3. Overview
1. Introduction to Security
2. Cryptography
3. Potential Attack
4. Authentication
5. Access Control
6. Authentication & Access Control
7. Digital Signature
8. DCE Security Services
9. Services by DCE
10. Summary
4. Introduction
• Security is one of the most important issues in
distributed systems.
• When data is distributed across multiple networks
or information is transferred via public networks, it
becomes vulnerable to attacks by mischievous
elements.
• Similarly other computing resources like
processors, storage devices , networks etc., can
also be attacked by hackers.
5. Cryptography
Cryptography includes techniques such as microdots,
merging words with images, and other ways to hide
information in storage or transit.
However, in today's computer-centric world,
cryptography is most often associated with scrambling
plaintext into cipher text (a process called encryption),
then back again (known as decryption).
Individuals who practice this field are known as
cryptographers.
6. Cryptography concerns itself
with the following four
objectives:
Confidentiality the information cannot be understood
by anyone for whom it was unintended.
Integrity the information cannot be altered in storage
or transit between sender and intended receiver without
the alteration being detected.
Non-repudiation the creator/sender of the information
cannot deny at a later stage his or her intentions in the
creation or transmission of the information.
7. Potential Attacks
• There are many Potential Attack to the
security of your directory. The most typical
threats to directory security fall into the
following broad categories:
1. Unauthorized Access
2. Unauthorized Tampering
3. Denial of Service
8. Potential Threats
• Unauthorized Access
1. Unauthorized access to data via data-fetching operations
2 . Unauthorized access to reusable client authentication
information by monitoring the access of others
3. Unauthorized access to data by monitoring the access of
others
• Unauthorized Tampering
1.Unauthorized modification of data
2.Unauthorized modification of configuration information
• Denial of Service
1. With a denial of service attack, the attacker's goal is to
prevent the directory from providing service to its clients.
9. Authentication
The process of identifying an individual, usually
based on a username and password.
In security systems, authentication is distinct
from authorization ,which is the process of giving
individuals access to system objects based on
their identity.
Authentication merely ensures that the
individual is who he or she claims to be, but says
nothing about the access rights of the individual.
10. There are three methods we can
use to authenticate someone:
1.Use something you have, for example, a key or a
card.
2.Use something you know. Passwords and PINs
(personal ID numbers)
3.Use something you are. This involves biometrics.
(a user’s fingerprint or iris pattern).
11. Access Control
The purpose of access control is to limit the
actions or operations that a legitimate user of a
computer system can perform.
Access control constrains what a user can do
directly, as well as what programs executing on
behalf of the users are allowed to do.
In this way access control seeks to prevent
activity that could lead to a breach of security.
12. Authentication & Access
Control
It is important to make a clear distinction
between authentication and access control.
Correctly establishing the identity of the user is
the responsibility of the authentication service.
Access control assumes that the authentication
of the user has been successfully verified prior to
enforcement of access control via a reference
monitor
13. Digital Signature
A digital signature is a mathematical scheme
for demonstrating the authenticity of a digital
message or documents.
A valid digital signature gives a recipient reason
to believe that the message was created by a
known sender.
The sender cannot deny having sent the
message and that the message was not altered
in transit .
14. Digital signatures are often used to
implement electronic signatures, a broader
term that refers to any electronic data that
carries the intent of a signature , but not all
electronic signatures use digital signatures.
In some countries, including the United
States, India, Brazil, Saudi Arabi, European
Union and Switzerland has electronic
signatures as legal significance.
15. DCE Security Service
The DCE supplies a framework and toolkit for
developing client/server applications.
The framework includes a remote procedure
call (RPC) mechanism known as DCE/RPC.
Naming (directory) service, a time service, an
authentication service and a distributed file
system (DFS) known as DCE/DFS.
17. DCE Services
• DCE Security Service provides the mechanisms for
writing applications that support secure
communications between clients and servers.
• Enables processes on different machines to be
certain of one another’s identities
(authentication).
• Allows a server to determine whether a given user
is authorized to access a particular resource
(authorization).