CS542: Topics in Distributed Systems - PowerPoint PPT Presentation

About This Presentation
Title:

CS542: Topics in Distributed Systems

Description:

CS542: Topics in Distributed Systems Security – PowerPoint PPT presentation

Number of Views:153
Avg rating:3.0/5.0
Slides: 42
Provided by: Mehd4
Category:

less

Transcript and Presenter's Notes

Title: CS542: Topics in Distributed Systems


1
CS542 Topics inDistributed Systems
Security
2
Why are Distributed Systems insecure?
  • Distributed component rely on messages sent and
    received from network.
  • Is network (especially WAN networks) secure?
  • Packets can be intercepted and modified at
    network layer!
  • Is client component secure?
  • Is client component who it claims to be?
  • Are users of calling components really who they
    claim to be?

3
Security Threats
  • Leakage An unauthorized party gains access to a
    service or data.
  • Attacker obtains knowledge of a withdrawal or
    account balance, e.g., via eavesdropping
  • Tampering Unauthorized change of data,
    tampering with a service
  • Attacker changes the variable holding your
    personal data
  • Vandalism Interference with proper operation,
    without gain to the attacker
  • Attacker does not allow any transactions to your
    account
  • E.g., DOSdenial of service

4
How Attacks are Carried Out
  • Attacks on Communication Channel / Network
  • Eavesdropping Obtaining copies of messages
    without authority.
  • Masquerading Sending or receiving messages
    with the identity of another principal (user or
    corporation). Identity theft.
  • Message tampering Intercepting messages and
    altering their contents before passing them onto
    the intended recipient.
  • Replaying Intercepting messages and sending
    them at a later time.
  • Denial of Service Attack flooding a channel or
    other resources (e.g., port) with messages.

5
Addressing the Challenges
  • Leakage An unauthorized party gains access to a
    service or data.
  • Confidentiality protection against disclosure
    to unauthorized individuals.
  • Tampering Unauthorized change of data,
    tampering with a service
  • Integrity protection against alteration or
    corruption.
  • Vandalism Interference with proper operation,
    without gain to the attacker
  • Availability protection against interference
    with the means to access the resources.

6
Security Requirements
  • Authentication ensures that sender and receiver
    are who they are claiming to be
  • Data integrity ensure that data is not changed
    from source to destination
  • Confidentiality ensures that data is read only
    by authorized users
  • Non-repudiation ensures that the sender has
    strong evidence that the receiver has received
    the message, and the receiver has strong evidence
    of the sender identity. The sender cannot deny
    that it has sent the message and the receiver
    cannot deny that it has received the message

7
Security Policies Mechanisms
  • A Security Policy indicates which actions each
    entity (user, data, service) is allowed or
    prohibited to take.
  • E.g., Only an owner is allowed to make
    transactions to his account.
  • A Security Mechanism implements and enforces the
    policy

8
Security Mechanisms
  • Encryption / decryption transforming data into
    something an attacker cannot understand and
    vice-versa, i.e., providing a means to implement
    confidentiality, as well as allowing user to
    check whether data have been modified.
  • Authentication verifying the claimed identity of
    a subject, such as user name, password, etc.
  • Authorization checking whether the subject has
    the right to perform the action requested. verify
    access rights of principal for resource.
  • Auditing tracing which subjects accessed what,
    when, and which way. In general, auditing does
    not provide protection, but can be a tool for
    analysis of problems. Mainly an offline analysis
    tool, often ex-post.

9
Designing Secure Systems
  • Need to make worst-case assumptions about
    attackers
  • exposed interfaces, insecure networks, algorithms
    and program code available to attackers,
    attackers may be computationally very powerful
  • Typically design system to withstand a known set
    of attacks (Attack Model or Attacker Model)
  • Tradeoff between security and performance impact
  • Designing Secure Systems
  • Traditionally done as a layer on top of existing
    protocols.
  • Three phases
  • Design security protocol
  • Analyze Protocol Behavior when under attacks
  • Measure effect on overall performance if there
    were no attacks (the common-case)

10
Familiar Names in the Security Literature
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Third Edition.
11
Notational Conventions
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Third Edition.
12
Cryptographic Terminology
  • Plain text the message before encryption.
  • Cipher text the message after encryption.
  • Key information needed to convert from plain
    text to cipher text (or vice-versa).
  • Function the encryption or decryption algorithm
    used, in conjunction with key, to encrypt or
    decrypt message.
  • Key distribution How to distribute keys between
    senders and receivers

