Distributed Systems: Security

1
Distributed SystemsSecurity

• CS 654Lecture 20November 29, 2006

2
Noncomputer-Based Distributed Systems

• This is the Clayton Tunnel in 1841 in England.
• A two-way tunnel.
• At each entrance is a semaphore system that flips
  red when a train passes. It must be manually
  reset to green.
• Before manual reset, the signal man must make
  sure that the train has exited.
• Only one train allowed per track in the tunnel.
• A telegraph, with a fixed set of 3 messages was
  provided.
• TRAIN-IN-TUNNEL, TUNNEL-IS-CLEAR,
  HAS-THE-TRAIN-LEFT-THE-TUNNEL?
• In case the semaphore failed, the signal man had
  red and white flags for manual signalling.

3
Noncomputer-Based Distributed Systems
A
B

• Normal
• A train enters, flips the semaphore signal red.
• Signal man A sends TRAIN-IN-TUNNEL.
• When train exists, opposite signal man B sends
  TUNNEL-IS-CLEAR.
• Signal man A manually resets the signal to green.
• Semaphore failure
• A train enters, semaphore fails to flip, alarm
  rings.
• Signal man A sends TRAIN-IN-TUNNEL.
• Signal man A then manually raises a red flag.
• When train exists, opposite signal man B sends
  TUNNEL-IS-CLEAR.
• Signal man A changes red flag to white flag.
• Should 2 and 3 be reversed?
• Weaknesses?
• What happens if the train has exited by the time
  the TRAIN-IN-TUNNEL message is sent?
• How far apart do trains need to be? What happens
  if they are too close?

4

• On August 25th, 1861
• Three trains left Brighton at 828, 831, and
  835, due to late running of the first train.
• The first train entered the tunnel, but the
  semaphore failed to flip to red.
• The signal man A telegraphed TRAIN-IN-TUNNEL.
• He went to manually raise a red flag, but was too
  slow, due to the trains being too close together.
• The second train barely catches a glimpse of the
  red flag as he passes by, but cant stop in time
  and enters the tunnel. He stops in the middle of
  the tunnel and begins to back up.
• The third train sees the red flag in time, and
  stops before entering.
• The signal man A now telegraphs TRAIN-IN-TUNNEL,
  to indicate that there are two trains in the
  tunnel.
• Signal man A now asks, HAS-THE-TRAIN-LEFT-THE-TUNN
  EL?
• What should signal man B do now?
• Signal man B, after the first train has left,
  responds TUNNEL-IS-CLEAR, thinking A meant the
  first train.
• Signal man A thinks B meant the second train, and
  changes the flag to white.
• The third train enters the tunnel.
• 21 people died, 176 were injured. Whose fault was
  it?

5
Security
6
Security Threats, Policies, and Mechanisms

• Can a secure system be undependable? Can
  dependable system be insecure?
• Confidentialty, integrity?
• Types of security threats to consider?
• Interception
• Interruption
• Modification
• Fabrication
• What is the difference between security policy
  and security mechanism?
• Change passwords every month?
• Important mechanisms
• Encryption
• Authentication
• Authorization
• Auditing

7
The Globus Security Policy

• The environment consists of multiple
  administrative domains.
• Local operations are subject to a local domain
  security policy only.
• Global operations require the initiator to be
  known in each domain where the operation is
  carried out.
• Global authentication replaces local
  authentication.
• Operations between entities in different domains
  require mutual authentication.
• Controlling access to resources is subject to
  local security only.
• Users can delegate rights to processes.
• A group of processes in the same domain can share
  credentials.

8
Proxies

• Globus focuses on cross-domain.
• In another domain, it is necessary to have some
  representative.
• User proxies Process that acts on behalf of an
  agent.
• Resource proxies Process that translates global
  operations into local operations. User proxies
  talk to resource proxies.

9
(No Transcript)
10
Design Issues

• Focus of Control (where do you put your
  perimeter).
• Layering (where do you put your security layer)

11
Focus of Control

• Protection against invalid operations, protection
  against unauthorized invocations, protection
  against unauthorized users.

12
Layering of Security Mechanisms

• Where do you put your security?
• This depends on trust.
• Suppose you are calling your mom? Would you be
  happy if someone was listening in? Who are you
  trusting?
• Do you encrypt your e-mail? Who are you trusting?
• Suppose you were sending an e-mail that was a
  matter of life or death.

13
Layering of Security Mechanisms

• Several sites connected through a wide-area
  backbone service.
• Alice wants to send a message to Bob at a
  different site.
• Does she trust the system admins? If not, what
  does she do?

