Distributed Systems Security Overview Douglas C. Sicker Assistant Professor Department of Computer Science and Interdisciplinary Telecommunications Program.

Distributed SystemsSecurity Overview

Douglas C. SickerAssistant Professor

Department of Computer Science and Interdisciplinary Telecommunications Program

Network Security

• What we’ll cover:– What is network security?– What are the goals?– What are the threats?– What are the solutions?– How do they operate?

• This is a lot of info and it might take a few reads to stick.

Network Security

• Some issues with the book…• Assumes malicious intent as the reason for

needing security.– Is this valid?

• Focus on the protocols (not surprising) – However, the real problems with security are mostly

outside of the technical space (see the Economist articles).

– What else should we consider? • For example, more depth on security models, security policy,

assurance, insurance, risk assessment…

– Lastly, keep in mind that even the best protocols can be misapplied.

Network Security

• What do we seek?– Confidentially– Integrity– Availability– Non-repudiation– Accounting

• Mnemonic CIA

• Let’s start with some general threats– Leakage– Tampering– Vandalism

Network Security

• Attacks– Guessing passwords– Exploiting program operation– Intercepting messages– Message replay – Birthday attack– Overloading resources (DDoS)

• What’s the easy method of attack?

Network Security

Secure design • It’s a bit of a fallacy, even formal models fail

– Why?• There was early work in secure OS.

– What do you think derailed this work?• Often the goal is to avoid disasters and minimize

problems• What’s the threat, what’s the attack and how do we

avoid it?• Some things to consider

– What’s it worth?– What’s it timeliness?

Network SecurityCryptology, Cryptography, Cryptanalysis• Encryption• Decryption• What’s a key?

– Secret– Private– Public

• Some uses of cryptographic methods – Secrecy – Authentication– Signature

Network Security

Some Important Notation• Ka• Kab• Kapriv• Kapub• M• {M}K• [M]K• n • H

Some Characters•Alice and Bob•Eve•Mallory •Sue or Sara

Network Security

Secrecy and integrity (shared secret)A MA E(Kab,M)A:B {M}KabB D(Kab,M)

Problems:

Network SecurityAuthentication (shared secrets)

Ticket –An encrypted item generally provided by an authentication server that contains an identity and a shared key generated for that session.

1. A:S request a ticket to talk to B2. S:A {{ticket}Kb, Kab}Ka

Ticket ={Kab, Alice}3. A:B {Ticket}Kb, Alice, R

Problems?

Network Security

Secrecy and authentication (Public Keys)1. A obtains Kbpub

2. A:B keyname, {Kab}Kbpub

3. B decrypts with Kbpriv

4. Now A and B can use Kab

This is actually a hybrid technique. (why?)

Problems?

Network Security

Digital Signature• A verification that a message has not been

altered.• Generally, the DS is on a digest, not the whole

message– A Digest is a fixed length value computed by a hash

function

1. A creates a digest Digest (M)2. A:B M, {Digest

(M)}Kapriv3. B uses Kapub to decrypt

B now computes digest on M and compares

Network Security

• Certificate– A document signed by a trusted principal

• Certificate Chain– A hierarchy of trust

• Requirements of certificates– Standardized format– Agreed chain construction– Problem: revocation (somewhat solved with

expiry dates)

Figure 7.5Public-key certificate for Bob’s Bank

1. Certificate type: Public key

2. Name: Bob’s Bank

3. Public key: KBpub

4. Certifying authority: Fred – The Bankers Federation

5. Signature: {Digest(field 2 + field 3)}KFpriv

Network Security

• Access control– Process of deciding whether to allow a principal to

carry out an operation or a certain resource.

• Protection Domain– Abstraction indicating the rights and resources– Really just a set of processes that share access to a

resource.– Implemented by capabilities and ACL

• Credentials – Set of evidence provided by a principal– Delegation – giving authority to another principal

Network Security

Cryptographic algorithms• Block ciphers

– message is divided into blocks, encrypted and sent– Problem: repeating patterns

• Cipher Block Chaining (CBC)– Combine plaintext with previous cipher text (XOR)– Problem: beginning or trailing repetition (solution?)

• Stream cipher – Used with realtime communication– Bit by bit encryption– Keystream generator (obscure data)

Figure 7.6Cipher block chaining

n

n+3 n+2 n+1 XOR

E(K, M)

n-1n-2n-3

plaintext blocks

ciphertext blocks

Decryption?

