Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS425/CSE424/ECE428 – Distributed Systems 2011-10-27Nikita Borisov - UIUC1 Some material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS425/CSE424/ECE428 – Distributed Systems 2011-10-27Nikita Borisov - UIUC1 Some material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra,"— Presentation transcript:

1 CS425/CSE424/ECE428 – Distributed Systems 2011-10-27Nikita Borisov - UIUC1 Some material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra, K. Nahrstedt, N. Vaidya

2 ISIS algorithm for total ordering 2 1 1 2 2 1 Message 2 Proposed Seq P 2 P 3 P 1 P 4 3 Agreed Seq 3 3 Nikita Borisov - UIUC2

3 Chord: client to client N80 0 Say m=7 N32 N45 File bad.mp3 with key K42 stored here At node n, send query for key k to largest successor/finger entry < k if none exist, return successor(n) to requestor All “arrows” are RPCs N112 N96 N16 Who has bad.mp3? (hashes to K42) Nikita Borisov - UIUC3

4 Distributed banking transaction.. BranchZ BranchX participant C D Client BranchY B A participant join T a.withdraw(4); c.deposit(4); b.withdraw(3); d.deposit(3); openTransaction b.withdraw(T, 3); closeTransaction T =openTransaction a.withdraw(4); c.deposit(4); b.withdraw(3); d.deposit(3); closeTransaction Note: the coordinator is in one of the servers, e.g. BranchX Nikita Borisov - UIUC4

5 Security Threats  Leakage: An unauthorized party gains access to a service or data.  Attacker obtains knowledge of a withdrawal or account balance, e.g., via eavesdropping  Tampering: Unauthorized change of data, tampering with a service  Attacker changes the variable holding your personal checking $$ total  Vandalism: Interference with proper operation, without gain to the attacker  Attacker does not allow any transactions to your account  E.g., DOS=denial of service Nikita Borisov - UIUC5

6 More Concerns Attacks on Communication Channel / Network  Eavesdropping – Obtaining copies of messages without authority.  Masquerading – Sending or receiving messages with the identity of another principal (user or corporation).  Message tampering – Intercepting messages and altering their contents before passing them onto the intended recipient.  Replaying – Intercepting messages and sending them at a later time.  Denial of Service Attack – flooding a channel or other resources (e.g., port) with messages. Nikita Borisov - UIUC6

7 Addressing the Challenges: Security  Leakage: An unauthorized party gains access to a service or data. –Confidentiality : protection against disclosure to unauthorized individuals.  Tampering: Unauthorized change of data, tampering with a service –Integrity : protection against alteration or corruption.  Vandalism: Interference with proper operation, without gain to the attacker –Availability : protection against interference with the means to access the resources. Nikita Borisov - UIUC7

8 Security Policies & Mechanisms  A Security Policy indicates which actions each entity (user, data, service) is allowed or prohibited to take.  E.g., Only an owner is allowed to make transactions to his account. CIA properties.  A Security Mechanism enforces the policy  Encryption and decryption: transform data to a form only understandable by authorized users, and vice-versa.  Authentication: verify the claimed identity of a user, client, service, process, etc.  Authorization: verify access rights for an authenticated entity.  Auditing: make record of and check access to data and resources. Mainly an offline analysis tool, often after the fact. Nikita Borisov - UIUC8

9  Make worst-case assumptions  Network compromised  Code / mechanism is known  Nothing remains secret forever  Separate policy from mechanism  Cryptography for secure channels  Identity management (PKI, passwords, etc.) for authentication  Access control lists, capabilities for authorization 2011-10-27Nikita Borisov - UIUC9

10  Science of enciphering data  Cryptology (algorithm design) + cryptanalysis (breaking algorithms)  History  First algorithms thousands of years old  Encryption driven by military, intelligence, and financial uses  Since 1970’s, subject of much open research  Backbone of most Internet security mechanisms 2011-10-27Nikita Borisov - UIUC10

11  Block cipher:  E K (P) = C  D K (C) = P  P: Plaintext  C: Ciphertext  K: Shared key  Example: AES  Result of design competition by NIST  AES-128: key, block size are 128 bits  Also, AES-192, AES-256 2011-10-27Nikita Borisov - UIUC11

12  Stream cipher:  Keystream(K) ▪ Produce infinite, unpredictable key stream from key K  C = P xor Keystream(K)  P = C xor Keystream(K)  Example: RC4  Used in older version of 802.11, SSL  Some security vulnerabilities 2011-10-27Nikita Borisov - UIUC12

13  Indistinguishability  Adversary queries encryption, decryption oracles ▪ E K (.), D K (.) ▪ Polynomial # of times  Adversary provides M 1, M 2  Challenger provides E K (M b ) for b = 0 or 1  Adversary queries oracles again  Outputs guess for b  Security  Adversary can’t win with probability (non-negligibly) more than 1/2 2011-10-27Nikita Borisov - UIUC13

14  Basic encryption primitives insecure  Block cipher: C = C’ => P = P’  Stream cipher: C xor C’ = P xor P’  Must use operation mode  E.g., CBC  C 1 = IV (random)  C 2 = E K (P 1 xor C 1 )  C 3 = E K (P 2 xor C 2 )  … 2011-10-27Nikita Borisov - UIUC14

15  Alice, Bob share key K  Each sends E K (M) to send M over secure channel  Security properties?  Confidentiality ▪ Guaranteed by security of E  Integrity ▪ Not guaranteed  Availability ▪ Cannot be guaranteed by cryptography 2011-10-27Nikita Borisov - UIUC15

