8.1

Learning Objectives

To become familiar with the range of security threats faced by networked and distributed systems (DSs);

To examine various cryptographic techniques fundamental to security in DSs, such as symmetric crytosystem and

asymmetric crytosystem; To fully study the two main parts in security in DS: secure

channel and authorization (access control), using main techniques of encryption, authentication, and access

control;To gain an understanding of the major methods in security

management.

8.2

IntroductionThe security problems in DS arise from the openness of Internet and distributed systems.

Security measures must be incorporated into computer systems whenever they are potential targets for malicious or mischievous attacks.

Security in computer systems is strongly related to the notion of dependability that we justifiably trust to deliver its services. Confidentiality and

integrity are two major properties in such systems.

8.3

8.4

8.5

8.6

8.7

8.8

8.9

8.10

8.11

Security: Dependability Revisited

In distributed systems, security is the combination of availability, integrity, and confidentiality. A dependable distributed system is thus fault tolerant and secure.

Property Description

Availability Accessible and usable upon demand for authorized entities

Reliability Continuity of service delivery

Safety Very low probability of catastrophes

Confidentiality No unauthorized disclosure of information

Integrity No accidental or malicious alterations of information have been performed (even by authorized entities)

8.12

8.13

Definitions

Subject: Entity capable of issuing a request for a service provided by an object

Channel: The carrier of requests and replies for services offered to subjects

Object: Entity providing services to subjects

8.14

Security Model: Threats and forms of attack

Masquerading – assuming the identity of another user/principal

Eavesdropping (Interception)– obtaining private or secret information

Message tampering (Modification)– altering the content of messages in transit

Replaying (Fabrication)– storing secure messages and sending them at a later

date

Denial of service (Interruption)– flooding a channel or other resource, denying access

to others

*

8.15

Types of Threats

Threat Channel Object

Interruption Preventing message transfer Denial of service

Inspection Reading the content of transferred messages

Reading the data contained in an object

Modification Changing message content Changing an object's encapsulated data

Fabrication Inserting messages Spoofing an object

8.16

Security Policy and MechanismsSecurity policy is a set of requirements and guidelines to ensure a desired level of security for the activities that are performed in the system.

Security mechanisms are employed to implement the security policy. Security in DSs can be roughly divided into two major parts: secure channel and authorization.

Secure channel: to ensure secure communication, including authentication, message confidentiality and integrity.Authorization (access control): to ensure that a process gets only those access rights to the resources in a DS it is entitled to.

8.17

Security PoliciesGlobus security architecture

1. Multiple administrative domains2. Local operations subject to local security policies3. Global operations require requester be globally

known4. Interdomain operations require mutual

authentication5. Global authentication replaces local authentication6. Access control is via local security7. Users can delegate privileges to processes8. Credentials can be shared between processes in

the same domain

8.18

Important Security Mechanisms

Encryption: Using cryptographic techniques, encryption transforms data into something an attacker cannot understand (for confidentiality). It also provide support for integrity checks.

Authentication: It is used to verify the claimed identity of a user, client, server and so on.Authorization: It is necessary to check whether a client is authorized to perform the action required.Auditing: It is used to trace which clients accessed what, and in which way, for late security analysis.

8.19

Example: Globus Security Architecture

8.20

Focus of Control

3 approaches for protection against security threats:

a) Invalid operationsb) Unauthorized invocationsc) Unauthorized users

8.21

Security Mechanism Layering

The logical organization of a distributed system into several layers.

8.22

Security Mechanism Layering

Several sites connected through a wide-area backbone service.

8.23

Trusted Computing Base

• The set of mechanisms needed to enforce a security policy

– The smaller, the better

– Includes OS

– Physical security of machines

8.24

Distribution of Security Mechanisms

The principle of RISSC as applied to secure distributed systems.

8.25

Simplicity

• Simpler systems inspire trust

• Security mechanisms can be complex– Keys– Certificates– Authentication & access control

• Applications needing security often complex themselves

8.26

Cryptography (1)

Intruders and eavesdroppers in communication.

8.27

Cryptosystem TypesSymmetric system: Use single key to encrypt

the plaintext and decrypt the ciphertext. Sender and receiver share secret key.

Asymmetric system: Use different keys for encryption and decryption, of which one is private, and the other public.

Hashing system: Only encrypt data and produce a fixed-length digest. – No decryption– Only comparison– Detect message alteration

8.28

Cryptographic FunctionsMake the encryption method E public, but let the encryption

be parameterized by means of a key S

One-way function: Given some output mout of ES, it is computationally infeasible to find min:ES(min)=mout

Weak collision resistance: Given a pair <m, ES(m)>, it is computationally infeasible to find an m* ≠ m such that

ES (m*) = ES (m)

Strong collision resistance: It is computationally infeasible to find any two different inputs m and m* such that ES (m) = ES (m*)

8.29

Cryptography (2)

Notation used in this chapter.

Notation Description

KA, B Secret key shared by A and B

Public key of A

Private key of A

K A

K A

8.30

Symmetric Cryptosystems: DES (1)

a) The principle of DES

b) Outline of one encryption round

8.31

Symmetric Cryptosystems: DES (2)

Details of per-round key generation in DES.

8.32

Public-Key Cryptosystems: RSA

Generating the private and public key requires four steps:

1. Choose two very large prime numbers, p and q

2. Compute n = p x q and z = (p – 1) x (q – 1)

3. Choose a number d that is relatively prime to z

4. Compute the number e such that e x d = 1 mod z

8.33

Hash Functions : MD5 (1)

The structure of MD5

8.34

Hash Functions : MD5 (2)

The 16 iterations during the first round in a phase in MD5.