14
Trust

• Implicit in many security systems is the notion
  of trust, and trust chaining.
• Suppose you meet a strange A, and A asks to
  borrow money. Do you loan it to him?
• Suppose B says A is trustworthy?
• Suppose C says B is trustworthy?
• Suppose you trust C?
• Ultimately, you have to trust someone. A trusted
  computer system can be built by using similar
  kinds of chaining mechanisms. But you want to
  keep the trust base as small as possible.

15
Distribution of Security Mechanisms

• Figure 9-5. The principle of RISSC as applied to
  secure distributed systems.

16
Cryptography Terminology

• CEk(P), PDk(C)
• Three different kinds of attacks intercept,
  modify, insert.
• Are there situations where just knowing there are
  messages tells you something?

17
Symmetric vs. Asymmetric

• Symmetric (secret key, shared key) Same key is
  used both to encrypt and decrypt.
• P DK(EK(P))
• KA,B means a key shared by A and B.
• Asymmetric (public-key) Different key is used to
  encrypt and decrypt.
• P DKD(EKD(P))
• Notation KA is public key of A and K-A is
  private key of A.
• How do I send something using secret-key?
  Private-key?
• Which is better?

18
Hash Functions (Message Digests)

• Hash function takes any length message and
  produces a fixed-length bit string
• h H(m)
• What are these used for?
• Fingerprinting Make sure two messages are
  identical.
• Alice sends Bob a plaintext document over a
  high-bandwidth insecure channel. She does not
  care if others read it, but she does want to make
  sure that no one modifies it. She also has a
  low-bandwidth secure channel she could use (phone
  call).
• How can she use a hash function?
• What properties are desirable?
• One-way functions
• Weak collision resistance
• Strong collision resistance
• What is the difference between hash functions and
  CRCs/checksums?

19
Symmetric DES

• It is fast.
• Also there is Triple DES.

20
Symmetric Cryptosystems DES (1)

• Figure 9-8. (a) The
• principle of DES.

21
Symmetric Cryptosystems DES (2)

• Figure 9-8. (b) Outline of
• one encryption round.

22
Symmetric Cryptosystems DES (3)

• Figure 9-9. Details of per-round key generation
  in DES.

23
Public-Key Cryptosystems RSA

• Generating the private and public keys requires
  four steps
• Choose two very large prime numbers, p and q.
• Compute n p q and z (p - 1) (q - 1).
• Choose a number d that is relatively prime to z.
• Compute the number e such that e d 1 mod z.
• To encrypt a message, divide into blocks such
  that m lt n.
• Encrypt c me (mod n).
• Decrypt m cd (mod n).
• RSA is about 100-1000 times slower.

24
Hash Functions MD5 (1)

• Figure 9-10. The structure of MD5.

25
Hash Functions MD5 (2)

• Figure 9-11. The 16 iterations during the first
  round in a phase in MD5.

26
Secure Channels
27
Authentication and Authorization

• How to make communications secure?
• Are you who you say you are?
• How to find out whether or not you authorized to
  do what you want to do?

28
Authentication

• Can you have authentication without message
  integrity?
• I know that Bob sent the message, but someone may
  have tampered with it.
• I know that no one tampered with it, but I dont
  know whether or not it was really Bob that sent
  it.

29
Shared Secret Key Authentication

• Suppose Alice and Bob share a secret key. How can
  they setup a secure channel over an insecure
  medium?

30

• Alice sends her identity to Bob.
• Bob sends a challenge (random number?).
• Alice must encrypt and return.
• Alice then sends a challenge to Bob.
• Bob must encrypt and return.

31
An Optimization

• Authentication based on a shared secret key, but
  using three instead of five messages.

32
Attack Attempt

• Chuck tries to set pretend to be Alice.
• He sends the initial message to Bob.
• Bob responds with the encrypted challenge, but
  then his own challenge.
• Chuck cannot properly respond to the challenge
  because he doesnt have the key.

33
Reflection Attack

• Moral, never encrypt anything without knowing who
  you are encrypting it for.

34
Key Distribution Centers

• If there are N parties using shared secret keys,
  how many keys are needed?
• Alternative is to use a KDC. It has a shared key
  with every host.
• Does the KDC need to be trusted?

35
Key Distribution Centers

• Disadvantage is that Bob has to get into the loop
  first.
• Solutions?

36
Tickets

• Using a ticket and letting Alice set up a
  connection to Bob.

37
Authentication Using a Key Distribution Center
(3)

• Figure 9-17. The Needham-Schroeder authentication
  protocol.

38
Authentication Using a Key Distribution Center
(4)

• Figure 9-18. Protection against malicious reuse
  of a previously generated session key in the
  Needham-Schroeder protocol.

39
Authentication Using Public Key Cryptography

• What could happen if KB is fake?