Security Issues in distributed systems

1
Security Issues in distributed systems

• Security requirements
• Encryption
• Privacy
• Authorisation
• Denial of service
• Malware

2
Critical Infrastructure Areas

• Include
• Telecommunications
• Transportation
• Electrical power systems
• Water supply systems
• Gas and oil pipelines
• Government services
• Emergency services
• Banking and finance
• .

3
What is a secure computer system?

• To decide whether a computer system is secure,
  you must first decide what secure means to you,
  then identify the threats you care about.
• You will never own a perfectly secure system!

4
Security threats examples

• viruses, Trojan horses, etc., denial of service,
  stolen customer data, modified databases,
  identity theft and other threats to personal
  privacy, equipment theft, spying in cyberspace,
  hack-tivism, cyberterrorism..

5
Basic components of security

• CIA (confidentiality, integrity, availability)
• Confidentiality who is authorized to use data?
• Integrity is data good?
• Availability can access data whenever need it?

6
Need to balance CIA

• Example 1 C vs. IA
• Disconnect computer from Internet to increase
  confidentiality
• Availability suffers, integrity suffers due to
  lost updates
• Example 2 I vs. CA
• Have extensive data checks by different
  people/systems to increase integrity
• Confidentiality suffers as more people see data,
  availability suffers due to locks on data under
  verification.

7
Privacy-related to confidentiality

• Privacy is the ability of an individual to
  control information about him/herself.
• Various laws protect privacy, such as the Data
  Protection Act which places restrictions on the
  storage and use of personal data. The Internet
  can threaten privacy in various ways.

8
Threats to Privacy in distributed systems

• The Internet allows information about individuals
  to be collected automatically and to be stored
  systematically in easily accessible form.
• Different sources of information can be merged
  relatively easily for example, the Electoral
  Register can be merged with information gathered
  over the Web.

9
Opportunities for Collecting Personal Data

• Web site registration when a user buys goods
  over the Internet he/she is normally required to
  enter personal details (at minimum, name, address
  and telephone number).
• Tracking of behaviour as user navigates a Web
  site pages visited in a virtual store may
  indicate personal preferences, spending profile.
• If individual joins newsgroups, e-mail listings,
  information can be collected.

10
Cookies and Privacy

• A cookie is a small data file (limited in size)
  that a server can send to a user's browser.
• The cookie is stored in the user's computer and
  can be retrieved by the server when the browser
  next contacts the server.
• The cookie enables the server to identify the
  user uniquely and thereby track the user's
  behaviour.
• Users are allowed to delete cookies but this
  often disables interaction with useful software
  (such as ASP).

11
Protection of Privacy

• Europe and North America have formulated various
  principles concerning privacy.
• Notice/awareness consumers must be made aware
  that personal information is being collected.
• Choice/consent consumers must be able to choose
  whether or not to opt out of various uses of
  their personal data e.g. whether or not the data
  can be passed on to third parties.
• Access to data stored about themselves.
  Consumers have a right to view the data that an
  organisation stores about them and to have
  inaccuracies corrected.

12
Major Security Needs

• Authentication how can a party to a transaction
  verify that another party is who they claim to
  be?
• Authorisation does a party have a right to
  access resources in the way they want?
• Auditing can activities in the system be
  recorded and used in an audit trail?
• Confidentiality will such information be
  protected? (i.e. not disclosed to third parties,
  destroyed after use if necessary)

13
Major security needs continued

• Integrity data should not be modified in an
  unauthorised or accidental manner.
• Availability are services of system available
  when they should be
• Non-repudiation if a transaction (e.g. a money
  transfer) is agreed between two parties then both
  parties must adhere to the transaction

14
Major Security Threats

• Interception - An unauthorised party gets access
  to a service or data
• Interruption Services or data become
  unavailable (corrupted, unusable, etc.)
• Modification Unauthorised alteration of data
• Fabrication Creation of false data, e.g. extra,
  fake, password entries.

15
Types of Cyber Attacks

• Non-technical attacks perpetrators gain access
  to a system by some form of cheating or deception
• Technical attacks a hacker uses a software or
  hardware tool to gain unauthorised access.

16
Protection and Security Technologies

• Data and services can be protected against
  different types of attack.
• Protection mechanisms include authentication
  techniques which enable entities to prove who or
  what they are, encryption which ensures that data
  is kept confidential, firewalls which prevent
  unauthorised communications from gaining access
  to a system and of course various physical
  barriers such as locks.

17
Secret communication with a shared secret key

• Both A and B share a secret key K.
• A uses K and an agreed encryption function E(K,M)
  to encrypt and send a message to B.
• B reads the encrypted messages using the
  corresponding decryption function D(K,M).

