Download presentation
Presentation is loading. Please wait.
1
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 14 Prof. Crista Lopes
2
Objectives Understanding threats to security in decentralized systems Understanding basic mechanisms for security on the Internet Firewalls SSL/TLS HTTPS
3
Decentralization No centralized authority to coordinate and control entities Independent peers, with possibly conflicting goals, interact with each other and make local autonomous decisions Presence of malicious peers in open decentralized applications Need for measures to protect peers against malicious attacks
4
Security “The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability and confidentiality of information system resources (includes hardware, software, firmware, information/data, and telecommunications).” National Institute of Standards and Technology
5
Security Computer systems include the people using the computers. Many security threats exploit the human [good] nature.
6
Security Confidentiality Preserving the confidentiality of information means preventing unauthorized parties from accessing the information or perhaps even being aware of the existence of the information. I.e., secrecy. Integrity Maintaining the integrity of information means that only authorized parties can manipulate the information and do so only in authorized ways. Availability Resources are available if they are accessible by authorized parties on all appropriate occasions.
7
Trust Who do you trust? For what functions? Trust is not a binary concept! Nor static! If trust is high Security measures can be lowered If trust is low Security measures must be ramped up No trust Blind trust
8
Trust & Security What security measures? Security is not necessarily machine-bound Depending on many tradeoffs Security measures can be technological Upon limited trust Security measures may be social Punitive measures for breach of trust Computer measures Social measures
9
Well-Known Threats Well-Known Solutions Computer Security
10
Computer Security in Practice A never-ending game of Vulnerability; Attack; Fix; Repeat There’s no such thing as a completely secure system Know your system’s goals and requirements, set security investment accordingly
11
Integrity of Computer Systems Firewalls “part of a computer system or network that is designed to block unauthorized access while permitting authorized communications. It is a device or set of devices which is configured to permit or deny computer applications based upon a set of rules and other criteria.” Basic task is to regulate some of the flow of traffic between computer networks of different trust levels. Software and/or hardware
12
Firewalls: The problem Computers inside a local area network (LAN) run applications that assume a high-level of trust within that LAN, but that trust does not hold wrt the rest of the Internet
13
Types of Firewalls Packet filters: Operate at UDP/TCP/IP level Traffic filtering based on properties such as: Source IP address & port, Destination IP address & port Application-level protocols, … Application-layer Knowledge of services (WWW, FTP, Naspter) May have knowledge of users On inspecting all packets for improper content, firewalls can restrict or prevent the spread of networked computer worms and trojans
14
Integrity Threat: Botnets Bots are installed on victims’ computers via unsuspecting acts like installing goodies, unziping files, etc. Bots talk to master using unsuspecting channels such as IRC, Twitter, IM, etc. Very hard to fight
15
Confidentiality of Data Cryptography Steganography On the Internet Secure Socket Layer / Transport Layer Security HTTPS
16
Cryptography Encryption: converts human-parseable information into unintelligible gibberish Decryption: the opposite Cypher: pair of algorithms for encrypting and decrypting information Ancient “art” used prominently in WWII
17
MD5 Hashes Message Digest algorithm 5 Transforms an arbitrary-length message into a 128-bit value One way function Used widely for everyday cryptography Proved not very secure, collisions
18
MD5 Hashes MD5(" The quick brown fox jumps over the lazy dog ") = 9e107d9d372bb6826bd81d3542a419d6 MD5(" The quick brown fox jumps over the lazy dog. ") = e4d909c290d0fb1ca068ffaddf22cbd0
19
Typical MD5 use Password encryption for storage and network Example: OpenSim passwords http://beta.opensimulator.org/node/56 http://beta.opensimulator.org/node/56
20
Dictionary Attack Attempt at deciphering passwords by using words from a dictionary Brute-force or probabilistic Given 9e107d9d372bb6826bd81d3542a419d6 Try MD5(words) and compare the hash
21
Dictionary Attack Counter-Measure Salts: append MD5(password) with an arbitrary (long) number, and hash that Result = MD5(MD5(password) : salt) Need to keep the salt around for password verification Example: OpenSim passwords
22
Main Lesson about Passwords Avoid transmitting and storing naked passwords! Next: transmitting confidential data over the Internet
23
Remember Wifi? POST /wifi/login HTTP/1.1 Hostname: … Content-Type: … Content-Length: … METHOD=login&firstname=foo&lastname=bar&password=hereismypassword Naked transmission!
24
Attacks Eavesdropping Remember all routing that happens on the Internet Man-in-the-middle Malicious server pretends to be target server
25
Encryption of data JavaScript-encrypt before sending Application overhead Use Transport Layer Security (TLS)
26
SSL/TLS Extra pieces of transport-layer protocol for negotiating cyphers and ensuring authentication of the server Bottom line: Payload data is encrypted before sending, decrypted upon reception
27
HTTPS = HTTP + SSL/TLS POST /wifi/login HTTP/1.1 Hostname: … Content-Type: … Content-Length: … METHOD=login&firstname=foo&lastname=bar &password=hereismypassword Unintelligible gibberish
28
HTTPS = HTTP + SSL/TLS https:// instead of http:// Uses port 443 by default instead of port 80
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.