Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on


Published in: Education
  • Be the first to comment

  • Be the first to like this


  1. 1. DISTRIBUTED SYSTEMS Concepts and Design Fifth Edition George Coulouris Jean Dollimore Tim Kindberg Gordon Blair Presented by: Raj Kumar Ranabhat M.E in Computer Engineering(I/II) Kathmandu University
  2. 2. Table of Content: 1. SECURITY 1. Introduction 2. Overview of security techniques 3. Cryptographic algorithms 4. Digital signatures 5. Cryptography pragmatics 6. Case studies: Needham–Schroeder, Kerberos, TLS, 802.11 WiFi 7. Summary 12/6/2017 2
  3. 3. 12/6/2017 3 1. INTRODUCTION • Mechanisms for the protection of data and other resources and legal interaction between computer is theme of this topic • Pervasive need for measures to guarantee the privacy, integrity and availability of resources in DS • Security attacks could be eavesdropping, masquerading, tampering and denial of service • Designers of secure DS must cope with exposed service interfaces and insecure networks • Cryptography provides the basis for the authentication of messages as well as their secrecy and integrity • The selection of cryptographic algorithms and the management of keys are critical • Public-key cryptography makes it easy to distribute cryptographic keys but its performance is inadequate for the encryption of bulk data • Digital information can be signed, producing digital certificates • Certificates enable trust to be established among users and organizations
  4. 4. 12/6/2017 4 1. INTRODUCTION (Contd…) • The role of cryptography • Digital cryptography provides the basis for most computer security mechanisms • Cryptography is encoding information in a format that only the intended recipients can decode • Cryptography can also be employed to provide proof of the authenticity of information • Previously used only in political and military establishments • The opening of cryptography to public access and use has resulted in a great improvement in cryptographic techniques • Public-key cryptography is one of the fruits of this openness • DES encryption algorithm
  5. 5. 12/6/2017 5 1. INTRODUCTION (Contd…)
  6. 6. 12/6/2017 6 1.1 Threats and Attacks • The main goal of security is to restrict access to information and resources to just those principals that are authorized to have access • Security threats fall into three broad classes: 1. Leakage: Refers to the acquisition of information by unauthorized recipients 2. Tampering: Refers to the unauthorized alteration of information 3. Vandalism: Refers to interference with the proper operation of a system without gain to the perpetrator. 1. INTRODUCTION (Contd…)
  7. 7. 12/6/2017 7 • Methods of attack can be further classified according to the way in which a channel is misused: 1. Eavesdropping: Obtaining copies of messages without authority 2. Masquerading: Sending or receiving messages using the identity of another principal without their authority. 3. Message tampering: altering the content of messages in transit. Man in the middle attack() tampers with the secure channel mechanism 4. Replaying: Storing intercepted messages and sending them at a later date 5. Denial of service: Flooding a channel or other resource with messages in order to deny access for others. 1. INTRODUCTION (Contd…)
  8. 8. 12/6/2017 8 1.2 Securing electronic transactions • Many uses of the Internet in industry, commerce and elsewhere involve transactions that depend crucially on security. For example: 1. Email: when sending a credit card number or the contents and sender of a message must be authenticated 2. Purchase of goods and services: Buyers select goods and pay for them via the Web 3. Banking transactions: Electronic banks offer checking balances and statements, transfer money between accounts, set up regular automatic payments and so on. 4. Micro-transactions: Some webpages like nytimes, London review of book ..etc require subscription to view the content. 1. INTRODUCTION (Contd…)
  9. 9. 12/6/2017 9 • Sensible security policies for Internet vendors and buyers lead to the following requirements for securing web purchases: 1. Authenticate the vendor to the buyer. 2. Keep the buyer’s credit card number and other payment details secure 3. Ensure the downloading material without alteration to the customer 4. Authenticate the identity of the account holder to the bank before giving them access to their account 1. INTRODUCTION (Contd…)
  10. 10. 12/6/2017 10 1.3 Designing secure systems • Security is about avoiding disasters and minimizing mishaps. • The designer’s aim is to exclude all possible attacks and loopholes • When designing for security it is necessary to assume the worst • The system’s designers must first construct a list of threats, methods by which the security policies might be violated • Show that each of them is prevented by the mechanisms employed • The design of secure systems is an exercise in balancing costs against the threats 1. INTRODUCTION (Contd…)
  11. 11. 12/6/2017 11 2. OVERVIEW OF SECURITY TECHNIQUES Worst-case assumptions and design guidelines . 1. Interfaces are exposed: Their communication interfaces are necessarily open– an attacker can send a message to any interface. 2. Networks are insecure: message sources can be falsified 3. Limit the lifetime and scope of each secret: The use of secrets such as passwords and shared secret keys should be time-limited, and sharing should be restricted 4. Algorithms and program code are available to attackers: publish the algorithms used for encryption and authentication, relying only on the secrecy of cryptographic keys 5. Attackers may have access to large resources : assume that attackers will have access to the largest and most powerful computers 6. Minimize the trusted base: all the hardware and software components upon which they rely should be minimized
  12. 12. 12/6/2017 12 2.1 Cryptography • Encryption is the process of encoding a message in such a way as to hide its contents. • Modern cryptography includes several secure algorithms for encrypting and decrypting messages • two main classes of encryption algorithm 1. shared secret keys 2. public/private key pairs 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  13. 13. 12/6/2017 13 2.2 Uses of cryptography • Secrecy and integrity: 1. Cryptography is used to maintain the secrecy and integrity of information whenever it is exposed to potential attacks 2. Eg., during transmission across networks that are vulnerable to eavesdropping and message tampering 3. a message that is encrypted with a particular encryption key can only be decrypted by a recipient who knows the corresponding decryption key. 4. Encryption also maintains the integrity of the encrypted information, provided that some redundant information such as a checksum is included and checked. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  14. 14. 12/6/2017 14 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  15. 15. 12/6/2017 15 Scenario 1. Secret communication with a shared secret key: Alice and Bob share a secret key 𝐾𝐴𝐵. 1. Alice uses 𝐾𝐴𝐵and an agreed encryption function E(𝐾𝐴𝐵, M) to encrypt and send any number of messages {𝑀𝑖} 𝐾𝐴𝐵 to Bob 2. Bob decrypts the encrypted messages using the corresponding decryption function D(𝐾𝐴𝐵, M) Issues: • Key distribution: How can Alice send a shared key 𝐾𝐴𝐵 to Bob securely? • Freshness of communication: How does Bob know that any {𝑀𝑖} isn’t a copy of an earlier encrypted message from Alice that was captured by Mallory and replayed later? 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  16. 16. 12/6/2017 16 • Authentication: 1. Cryptography is used in support of mechanisms for authenticating communication between pairs of principals 2. A principal who decrypts a message successfully using a particular key can assume that the message is authentic if it contains a correct checksum or some other expected value 3. They can infer that the sender of the message possessed the corresponding encryption key 4. Hence deduce the identity of the sender if keys are held in private, a successful decryption authenticates the decrypted message as coming from a particular sender 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  17. 