CS 425 / ECE 428 Distributed Systems Fall 2017

Similar documents
From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Digital Signatures. Secure Digest Functions

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cryptography and Network Security

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Verteilte Systeme (Distributed Systems)

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

What did we talk about last time? Public key cryptography A little number theory

Public-Key Infrastructure NETS E2008

06/02/ Local & Metropolitan Area Networks. 0. Overview. Terminology ACOE322. Lecture 8 Network Security

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Diffie-Hellman. Part 1 Cryptography 136

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Outline Key Management CS 239 Computer Security February 9, 2004

Kurose & Ross, Chapters (5 th ed.)

Security in ECE Systems

1 Identification protocols

Network Security. Chapter 8. MYcsvtu Notes.

Introduction and Overview. Why CSCI 454/554?

UNIT - IV Cryptographic Hash Function 31.1

Overview. SSL Cryptography Overview CHAPTER 1

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Prof. Shervin Shirmohammadi SITE, University of Ottawa. Security Architecture. Lecture 13: Prof. Shervin Shirmohammadi CEG

Security. Alessandro Margara Slides based on previous work by Matteo Migliavacca and Alessandro Sivieri

Information Security CS 526

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

CS3235 Seventh set of lecture slides

Cryptography and Network Security Chapter 14

CS 161 Computer Security

Cryptography III. Public-Key Cryptography Digital Signatures. 2/1/18 Cryptography III

Data Security and Privacy. Topic 14: Authentication and Key Establishment

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Lecture 7 - Applied Cryptography

CT30A8800 Secured communications

Authentication Part IV NOTE: Part IV includes all of Part III!

Chapter 9: Key Management

Cryptography (Overview)

Ref:

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Public-key Cryptography: Theory and Practice

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Using Cryptography CMSC 414. October 16, 2017

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

14. Internet Security (J. Kurose)

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Public-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Network Security Chapter 8

CYBER SECURITY MADE SIMPLE

2.1 Basic Cryptography Concepts

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

1.264 Lecture 28. Cryptography: Asymmetric keys

4:40pm - 6:10pm (90 min)

Datasäkerhetsmetoder föreläsning 7

Introduction to Modern Cryptography. Benny Chor

CCNA Security 1.1 Instructional Resource

Digital signatures: How it s done in PDF

Cryptography (DES+RSA) by Amit Konar Dept. of Math and CS, UMSL

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Cryptographic Protocols 1

ISACA CISA. ISACA CISA ( Certified Information Systems Auditor ) Download Full Version :

Public Key Cryptography and the RSA Cryptosystem

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Key management. Pretty Good Privacy

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

CRYPTOGRAPHY & DIGITAL SIGNATURE

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

EEC-682/782 Computer Networks I

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Crypto meets Web Security: Certificates and SSL/TLS

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Key Management and Distribution

ECE 646 Lecture 3. Key management

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptographic Checksums

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Distributed Systems Principles and Paradigms

Authenticating People and Machines over Insecure Networks

Lecture 2 Applied Cryptography (Part 2)

CS 161 Computer Security

Public Key Algorithms

Introduction to Cryptography. Ramki Thurimella

HOST Authentication Overview ECE 525

Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

Cryptography and Network Security

Course Administration

An Introduction to How PGP Works

Security. Communication security. System Security

Authentication and Secure Communication. Jeff Chase Duke University

Chapter 10 Security Protocols

Authentication and Secure Communication. Exhibit A. The First Axiom of Security. Trusted vs. Trustworthy (NSA) technology. people

Encryption. INST 346, Section 0201 April 3, 2018

Transcription:

CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy) Dec 5, 2017 Lecture 27: Security All slides IG

Security Threats Leakage Unauthorized access to service or data E.g., Someone knows your bank balance Tampering Unauthorized modification of service or data E.g., Someone modifies your bank balance Vandalism Interference with normal service, without direct gain to attacker E.g., Denial of Service attacks 2

Common Attacks Eavesdropping Attacker taps into network Masquerading Attacker pretends to be someone else, i.e., identity theft Message tampering Attacker modifies messages Replay attack Attacker replays old messages Denial of service: bombard a port 3

Addressing the Challenges: CIA Properties Confidentiality Protection against disclosure to unauthorized individuals Addresses Leakage threat Integrity Protection against unauthorized alteration or corruption Addresses Tampering threat Availability Service/data is always readable/writable Addresses Vandalism threat 4

Policies vs. Mechanisms Many scientists (e.g., Hansen) have argued for a separation of policy vs. mechanism A security policy indicates what a secure system accomplishes A security mechanism indicates how these goals are accomplished E.g., Policy: in a file system, only authorized individuals allowed to access files (i.e., CIA properties) Mechanism: Encryption, capabilities, etc. 5

Mechanisms: Golden A s Authentication Is a user (communicating over the network) claiming to be Alice, really Alice? Authorization Yes, the user is Alice, but is she allowed to perform her requested operation on this object? Auditing How did Eve manage to attack the system and breach defenses? Usually done by continuously logging all operations. 6

Designing Secure Systems Don t know how powerful attacker is When designing a security protocol need to 1. Specify Attacker Model: Capabilities of attacker (Attacker model should be tied to reality) 2. Design security mechanisms to satisfy policy under the attacker model 3. Prove that mechanisms satisfy policy under attacker model 4. Measure effect on overall performance (e.g., throughput) in the common case, i.e., no attacks 7

Next Basic Cryptography 8

Basic Security Terminology Principals: processes that carry out actions on behalf of users Alice Bob Carol Dave Eve (typically evil) Mallory (typically malicious) Sara (typically server) 9