13
Requirements for modern cryptography
  • Kerkhoffs principle knowledge of encryption
    algorithm should not be an advantage
  • With computers a brute force attempt is possible,
    i.e. try every possible substitution until a
    valid message is produced.
  • Computers are good at this, modern schemes must
    be computationally hard to solve to remain
    secure.
  • 15 May 1973 American National Bureau of standards
    requests proposals for encryption standard
  • Data Encryption Standard, DES, developed.
    Standard describes DEA, Data Encryption Algorithm
  • Since November 26, 2001, theres AES, based on
    Rijndael

14
Cryptography
  • Encoding (encryption) of a message that can only
    be read (decryption) by a key.
  • In shared key cryptography (symmetric
    cryptography) the sender and the recipient know
    the key, but no one else does.
  • E.g., DES (Data Encryption Standard) 56 b key
    operates on 64 b blocks of data. Notation KAB
    (M).
  • How do Alice and Bob get the shared key KAB to
    begin with?
  • In public/private key pairs messages are
    encrypted with a published public key, and can
    only be decrypted by a secret private decryption
    key.
  • E.g., RSA / PGP keys at least 512 b long

Code for E D is open-source (hence known to
attacker)
D(K, MK)M
E(K,M)MK
MK
Bob
Alice
Decryption
Encryption
Plain Text (M)
Decryption KBpriv, D
Plain Text (M)
Encryption KBpub, E
15
Cryptography
  • Shared versus public/private
  • Shared reveals information to too many
    principles may need key distribution and
    revocation/repudiation mechanisms
  • In electronic commerce or wide area applications,
    public/private key pairs are preferred to shared
    keys.
  • Public/private key encrypt/decrypt ops are costly
  • May use hybrid pub/pri generates a shared key.
  • Presentation of many next few protocols
    independent of which keying scheme, viz., shared
    or pub/priv

16
Symmetric Key
  • Both the sender and the receiver use the same
    secret keys

Plaintext
Plaintext
Internet
Encrypt with secret key
Decrypt with secret key
Ciphertext
17
DES/AES Symmetric Encryption
  • One key is used to both encrypt and decrypt data
  • Encryption and decryption functions are often
    chosen to be the same
  • Security should not be compromised by making
    function well-known as security comes from secret
    keys

18
DES/AES Using Secret Keys
  • Sender and recipient exchange keys through some
    secure, trusted, non-network based means.
  • Sender encodes message using function and sends,
    knowing that only the holder of the key (the
    intended recipient) can make sense of it.
  • Recipient decodes message knows that only a
    key-holding sender could have generated it.
  • Message can be captured but is of no use.

19
Data Encryption Standard (DES)
  • DES encrypts a 64-bit block of plain text using a
    56-bit key
  • Three phases
  • Permute the 64 bits in the block
  • Apply a given operation 16 times on the 64 bits
  • Permute the 64 bits using the inverse of the
    original permutation

1st phase IP(input)
Round 1
.
.
.
key
2nd phase
Round 16
3rd phase IP-1(input)
20
Initial Permutation (IP)
  • IP bit 58 of input becomes 1st bit, bit 50
    becomes 2nd bit, etc

58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62
54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49
41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53
45 37 29 21 13 5 63 55 47 39 31 23 15 7
  • IP-1 inverse of IP, e.g., IP(1) 58, IP-1 (58)
    1

40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38
6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4
44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42
10 50 18 58 26 33 1 41 9 49 17 57 25
21
2nd Phase Operation in each round
0
  • 16 rounds
  • Each round i select a 48 bit key Ki from the
    original 56 bit key K. Perform (F is a given
    function)

63
63
32
31
0
Li-1
Ri-1
Ki
F

Li
Ri
22
Discussion of DES
  • Even through the DES algorithm is well known, but
    the key or cipher is difficult to break using
    analytical methods.
  • Using a brute-force attack by simply searching
    for a key is possible. However, for 56-bit key,
    there are 256 possible key combinations, if we
    could search one key in 1 µs, then we need 2283
    years to try all keys. (Distributed.net broke a
    DES-56 within 22 hours and 15 minutes, by using
    100,000 PCs).
  • Use 3DES (K1, K2, K3), or DES-128 for high
    security.