17. 12/6/2017 17 Scenario 2. Authenticated communication with a server : Bob is a file server; Sara is an authentication service. Sara shares secret key 𝐾𝐴 with Alice and secret key 𝐾 𝐵 with Bob 1. Alice sends an (unencrypted) message to Sara stating her identity and requesting a ticket for access to Bob 2. Sara sends a response to Alice .{{𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 , 𝐾𝐴𝐵} 𝐾 𝐴 .It is encrypted in 𝐾𝐴 and consist of a ticket(to be sent to Bob with each request for file access) encrypted in 𝐾 𝐵 and a new secret key 𝐾𝐴𝐵 3. Alice uses 𝐾𝐴 to decrypt the response 4. Alice send Bob a request R to access a file: {𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 ,Alice, R. 5. The ticket, originally created by Sara, is actually:{𝐾𝐴𝐵, Alice} 𝐾 𝐵 . Bob decrypts the ticket using his key 𝐾 𝐵,checks that Alice’s name matches and then uses 𝐾𝐴𝐵 when interacting with Alice 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  18. 18. 12/6/2017 18 Scenario 3. Authenticated communication with public keys : Bob has a public/private key pair <𝐾 𝐵𝑝𝑢𝑏, 𝐾 𝐵𝑝𝑟𝑖𝑣> 1. Alice obtains a certificate that was signed by a trusted authority stating Bob’s public key 𝐾 𝐵𝑝𝑢𝑏 2. Alice creates a new shared key 𝐾𝐴𝐵, encrypts it using 𝐾 𝐵𝑝𝑢𝑏 using a public-key algorithm and sends the result to Bob. 3. Bob uses the corresponding private key , 𝐾 𝐵𝑝𝑟𝑖𝑣 to decrypt it. 4. Alice send Bob a request R to access a file: {𝑇𝑖𝑐𝑘𝑒𝑡} 𝐾 𝐵 ,Alice, R. Mallory might intercept Alice’s initial request to a key distribution services for Bob’s public-key certificate and send response containing his own public key. He can then intercept all the subsequent messages. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  19. 19. 12/6/2017 19 • Digital Signatures: 1. Cryptography is used to implement digital signature 2. It verifies to a third party that a message or a document is an unaltered copy of one produced by the signer. 3. It is based upon an irreversible binding to the message or document of a secret known only to the signer 4. This can be achieved by encrypting the message – or better, a compressed form of the message called a digest – using a key that is known only to the signer 5. A digest is a fixed-length value computed by applying a secure digest function 6. A secure digest function is similar to a checksum function, but it is very unlikely to produce a similar digest value for two different messages 7. The resulting encrypted digest acts as a signature that accompanies the message 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  20. 20. 12/6/2017 20 Scenario 3. Digital signatures with a secure digest function :Alice want to publish a document M in such a way that anyone can verify that it is from her. 1. Alice computes a fixed-length digest of the document, Digest(M) 2. Alice encrypts the digest in her private key, appends it to M and makes the resulting signed document(M, {Digest(M)} 𝐾 𝐴𝑝𝑟𝑖𝑣 )available to the intended users. 3. Bob obtains the signed document, extracts M and computes Digest(M). 4. Bob decrypts {Digest(M)} 𝐾 𝐴𝑝𝑟𝑖𝑣 using Alice’s public key, 𝐾𝐴𝑝𝑢𝑏, and compares the result with his calculated Digest(M). If they match, the signature is valid . 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  21. 21. 12/6/2017 21 2.3 Certificates • A digital certificate is a document containing a statement (usually short) signed by a principal. 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  22. 22. 12/6/2017 22 2.5 Credentials • Credentials are a set of evidence provided by a principal when requesting access to a resource • A certificate from a relevant authority stating the principal’s identity is sufficient • And this would be used to check the principal’s permissions in an access control list 2.6 Firewalls • They protect intranets, performing filtering actions on incoming and outgoing communications • Firewalls produce a local communication environment in which all external communication is intercepted • Messages are forwarded to the intended local recipient only for communications that are explicitly authorized 2. OVERVIEW OF SECURITY TECHNIQUES (Contd…)
