ( single exploit can create epidemic) Most Internet users know about as much as Senator Stevens aka “the tubes guy” ( God help us all…) Assumption is still true, even now when Internet is a huge collection of independent ISPs. And with the advent of things like Mobile Devices and Internet of Things, it does not look like things will become any easier in the future.

6 Our “Narrow” Focus Yes:
1) Creating a “secure channel” for communication Some: 2) Protecting resources and limiting connectivity No: 1) Preventing software vulnerabilities & malware, or “social engineering”. For this course though, we want to focus on understanding how the Internet’s design contributes to a variety of security vulnerabilities, how these vulnerabilities can be exploited, and, most importantly, give you an idea of what tools are used to allow secure communication.

7 Secure Communication with an Untrusted Infrastructure
Bob ISP D ISP B The focus on today’s lecture will be how to we set up a “secure channel” for communication. Alice wants to talk to Bob. Alice probably trusts ISP A, but how does she know where her traffic is going after that? Or who else might see it, or modify it before it reaches bob? ISP C ISP A Alice

8 What do we need for a secure communication channel?
Authentication (Who am I talking to?) Confidentiality (Is my data hidden?) Integrity (Has my data been modified?) Availability (Can I reach the destination?) We will talk about the first three of these things today… availability we must tolerate failures and assume network gives us some guarantee

9 Example: Eavesdropping - Message Interception (Attack on Confidentiality)
Mallory Bob ISP D ISP B Of course, its even more complicated…. As each ISP if made of up many routers, each which independently reach a forwarding decision. Can this infrastructure be trusted? No, mallory (or the NSA) might be on any of the routers, intercepting your communication ISP C ISP A Alice

10 Example: Eavesdropping - Message Interception (Attack on Confidentiality)
Unauthorized access to information Packet sniffers and wiretappers Illicit copying of files and programs B A Eavesdropper slide derived from original by Nick Feamster

11 Eavesdropping Attack: Example
tcpdump with promiscuous network interface On a switched network, what can you see? What might the following traffic types reveal about communications? Full IP packets with unencrypted data Full IP packets with encrypted payloads Just DNS lookups (and replies) slide derived from original by Nick Feamster

12 Authenticity Attack - Fabrication
ISP D ISP B Worse yet, how does Alice even know she’s actually talking to Bob at all? This way, Mallory may not even have to compromise a router! ISP C ISP A Alice Hello, I’m “Bob”

13 Authenticity Attack - Fabrication
Unauthorized assumption of other’s identity Generate and distribute objects under this identity B A Masquerader: from A slide derived from original by Nick Feamster

14 Integrity Attack - Tampering
Stop the flow of the message Delay and optionally modify the message Release the message again Alice Bob Perpetrator slide derived from original by Nick Feamster

15 Attack on Availability
Destroy hardware (cutting fiber) or software Modify software in a subtle way Corrupt packets in transit Blatant denial of service (DoS): Crashing the server Overwhelm the server (use up its resource) Alice Bob slide derived from original by Nick Feamster

16 Example: Web access Alice wants to connect to her bank to transfer some money... Alice wants to know ... that she’s really connected to her bank. That nobody can observe her financial data That nobody can modify her request That nobody can steal her money! The bank wants to know ... That Alice is really Alice (or is authorized to act for Alice) The same privacy things that Alice wants so they don’t get sued or fined by the government. Authentication Confidentiality Integrity (A mix)

17 Today's Lecture Internet security weaknesses Crypto 101
Key distribution

18 Cryptography As a Tool Using cryptography securely is not simple
Designing cryptographic schemes correctly is near impossible. Today we want to give you an idea of what can be done with cryptography. Take a security course if you think you may use it in the future (e.g )

19 Well... What tools do we have at hand? Hashing
e.g., SHA-1 Secret-key cryptography, aka symmetric key. e.g., AES Public-key cryptography e.g., RSA

20 Secret Key Cryptography
Given a key k and a message m Two functions: Encryption (E), decryption (D) ciphertext c = E(k, m) plaintext m = D(k, c) Both use the same key k. “secure” channel Hello,Bob Alice Bob.com knows K knows K But... how does that help with authentication? They both have to know a pre-shared key K before they start!

21 Symmetric Key: Confidentiality
Motivating Example: You and a friend share a key K of L random bits, and a message M also L bits long. Scheme: You send her the xor(M,K) and then they “decrypt” using xor(M,K) again. Using XOR for encryption by itself not useful since it can be broken by frequency analysis, but it is a component in many encryption schemes. Do you get the right message to your friend? Can an adversary recover the message M?

