Distributed Systems Security Overview Douglas C. Sicker Assistant Professor Department of Computer Science and Interdisciplinary Telecommunications Program
Mar 31, 2015
Distributed SystemsSecurity Overview
Douglas C. SickerAssistant Professor
Department of Computer Science and Interdisciplinary Telecommunications Program
Network Security
• What we’ll cover:– What is network security?– What are the goals?– What are the threats?– What are the solutions?– How do they operate?
• This is a lot of info and it might take a few reads to stick.
Network Security
• Some issues with the book…• Assumes malicious intent as the reason for
needing security.– Is this valid?
• Focus on the protocols (not surprising) – However, the real problems with security are mostly
outside of the technical space (see the Economist articles).
– What else should we consider? • For example, more depth on security models, security policy,
assurance, insurance, risk assessment…
– Lastly, keep in mind that even the best protocols can be misapplied.
Network Security
• What do we seek?– Confidentially– Integrity– Availability– Non-repudiation– Accounting
• Mnemonic CIA
• Let’s start with some general threats– Leakage– Tampering– Vandalism
Network Security
• Attacks– Guessing passwords– Exploiting program operation– Intercepting messages– Message replay – Birthday attack– Overloading resources (DDoS)
• What’s the easy method of attack?
Network Security
Secure design • It’s a bit of a fallacy, even formal models fail
– Why?• There was early work in secure OS.
– What do you think derailed this work?• Often the goal is to avoid disasters and minimize
problems• What’s the threat, what’s the attack and how do we
avoid it?• Some things to consider
– What’s it worth?– What’s it timeliness?
Network SecurityCryptology, Cryptography, Cryptanalysis• Encryption• Decryption• What’s a key?
– Secret– Private– Public
• Some uses of cryptographic methods – Secrecy – Authentication– Signature
Network Security
Some Important Notation• Ka• Kab• Kapriv• Kapub• M• {M}K• [M]K• n • H
Some Characters•Alice and Bob•Eve•Mallory •Sue or Sara
Network Security
Secrecy and integrity (shared secret)A MA E(Kab,M)A:B {M}KabB D(Kab,M)
Problems:
Network SecurityAuthentication (shared secrets)
Ticket –An encrypted item generally provided by an authentication server that contains an identity and a shared key generated for that session.
1. A:S request a ticket to talk to B2. S:A {{ticket}Kb, Kab}Ka
Ticket ={Kab, Alice}3. A:B {Ticket}Kb, Alice, R
Problems?
Network Security
Secrecy and authentication (Public Keys)1. A obtains Kbpub
2. A:B keyname, {Kab}Kbpub
3. B decrypts with Kbpriv
4. Now A and B can use Kab
This is actually a hybrid technique. (why?)
Problems?
Network Security
Digital Signature• A verification that a message has not been
altered.• Generally, the DS is on a digest, not the whole
message– A Digest is a fixed length value computed by a hash
function
1. A creates a digest Digest (M)2. A:B M, {Digest
(M)}Kapriv3. B uses Kapub to decrypt
B now computes digest on M and compares
Network Security
• Certificate– A document signed by a trusted principal
• Certificate Chain– A hierarchy of trust
• Requirements of certificates– Standardized format– Agreed chain construction– Problem: revocation (somewhat solved with
expiry dates)
Figure 7.5Public-key certificate for Bob’s Bank
1. Certificate type: Public key
2. Name: Bob’s Bank
3. Public key: KBpub
4. Certifying authority: Fred – The Bankers Federation
5. Signature: {Digest(field 2 + field 3)}KFpriv
Network Security
• Access control– Process of deciding whether to allow a principal to
carry out an operation or a certain resource.
• Protection Domain– Abstraction indicating the rights and resources– Really just a set of processes that share access to a
resource.– Implemented by capabilities and ACL
• Credentials – Set of evidence provided by a principal– Delegation – giving authority to another principal
Network Security
Cryptographic algorithms• Block ciphers
– message is divided into blocks, encrypted and sent– Problem: repeating patterns
• Cipher Block Chaining (CBC)– Combine plaintext with previous cipher text (XOR)– Problem: beginning or trailing repetition (solution?)
• Stream cipher – Used with realtime communication– Bit by bit encryption– Keystream generator (obscure data)
Figure 7.6Cipher block chaining
n
n+3 n+2 n+1 XOR
E(K, M)
n-1n-2n-3
plaintext blocks
ciphertext blocks
Decryption?
