CTIS 490 DISTRIBUTED SYSTEMS - PowerPoint PPT Presentation

1 / 26
About This Presentation
Title:

CTIS 490 DISTRIBUTED SYSTEMS

Description:

A distributed system should provide the mechanisms that allow a variety of ... h is somewhat comparable to the extra bits that are appended to a message in ... – PowerPoint PPT presentation

Number of Views:43
Avg rating:3.0/5.0
Slides: 27
Provided by: cneyt
Category:

less

Transcript and Presenter's Notes

Title: CTIS 490 DISTRIBUTED SYSTEMS


1
CTIS 490DISTRIBUTED SYSTEMS
  • WEEK 6
  • DISTRIBUTED SYSTEMS
  • SECURITY

2
INTRODUCTION
  • Security plays an extremely important role in
    distributed systems.
  • A distributed system should provide the
    mechanisms that allow a variety of different
    security policies to be enforced.
  • There are three important issues related to
    distributed systems security
  • A distributed system should offer facilities to
    establish secure channels between processes. A
    secure channel provides the means to mutually
    authenticate the communicating parties and
    protect messages against tampering during their
    transmission.

3
INTRODUCTION
  • A distributed system should offer facilities for
    authorization and access control. Authorization
    deals with protecting resources in such a way
    that only processes that have proper access
    rights can use the resources. Related to access
    control is firewalls, mobile code, and
    denial-of-service attacks.
  • A distributed system should offer facilities for
    security management dealing with key management
    and authorization management.

4
INTRODUCTION
  • Information security is the process of protecting
    data from unauthorized access, disclosure,
    destruction, modification, and interruption.
  • The generic name for the collection of tools
    designed to protect data and stop hackers is
    called computer security.
  • Network security protects data during its
    transmission and guarantees that it is authentic.

5
SECURITY POLICY
  • Simply stating that a distributed system should
    be able to protect itself against all possible
    security threats is not the way to build a secure
    system.
  • What is first needed is a description of security
    requirements, which is called a security policy.
  • A security policy describes precisely which
    actions the entities in a system are allowed to
    take and which ones are prohibited.
  • Entities include users, services, data, etc.

6
SECURITY REQUIREMENTS
  • Confidentiality Requires that data be
    accessible only by authorized parties. This type
    of access includes printing, displaying, and
    other forms of disclosure.
  • Integrity Requires that only authorized parties
    can modify data. Modification includes writing,
    deleting, and creating.
  • Authenticity (and also Non-repudiation)
    Requires that a host or service be able to verify
    the identity of a user. Ensures that the sender
    has strong evidence that the receiver has
    received the message, and the receiver has strong
    evidence of the sender identity.
  • Availability Requires that data be available to
    authorized parties.

7
SECURITY ATTACKS
  • Interception (eavesdropping) unauthorized party
    gains access to service or data. For example,
    communication between two parties has been
    overheard or illegal copying of file.
  • Interruption (denial of service) services or
    data become unavailable. For example, someone
    maliciously attempts to make service
    inaccessible.
  • Modification unauthorized party changes the
    data or tampers with the service. For example,
    intercepting and changing transmitted data or
    logging the activities of a user.
  • Fabrication unauthorized party generate
    additional data or activity. For example,
    replaying of previously sent messages.

8
SECURITY MECHANISMS
  • Encryption It transforms data into something an
    attacker cannot understand. It provides a
    mechanism to implement confidentiality and
    integrity.
  • Authentication Used to verify the claimed
    identity of a user, client, server, host, or
    other entity. Typically, users are authenticated
    by means of passwords, but there are many other
    ways.
  • Authorization Used to verify and grant access
    rights to resources.
  • Auditing tools Used to trace which clients
    accessed to what and which way. Although it does
    not provide any protection against security
    threats, they are useful for analysis of a
    security breach.

9
CRYPTOGRAPGY
  • Fundamental to security in distributed systems is
    the use of cryptographic techniques based on
    encryption and decryption key(s).

10
CRYPTOGRAPGY
  • An intruder may intercepts the message without
    either the sender or receiver being aware that
    eavesdropping is happening (loss of
    confidentiality).
  • An intruder may modify the message by decrypting
    and encrypting again (loss of integrity).
  • An intruder may insert encrypted messages as if
    they are coming from the sender (loss of
    authenticity).

11
CRYPTOSYSTEMS
  • There are two types of cryptosystems
  • Symmetric cryptosystems The same key is used to
    encrypt and decrypt a message. They are also
    referred as secret-key or shared-key systems,
    because sender and receiver are required to share
    the same key.
  • P DK(EK(P))
  • Asymmetric cryptosystems Encryption and
    decryption keys are different, but together they
    form a unique pair. One of the keys is kept
    private and the other key made public. For this
    reason, asymmetric cryptosystems are also
    referred as public-key systems.
  • P DKD(EKE(P))

12
HASH FUNCTIONS
  • Another application of cryptography in
    distributed systems is the use of hash functions.
  • A hash function H takes a message m of arbitrary
    length as input and produces a bit string h
    having a fixed length as output
  • h H (m)
  • A hash h is somewhat comparable to the extra bits
    that are appended to a message in communication
    systems to allow for error detection, such as
    cyclic-redundancy check (CRC).

