Figure 15.1 A distributed multimedia system

1
Lecture 10
Security of Distributed and Network Systems Ref.
Chapter 10 and 13
2
Objectives

• Clarify the fundamental security problems that
  arise in distributed systems.
• Show how distributed system security has changed
  over the years becoming more ambitious in its
  goals.
• Examine which system layer is best suited for
  implementing security mechanisms in a distributed
  system
• Get an introduction of the design of network
  security protocols, using the basic Internet
  security protocols IPSC and SSL/TLS
• Understand the principles of various firewall
  technologies

3
Contents

• Introduction
• Authentication
• Kerberos
• DSSA/SPX
• Network Security
• TCP/IP Security
• SSL/TLS
• Firewalls

4
Introduction

• How do you authenticate a user?
• What is the basis for access control?
• User identity
• The network address
• The distributed services
• Where do you authenticate a user?
• Where do you make an access control decision?

5
Delegation

• Delegation A user may login at a local and then
  execute a program on a remote node. To obtain
  access to resources at the remote node, the
  program will need the relevant access rights.
  Typically, the program would be endowed with the
  access rights of the user and then run with these
  access rights on the remote node.
• This mentions controlled invocation.

6
Authentication requirements

• The goal is to provide the communication parties
  with some assurance about others true identity
• Password sniffers might listen to network traffic
  and extract packets containing passwords and
  other security-relevant information.

7
Kerberos authentication and key distribution
service

• Secures communication with servers on a local
  network
• Developed at MIT in the 1980s to provide security
  across a large campus network gt 5000 users
• based on Needham - Schroeder protocol
• Standardized and now included in many operating
  systems
• Internet RFC 1510, OSF DCE
• BSD UNIX, Linux, Windows 2000, NT, XP, etc.
• Available from MIT
• Kerberos server creates a shared secret key for
  any required server and sends it (encrypted) to
  the user's computer
• User's password is the initial secret shared with
  Kerberos

8
Kerberos Terminology

• Kerberos authentication server (KAS)
  authenticates principles at login and issues
  tickets, which is in general are valid for one
  login session and enable principals to obtain
  other tickets form ticket-granting servers. Also
  called KDC
• Ticket granting servers (TGSs) issue tickets
  that give principals access to network services
  demanding authentication.

9
Kerberos conventions

• Ka the secret cryptographic key of user A,
  derived from As password with a one-way
  algorithm KAS has copy of Ka
• Ktgs a secret key shared by TGS and KAS
• Kb a secret key shared by the server B and TGS
• Ka,tgs a session key created by KAS for use
  between A and TGS
• Ka,b a session key created by TGS for use
  between A and B
• eK(X) data packet X encrypted under key K
• N1, N2 nonce (random challenges) to prevent
  replay attacks
• L1, L2 expiry date (lifetime) of tickets.
• T1, T2,T3, T4 creation time of tickets or
  authenticators
• Ticketa, tgs ticket for A to use with TGS,
  created by KAS
• Ticketa,b ticket for A to use with B, created by
  TGS

10
System architecture of Kerberos

• Needham-Schroeder Protocol
• A-gt KAS A, TGS, L1, N1
• KAS-gtA eKa(TGS, Ka, tgs, Ticketa, tgs,, L1, N1)
  
• A-gtTGS A, B, L2, N2, Ticketa, tgs, eKa, tgs(A,
  T3)
• TGS-gtA eKa, tgs(B, Ka,b, Ticketa, b, L2, N2)
• A-gtB eKa,b(A, T4), Ticketa,b
• B-gtA eKa,b (T4)
• Ticketa, tgs eKtgs(Ka, tgs, A, T1, L1)
• Ticketa,b eKb(Ka,b, A, T1, L1)

Step A once per login session
Step B once per server session
Step C once per server transaction
6. Service reply
B
A