  23. 23. 12/6/2017 23 3. CRYPTOGRAPHIC ALGORITHMS • A message is encrypted by the sender applying some rule to transform the plaintext message to a ciphertext • The recipient must know the inverse rule in order to transform the ciphertext back into the original plaintext • Other principals are unable to decipher the message unless they also know the inverse rule • The encryption transformation is defined with two parts, a function E and a key K • The resulting encrypted message is written {𝑀} 𝐾 • E( K M )={𝑀} 𝐾 • Decryption is carried out using an inverse function D, which also takes a key as a parameter • D (K ,E (K ,M) )=M
  24. 24. 12/6/2017 24 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) • Two types of cryptographic algorithm : 1. Symmetric algorithms • E(K, M) = {𝑀} 𝐾 D(K, E(K, M)) = M • Same key for encryption and decryption • if K is not known M must be hard (infeasible) to compute • Usual form of attack is brute-force: try all possible key values for a known pair M, {M}K. Resisted by making K sufficiently large ~ 128 bits 2. Asymmetric algorithms 1. Separate encryption and decryption keys: 𝐾𝑒, 𝐾 𝑑 2. D(𝐾 𝑑,E(𝐾𝑒, M)) = M 3. depends on the use of a trap-door function to make the keys. E has high computational cost. Very large keys > 512 bits
  25. 25. 12/6/2017 25 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) Block Cipher : • A block cipher consists of two paired algorithms, one for encryption, E, and the other for decryption, D. • Both algorithms accept two inputs: an input block of size n bits and a key of size k bits; and both yield an n-bit output block • The decryption algorithm D is defined to be the inverse function of encryption, i.e., D = E−1 • a block cipher is specified by an encryption function  𝐸 𝑘(P)=E(K,P) :{0,1} 𝐾× {0,1} 𝑛→{0,1} 𝑛 • The inverse for E is defined as a function  𝐸 𝑘 −1(P)=𝐷 𝑘 (C)=D(K,C):{0,1} 𝐾× {0,1} 𝑛→{0,1} 𝑛
  26. 26. 12/6/2017 26 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) Cipher blocks chaining :
  27. 27. 12/6/2017 27 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) • stream ciphers:  can perform encryption incrementally, converting plaintext to ciphertext one bit at a time
  28. 28. 12/6/2017 28 3. CRYPTOGRAPHIC ALGORITHMS (Contd…) 3.1 Secret-key (symmetric) algorithms • These are all programs that perform confusion and diffusion operations on blocks of binary data • TEA: a simple but effective algorithm developed at Cambridge U (1994) for teaching and explanation. 128-bit key, 700 kbytes/sec • DES: The US Data Encryption Standard (1977). No longer strong in its original form. 56-bit key, 350 kbytes/sec. • Triple-DES: applies DES three times with two different keys. 112-bit key, 120 Kbytes/sec • IDEA: International Data Encryption Algorithm (1990). Resembles TEA. 128-bit key, 700 kbytes/sec • AES: A proposed US Advanced Encryption Standard (1997). 128/256-bit key. • The above speeds are for a Pentium II processor at 330 MHZ. Today's PC's (January 2002)should achieve a 5 x speedup.
  29. 29. 12/6/2017 29 3. CRYPTOGRAPHIC ALGORITHMS (Contd…)
  30. 30. 12/6/2017 30 3. CRYPTOGRAPHIC ALGORITHMS (Contd…)
  31. 31. 12/6/2017 31 4. DIGITAL SIGNATURES • needed in order to certify certain pieces of information • signatures are used to meet the needs of document recipients to verify that the document is  Authentic:  Unforgeable  Non-repudiable: • An electronic document or message M can be signed by a principal A by encrypting a copy of M with a key 𝐾𝐴 and attaching it to a plaintext copy of M and A’s identifier • The signed document consists of: M, A, [𝑀] 𝐾 𝐴 • The signature can be verified by a receiver to check that it was originated by A and that its contents, M, have not been altered.
