Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 16 Page 1 CS 188,Winter 2015 Security in Distributed Systems CS 188 Distributed Systems March 5, 2015.

Published byMariah Bradford Modified over 8 years ago

Similar presentations

Presentation on theme: "Lecture 16 Page 1 CS 188,Winter 2015 Security in Distributed Systems CS 188 Distributed Systems March 5, 2015."— Presentation transcript:

1 Lecture 16 Page 1 CS 188,Winter 2015 Security in Distributed Systems CS 188 Distributed Systems March 5, 2015

2 Lecture 16 Page 2 CS 188,Winter 2015 Introduction Brief review of systems security Special security focus areas for distributed systems Some distributed systems security solutions

3 Lecture 16 Page 3 CS 188,Winter 2015 Review of Computer Security Security is a major concern for all computer systems Much of the attention in recent years has dealt with threats involving networks How do we think about computer security? What are the basic approaches we take?

4 Lecture 16 Page 4 CS 188,Winter 2015 General Security Goals Confidentiality Integrity Availability Not all systems/applications require all goals The goals may have different meanings in different contexts

5 Lecture 16 Page 5 CS 188,Winter 2015 Security Tools and Solutions Access control mechanisms Cryptography Authentication mechanisms Firewalls and intrusion detection

6 Lecture 16 Page 6 CS 188,Winter 2015 Access Control Mechanisms Some entities are allowed to access some distributed system resources –And some aren’t How, generally, do you protect those resources from improper access? Two common classes of mechanism: 1.Access control lists 2.Capabilities

7 Lecture 16 Page 7 CS 188,Winter 2015 Access Control Lists For each protected resource, maintain a single list Each list entry specifies a user who can access the resource –And the allowable modes of access When a user requests access to a resource, check the access control list (ACL)

8 Lecture 16 Page 8 CS 188,Winter 2015 A Distributed File System Fred BobAlan George John Debbie

9 Lecture 16 Page 9 CS 188,Winter 2015 Alan’s Been Working on the Budget Fred BobAlan George John Debbie Alan RW Now Alan wants Bob to look at it Alan RW Bob R R So Bob is granted access

10 Lecture 16 Page 10 CS 188,Winter 2015 What If Fred Tries to Look At It? Fred BobAlan George John Debbie Alan RW Bob R Fred’s not in the list, so he gets no access

11 Lecture 16 Page 11 CS 188,Winter 2015 The Fly in the Ointment Fred BobAlan George John Debbie What does Alan’s machine really see? Alan RW Bob R If it says it’s from Bob, how can Alan be sure it really is?

12 Lecture 16 Page 12 CS 188,Winter 2015 Implications for Distributed Systems Access control lists require a global name space of subjects –So you can check to see if someone’s on the list Remote use of access control lists requires trust –That the party making the request is who he claims to be –Or evidence that he is Can access control list credentials sent across the network be sniffed and duplicated?

13 Lecture 16 Page 13 CS 188,Winter 2015 Capabilities Each subject keeps a set of data items that specify his allowable accesses Essentially, a set of tickets Possession of the capability for an object implies that access is allowed

14 Lecture 16 Page 14 CS 188,Winter 2015 Capabilities in Our Distributed File System Fred Bob George John Debbie Alan So Alan can open the lock on the budget file

15 Lecture 16 Page 15 CS 188,Winter 2015 Giving Bob Access Fred Bob George John Debbie Alan Ask a locksmith to copy your “key” Then give the copy to Bob When Bob needs to access the file, he sends his key with the request

16 Lecture 16 Page 16 CS 188,Winter 2015 Fred Bob George John Debbie Alan The Fly in the Ointment What if John is eavesdropping? Or what if Debbie breaks into Bob’s machine?

17 Lecture 16 Page 17 CS 188,Winter 2015 Implications for Distributed Systems Capabilities will be sent over the network to obtain access remotely Can we trust the sender not to forge capabilities? Can they be sniffed on the network and duplicated?

