Figure 15.1 A distributed multimedia system - PowerPoint PPT Presentation

1 / 49
About This Presentation
Title:

Figure 15.1 A distributed multimedia system

Description:

Lecture 10 Security of Distributed and Network Systems Ref. Chapter 10 and 13 – PowerPoint PPT presentation

Number of Views:155
Avg rating:3.0/5.0
Slides: 50
Provided by: GeorgeCo5
Category:

less

Transcript and Presenter's Notes

Title: Figure 15.1 A distributed multimedia system


1
Lecture 10
Security of Distributed and Network Systems Ref.
Chapter 10 and 13
2
Objectives
  • Clarify the fundamental security problems that
    arise in distributed systems.
  • Show how distributed system security has changed
    over the years becoming more ambitious in its
    goals.
  • Examine which system layer is best suited for
    implementing security mechanisms in a distributed
    system
  • Get an introduction of the design of network
    security protocols, using the basic Internet
    security protocols IPSC and SSL/TLS
  • Understand the principles of various firewall
    technologies

3
Contents
  • Introduction
  • Authentication
  • Kerberos
  • DSSA/SPX
  • Network Security
  • TCP/IP Security
  • SSL/TLS
  • Firewalls

4
Introduction
  • How do you authenticate a user?
  • What is the basis for access control?
  • User identity
  • The network address
  • The distributed services
  • Where do you authenticate a user?
  • Where do you make an access control decision?

5
Delegation
  • Delegation A user may login at a local and then
    execute a program on a remote node. To obtain
    access to resources at the remote node, the
    program will need the relevant access rights.
    Typically, the program would be endowed with the
    access rights of the user and then run with these
    access rights on the remote node.
  • This mentions controlled invocation.

6
Authentication requirements
  • The goal is to provide the communication parties
    with some assurance about others true identity
  • Password sniffers might listen to network traffic
    and extract packets containing passwords and
    other security-relevant information.

7
Kerberos authentication and key distribution
service
  • Secures communication with servers on a local
    network
  • Developed at MIT in the 1980s to provide security
    across a large campus network gt 5000 users
  • based on Needham - Schroeder protocol
  • Standardized and now included in many operating
    systems
  • Internet RFC 1510, OSF DCE
  • BSD UNIX, Linux, Windows 2000, NT, XP, etc.
  • Available from MIT
  • Kerberos server creates a shared secret key for
    any required server and sends it (encrypted) to
    the user's computer
  • User's password is the initial secret shared with
    Kerberos


8
Kerberos Terminology
  • Kerberos authentication server (KAS)
    authenticates principles at login and issues
    tickets, which is in general are valid for one
    login session and enable principals to obtain
    other tickets form ticket-granting servers. Also
    called KDC
  • Ticket granting servers (TGSs) issue tickets
    that give principals access to network services
    demanding authentication.

9
Kerberos conventions
  • Ka the secret cryptographic key of user A,
    derived from As password with a one-way
    algorithm KAS has copy of Ka
  • Ktgs a secret key shared by TGS and KAS
  • Kb a secret key shared by the server B and TGS
  • Ka,tgs a session key created by KAS for use
    between A and TGS
  • Ka,b a session key created by TGS for use
    between A and B
  • eK(X) data packet X encrypted under key K
  • N1, N2 nonce (random challenges) to prevent
    replay attacks
  • L1, L2 expiry date (lifetime) of tickets.
  • T1, T2,T3, T4 creation time of tickets or
    authenticators
  • Ticketa, tgs ticket for A to use with TGS,
    created by KAS
  • Ticketa,b ticket for A to use with B, created by
    TGS

10
System architecture of Kerberos
  • Needham-Schroeder Protocol
  • A-gt KAS A, TGS, L1, N1
  • KAS-gtA eKa(TGS, Ka, tgs, Ticketa, tgs,, L1, N1)
  • A-gtTGS A, B, L2, N2, Ticketa, tgs, eKa, tgs(A,
    T3)
  • TGS-gtA eKa, tgs(B, Ka,b, Ticketa, b, L2, N2)
  • A-gtB eKa,b(A, T4), Ticketa,b
  • B-gtA eKa,b (T4)
  • Ticketa, tgs eKtgs(Ka, tgs, A, T1, L1)
  • Ticketa,b eKb(Ka,b, A, T1, L1)