13
CRYPTOGRAPHIC ALGORITMS
  • There are several cryptographic algorithms, but
    it is beyond our scope to discuss any of these
    algorithms in detail.
  • Three most common cryptographic algorithms are
  • Data Encryption Standard (DES) used for
    symmetric cryptosystems.
  • RSA (Named after its inventors Rivest, Shamir,
    and Adleman) - used for asymmetric cryptosystems.
  • Message Digest 5 (MD5) is a hash function for
    computing a 128-bit, fixed length message digest
    from an arbitrary length binary input string.

14
AUTHENTICATION
  • Authentication and message integrity cannot do
    without each other.
  • In other words, authentication is meaningless if
    message integrity cannot be provided.
  • Also, message integrity is useless if the sender
    cannot be authenticated.
  • For example, assume that Alice and Bob want to
    communicate, and Alice starts by sending a
    message.

15
AUTHENTICATION BASED ON A SHARED SECRET KEY
  • This protocol is called challenge-response
    protocol whereby one party challenges the other
    to a response that can be correct only if the
    other knows the shared secret key (It is like
    asking the parola).

16
AUTHENTICATION BASED ON A SHARED SECRET KEY
  • When Alice wants to set up a secure channel, she
    sends her identity to Bob (1).
  • Bob sends a challenge to Alice (2).
  • Alice encrypts the challenge and sends it to Bob
    (3).
  • Alice sends a challenge to Bob (4).
  • Bob encrypts the challenge and sends it to Alice
    (5).

17
AUTHENTICATION USING A KEY DISTRIBUTION CENTER
  • If a distributed system contains N hosts, each
    host has to mange N-1 keys, and the system as a
    whole needs to manage N(N-1)/2 keys.
  • An alternative is to use a centralized approach
    by means of Key Distribution Center (KDC) so that
    it shares a key with each host but no pair of
    hosts is required to have a secret key. As a
    result, only N keys are managed.

18
AUTHENTICATION USING PUBLIC-KEY CRYPTOGRAPHY
  • Alice sends a challenge RA to Bob encrypted with
    his public key KB (1).
  • Bob decrypts Alices challenge RA with his
    private key and sends it to Alice along with his
    challenge RB. He also generates a session key
    KA,B that can be used for further communication.
    All three of them are encrypted using Alices
    public key KA (2).
  • Alice returns her response to Bobs challenge
    using the session key KA,B generated by Bob. In
    this way, she will prove that she can decrypt
    message (2), and thus she is actually Alice to
    whom Bob is talking (3).

19
MESSAGE INTEGRITY AND CONFIDENTIALITY
  • Message integrity often goes beyond the actual
    transfer through a secure channel.
  • First, message should be digitally signed in such
    a way that it is uniquely tied to its content
    (think about a bank transaction).
  • Second, if the signature can be verified to be
    authentic, the person who sent the message cannot
    later deny.

20
DIGITAL SIGNATURES USING PUBLIC-KEY CRYPTOGRAPHY
  • Digital signing of a message using public-key
    cryptography.

21
DIGITAL SIGNATURES USING A MESSAGE DIGEST
  • Alice computes a message digest and encrypt the
    digest with her private key.
  • The encrypted digest is sent along with the
    message to Bob.
  • Note that the message itself is sent as
    plaintext everyone is allowed to read it.
  • If confidentiality is required, then the message
    should also be encrypted with Bobs bublic key.
  • Bob descrypt with Alices public key and
    calculates the message digest.

22
ACCESS CONTROL
  • Formally, verifying access rights is referred to
    as access control, whereas authorization means
    granting access rights. These two terms are
    related and used in an interchangable way.
  • Protection is often enforced by a program called
    reference monitor.
  • The reference monitor is called by the underlying
    operating system each time an object is invoked.

23
ACCESS CONTROL
  • Controlling the access to an object is about
    protecting the object against invocations by
    subjects that are not allowed.
  • Also, protection may include object management
    issues, such as creating, renaming, or deleting
    objects.
  • A common approach to modeling the access rights
    of subjects with respect to objects is to
    construct an Access Control Matrix (ACM).
  • Each subject is represented by a row and each
    object is represented by a column.
  • Another widely-used approach is to have each
    object maintain a list of the access rights of
    subjects . This means that the matrix is
    distributed column-wise across all objects. This
    type of implementation is called Access Control
    List (ACL).

24
FIREWALLS
  • External access to any part of a distributed
    system is controlled by a special kind of
    reference monitor known as firewall.
  • A firewall disconnects any part of a distributed
    system from the outside world.

25
FIREWALLS
  • There are two types of firewalls
  • Packet-filtering gateway operates as a router
    and makes decisons as to whether or not to pass a
    network packet based on the source and
    destination address contained in the header. For
    example, if a companys network consists of
    multiple LANs, only the packets from other LANs
    can be allowed. In this way, a private virtual
    network can be set up.
  • Application-level gateway inspects the contents
    of incoming or outgoing message. For example, a
    mail gateway that disregards a message exceeding
    certain size and filters spam email.

26
DENIAL OF SERVICE
  • Another type of attack that is related to access
    control is maliciously preventing authorized
    processes from accessing resources.
  • Defenses against such Denial of Service (DoS)
    attacks are becoming increasingly important as
    distributed systems are opened up through the
    Internet.
  • There are two types of DoS
  • Aimed at bandwidth depletion sending many
    messages
  • Aimed at resource depletion initiate huge
    amounts of connections
  • To prevent DoS attack, an organization must have
    routers further in the Internet, and routers
    should start dropping packets when they suspect
    an attack is going on before they reach to the
    organizations network.
Write a Comment
User Comments (0)
About PowerShow.com