16  Message Authentication Code (MAC)  aka Message Integrity Code (MIC)  MAC K (M) = x  Security: unforgeability  Adversary queries MAC oracle ▪ MAC K (.)  Adversary produces (M,x) where M has never been queried  Wins if MAC K (M) = x  Secure if adversary cannot win with probability non- negligibly more than 0  Examples: HMAC, CBC-MAC 2011-10-27Nikita Borisov - UIUC16

17  Encryption key EK, MAC key MK  Send(M) = E EK (M) || MAC MK (M)  Secure?  Replay  Reflection  Solution:  Sequence numbers  Different keys in different directions 2011-10-27Nikita Borisov - UIUC17

18  Must establish symmetric key with everyone  O(N 2 ) keys total  Must be exchanged over secure channel!  Public key cryptography  Two keys: PK – public, SK – secret  C = E PK (P)  P = D SK (C)  O(N) keys total 2011-10-27Nikita Borisov - UIUC18

19  Example: RSA  Rivest, Shamir, Adleman, 1977  Key generation  N = p*q, for two large primes p  e = 3, d = e -1 in Z N * ▪ d can be computed with knowledge of p, q  PK = (N, e), SK = d ▪ Factoring N into p,q currently infeasible if p,q > ~1024 bits  Encryption  C = M e (mod N)  P = C d (mod N)  Note: insecure in this form  Must use randomization, padding to ensure indistinguishability 2011-10-27Nikita Borisov - UIUC19

20  RSA-based key exchange  (roughly what’s used in TLS)  Parties: Client, Server  Steps:  S->C: PK S, N S  C->S: E PKS (N C )  K = H(N S ||N C ) ▪ Encryption, MAC keys derived from K  Properties:  Nonces protect from replay  One-way authentication  No PFS 2011-10-27Nikita Borisov - UIUC20

21  Goal: if (long-term) keys uncompromised at end of session, session remains secure forever  E.g., Diffie-Hellman  S: pick random x, send g x  C: pick random y, send g y  Use (g x ) y = (g y ) x = g xy to derive shared key  Securely forget secrets (incl. x,y, g xy ) after session  Security relies on discrete logarithm problem 2011-10-27Nikita Borisov - UIUC21

22  Public-key algorithm  Secret signing key SK  Public verification key VK  Operation  sig = Sign SK (M)  Verify VK (M,sig) = True or False  Example: RSA  N,e = verification key, d = signature key  Sign(M) = H(M) d (mod N) 2011-10-27Nikita Borisov - UIUC22

23  Putting things together:  A->B: A, g x, Sign(g x )  B->A: B, g y, Sign(g y )  Problems? 2011-10-27Nikita Borisov - UIUC23

24  SIGn-and-MAc, due to Hugo Krawczyk  Used in IKE, part of IPSec  A->B: g x  B->A: g y, Sign(g x,g y ), MAC MK (B)  A->B: A, Sign(g y,g x ),MAC MK (A) 2011-10-27Nikita Borisov - UIUC24

25 Digital Certificates  A digital certificate is a statement signed by a third party principal, and can be reused  e.g., Verisign Certification Authority (CA)  To be useful, certificates must have:  A standard format, for construction and interpretation  A protocol for constructing chains of certificates  A trusted authority at the end of the chain Alice Bob Service (S) Request with digital signature 1 {Certificate} 2 K S- K S+ Transaction + {Certificate} K S- 3 Certificate=She is Alice Nikita Borisov - UIUC25

26 Alice’s Bank Account Certificate 1.Certificate type:Account number 2.Name:Alice 3.Account:6262626 4.Certifying authority:Bob’s Bank 5.Signature: {Digest(field 2 + field 3)} K Bpriv Nikita Borisov - UIUC26

27 Public-Key Certificate for Bob’s Bank 1.Certificate type:Public key 2.Name:Bob’s Bank 3.Public key:K Bpub 4.Certifying authority:Fred – The Bankers Federation 5.Signature: {Digest(field 2 + field 3)} K Fpriv Eventually K F -, K F + have to be obtained reliably. Nikita Borisov - UIUC27

28  Control of access to resources of a server.  A basic form of access control checks requests for:  Authenticates the principal.  Authorization check for desired op, resource.  Access control matrix M (e.g., maintained at server)  Each principal is represented by a row, and each resource object is represented by a column.  M[s,o] lists precisely what operations principal s can request to be carried out on resource o.  Check this before carrying out a requested operation.  M may be sparse.  Access control list (ACL)  Each object maintains a list of access rights of principals, i.e., an ACL is some column in M with the empty entries left out.  Capability List = row in access control matrix, i.e., per- principal list. Authorization: Access Control Nikita Borisov - UIUC28

29 Focus of Access Control Three approaches for protection against security threats a)Protection against invalid operations b)Protection against unauthorized invocations c)Protection against unauthorized users Nikita Borisov - UIUC29

30 ACL and Capability Usage Comparison between ACLs and capabilities for protecting objects. a)Using an ACL b)Using capabilities. Nikita Borisov - UIUC30

Download ppt "CS425/CSE424/ECE428 – Distributed Systems 2011-10-27Nikita Borisov - UIUC1 Some material derived from slides by I. Gupta, M. Harandi, J. Hou, S. Mitra,"

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptographic Security Presented by: Josh Baker October 9 th, 2012 1CS5204 – Operating Systems.

Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG.

CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 24B: Security All slides © IG.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.

8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
Chapter3 Public-Key Cryptography and Message Authentication.

Chapter3 Public-Key Cryptography and Message Authentication.
CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.

CS542: Topics in Distributed Systems Security. Why are Distributed Systems insecure?  Distributed component rely on messages sent and received from network.

Similar presentations

Ads by Google