22 Symmetric Key: Confidentiality
One-time Pad (OTP) is secure but usually impractical Key is as long at the message Keys cannot be reused (why?) Keys cannot be resused often since if you use the same key with others they know how to decrypt the message. Also, using frequency analysis an attacker could guess the key. In practice, two types of ciphers are used that require only constant key length: Stream Ciphers: Ex: RC4, A5 Block Ciphers: Ex: DES, AES, Blowfish

23 Symmetric Key: Confidentiality
Stream Ciphers (ex: RC4) PRNG Alice: Pseudo-Random stream of L bits XOR K A-B Message of Length L bits PRNG == Pseudorandom number generator = Encrypted Ciphertext Bob uses KA-B as PRNG seed, and XORs encrypted text to get the message back (just like OTP).

24 Symmetric Key: Confidentiality
Block Ciphers (ex: AES) (fixed block size, e.g. 128 bits) Block 1 Block 2 Block 3 Block 4 Round #1 Round #2 Round #n The book has AES and DES descriptions. Turns out DES by itself has been shown to be succeptible to cracking, while a variant a it (called 3DES is still Ok and used). Alice: K A-B Block 1 Block 2 Block 3 Block 4 Bob breaks the ciphertext into blocks, feeds it through decryption engine using KA-B to recover the message.

25 Symmetric Key: Integrity
Background: Hash Function Properties Consistent hash(X) always yields same result One-way given X, can’t find Y s.t. hash(Y) = X Collision resistant given hash(W) = Z, can’t find X such that hash(X) = Z Hash Fn Fixed Size Hash Message of arbitrary length

26 Symmetric Key: Integrity
Hash Message Authentication Code (HMAC) Step #1: Alice creates MAC Hash Fn Message MAC This is similar to a checksum, but secure. Why? Note: the message does not have to be encrypted, unless you also desire confidentiality. Will the MAC always check out on the receiving end? Yes, b/c receiver has key, and HASH is consistent. Can attacker substitute in another message? No, b/c of collision resistance of HASH Can attacker recover the key, based on the message? No, b/c of one-way nature of HASH K A-B Alice Transmits Message & MAC Step #2 Step #3 Bob computes MAC with message and KA-B to verify. MAC Message Why is this secure from a message integrity perspective? How do properties of a hash function help us?

27 Symmetric Key: Authentication
You already know how to do this! (hint: think about how we showed integrity) Hash Fn I am Bob A43FF234 Wrong! K A-B Alice receives the hash, computes a hash with KA-B , and she knows the sender is Bob

28 Symmetric Key: Authentication
What if Mallory overhears the hash sent by Bob, and then “replays” it later? ISP D ISP B ISP C ISP A Hello, I’m Bob. Here’s the hash to “prove” it A43FF234

29 Symmetric Key: Authentication
A “Nonce” A random bitstring used only once. Alice sends nonce to Bob as a “challenge”. Bob Replies with “fresh” MAC result. Nonce Bob Alice Nonce Hash B4FE64 K A-B B4FE64 Performs same hash with KA-B and compares results

30 Symmetric Key: Authentication
A “Nonce” A random bitstring used only once. Alice sends nonce to Bob as a “challenge”. Bob Replies with “fresh” MAC result. Nonce ?!?! Alice Mallory If Alice sends Mallory a nonce, she cannot compute the corresponding MAC without K A-B

31 Symmetric Key Crypto Review
Confidentiality: Stream & Block Ciphers Integrity: HMAC Authentication: HMAC and Nonce Questions?? Are we done? Not Really: Number of keys scales as O(n2) How to securely share keys in the first place?

32 Asymmetric Key Crypto:
Instead of shared keys, each person has a “key pair” KB Bob’s public key Bob’s private key Note: We are not going to go into the details of what KB(m) means as far as computation. We will treat it as a black box function with these properties. KB-1 The keys are inverses, so: KB-1 (KB (m)) = m

33 Asymmetric/Public Key Crypto:
Given a key k and a message m Two functions: Encryption (E), decryption (D) ciphertext c = E(KB, m) plaintext m = D(KB-1 , c) Encryption and decryption use different keys! “secure” channel Hello,Bob Alice Bob.com Knows KB Knows KB, KB-1 But how does Alice know that KB means “Bob”?

34 Asymmetric Key Crypto:
It is believed to be computationally unfeasible to derive KB-1 from KB or to find any way to get M from KB(M) other than using KB-1 . KB can safely be made public. Note: We will not detail the computation that KB(m) entails, but rather treat these functions as black boxes with the desired properties. (more details in the book). Note: We are not going to go into the details of that KB(m) means as far as computation. We will treat it as a black box function with these properties.

