Distributed Operating Systems CS551

1
Distributed Operating SystemsCS551

• Colorado State University
• at Lockheed-Martin
• Lecture 9 -- Spring 2001

2
CS551 Lecture 9

• Topics
• Distributed Security (Chapter 11)
• Cryptography Digital Signatures
• Authentication
• Access Controls (Firewalls)
• Other Algorithms

3
Terms

• Computer security frequently consists of two
  parts authentication and access control
• Authentication involves the verification and
  identification of a valid user
• Access control strives to prevent unwanted
  tampering with data files and system resources

4
Terms, continued

• Encryption encoding data using a key in such a
  manner that an eavesdropper cannot easily read
  the data
• Plaintext the original data
• Ciphertext the encrypted data
• Decryption going from ciphertext to plaintext

5
Terms, concluded

• Computationally secure An encryption algorithm
  is computationally secure if the system cannot be
  broken by systematic analysis with available
  resources.
• Private key versus public key
• Symmetric versus asymmetric encryption

6
Simple Encryption

• Cereal box code ring
• See Java assignment on encryption
• Caesar cipher
• Polyalphabetic cipher

7
Figure 11.1 Alice and Bob Use Cryptography.
Read I as J in Cypher text
8
Symmetric Encryption

• encryption algorithms where the encryption and
  the decryption algorithm utilize the same key
• Examples
• Caesar cipher
• Polyalphabetic cipher
• Key must be private
• Secret-key encryption
• Q how to communicate the key?
• Diffie-Hellman key exchange

9
Figure 11.5  Diffie-Hellman Key exchange.
10
DES Data Encryption Standard

• Popular private key encryption method
• US standard (NIST 1977)
• Based on IBMs LUCIFER system
• 64-bit key (8 for error detection)
• Encrypts data in blocks of 64 bits
• 70,000,000,000,000,000 possible keys
• Three-phrase encryption and decryption

11
DES Phase 1 Initial Permutation

• A permutation of the 64-bit block, changing the
  order of bits within each block
• Each 64-bits broken up into two halves
• L0, left half
• R0, right half
• See DES Permutation Table
• E.g. the new first bit was the 58th bit
• The new last bit was the 7th bit

12
Table 11.1  DES Initial Permutation NIST77.
13
DES Phase 2 Shifting (16 times)

• Table-dependent
• Each shift uses different subblock of key
• Which subblock is used is determined by
• another set of tables
• its own shifting algorithm
• The subscripts of the left and right halves are
  incremented with each shift

14
DES Phase 3 Inverse Permutation

• Similar to Phase 1
• Permutes order of bits within each block
• Employs the DES Inverse Permutation table
• Generates the final ciphertext
• See figure 11.2

15
Table 11.2 DES Inverse Permutation NIST77.
16
Figure 11.2  The Three Phases of DES.
17
Triple DES

• Enhanced security
• Employs three 64-bit keys
• DES is used three times on the data, each time
  with a different key
• E(P, k1) C1
• E(C1, k2) C2
• E(C2, k3) C3 (ciphertext)

18
Figure 11.3  Triple DES.
19
Asymmetric Encryption

• Involves two keys
• A public key, ku
• A private key, kr
• E(P, ku) C and D(C, kr) P OR
• E(P, kr) C and D(C, ku) P
• Do not decrypt ciphertext with same key as
  encryption key
• Mathematically difficult to obtain one key from
  the other
• Example Diffie-Hellman, 1976

20
Figure 11.4  Public-Key Cryptography.
Output is ????
Does not use Kr
Appears to use Ku
Where Kr ! Ku
21
RSA

• By Rivest, Shamir, and Adleman (1978)
• A public-key encryption algorithm
• Patented
• Three phases

22
RSA Phase 1

• Determining public and private keys
• Choose two large prime numbers, P and Q
• Compute N P Q
• Compute F(N) (P 1) (Q 1)
• Choose e 1 lt e lt N1 GCD (e, F(N)) 1
• Compute d, where ed 1 (mod F(N))
• Make d and N public as they make up the public key