23
Encrypting Larger Messages
  • Initialization Vector (IV) is a random number
    generated by sender and sent together with the
    ciphertext

Block1
Block2
Block3
Block4
IV




DES
DES
DES
DES
Cipher1
Cipher2
Cipher3
Cipher4
24
Cipher block chaining (CBC)
  • Each plaintext block is combined with the
    preceding ciphertext block using XOR
  • i.e., ciphertextn1 plaintextn1 ? ciphertextn
  • For decryption, the opposite is done, since XOR
    is idempotent, it works.
  • Weaknesses if the same message is sent to
    multiple locations, theyll be the same and the
    attacker may infer.
  • To add different piece of plaintext at the
    beginning of each message

25
A Scheme of Cipher Block Chaining
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Third Edition.
26
Stream ciphers
  • CBC is inappropriate for some apps., e.g.,
    encryption of telephone conversations
  • gt Stream ciphers solve this problem
  • Main idea is to construct a keystream generator.
  • Its analogous to adding noise to the system

27
A Stream Cipher
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Third Edition.
28
DES Properties
  • Provide confidentiality
  • No mathematical proof, but practical evidence
    suggests that decrypting a message without
    knowing the key requires exhaustive search
  • To increase security use triple-DES, i.e.,
    encrypt the message three times

29
Secret Key Encryption
  • Disadvantage Number of keys needed increases
    quadratically by number of objects (one key per
    pair of communicating objects)
  • Another problem with private key
  • Key distribution
  • Public Key (Asymmetric) Encryption overcomes
    these problem

30
Public-Key Cryptosystems RSA
  • Asymmetric algorithm a private and a public key
    are used
  • First proposed by Diffie and Hellman
  • Basis Trap-door functions
  • Are special type of one-way-functions that has a
    secret exit, it is easy to compute it in one-way
    but it is infeasible to compute the inverse if
    the secret is unknown
  • Two keys, Ke and Kd
  • D(Kd, E(Ke, M)) M
  • RSA (Rivest, Shamir, and Adelman) Algorithm

31
Public-Key Cryptography RSA (Rivest, Shamir,
Adleman)
  • Sender uses a public key
  • Advertised to everyone
  • Receiver uses a private key

Plaintext
Plaintext
Internet
Encrypt with public key
Decrypt with private key
Ciphertext
32
Asymmetric Encryption
  • Gives 'one-way' security.
  • Two keys generated, one used with decryption
    algorithm (private key) and one with encryption
    algorithm (public key).
  • Generation of private key, given public key is
    computationally hard.
  • Does not need secure key transmission mechanism
    for key distribution.

33
Asymmetric Encryption Using Public Keys
  • Recipient generates key pair.
  • Public key is published by trusted service.
  • Sender gets public key, and uses it to encode
    message.
  • Recipient decrypts message with its private key.
  • Replies can be encoded using senders public key
    from the trusted distribution service.
  • Message can be captured but is of no use.

34
RSA Algorithm
  • Generating the private and public key requires
    four steps
  • Choose two very large prime numbers, p and q
  • Compute n p x q and z (p 1) x (q 1)
  • Choose a number d that is relatively prime to z
  • Compute the number e such that e x d 1 mod z

35
Generating Public and Private Keys
  • Public key consist of pair (n, e)
  • Private key consists of pair (n, d)

36
RSA Encryption and Decryption
  • Encryption of message block m
  • c me mod n
  • Decryption of ciphertext c
  • m cd mod n

37
Example (1/2)
  • Choose p 7 and q 11 ? n pq 77
  • Compute encryption key e (p-1)(q-1) 610 60
    ? chose e 13 (13 and 60 are relatively prime
    numbers)
  • Compute decryption key d such that 13d 1 mod
    60 ? d 37 (3713 481)

38
Example (2/2)
  • n 77 e 13 d 37
  • Send message block m 7
  • Encryption c me mod n 713 mod 77 35
  • Decryption m cd mod n 3537 mod 77 7

39
Properties
  • Confidentiality
  • A receiver B computes n, e, d, and sends out (n,
    e)
  • Everyone who wants to send a message to A uses
    (n, e) to encrypt it
  • How difficult is to recover d ? (Someone that can
    do this can decrypt any message sent to B!)
  • Recall that
  • d is relatively prime to (p-1)(q-1)
  • So to find d, you need to find prime factors p
    and q
  • This is provably very difficult

40
Public Key Encryption
  • Transmission of message is secure
  • as only B has the matching private key to decrypt
    message
  • Differences between public and secret key
  • One pair of keys generated for every object, so
    number of keys is linear to number of objects
  • Because different functions
  • use of public keys is more complicated for reply
    messages. A must generate pair of keys and
    publish its public key, which B acquires to
    encrypt reply message

41
Pretty Good Privacy
  • Public Key encryption used in PGP
  • Generally available, and can be used for
  • encryption of messages
  • digital signatures.
  • PGP combines DES and RSA
  • DES fast, but symmetric, hence key distribution
    problem
  • RSA slower, but no key distribution problem
  • Solution Use RSA to encrypt and distribute key
    for DES encryption!!!
Write a Comment
User Comments (0)
About PowerShow.com