Step A once per login session
Step B once per server session
Step C once per server transaction
6. Service reply
B
A

11
Kerberized NFS
  • Kerberos protocol is too costly to apply on each
    NFS operation
  • Kerberos is used in the mount service
  • to authenticate the user's identity
  • User's UserID and GroupID are stored at the
    server with the client's IP address
  • For each file request
  • UserID and GroupID are sent encrypted in the
    shared session key
  • The UserID and GroupID must match those stored at
    the server
  • IP addresses must also match
  • This approach has some problems
  • can't accommodate multiple users sharing the same
    client computer
  • all remote filestores must be mounted each time a
    user logs in


12
Revocation
  • Update the database so that the access rights are
    no longer available.
  • Next session, the principle is revoked.
  • The current ticket is valid until they expire.
  • Expire period trade-off
  • Long less security, more convenience for the
    principle
  • Short more security, less convenience for the
    principle

13
Realms
  • KAS is the heart
  • Principals, Keys and access rights must be in the
    KAS or TGS
  • It is a centralized security system
  • A single security policy is enforced
  • It is relatively easy to check that the system
    set-up complies with the security policy and to
    implement changes

14
Summary of Kerberos
  • Timeliness of messages is checked by time stamps.
  • Checking of time stamps allows for some clock
    skew.
  • Servers have to be on-line.
  • Session keys are generated by Kerberos servers.
  • Kerberos does not address the delegation of
    privileges (tickets)
  • Password guessing and password spoofing attacks
    are possible.
  • Keys and tickets are held on the clients machine.
  • It is important to distinguish the security of
    the protocol itself from the security of
    implementations of Kerberos.

15
DSSA/SPX
  • DSSA (Distributed system security architecture)
    is developed by DEC
  • SPX (Sequenced Packet Exchange) is a part of DSSA
  • The authentication in SPX
  • Credentials name
  • Certificates binding name to public keys
  • Authentication tokens.
  • Certification authority (CA) issues public key
    certificates
  • Certificate distribution center (CDC) stores the
    certificates issued by a CA.
  • A certificate can be revoked by maintaining a
    certificate revocation list.

16
SPX conventions
  • Sp the private signature key of principle P
  • Pa, Sa the long-term public key and long-term
    private key of A
  • Pa, Sa the short-term public key and
    short-term private key of A
  • Ka,b a session key created by A for use between
    A and B in a symmetric encryption algorithm
  • eK(X) data packet X encrypted under key K
  • sK(X) digital signature of data packet X
    generated with key K
  • T a time stamp
  • Lc, Lt expiry date of a certificate or a ticket

17
The DSSA/SPX authentication Protocol
CDC
  • A-gt CDC B
  • CDC-gt A Certificate (B, CAa)
  • A-gtB A, eKa,b(T,A), sSa(Lt, A, Pa), ePb(Ka, b),
    eKa,b (Sa)
  • B-gtCDC A
  • CDC-gtB certificate(A, CAb)
  • B-gt A eKa,b(T)
  • Note Certificate (B, CAa) sSCAa(CAb, B, Lc, Pb)

6
1
2
5
3
A
B
4
18
Security API
  • Security requirements in a DS often exceed mere
    authentication.
  • Different components in a DS will not necessarily
    use the same security mechanisms.
  • Users and application writers are not necessarily
    security experts.

19
GSS (General Security Services)-API
  • GSS-API provides a simple interface to security
    services for connection-oriented applications.
  • Mechanism independence
  • Mechanisms such as symmetric or asymmetric
  • Protocol environment independence
  • Such as connection-oriented or data packet
    communication
  • Suitability to a range of implementation
    placements
  • May reside in a TCB or not

20
GSS-API Characteristics and Concepts
  • Functions
  • Data conversion
  • Call interfacing with each known mechanism
  • Hide the details of the mechanism from
    applications
  • The basic elements
  • Credentials security-relevant data
  • Tokens Formatted data used to call the API
    interfaces.
  • Security context the information related to the
    management of the security services
  • Status code to indicate which feature are
    desired. P176-177