23
RSA Phases 2 and 3

• Phase 2 Encrypting the message, M
• 1 lt M lt N 1
• C Me (mod N), ciphertext
• Phase 3 Decrypting the ciphertext, C
• Cd (mod N) M, original message

24
RSA Example

• Phase 1
• Alice chooses P5, Q11
• So, N PQ 55
• F(N) (P - 1) (Q - 1) 40
• Choose e 7 GCD(40,7) 1
• Determine D 23
• since 723 (mod 40) 161 (mod 40) 1

25
RSA Example, continued

• Phase 2
• Send message M 25
• Compute C Me (mod N)
• 257 (mod 55)
• 610,351,625 (mod 55)
• 20 (ciphertext)

26
RSA Example, concluded

• Phase 3
• C 20
• Cd (mod N) M
• So 2023 (mod 55) 8388608 1023 (mod 55)
• 25
• M

27
Figure 11.5  Diffie-Hellman Key exchange.
28
Diffie-Hellman Example

• Alice and Bob agree to let p11, a7
• Alice generates x5, where 2 lt 5 lt 11-1
• Alice computes ax (mod p) 75 (mod 11) 16807
  (mod 11) 10 and sends 10 to Bob
• Bob generates y8, where 2 lt 8 lt 11
• Bob computes ay (mod p) 78 (mod 11) 5,764,801
  (mod 11) 9 and sends 9 to Alice
• Bob computes (ax)y (mod p) (75)8 (mod 11)
  758 (mod 11)
• Alice computes (ay)x (mod p) (78)5 (mod 11)
  785 (mod 11)

29
Digital Signatures with Public-Key Encryption

• Employs RSA
• May use private key to encrypt
• Entire file (expensive)
• Just signature
• Advantage no key distribution problems
• Recipient may use public key to decrypt and
  verify origin
• Only proper public key will decrypt

30
Authentication

• Several steps necessary
• First step is verifying identity of user
• Three methods
• User password
• User key
• Uniqueness of user (fingerprint, retina pattern)
• Note these methods work on centralized systems
  as well

31
Authentication in a DS

• Concerns
• Eavesdropping
• Multiple password management
• Replay
• Trust
• Common solution certificates

32
Certificates

• a computer-generated, frequently time-valid,
  authenticated packet of information
• Time-valid gt prevents later replay
• Can be done with timestamp or nonce
• Nonce a random value unique for each
  communication
• Two approaches
• List of certificates, e.g. X.509
• Centralized certificate distribution center

33
Figure 11.6  Certificate List Utilized in Secure
RPC.
34
Figure 11.7  Three-Way X.509 Authentication.
35
Figure 11.8  Chaining Certificate Authorities in
X.509.
36
Figure 11.9  Kerberos Phase 1 Details.
IDT Ticket Granting Services ID IDC Clients
ID IDS Servers ID Ni Nonce value KC
Clients private key KS Application Servers
key KT Ticket Granting Services private key K1
System Ticket K2 Service Ticket TS Starting
Time Stamp TE Ending Time Stamp E(a,K)
Applications on encryption algorithm to a with
key K
37
Figure 11.10  Kerberos Phase 2 Details.
38
Figure 11.11 Kerberos Phase 3 Details.
39
Access Control (Firewalls)

• Firewall should be immune to security threats
  and prevent all security threats from passing
  through the wall and to the system(s) it
  protects
• Categories
• Packet-filtering gateways
• Proxy services
• Both types may be used together

40
Packet Filtering Gateways

• involves a security engineer who must explicitly
  state what may pass through the wall what
  internal information may go out of the firewall
  as well as what outside locations are allowed
  may specify what internal computer services may
  be shared with the outside world.
• generally implemented on the router that
  connects the internal system to the outside world

41
Firewall Routers

• provide a better user interface
• easier to configure for security-based
  filtering
• Uses source/destination IP addresses
• Checks IP addresses against table of rules

42
Proxy Servers

• represents an internal clients services to the
  outside world
• Two basic types
• Application-level gateway proxy services
• Circuit-level proxy services

43
Application-level gateways

• Bastion hosts
• Dual-homed hosts

44
Circuit-level gateways

• Transparent to user

45
Firewall Architectures

• Bastion host architecture
• Filtering host architecture
• Filtering subnet architecture

46
Figure 11.12  Bastion Host Firewall Architecture.
47
Figure 11.13  Filtering Host Firewall
Architecture.
48
Figure 11.14  Filtering Subnet Firewall
Architecture.
49
Agreement Protocols

• Distributed processes sometimes must agree
• If some sites are faulty, this can be difficult
• Need to identify/isolate the faults
• Model assumptions
• n PEs, at most m PEs are faulty
• PEs can communicate directly with each other
• Receiver can always determine sender of a msg
• Communication medium is reliable
• PEs can fail

50
Synchronous Computation

• A step (or round) consists of the following
• Receive messages
• Compute
• Send messages
• PEs in lockstep
• This model is assumed

51
Asynchronous Computation

• No synchronization
• At any time, a PE can
• Send messages
• Compute
• Receive messages
• Agreement problem is unsolvable in this case

52
PE Failure Model (modes)

• Crash fault
• PE stops, does not restart
• Omission fault
• PE omits to send a message that it should have
• Malicious fault
• Random behavior
• E.g. sends fictitious messages
• If a non-faulty PE doesnt receive a message, it
  can make up a message

53
Authenticated Messages

• Also called signed messages
• A message cannot be forged or modified by a
  faulty PE
• Non-authenticated messages
• PE can forge or modify a message
• As it relays it to the next node

54
Performance

• Time
• Number of rounds to reach agreement
• Message traffic
• Number of messages needed to reach agreement
• Storage overhead
• Amount of information stored at each node

55
Types of Agreement Problems

• Byzantine Agreement Problem
• Consensus Problem
• Interactive Consistency Problem

Recall Lamports Byzantine Generals paper
56
Byzantine Agreement Problems

• An arbitrary (source) PE broadcasts a value
• Solution
• Agreement
• All non-faulty PEs agree on one value
• Validity
• If source PE is non-faulty, then agree on
  sources initial value
• If source is faulty, can agree on any value
• Faulty PE can agree or not (dont care)

57
Consensus Problems

• All PEs broadcast initial values to all PEs
• Solution
• Agreement
• All non-faulty PEs agree on one value
• Validity
• If all non-faulty PEs start with same value, they
  will agree on that value

58
Interactive Consistency Problem

• All PEs broadcast initial values to all PEs
• Solution
• Agreement
• All non-faulty PEs agree on vector v1, v2, , vn
• Validity
• If ith PE is non-faulty and its value is vi, then
  all non-faulty PEs end with vi as ith value

59
How the problems compare

• Byzantine is special case of interactive problem
• Only uses one of the vector values
• If each PE runs a copy of Byzantine, then this is
  the same as solving the interactive problem
• Can use interactive to solve consensus problem
• Can agree to use a majority value in vector
• So, can derive all solutions from a solution to
  the Byzantine problem
• So only consider the Byzantine

60
Byzantine Solutions

• All PEs must exchange messages to reach consensus
• Send their own values
• Relay received values
• Faulty PEs will be confusing
• Limit on number of faulty PEs

61
Limit on Faulty PEs

• Limit m lt floor ( (n-1) / 3 )
• Need m1 rounds of message exchanges (at least)
• E.g if n 4, then m lt 1
• If m 1, then each non-faulty PE gets 3 messages
• It can take the majority value
• The faulty PE will always be outvoted

62
Lamport Shostak - Pease

• Given n PEs and less than m faulty PEs
• n gt 3m 1
• Recursive algorithm
• OM(0) Oral Message Algorithm
• Source sends its value to all other PEs
• Each PE uses the value it receives for the source

63
Lamport-Shostak-Pease Example
OM(0)
P0
7
7
7
P3
P1
7
P2
64
L-S-P Example, continued
OM(1)
P0
7
7
P3
7
P1
7
7
7
2
3
7
P2
7
P2 is faulty
65
L-S-P Example, continued
OM(1)
P0
7
7,2,7
7,3,7
P3
P1
P2
7,7,7
66
L-S-P Example, concluded
OM(1)
P0
7
P3
7
P1
7
P2
7
Now try an example with N7 and M2