  32. 32. 12/6/2017 32 4. DIGITAL SIGNATURES (Contd…) • 4.1 Secure Digest function : • It is also called secure hash function and denoted H(M) • They must be carefully designed to ensure that H(M) is different from H(M') for all likely pairs of messages M and M' • A secure digest function h = H(M) should have the following properties  Given M, it is easy to compute h  Given h, it is hard to compute M  Given M, it is hard to find another message M', such that H(M) = H(M') • MD5: Developed by Rivest (1992). Computes a 128-bit digest. Speed 1740 kbytes/sec. • SHA: (1995) based on Rivest's MD4 but made more secure by producing a 160-bit digest, speed 750 kbytes/second • Any symmetric encryption algorithm can be used in CBC (cipher block chaining) mode. The last block in the chain is H(M)
  33. 33. 12/6/2017 33 4. DIGITAL SIGNATURES (Contd…) 4.2 Digital signatures with public keys :
  34. 34. 12/6/2017 34 4. DIGITAL SIGNATURES (Contd…) 4.3 Digital signatures with secret keys – MACs:
  35. 35. 12/6/2017 35 5. CRYPTOGRAPHY PRAGMATICS 5.1 Performance of cryptographic algorithms
  36. 36. 12/6/2017 36 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi • In early distributed systems (1974-84) it was difficult to protect the servers  E.g. against masquerading attacks on a file server  because there was no mechanism for authenticating the origins of requests  public-key cryptography was not yet available or practical  computers too slow for trap-door calculations  RSA algorithm not available until 1978 • The authentication protocols originally published by Needham and Schroeder are at the heart of many security techniques • Most important applications of their secret-key authentication protocol is the Kerberos system • It was designed to provide authentication between clients and servers in networks that form a single management domain (intranets)
  37. 37. 12/6/2017 37 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.1 The Needham–Schroeder authentication protocol
  38. 38. 12/6/2017 38 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.2 Kerberos • Secures communication with servers on a local network  Developed at MIT in the 1980s to provide security across a large campus network > 5000 users  based on Needham - Schroeder protocol • Standardized and now included in many operating systems  BSD UNIX, Linux, Windows 2000, NT, XP, etc  Available from MIT • Kerberos server creates a shared secret key for any required server and sends it (encrypted) to the user's computer • User's password is the initial secret shared with Kerberos
  39. 39. 12/6/2017 39 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • System architecture of Kerberos
  40. 40. 12/6/2017 40 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step A • A-> Name of Kerberos authentication service • T-> Name of Kerberos ticket- granting service • C-> Name of client • n ->A nonce. • t ->A timestamp. • t1-> Starting time for validity of ticket • t2 ->Ending time for validity of ticket
  41. 41. 12/6/2017 41 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step B
  42. 42. 12/6/2017 42 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • Step C • Step D
  43. 43. 12/6/2017 43 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…)Critiques of Kerberos • Kerberos protocol is too costly to apply on each NFS operation • Kerberos is used in the mount service  to authenticate the user's identity  User's UserID and GroupID are stored at the server with the client's IP address • For each file request  UserID and GroupID are sent encrypted in the shared session key  The UserID and GroupID must match those stored at the server  IP addresses must also match • This approach has some problems  can't accommodate multiple users sharing the same client computer  all remote filestores must be mounted each time a user logs in
  44. 44. 12/6/2017 44 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) 6.3 Securing electronic transactions with secure sockets • The Secure Sockets Layer (SSL) protocol was originally developed by the Netscape Corporation • An extended version of SSL has been adopted as an Internet standard under the name Transport Layer Security (TLS) • TLS is supported by most browsers and is widely used in Internet commerce • Negotiable encryption and authentication algorithms  Client use different software or different encryption algorithm.  The laws of some countries restrict the use of certain encryption algorithms  TLS attempt to handle this scenario during initial handshake.  It may turn out that they do not have sufficient algorithms in common, and in that case the connection attempt will fail
  45. 45. 12/6/2017 45 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS protocol stack
  46. 46. 12/6/2017 46 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS consists of two layers:  TLS Record Protocol layer: which implements a secure channel, encrypting and authenticating messages transmitted through any connection-oriented protocol  handshake layer: containing the TLS handshake protocol and two other related protocols that establish and maintain a TLS session (that is, a secure channel) between a client and a server • The TLS record protocol is a session-level layer; it can be used to transport application level data transparently between a pair of processes while guaranteeing its secrecy, integrity and authenticity • It is probably most widely used to secure HTTP interactions for use in Internet commerce and other security-sensitive applications
  47. 47. 12/6/2017 47 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS handshake protocol
  48. 48. 12/6/2017 48 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS supports a variety of options for the cryptographic functions to be used known as a cipher suite
  49. 49. 12/6/2017 49 6. CASE STUDIES: NEEDHAM–SCHROEDER, KERBEROS, TLS, 802.11 WiFi (Contd…) • TLS record protocol
  50. 50. 12/6/2017 50 Summary • It is essential to protect the resources, communication channels and interfaces of distributed systems and applications against attacks • This is achieved by the use of access control mechanisms and secure channels • Public-key and secret-key cryptography provide the basis for authentication and for secure communication • Kerberos and SSL are widely-used system components that support secure and authenticated communication.
  51. 51. 12/6/2017 51 End of Presentation Thank You !