Keys Key = sequence of bytes assigned to a user Can be used to lock a message, and only this key can be used to unlock that locked message 10

Encryption Message (sequence of bytes) + Key à (Encryption) à Encoded message (sequence of bytes) Encoded Message (sequence of bytes) + Key à (Decryption) à Original message (sequence of bytes) No one can decode an encoded message without the key 11

Two Cryptography Systems I. Symmetric Key systems: K A = Alice s key; secret to Alice K AB = Key shared only by Alice and Bob Same key (K AB ) used to both encrypt and decrypt a message E.g., DES (Data Encryption Standard): 56 b key operates on 64 b blocks from the message 12

Two Cryptography Systems (2) II. Public-Private Key systems: K Apriv = Alice s private key; known only to Alice K Apub = Alice s public key; known to everyone Anything encrypted with K Apriv can be decrypted only with K Apub Anything encrypted with K Apub can be decrypted only with K Apriv RSA and PGP fall into these category RSA = Rivest Shamir Adleman PGP = Pretty Good Privacy Keys are several 100s or 1000s of b long Longer keys => harder for attackers to break Public keys maintained via PKI (Public Key Infrastructure) 13

Public-Private Key Cryptography If Alice wants to send a secret message M that can be read only by Bob Alice encrypts it with Bob s public key K Bpub (M) Bob only one able to decrypt it K Bpriv (K Bpub (M)) = M Symmetric too, i.e., K Apub (K Apriv (M)) = M 14

Shared/Symmetric vs. Public/Private Shared keys reveal too much information Hard to revoke permissions from principals E.g., group of principals shares one key à want to remove one principal from group à need everyone in group to change key Public/private keys involve costly encryption or decryption At least one of these 2 operations is costly Many systems use public/private key system to generate shared key, and use latter on messages 15

Next How to use cryptography to implement I. Authentication II. Digital Signatures III. Digital Certificates 16

I. Authentication Two principals verify each others identities Two flavors Direct authentication: directly between two parties Indirect authentication: uses a trusted thirdparty server Called authentication server E.g., A Verisign server 17

Direct Authentication Using Shared Key Alice (has K AB ) A K AB (R B ) R A = Nonce = random number Alice knows Bob is Bob Time Bob (has K AB ) R B = Nonce = random number Bob calculates K AB (R B ) and matches with reply. Alice is the only one who could have replied correctly. K AB (R A ) 18

Why Not Optimize Number of Messages? Alice A, R A Alice knows Bob is Bob K AB (R B ) Time Bob R B, K AB (R A ) Bob calculates K AB (R B ) and matches with reply. Alice is the only one who could have replied correctly. 19

Unfortunately, This Subject to Replay Attack Eve starts 1 Eve st session (Malicious) A, R A Eve starts 2 nd session A, R B Eve finishes 1 st session K AB (R B ) Time R B, K AB (R A ) R B2, K AB (R B ) Bob Bob calculates K AB (R B ) and matches with reply. Bob thinks Eve is Alice. 20

Indirect Authentication Using Authentication Server and Shared Keys Alice A, B A, K B,AS (K A,B ) Time Bob AS K A,AS (K A,B ), K B,AS (K A,B ) = A Ticket Alice and Bob only ones who can decrypt portions of the ticket and obtain K A,B 21

II. Digital Signatures Just like real signatures Authentic, Unforgeable Verifiable, Non-repudiable To sign a message M, Alice encrypts message with her own private key Signed message: [M, K Apriv (M)] Anyone can verify, using Alice s public key, that Alice signed it To make it more efficient, use a one-way hash function, e.g., SHA-1, MD-5, etc. Signed message: [M, K Apriv (Hash(M))] Efficient since hash is fast and small; don t need to encrypt/decrypt full message 22

III. Digital Certificates Just like real certificates Implemented using digital signatures Digital Certificates have Standard format Transitivity property, i.e., chains of certificates Tracing chain backwards must end at trusted authority (at root) 23

Example: Alice s Bank Account 1. Certificate Type: Account 2. Name: Alice 3. Account number: 12345 Alice 4. Certifying Authority: Charlie s Bank 5. Signature K Cpriv (Hash(Name+Account number)) Charlie 24

Charlie s Bank, in Turn has another Certificate 1. Certificate Type: Public Key 2. Name: Charlie s Bank Alice Charlie Banker s Fed 3. Public Key: K Cpub 4. Certifying Authority: Banker s Federation 5. Signature K Fpriv (Hash(Name+Public key)) 25

Banker s Federation, Has Another Certificate From the Root Server 1. Certificate Type: Public Key 2. Name: Banker s Federation 3. Public Key: K Fpub 4. Certifying Authority: Verisign 5. Signature Alice K verisign priv (Hash(Name+Public key)) Charlie Banker s Fed Verisign 26

IV. Authorization Access Control Matrix For every combination of (principal,object) say what mode of access is allowed May be very large (1000s of principals, millions of objects) May be sparse (most entries are no access ) Access Control Lists (ACLs) = per object, list of allowed principals and access allowed to each Maintained at server Capability Lists = per principal, list of files allowed to access and type of access allowed Could split it up into capabilities, each for a different (principal,file) Can be handed (like certificates) to clients 27

Security: Summary Security Challenges Abound Lots of threats and attacks CIA Properties are desirable policies Encryption and decryption Shared key vs Public/private key systems Implementing authentication, signatures, certificates Authorization 28

Announcements HW4 due this Thursday at start of class Next Tuesday lecture: wrap up. 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback