Presentation is loading. Please wait.

Presentation is loading. Please wait.

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic."— Presentation transcript:

1

2 8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic techniques fundamental to security in DSs, such as symmetric crytosystem and asymmetric crytosystem; To fully study the two main parts in security in DS: secure channel and authorization (access control), using main techniques of encryption, authentication, and access control; To gain an understanding of the major methods in security management.

3 8.2 Introduction The security problems in DS arise from the openness of Internet and distributed systems. Security measures must be incorporated into computer systems whenever they are potential targets for malicious or mischievous attacks. Security in computer systems is strongly related to the notion of dependability that we justifiably trust to deliver its services. Confidentiality and integrity are two major properties in such systems.

4 8.3

5 8.4

6 8.5

7 8.6

8 8.7

9 8.8

10 8.9

11 8.10

12 8.11 Security: Dependability Revisited In distributed systems, security is the combination of availability, integrity, and confidentiality. A dependable distributed system is thus fault tolerant and secure. PropertyDescription AvailabilityAccessible and usable upon demand for authorized entities ReliabilityContinuity of service delivery SafetyVery low probability of catastrophes ConfidentialityNo unauthorized disclosure of information IntegrityNo accidental or malicious alterations of information have been performed (even by authorized entities)

13 8.12

14 8.13 Definitions Subject: Entity capable of issuing a request for a service provided by an object Channel: The carrier of requests and replies for services offered to subjects Object: Entity providing services to subjects

15 8.14 Security Model: Threats and forms of attack Masquerading –assuming the identity of another user/principal Eavesdropping (Interception) –obtaining private or secret information Message tampering (Modification) –altering the content of messages in transit Replaying (Fabrication) –storing secure messages and sending them at a later date Denial of service (Interruption) –flooding a channel or other resource, denying access to others *

16 8.15 Types of Threats ThreatChannelObject InterruptionPreventing message transferDenial of service InspectionReading the content of transferred messages Reading the data contained in an object ModificationChanging message contentChanging an object's encapsulated data FabricationInserting messagesSpoofing an object

17 8.16 Security Policy and Mechanisms Security policy is a set of requirements and guidelines to ensure a desired level of security for the activities that are performed in the system. Security mechanisms are employed to implement the security policy. Security in DSs can be roughly divided into two major parts: secure channel and authorization. Secure channel: to ensure secure communication, including authentication, message confidentiality and integrity. Authorization (access control): to ensure that a process gets only those access rights to the resources in a DS it is entitled to.

18 8.17 Security Policies Globus security architecture 1.Multiple administrative domains 2.Local operations subject to local security policies 3.Global operations require requester be globally known 4.Interdomain operations require mutual authentication 5.Global authentication replaces local authentication 6.Access control is via local security 7.Users can delegate privileges to processes 8.Credentials can be shared between processes in the same domain

19 8.18 Important Security Mechanisms Encryption: Using cryptographic techniques, encryption transforms data into something an attacker cannot understand (for confidentiality). It also provide support for integrity checks. Authentication: It is used to verify the claimed identity of a user, client, server and so on. Authorization: It is necessary to check whether a client is authorized to perform the action required. Auditing: It is used to trace which clients accessed what, and in which way, for late security analysis.

20 8.19 Example: Globus Security Architecture

21 8.20 Focus of Control 3 approaches for protection against security threats: a)Invalid operations b)Unauthorized invocations c)Unauthorized users

22 8.21 Security Mechanism Layering The logical organization of a distributed system into several layers.

23 8.22 Security Mechanism Layering Several sites connected through a wide-area backbone service.

24 8.23 Trusted Computing Base The set of mechanisms needed to enforce a security policy –The smaller, the better –Includes OS –Physical security of machines

25 8.24 Distribution of Security Mechanisms The principle of RISSC as applied to secure distributed systems.

26 8.25 Simplicity Simpler systems inspire trust Security mechanisms can be complex –Keys –Certificates –Authentication & access control Applications needing security often complex themselves

27 8.26 Cryptography (1) Intruders and eavesdroppers in communication.

28 8.27 Cryptosystem Types Symmetric system: Use single key to encrypt the plaintext and decrypt the ciphertext. Sender and receiver share secret key. Asymmetric system: Use different keys for encryption and decryption, of which one is private, and the other public. Hashing system: Only encrypt data and produce a fixed-length digest. –No decryption –Only comparison –Detect message alteration

29 8.28 Cryptographic Functions Make the encryption method E public, but let the encryption be parameterized by means of a key S One-way function: Given some output m out of E S, it is computationally infeasible to find m in :E S (m in )=m out Weak collision resistance: Given a pair, it is computationally infeasible to find an m* ≠ m such that E S (m*) = E S (m) Strong collision resistance: It is computationally infeasible to find any two different inputs m and m* such that E S (m) = E S (m*)

30 8.29 Cryptography (2) Notation used in this chapter. NotationDescription K A, B Secret key shared by A and B Public key of A Private key of A

31 8.30 Symmetric Cryptosystems: DES (1) a)The principle of DES b)Outline of one encryption round

32 8.31 Symmetric Cryptosystems: DES (2) Details of per-round key generation in DES.

33 8.32 Public-Key Cryptosystems: RSA Generating the private and public key requires four steps: 1.Choose two very large prime numbers, p and q 2.Compute n = p x q and z = (p – 1) x (q – 1) 3.Choose a number d that is relatively prime to z 4.Compute the number e such that e x d = 1 mod z

34 8.33 Hash Functions : MD5 (1) The structure of MD5

35 8.34 Hash Functions : MD5 (2) The 16 iterations during the first round in a phase in MD5.

Download ppt "8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Cryptographic Security CS5204 – Operating Systems1.

Cryptographic Security CS5204 – Operating Systems1.
1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.

1 Computer Security Instructor: Dr. Bo Sun. 2 Course Objectives Understand basic issues, concepts, principles, and mechanisms in computer network security.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Distributed Systems CS 15-440 Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.

Distributed Systems CS Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Security Strategies for securing Distributed Systems

Security Strategies for securing Distributed Systems
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Chapter 20: Network Security Business Data Communications, 4e.

Chapter 20: Network Security Business Data Communications, 4e.

Similar presentations

Ads by Google