21
GSS-API Interface Descriptions
  • Credential management calls
  • Allow a principal to acquire and release
    credentials, and inquire about various credential
    information
  • Context-level calls
  • Initiation, acceptance and deletion of contexts
  • Per-message calls
  • To provide cryptographic integrity and
    confidentiality protection
  • Support calls
  • General housekeeping and support routines, such
    as freeing memory spaces, name comparison
  • P177-178

22
API and security
  • Security services depend on
  • Proper implementation of relevant mechanisms
  • Proper security management
  • Key generation
  • Key storage
  • Key transport
  • Key usage
  • Key management is entirely above the APIs

23
Access Control in DS
  • Three approaches for protection against security
    threats
  • Protection against invalid operations
  • Protection against unauthorized invocations
  • Protection against unauthorized users

24
Summary for DS security
  • It is essential to protect the resources,
    communication channels and interfaces of
    distributed systems and applications against
    attacks.
  • This is achieved by the use of access control
    mechanisms and secure channels.
  • Public-key and secret-key cryptography provide
    the basis for authentication and for secure
    communication.
  • Kerberos are widely-used system components that
    support authenticated communication.


25
Network security
  • Send and receive
  • Data Transportation
  • Sequence of signals
  • Resemble and present
  • Route
  • Loss and corruption of data

26
Sniffing and spoofing
  • A packet sniffer is a wire-tap devices that plugs
    into computer networks and eavesdrops on the
    network traffic. Like a telephone wiretap allows
    the FBI to listen in on other people's
    conversations, a "sniffing" program lets someone
    listen in on computer conversations.
  • Web Spoofing is a security attack that allows an
    adversary to observe and modify all web pages
    sent to the victim's machine, and observe all
    information entered into forms by the victim. The
    attacker can observe and modify all web pages and
    form submissions, even when the browser's "secure
    connection" indicator is lit. The user sees no
    indication that anything is wrong.

27
ISO/OSI Security Architecture
  • Data confidentiality
  • Data integrity
  • Data origin authentication to corroborate the
    source
  • Peer-entity authentication to verify the
    identity of a peer entity
  • Non-repudiation to create evidence that data has
    been sent or received. (proof of origin and
    delivery)

28
(No Transcript)
29
Package-Encapsulation
30
Network Security Issues
  • Sharing
  • Complexity
  • Perimeter
  • Points of attack
  • Anonymity
  • Unknown path

31
The Internet layers
  • Actual four layers
  • Application layer Telnet, FTP, HTTP, SMTP or SET
  • Transport layer TCP, UDP
  • Internet layer IP
  • Interface layers the Network Interface Card
    (Physical)

32
TCP/IP Security
  • IPSEC (IP Security ) provides security for every
    one using IP without changing the interface to
    IP.
  • The IP authentication header (AH), covered in RFC
    1826
  • The IP encapsulating security payload (ESP),
    covered in RFC 1827
  • Transport mode
  • encrypts only the data portion (payload) of each
    packet, but leaves the header untouched.
  • Tunnel mode
  • encrypts both the header and the payload. On the
    receiving side, an IPSec-compliant device
    decrypts each packet.

33
Location and syntax of the authentication header
8 bits
8 bits
16 bits
Reserved
Next header
Payload length
Security parameters index
32 bits
Sequence number field
32 bits
Authentication data
32 bits MAC or Digital signature
IPv6 header Hop-by-hop routing Auth. Header
Dest. Options TCP Data
34
Authentication header for tunnel mode
The ESP Header
Security parameters index
Opaque transform data
Encapsulated data
IP header
Other IP header
ESP header
35
Secure Socket Layer Protocol
  • SSL was developed by Netscape for electronic
    transaction security. (TLS Transport Layer
    Security is similar to it)
  • A protocol layer is added below the application
    layer for
  • Negotiating encryption and authentication
    methods.
  • Bootstrapping secure communication
  • It consists of two layers
  • The Record Protocol Layer implements a secure
    channel by encrypting and authenticating messages
  • The Handshake Layer establishes and maintains a
    secure session between two nodes.

36
SSL Protocol Stack
37
SSL Record Protocol
  • The record protocol takes an application message
    to be transmitted
  • fragments the data into manageable blocks
  • optionally compresses the data
  • computes a message authentication code (MAC)
  • encrypts
  • adds a header.