Network Security• Shannon

– The E– Confusion (obscure) – Diffusion (randomize)

• Symmetric Algorithms– TEA– DES– IDEA– AES

• Asymmetric Algorithms– RSA– Diffie Hellman

Network Security

Cryptographic algorithmsSecret key (Symmetric)

D (K, E(K,M)) = MIf you know M and {M}K, a brute force attack takes 2n-1 (average)2n (maximum)

Public/private key (Asymmetric)Involves a trapdoor or secret exit Generally a mathematical concept– Product of 2 large primes (easy), Factoring that product (hard) – Function of a curve

Figure 7.10 TEA in usevoid tea(char mode, FILE *infile, FILE *outfile, unsigned long k[]) {/* mode is ’e’ for encrypt, ’d’ for decrypt, k[] is the key.*/

char ch, Text[8]; int i;while(!feof(infile)) {

i = fread(Text, 1, 8, infile); /* read 8 bytes from infile into Text */if (i <= 0) break;while (i < 8) { Text[i++] = ' ';} /* pad last block with spaces */switch (mode) {case 'e':

encrypt(k, (unsigned long*) Text); break;case 'd':

decrypt(k, (unsigned long*) Text); break;}fwrite(Text, 1, 8, outfile); /* write 8 bytes from Text to outfile */

}}

Figure 7.9TEA decryption function

void decrypt(unsigned long k[], unsigned long text[]) {unsigned long y = text[0], z = text[1];unsigned long delta = 0x9e3779b9, sum = delta << 5; int n;for (n= 0; n < 32; n++) {

z -= ((y << 4) + k[2]) ^ (y + sum) ^ ((y >> 5) + k[3]);y -= ((z << 4) + k[0]) ^ (z + sum) ^ ((z >> 5) + k[1]);sum -= delta;

}text[0] = y; text[1] = z;

}

Network Security

Digital Signature– Authenticate– Unforgeable– Nonrepudiation

=>Bind identity to documentTwo mechanisms

– Digital signature (Private or public)– Digital function (Secure hash)

Digital signatures with public keys

{h}Kpri

M

Signing

Verifying

E(Kpri , h)

128 bits

H(M) h

M

hH(doc)

D(Kpub ,{h}) {h}Kpri h'

h = h'?

M

signed doc

1. A generates Kapub and Kapriv (Makes Kapub available)

2. A computes digest M => H(M); S= {H(M)}Kapriv

3. A:B M, S

4. B decrypts S with Kapub => H(M); computes H(M) and compares

Low-cost signatures with a shared secret keyM

Signing

Verifying

H(M+K) h

h'H(M+K)

h

h = h'?

K

M

signed doc

M

K

1. A generates K; sends it to B (securely)

2. A computes h=H(M+K)

3. A:B M,h

4. B computes H(M+K) and compares

Network Security

Characteristics of a Secure Digest Function1. Given M, it is easy to compute h

2. Given h, it is hard to compute M

3. Given H(M), it should be very hard to find H(M)=H(M1)

MD5 and SHA are examples of secure digests

Network Security

Certificate standards and authorities• X.509

– provides the standard format; binds public key to a subject based on a trusted signature

– Includes a validity period

• Certificate Authority– Provided by a certificate authority– Verisign …

Network Security

Pragmatics• Review the book for info on performance of

protocols• Politics of security are quite messy

– Government resistance• International front• Criminal front

– Many issues to consider, even as a technologist– Corporate drivers versus Government (national and

public safety drivers)– Corporate and government versus civil liberties

Figure 7.15The Needham–Schroeder secret-key

authentication protocolHeader Message Notes

1. A->S: A, B, NAA requests S to supply a key for communicationwith B.

2. S->A: {NA , B, KAB,

{KAB, A}KB}KA

S returns a message encrypted in A’s secret key,containing a newly generated key KAB and a‘ticket’ encrypted in B’s secret key. The nonce NA demonstrates that the message was sent in responseto the preceding one. A believes that S sent themessage because only S knows A’s secret key.

3. A->B: A sends the ‘ticket’ to B.

4. B->A: B decrypts the ticket and uses the new key KAB toencrypt another nonce NB.

5. A->B: A demonstrates to B that it was the sender of theprevious message by returning an agreedtransformation of NB.

{KAB, A}KB

{NB}KAB

{NB - 1}KAB

Figure 7.16System architecture of Kerberos

ServerClient

DoOperation

Authenticationdatabase

Loginsession setup

Ticket-granting

service T

Kerberos Key Distribution Centre

Serversession setup

Authen-tication

service A1. Request for

TGS ticket

2. TGSticket

3. Request forserver ticket

4. Server ticket5. Service request

Request encrypted with session key

Reply encrypted with session key

Servicefunction

Step B

Step A

Step C

C S

Network Security

Kerberos -MIT extension of N&S1. C:A C,T,n

2. A:C {Kct,n}Kc, {ticket(C,T)}Kt

{ticket(C,T)}Kt = {C,T,t1,t2,Kct}Kt

3. C:T {auth(C)}Kct, {ticket(C,T)}Kt, S, n

{auth(C)}Kct = {C,t}Kct

4. T:C {Kcs,n}Kct, {ticket(C,S)}Ks

5. C:S {auth(C)}Kcs, {(ticket(C,S)}Ks, request, n

6. S:C {n}Kcs, reply