18 Lecture 16 Page 18 CS 188,Winter 2015 Cryptography Hiding information in plain sight By transforming the secret data into something else –Changing it back later Even if the attacker can see the transformed data, he can’t understand the underlying secret Core technology for network security

19 Lecture 16 Page 19 CS 188,Winter 2015 Basics of Cryptography Most cryptographic algorithms use a key to perform encryption and decryption –Referred to as K The key is a secret Without the key, decryption is hard With the key, decryption is easy

20 Lecture 16 Page 20 CS 188,Winter 2015 Secret Key Cryptography Also known as symmetric cryptography Sender and receiver share a single secret key Used to encrypt and decrypt AES is best known example Widely used –Due to relative speed of operations

21 Lecture 16 Page 21 CS 188,Winter 2015 Public Key Cryptography Also known as asymmetric cryptography Each user of cryptography has public/private key pair –Everyone knows the public key –Only user knows the private key To send message to user X, encrypt it with his public key Decryption only possible with private key RSA is best-known example Slower than symmetric crypto, but has other advantages

22 Lecture 16 Page 22 CS 188,Winter 2015 Uses of Cryptography for Distributed Systems Protecting messages on the wire Setting up secure channels between processes Saving data at insecure sites Solving some of those access control problems (like forging credentials)

23 Lecture 16 Page 23 CS 188,Winter 2015 Difficult Issues in Cryptography for Distributed Systems Performance –Encryption/decryption often slow Key distribution Dealing with encrypted data

24 Lecture 16 Page 24 CS 188,Winter 2015 Authentication Mechanisms Necessary to be sure that the nodes/users/processes/etc. you’re talking to are who they claim to be Distributed systems require methods that work over networks Preferably with the minimal required trust of remote sites Cryptography is usually involved

25 Lecture 16 Page 25 CS 188,Winter 2015 Firewalls and Intrusion Detection Firewalls filter network traffic –Intended to prevent “bad packets” from reaching your machines Intrusion detection systems watch what’s happening –Intended to detect when other security mechanisms have failed

26 Lecture 16 Page 26 CS 188,Winter 2015 Special Security Foci For Distributed Systems Two big threat categories: 1.Legitimate users of the system are usually limited in what they can do 2.Illegitimate users must be prevented from doing anything on the system Different mechanisms may be useful for each class

27 Lecture 16 Page 27 CS 188,Winter 2015 Limiting Legitimate Users I need an access control mechanism that allows legitimate users –To do what they need –But not to do what they aren’t allowed Needs to be secure, quick, flexible, scalable

28 Lecture 16 Page 28 CS 188,Winter 2015 Preventing Illegitimate Users Those not participants in the distributed system must be shut out Even if they can use the networks we work across Even if they can access participating nodes for other purposes “Shutting out” includes ensuring they can’t interrupt system activities

29 Lecture 16 Page 29 CS 188,Winter 2015 Distributed Systems Security Solutions Firewalls Virtual private networks Kerberos

30 Lecture 16 Page 30 CS 188,Winter 2015 Firewalls A machine to protect a network from malicious external attacks Typically a machine that sits between a LAN/WAN and the Internet Running special software to regulate network traffic

31 Lecture 16 Page 31 CS 188,Winter 2015 What Firewalls Do Examine each incoming packet Decide to let the packet through or drop it –Criteria could be simple or complex Perhaps log the decision Maybe send rejected packets elsewhere

32 Lecture 16 Page 32 CS 188,Winter 2015 Firewalls and Distributed Systems Firewalls must separate the distributed system from everything else Easy if distributed system is on its own LAN Less easy if it’s a scattered group of nodes across the Internet –That requires lots of firewalls with consistent configurations

33 Lecture 16 Page 33 CS 188,Winter 2015 Virtual Private Networks Use encryption to convert a shared line to a private line Set up a firewall at each installation’s network Set up shared encryption keys between the firewalls Encrypt all traffic using those keys

34 Lecture 16 Page 34 CS 188,Winter 2015 Actual Use of Encryption in VPNs VPNs run over the Internet Internet routers can’t handle fully encrypted packets Obviously, VPN packets aren’t entirely encrypted They are encrypted in a tunnel mode Gives owners flexibility and control

35 Lecture 16 Page 35 CS 188,Winter 2015 VPNs and Distributed Systems Not needed if your distributed system is inside a single LAN Very helpful if your nodes are scattered across the Internet In that case, set up VPNs between all remote sets of nodes Which is easier if there are few virtual “links” in your system

36 Lecture 16 Page 36 CS 188,Winter 2015 Illustrating the Issue Scenario 1

37 Lecture 16 Page 37 CS 188,Winter 2015 Illustrating the Issue Scenario 2 How many tunnels do we need to set up if everyone talks to everyone?

38 Lecture 16 Page 38 CS 188,Winter 2015 Key Management and VPNs All security of the VPN relies on key secrecy Anyone who knows the key is “inside” the VPN How do you communicate the key? –In early implementations, manually –Modern VPNs use special key exchange protocols or servers

39 Lecture 16 Page 39 CS 188,Winter 2015 Kerberos Provides authentication and authorization for distributed systems Originally developed at MIT Uses trusted third parties –And symmetric cryptography –Extensions use PK Goal: authenticate parties and provide them access to approved services

40 Lecture 16 Page 40 CS 188,Winter 2015 The Kerberos Model Clients and servers sit on the (usually local) network Clients want to interact securely with servers –Using a fresh key for each session Servers want assurances that clients are authorized Kerberos handles both concerns Scalability is an issue

41 Lecture 16 Page 41 CS 188,Winter 2015 Obtaining Keys and Services Through Kerberos The client needs to get a key to give to the server and use himself –Key will prove authorization, too Obtained from a ticket-granting server –Essentially, a server who hands out keys to talk to other servers But the ticket-granting server needs authentication of the client Which is obtained from the Kerberos server

42 Lecture 16 Page 42 CS 188,Winter 2015 What’s the Point of the Ticket- Granting Server? Scalability –Most requests for keys for servers go to ticket-granting server –There can be lots of them And issues of trust –Different ticket-granting servers can work with different servers and clients –So not everyone needs to trust one ticket- granting server

43 Lecture 16 Page 43 CS 188,Winter 2015 Players in the Kerberos Protocol The client The server The Ticket-Granting Service - someone the server trusts to authenticate the clients The Kerberos Server - someone everyone trusts

44 Lecture 16 Page 44 CS 188,Winter 2015 Kerberos Participants Client Server Kerberos Ticket-Granting Server

45 Lecture 16 Page 45 CS 188,Winter 2015 Client Requests a Ticket- Granting Ticket From Kerberos Client Server Kerberos I need to talk to the Ticket-Granting Server Ticket-Granting Server

46 Lecture 16 Page 46 CS 188,Winter 2015 Kerberos Sends the Client a Ticket-Granting Ticket Client Server Kerberos Ticket-Granting Server

47 Lecture 16 Page 47 CS 188,Winter 2015 Client Asks TGS for a Server Ticket Client Server Kerberos Ticket-Granting Server Ticket-Granting Server checks ticket validity

48 Lecture 16 Page 48 CS 188,Winter 2015 TGS Sends Ticket to Client Client Server Kerberos Ticket-Granting Server

49 Lecture 16 Page 49 CS 188,Winter 2015 Client Requests Service Client Server Kerberos Ticket-Granting Server Server checks ticket

50 Lecture 16 Page 50 CS 188,Winter 2015 Tickets and Authenticators A Kerberos ticket is used to pass information to a server securely An authenticator is an additional credential passed along with the ticket –Used to pass timestamp information about lifetime of a key

51 Lecture 16 Page 51 CS 188,Winter 2015 What’s In a Ticket T C,S = s, {c,a,v,K C,S } K S s is the server c is the client a is the client’s network address v is a timestamp K C,S is a session key K S is the server’s key

52 Lecture 16 Page 52 CS 188,Winter 2015 Kerberos in More Detail: Step 1 Client Server Kerberos Ticket-Granting Server Alice, Tracy Alice Tracy Sidney

53 Lecture 16 Page 53 CS 188,Winter 2015 Kerberos Sends Client Ticket- Granting Ticket Alice Sidney Kerberos Tracy {K Alice,Tracy }K Alice, What’s in the ticket? T Alice,Tracy = Tracy, {Alice, xxx.xxx.xxx.xxx,T Now, K Alice,Tracy }K Tracy

54 Lecture 16 Page 54 CS 188,Winter 2015 So What Has the Client Got? K Alice is derived from her password Which gets a session key allowing her to communicate securely with the TGS –K Alice,Tracy And she has a ticket for the TGS –Not directly usable by Alice –But the TGS (Tracy) can use it to authenticate Alice

55 Lecture 16 Page 55 CS 188,Winter 2015 Client Asks TGS for a Server Ticket Alice Sidney Kerberos Tracy {A Alice,Tracy }K Alice,Tracy Tracy, An authenticator

56 Lecture 16 Page 56 CS 188,Winter 2015 What Has the TGS Got? It can decrypt the ticket created by the Kerberos server –Obtaining K Alice,Tracy and other information –Authenticating that the transmission went through Kerberos server And it’s got the authenticator

57 Lecture 16 Page 57 CS 188,Winter 2015 Why the Authenticator? We want to avoid involving the Kerberos server every time a client needs a ticket So the ticket-granting ticket will be used multiple times Authenticator protects against replay attacks involving the multi-use ticket-granting ticket

58 Lecture 16 Page 58 CS 188,Winter 2015 TGS Sends Ticket to Client Alice Sidney Tracy {K Alice,Sidney }K Alice,Tracy What’s in the ticket? T Alice,Sidney = Sidney, {Alice, xxx.xxx.xxx.xxx,T Now1, K Alice,Sidney }K Sidney Kerberos

59 Lecture 16 Page 59 CS 188,Winter 2015 Now What Has the Client Got? She can decrypt the part of the message containing the new session key –So she’s ready to communicate She can’t decrypt the ticket –That’s in a key only the server Sidney knows –But Sidney can use it

60 Lecture 16 Page 60 CS 188,Winter 2015 Client Requests Service Alice Sidney Kerberos Tracy {A Alice,Sidney }K Alice,Sidney Alice creates a new authenticator to show freshness

61 Lecture 16 Page 61 CS 188,Winter 2015 What Does the Server Have? He can decrypt the ticket from the TGS –Since it’s in his key The ticket contains the session key –And authentication information He can then decrypt the authenticator –Which ensures a session isn’t being replayed (by timestamp) He can then determine authorization

62 Lecture 16 Page 62 CS 188,Winter 2015 Why Is There Both a Kerberos Server and a TGS? The TGS handles normal interactions between clients and servers The Kerberos server bootstraps interactions with the TGS –A ticket-granting ticket can be reused with a TGS over some time Compromise of the TGS has limited effects

63 Lecture 16 Page 63 CS 188,Winter 2015 Why Is There Both a Ticket and An Authenticator? The ticket is reusable –It has a timespan Typically 8 hours The authenticator is one-use-only –Supposedly –And its timestamp must be within the ticket’s timespan

64 Lecture 16 Page 64 CS 188,Winter 2015 Potential Weaknesses in Kerberos Timestamp-based attacks Password-guessing attacks Replacement of Kerberos software –The server is probably well protected –But are the clients? –Not unique to Kerberos

65 Lecture 16 Page 65 CS 188,Winter 2015 Conclusion We’ve only scratched the surface of distributed systems security issues But touched on some particularly important ones The high level concerns are: –Keep outsiders out –Control what insiders can do

Download ppt "Lecture 16 Page 1 CS 188,Winter 2015 Security in Distributed Systems CS 188 Distributed Systems March 5, 2015."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
KERBEROS LtCdr Samit Mehra (05IT 6018).

KERBEROS LtCdr Samit Mehra (05IT 6018).
SCSC 455 Computer Security

SCSC 455 Computer Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.

1 Computer Networks: A Systems Approach, 5e Larry L. Peterson and Bruce S. Davie Chapter 8 Network Security Copyright © 2010, Elsevier Inc. All rights.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Similar presentations

Ads by Google