38
SSL Handshake Protocol
Cipher suite a list of cryptographic algorithm
supported by the client
Phase 1 Establish security capabilities
Phase 2 Sever authentication and key exchange
Phase 3 Client authentication and key exchange
Phase 4 Finish
The client sends a change Cipher Spec message and
copies the pending CipherSpec into the current
CipherSpec.
39
An Example
  • M1
  • ClientHello
  • ClientRandom28
  • Sugessted Cipher Suites
  • TLS_RSA_WITH_IDEA_CBC_SHA
  • TLS_RSA_WITH_DES_CBC_SHA
  • TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
  • Suggested Compression Algorithm none
  • M2
  • ServerHello
  • ServerRandom28
  • Use Cipher Suite
  • TLS_RSA_WITH_IDEA_CBC_SHA
  • Session ID 0x00372d4XS
  • Certificate
  • Subject
  • Public Key
  • Issuer
  • Subject
  • M3
  • A ClientKeyExchange RSA_Encrypt
  • B ChangeCipherSpec NONE
  • C Finished MD5(M1M2M3A) SHA (M1M2M3A)
  • M4
  • A ChangeCipherSpec NONE
  • B Finished MD5(M1M2M3AM3C) SHA
    (M1M2M3AM3C)

40
Firewalls
  • Firewall the general name for any security
    system protecting the boundary of an internal
    network.
  • Bastion host a computer system with strong
    security as it is exposed to the outside world.
  • Tasks of a firewall
  • AC based on sender or receiver addresses
  • AC based on the service requested
  • Hiding the internal network (topology, addresses,
    traffic)
  • Virus checking on incoming messages
  • Authentication based on source of traffic
  • Logging of Internet activities.

41
Packet Filtering
  • Operates as a router and makes decisions as to
    whether or not to pass a packet based on its
    source/destination addresses.
  • Source addresses
  • Destination addresses
  • Protocol
  • Connection
  • The gateway on the outside LAN protects against
    incoming packets. The gateway on the inside LAN
    protects against outgoing packets.

42
Proxy Servers
  • To implement policies based on user identities
    and hide information about the internal network
  • Another example of controlled invocation.
  • It intercepts the clients request and decides
    whether it is permitted according to its security
    rules.

43
Firewall Filtering
  • Firewall filtering can be done at diff. levels
  • TCP gateway checks all TCP connection requests
    and segment transmissions. TCP segments will be
    checked for correctness and may be routed to an
    application-level gateway for content checking.
  • Application-level filtering (proxy gateway)
    inspects the content of incoming/outgoing
    messages.
  • To prevent applets to be downloaded to the inside
    LAN, all Web traffic could be directed through a
    Web proxy gateway. The gateway accepts regular
    HTTP requests, but may discard certain
    requests/pages.

44
Firewall Configuration
  • A common implementation of a firewall.

45
Network Security Specialties
More Intruders
46
Three Classes of Intruders
  • Masquerader unauthorized user who penetrates a
    system exploiting a legitimate users account
    (outside)
  • Misfeasor - legitimate user who makes
    unauthorized accesses or misuses his privileges
    (inside)
  • Clandestine user - seizes supervisory control to
    evade auditing and access controls or suppress
    audit collection (insideoutside)

47
Intruders
  • Intruder attacks range from benign to serious
  • Benign intruders tolerable but consume resources
  • Difficult to know in advance the type of intruder
  • Really growing problem
  • globalization
  • the move to Client/Server architectures

48
Attack Sophistication vs.Intruder Technical
Knowledge
Auto Coordinated
Tools
Cross site scripting
stealth / advanced scanning techniques
High
Staged
packet spoofing
denial of service
distributed attack tools
sniffers
Intruder Knowledge
sweepers
www attacks
automated probes/scans
GUI
back doors
network mgmt. diagnostics
disabling audits
hijacking sessions
burglaries
Attack Sophistication
exploiting known vulnerabilities
password cracking
self-replicating code
password guessing
Low
2000
1980
1985
1990
1995
Source Carnegie Mellon University
49
Summary
  • Introduction
  • Authentication
  • Kerberos
  • DSSA/SPX
  • Network Security
  • TCP/IP Security
  • SSL/TLS
  • Firewalls
Write a Comment
User Comments (0)
About PowerShow.com