Network Security• Shannon
– The E– Confusion (obscure) – Diffusion (randomize)
• Symmetric Algorithms– TEA– DES– IDEA– AES
• Asymmetric Algorithms– RSA– Diffie Hellman
Network Security
Cryptographic algorithmsSecret key (Symmetric)
D (K, E(K,M)) = MIf you know M and {M}K, a brute force attack takes 2n-1 (average)2n (maximum)
Public/private key (Asymmetric)Involves a trapdoor or secret exit Generally a mathematical concept– Product of 2 large primes (easy), Factoring that product (hard) – Function of a curve
Figure 7.10 TEA in usevoid tea(char mode, FILE *infile, FILE *outfile, unsigned long k[]) {/* mode is ’e’ for encrypt, ’d’ for decrypt, k[] is the key.*/
char ch, Text[8]; int i;while(!feof(infile)) {
i = fread(Text, 1, 8, infile); /* read 8 bytes from infile into Text */if (i <= 0) break;while (i < 8) { Text[i++] = ' ';} /* pad last block with spaces */switch (mode) {case 'e':
encrypt(k, (unsigned long*) Text); break;case 'd':
decrypt(k, (unsigned long*) Text); break;}fwrite(Text, 1, 8, outfile); /* write 8 bytes from Text to outfile */
}}
Figure 7.9TEA decryption function
void decrypt(unsigned long k[], unsigned long text[]) {unsigned long y = text[0], z = text[1];unsigned long delta = 0x9e3779b9, sum = delta << 5; int n;for (n= 0; n < 32; n++) {
z -= ((y << 4) + k[2]) ^ (y + sum) ^ ((y >> 5) + k[3]);y -= ((z << 4) + k[0]) ^ (z + sum) ^ ((z >> 5) + k[1]);sum -= delta;
}text[0] = y; text[1] = z;
}
Network Security
Digital Signature– Authenticate– Unforgeable– Nonrepudiation
=>Bind identity to documentTwo mechanisms
– Digital signature (Private or public)– Digital function (Secure hash)
Digital signatures with public keys
{h}Kpri
M
Signing
Verifying
E(Kpri , h)
128 bits
H(M) h
M
hH(doc)
D(Kpub ,{h}) {h}Kpri h'
h = h'?
M
signed doc
1. A generates Kapub and Kapriv (Makes Kapub available)
2. A computes digest M => H(M); S= {H(M)}Kapriv
3. A:B M, S
4. B decrypts S with Kapub => H(M); computes H(M) and compares
Low-cost signatures with a shared secret keyM
Signing
Verifying
H(M+K) h
h'H(M+K)
h
h = h'?
K
M
signed doc
M
K
1. A generates K; sends it to B (securely)
2. A computes h=H(M+K)
3. A:B M,h
4. B computes H(M+K) and compares
Network Security
Characteristics of a Secure Digest Function1. Given M, it is easy to compute h
2. Given h, it is hard to compute M
3. Given H(M), it should be very hard to find H(M)=H(M1)
MD5 and SHA are examples of secure digests
Network Security
Certificate standards and authorities• X.509
– provides the standard format; binds public key to a subject based on a trusted signature
– Includes a validity period
• Certificate Authority– Provided by a certificate authority– Verisign …
Network Security
Pragmatics• Review the book for info on performance of
protocols• Politics of security are quite messy
– Government resistance• International front• Criminal front
– Many issues to consider, even as a technologist– Corporate drivers versus Government (national and
public safety drivers)– Corporate and government versus civil liberties
Figure 7.15The Needham–Schroeder secret-key
authentication protocolHeader Message Notes
1. A->S: A, B, NAA requests S to supply a key for communicationwith B.
2. S->A: {NA , B, KAB,
{KAB, A}KB}KA
S returns a message encrypted in A’s secret key,containing a newly generated key KAB and a‘ticket’ encrypted in B’s secret key. The nonce NA demonstrates that the message was sent in responseto the preceding one. A believes that S sent themessage because only S knows A’s secret key.
3. A->B: A sends the ‘ticket’ to B.
4. B->A: B decrypts the ticket and uses the new key KAB toencrypt another nonce NB.
5. A->B: A demonstrates to B that it was the sender of theprevious message by returning an agreedtransformation of NB.
{KAB, A}KB
{NB}KAB
{NB - 1}KAB
Figure 7.16System architecture of Kerberos
ServerClient
DoOperation
Authenticationdatabase
Loginsession setup
Ticket-granting
service T
Kerberos Key Distribution Centre
Serversession setup
Authen-tication
service A1. Request for
TGS ticket
2. TGSticket
3. Request forserver ticket
4. Server ticket5. Service request
Request encrypted with session key
Reply encrypted with session key
Servicefunction
Step B
Step A
Step C
C S
Network Security
Kerberos -MIT extension of N&S1. C:A C,T,n
2. A:C {Kct,n}Kc, {ticket(C,T)}Kt
{ticket(C,T)}Kt = {C,T,t1,t2,Kct}Kt
3. C:T {auth(C)}Kct, {ticket(C,T)}Kt, S, n
{auth(C)}Kct = {C,t}Kct
4. T:C {Kcs,n}Kct, {ticket(C,S)}Ks
5. C:S {auth(C)}Kcs, {(ticket(C,S)}Ks, request, n
6. S:C {n}Kcs, reply