18
Problems

• How can A send a shared key K to B securely?
• If many users use the same key for communication,
  then the key is at a higher risk of being
  revealed.
• If every two users are assigned a different key,
  then too many keys are needed for a large group
  of users.

19
Communication with public keys

• There is a pair of keys Ksecret and Kpublic.
• Only one user A keeps Ksecret, while Kpublic is
  accessible to everyone.
• If B wants to send a message M to A, then B uses
  Kpublic to encrypt it with a public-key
  algorithm.
• A uses his private key Ksecret to decrypt the
  message.

20
Use of cryptography

• Secrecy and integrity
• Authentication
• Digital signatures

21
Interception

• This includes unauthorised access to data and
  services
• Transmitted data
• In electronic commerce applications, credit card
  numbers and other financial information are
  extremely valuable and must be highly protected.
• Transmitted data is usually protected by
  encryption.

22
Unauthorised Access

• Stored data and services must be protected from
  interception. Users must be able to prove who
  they are and that they are authorised to have
  access.
• Security protection normally includes user ids
  and password protection. Passwords are
  vulnerable. Users have difficulty remembering
  many passwords and tend to choose ones that are
  easy to hack. Passwords should be encrypted.
  Users using public Internet access points put
  their passwords at risk.

23
User Authorisation

• The basic method of user id and password
  (knowledge) access to a service is often
  augmented by extra mechanisms such as
• smart cards (possession)
• biometric technology (trait)
• encryption
• firewalls (extra point of security control)
• physical controls (secure rooms, locks, call-back
  modems)

24
Smart Cards

• The possession of a smart card is another way of
  a user proving that they have authorised action.
  The smart card reader is tamper-proof so that the
  user's PIN cannot be read.

25
Biometric Identification

• Each human has certain unique characteristics
  that can be stored digitally, such as
  fingerprints, iris images, signatures,
  voiceprints and even earprints.
• A machine that measures a given biometric feature
  and compares it with a database of features of
  authorised users can be used to control access to
  a system.

26
Firewalls

• A firewall is software (and possibly hardware)
  which controls network access to an
  organisation's systems.
• An IP-based firewall usually intercepts IP
  packets as they arrive and decides which ones can
  pass through.
• Can control by IP address and by port number (for
  example).
• Can re-map internal addresses to virtual IP
  addresses so that external entities do not know
  network addresses in use inside the organisation.

27
Denial-of-Service Attacks

• In a denial-of-service attack, the attacker
  attempts to prevent the system from working
  properly.
• Two common forms of DOS attack are spamming and
  malicious code.

28
Spamming/DDOS

• With spamming, a service is flooded with fake
  requests, preventing it from servicing authentic
  requests.
• Examples e-mail bombing, repeated SYN packets to
  create useless TCP connections
• Distributed Denial of Service (DDOS) hacker
  hijacks many innocent machines and mounts attack
  from them.
• (Note that such attacks often work at a low level
  in the system so that authorisation controls do
  not prevent them.)

29
Auditing

• This means recording a history of activities in a
  system. Allows detection of attacks after they
  have occurred.
• Acts as a deterrent, as a policing mechanism and
  as a technique gathering information on types of
  attacks. Aids in formulation of theory of attacks.

30
Malicious software

• Malicious software (malware) propagates
  throughout the Internet, causing damage in
  various ways
• A virus is a piece of code that inserts itself
  into files and other locations in a host when it
  is run on arrival at the host machine. Viruses
  are propagated via e-mail attachments, removable
  disks and other forms of file transfer.

31

• A worm is a program that can run independently on
  a machine and spread itself by creating direct
  network and internetwork connections.
• A Trojan horse is a virus or worm which spreads
  itself by being disguised as a program with a
  benign function. The payload of the Trojan horse
  may be activated by a date change or some other
  activity and attacks the computer, e.g. by
  destroying the file system.

32
Malware Protection

• Virus detection software monitors data arriving
  in a system and scans it for the characteristics
  of known malware.
• Viruses and Trojans are created continuously so
  detection software should be updated daily.
• Operating systems often have vulnerabilities so
  system manager should download security patches
  regularly.

33
Non-Repudiation

• This can be ensured with the judicious use of
  Public Key Encryption.
• Party 1 sends encrypted authorisation message to
  Party 2. Party 2 is able to read the
  authorisation message and thus prove (to a third
  party) that Party 1 agreed to the transaction.

34
Summary

• Privacy is a major concern.
• Attacks on systems attempt to read data,
  interfere with data.
• Malware is a major problem.
• Encryption and authorisation technologies are
  major security techniques in use.
• Security points include service pages (i.e. to
  enter sensitive services such as payment),
  firewalls, biometric readers, card readers and
  locks.
• A combination of security technologies should be
  used.