35 Asymmetric Key: Confidentiality
KB Bob’s public key KB-1 Bob’s private key encryption algorithm decryption algorithm plaintext message ciphertext m = KB-1 (KB (m)) KB (m)

36 Asymmetric Key: Sign & Verify
If we are given a message M, and a value S such that KB(S) = M, what can we conclude? The message must be from Bob, because it must be the case that S = KB-1(M), and only Bob has KB-1 ! This gives us two primitives: Sign (M) = KB-1(M) = Signature S Verify (S, M) = test( KB(S) == M )

37 Asymmetric Key: Integrity & Authentication
We can use Sign() and Verify() in a similar manner as our HMAC in symmetric schemes. S = Sign(M) Message M Integrity: Note: there is another way to do authentication, which we will see when we look at SSL. Receiver must only check Verify(M, S) Nonce Authentication: S = Sign(Nonce) Verify(Nonce, S)

38 Asymmetric Key Review:
Confidentiality: Encrypt with Public Key of Receiver Integrity: Sign message with private key of the sender Authentication: Entity being authenticated signs a nonce with private key, signature is then verified with the public key But, these operations are computationally expensive*

39 The Great Divide Yes No Fast Slow Asymmetric Crypto: (Public key)
Example: RSA Symmetric Crypto: (Private key) Example: AES Requires a pre-shared secret between communicating parties? Yes No The three attributes of a secure communication we mentioned can be achieved using two different “types”, or “families” of cryptography. Each family has within it many different algorithms, with slightly different properties. Symmetric and Asymmetric cryptography differ in the assumptions they make about the “secrets”, or “keys” that two participants use to enable secure communication. Symmetric key crypto assumes that the parties have used some mechanism to set-up a “shared secret” between the two parties that can be used to secure further communication. Public key crypto, as we will see, does not make this assumption, yet can still provide strong security properties. However, the mechanism to do this uses complex math, and as a result, the time to perform asymmetric crypto operations is significantly longer than their symmetric counter-parts. Overall speed of cryptographic operations Fast Slow

40 Today's Lecture Internet security weaknesses Crypto 101
Key distribution (cover on Thursday)

Download ppt "Distributed Systems Fall 2016"

Similar presentations

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
L-13 Security 1. Schedule up to Midterm 2/26 No class (work on project 1, hw3) Review 3/2 Monday 4:30 pm NSH 3002 HW 3 due Midterm 3/3 Tuesday in class.

L-13 Security 1. Schedule up to Midterm 2/26 No class (work on project 1, hw3) Review 3/2 Monday 4:30 pm NSH 3002 HW 3 due Midterm 3/3 Tuesday in class.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Secure Communication with an Insecure Internet Infrastructure.

Secure Communication with an Insecure Internet Infrastructure.
Secure Communication with an Insecure Internet Infrastructure 15-441 Lecture Nov. 21 st 2006 Dan Wendlandt.

Secure Communication with an Insecure Internet Infrastructure Lecture Nov. 21 st 2006 Dan Wendlandt.
L-24 Security 1. Today's Lecture Internet security weaknesses Establishing secure channels (Crypto 101) Key distribution 2.

L-24 Security 1. Today's Lecture Internet security weaknesses Establishing secure channels (Crypto 101) Key distribution 2.
Cryptography COS 461: Computer Networks Princeton University 1.

Cryptography COS 461: Computer Networks Princeton University 1.
Security: An Overview of Cryptographic Techniques 15-640/440 With slides from: Debabrata Dash, Nick Feamster, Gregory Kesden, Vyas Sekar and others.

Security: An Overview of Cryptographic Techniques /440 With slides from: Debabrata Dash, Nick Feamster, Gregory Kesden, Vyas Sekar and others.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.

CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Network Security David Lazăr.

Network Security David Lazăr.
Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.

Welcome to Introduction to Computer Security. Why Computer Security The past decade has seen an explosion in the concern for the security of information.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Lecture 2: Introduction to Cryptography

Lecture 2: Introduction to Cryptography
L-24 Security 1. Today's Lecture Internet security weaknesses Establishing secure channels (Crypto 101) Key distribution 2.

L-24 Security 1. Today's Lecture Internet security weaknesses Establishing secure channels (Crypto 101) Key distribution 2.
Network Security Celia Li Computer Science and Engineering York University.

Network Security Celia Li Computer Science and Engineering York University.
Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.

Wired Equivalent Privacy (WEP) Chris Overcash. Contents What is WEP? What is WEP? How is it implemented? How is it implemented? Why is it insecure? Why.
Distributed Systems Fall 2016

Distributed Systems Fall 2016

Similar presentations

Ads by Google