Presentation is loading. Please wait.

Presentation is loading. Please wait.

Distributed System Security 4/22/04 CPSC 550 Brian Williams.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Distributed System Security 4/22/04 CPSC 550 Brian Williams."— Presentation transcript:

1 Distributed System Security 4/22/04 CPSC 550 Brian Williams

2 Distributed System Security: Goals ● Complete Protection Against All Possible Attacks ● Attacks: – Leakage ● Attacker intecepts message he/she is unauthorized to access – Tampering ● Attacker intercepts and alters a network message, giving benefit to the attacker – Vandalism ● Attacker intercepts and alters a network message, but without benefit to the attacker

3 Distributed System Security: Goals Computer 1 Computer 2 Attacker Encryption System Security reduces to data encryption

4 Distributed System Security: Definitions ● Public Key – Encryption key that is well-known and/or not hidden from third parties ● Private Key – Encryption key that is known only by the message sender and/or receiver ● Public Key Encryption – An encryption scheme that make use of a public key ● Secret Key Encryption – An encryption scheme that implores only private keys

5 Distributed System Security: Definitions ● One Way Function – A one-to-one mathematical function that is easily computable, but whose inverse is very difficult to compute ● Secure Digest Function – A function that takes an argument M, and returns a fixed length “digest” V, such that V1 is probably much different than V2, for distinct M1, M2.

6 Distributed System Security: Naming Conventions ● Alice – First participant in network communication ● Bob – Second participant in network communication ● Carol – Third Participant (when applicable) ● Dave – Fourth Participant (when applicable) ● Eve – Eavesdropper ● Mallory – Malicious Attacker ● Sara – A Server

7 Distributed System Security: Structure ● Always prepare for worst-case scenarios ● We Assume – Our System Interfaces are exposed ● Attacker can send message to any address on the network – Our Network is insecure ● Attacker can spoof the address of any message he/she sends with any address value – Our algorithms and their source code are availible to the attackers – Attackers have the best computing equipment made during the lifetime of our system

8 Distributed System Security: Structure (2) ● Private Key Encryption – Alice & Bob share knowledge of a secret key K – Alice encrypts her message M, with E(M,K) – Bob decrypts Alices message by D(E(M,K)) = M ● Public Key Encryption – Bob creates two keys, Kd and Ke – Bob sends Alice Ke – Alice encrypts her message with E(M,Ke) – Bob decrypts the message with D(E(M,Ke),Kd) = M – Mallory cannot find Kd, even though she knows Ke

9 Distributed System Security: History ● Encryption algorithms date back as far as the Ancient Greeks – Military commanders needed to hide their plans from the enemy ● National Bureau of Standards calls for official encryption algorithm in 1973 – Adopts “Lucifer” algorithm in 1976 ● Now known as Data Encryption Standard (DES) – National Security Agency restricts key sizes to 56 bits

10 Distributed System Security: History ● Researchers at Stanford announce Diffie- Hellman-Merkle algorithm in 1976 – Allows for secret key exchange over an insecure channel ● Ronald Rivest, Adi Shamir and Leonard Adleman announce RSA algorithm in 1997 – First public key encryption algorithm

11 Distributed System Security: Diffie-Hellman-Merkle Algorithm ● Alice and Bob generate seperate and secret keys Ka and Kb ● Alice generates another number g, and sends it to Bob ● Alice computers g^Ka (mod n) and sends it Bob, while Bob computers g^Kb (mod n) and sends it to Alice ● Alice computes (g^Kb)^Ka (mod n) and Bob computes (g^Ka)^Kb (mod n)

12 Distributed System Security: RSA Algorithm ● Alice finds two large prime numbers p, q ● Alice computes n=p*q and  =(p-1)*(q-1) ● Alice picks a random number e, between 1 and  -1 such that e is relatively prime to  ● Alice computes d, where e*d = 1 (mod n) ● Alice sends e and n to Bob ● Bob encrypts his message as E=M^e (mod n) ● Alice decrypts his message with D = E^d (mod n)

13 Distributed System Security: Remaining Vunerabilities ● Remaing System Vunerabilities – 1) Mallory can still send messages to Bob, spoofed with Alice's address – 2) Mallory can copy messages that Alice sent, and replay them to Bob at a later time – 3) Mallory can intercept the messages containing the initial key exchange and replace Alice's messages with her own

14 Distributed System Security: Vunerablity Solutions ● Attack 1: Spoofed messages – Bob attaches a checksum to the end of all his messages before encrypting them ● Attack 2: Message Replay – Bob attaches a timestamp to each of his messages ● Attack 3: Man-in-the-Middle – Bob and Alice must be able to authenticate each other's first unencrypted messages

15 Distributed System Security: Man-in-the-Middle Attack ● Digital Signature – Bob encrypts his message with his private key – Alice et. al. can decrypt the message with Bob's public key – Only Bob has the private key needed to encrypt the message, so the message must have been from Bob ● Digital Certificate – Trusted Authority distributes public keys, which they have digitally signed

16 Distributed System Security: Features ● Security – System trust is reduced to ● Trust in Trusted Authority ● Encryption Algorithm ● Passwords don't need to be transmitted – Verify identity through “challenges” ● Hybrid Methods – Speed of Secret Key with convenience of Public Key

17 Distributed System Security: Applications ● PGP – “Pretty Good Privacy” – Freeware file and e-mail encryption program – 128-bit RSA Public Key Encryption & 128-bit MD5 digest function ● Secure Sockets Layer (SSL) – Operating system and encryption algorithm independent network protocol layer

18 Distributed System Security: Significant Points ● Today's Systems are strong – Virtually unbounded levels of encryption through increased key size – New encryption methods based on the properties of elliptic curves are faster and stronger for a given key size – Trusted authorities and digital signatures insure identity of data sources

19 Distributed System Security: Signficant Points ● Weakest Security Link Today: the User – Ignorance of Security Issues – Complacency towards Security ● Focus must be on education of end users – Users must understand their role in security – Users must not become complacent towards security issues

20 Distributed System Security:References ● George Coulouris, Jean Dollimore, Tim Kingberg. Distributed Systems: Concepts and Design 2001 ● Rita C. Summers. Secure Computing 1997 ● Simon Singh. The Code Book 1999 ● Alan O. Freier, Philip Karlton, Paul C. Kocher, The SSL Protocol Version 3.0 1996 http://wp.netscape.com/eng/ssl3/draft302.txt ● Ian Blake, Gadiel Seroussi, Nigel Smart. Elliptic Curves in Cryptography 1999

Download ppt "Distributed System Security 4/22/04 CPSC 550 Brian Williams."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.

Security and Privacy over the Internet Chan Hing Wing, Anthony Mphil Yr. 1, CSE, CUHK Oct 19, 1998.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Digital Signatures and applications Math 7290CryptographySu07.

Digital Signatures and applications Math 7290CryptographySu07.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
95-712 OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.

OOP/Java1 Public Key Crytography From: Introduction to Algorithms Cormen, Leiserson and Rivest.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography Basic (cont)

Cryptography Basic (cont)
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Cryptographic Technologies

Cryptographic Technologies
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.
WS 2006-07 Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.

WS Algorithmentheorie 03 – Randomized Algorithms (Public Key Cryptosystems) Prof. Dr. Th. Ottmann.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Similar presentations

Ads by Google