11
Kerberized NFS

• Kerberos protocol is too costly to apply on each
  NFS operation
• Kerberos is used in the mount service
• to authenticate the user's identity
• User's UserID and GroupID are stored at the
  server with the client's IP address
• For each file request
• UserID and GroupID are sent encrypted in the
  shared session key
• The UserID and GroupID must match those stored at
  the server
• IP addresses must also match
• This approach has some problems
• can't accommodate multiple users sharing the same
  client computer
• all remote filestores must be mounted each time a
  user logs in

12
Revocation

• Update the database so that the access rights are
  no longer available.
• Next session, the principle is revoked.
• The current ticket is valid until they expire.
• Expire period trade-off
• Long less security, more convenience for the
  principle
• Short more security, less convenience for the
  principle

13
Realms

• KAS is the heart
• Principals, Keys and access rights must be in the
  KAS or TGS
• It is a centralized security system
• A single security policy is enforced
• It is relatively easy to check that the system
  set-up complies with the security policy and to
  implement changes

14
Summary of Kerberos

• Timeliness of messages is checked by time stamps.
• Checking of time stamps allows for some clock
  skew.
• Servers have to be on-line.
• Session keys are generated by Kerberos servers.
• Kerberos does not address the delegation of
  privileges (tickets)
• Password guessing and password spoofing attacks
  are possible.
• Keys and tickets are held on the clients machine.
  
• It is important to distinguish the security of
  the protocol itself from the security of
  implementations of Kerberos.

15
DSSA/SPX

• DSSA (Distributed system security architecture)
  is developed by DEC
• SPX (Sequenced Packet Exchange) is a part of DSSA
• The authentication in SPX
• Credentials name
• Certificates binding name to public keys
• Authentication tokens.
• Certification authority (CA) issues public key
  certificates
• Certificate distribution center (CDC) stores the
  certificates issued by a CA.
• A certificate can be revoked by maintaining a
  certificate revocation list.

16
SPX conventions

• Sp the private signature key of principle P
• Pa, Sa the long-term public key and long-term
  private key of A
• Pa, Sa the short-term public key and
  short-term private key of A
• Ka,b a session key created by A for use between
  A and B in a symmetric encryption algorithm
• eK(X) data packet X encrypted under key K
• sK(X) digital signature of data packet X
  generated with key K
• T a time stamp
• Lc, Lt expiry date of a certificate or a ticket

17
The DSSA/SPX authentication Protocol
CDC

• A-gt CDC B
• CDC-gt A Certificate (B, CAa)
• A-gtB A, eKa,b(T,A), sSa(Lt, A, Pa), ePb(Ka, b),
  eKa,b (Sa)
• B-gtCDC A
• CDC-gtB certificate(A, CAb)
• B-gt A eKa,b(T)
• Note Certificate (B, CAa) sSCAa(CAb, B, Lc, Pb)

6
1
2
5
3
A
B
4
18
Security API

• Security requirements in a DS often exceed mere
  authentication.
• Different components in a DS will not necessarily
  use the same security mechanisms.
• Users and application writers are not necessarily
  security experts.

19
GSS (General Security Services)-API

• GSS-API provides a simple interface to security
  services for connection-oriented applications.
• Mechanism independence
• Mechanisms such as symmetric or asymmetric
• Protocol environment independence
• Such as connection-oriented or data packet
  communication
• Suitability to a range of implementation
  placements
• May reside in a TCB or not

20
GSS-API Characteristics and Concepts

• Functions
• Data conversion
• Call interfacing with each known mechanism
• Hide the details of the mechanism from
  applications
• The basic elements
• Credentials security-relevant data
• Tokens Formatted data used to call the API
  interfaces.
• Security context the information related to the
  management of the security services
• Status code to indicate which feature are
  desired. P176-177

21
GSS-API Interface Descriptions

• Credential management calls
• Allow a principal to acquire and release
  credentials, and inquire about various credential
  information
• Context-level calls
• Initiation, acceptance and deletion of contexts
• Per-message calls
• To provide cryptographic integrity and
  confidentiality protection
• Support calls
• General housekeeping and support routines, such
  as freeing memory spaces, name comparison
• P177-178

22
API and security

• Security services depend on
• Proper implementation of relevant mechanisms
• Proper security management
• Key generation
• Key storage
• Key transport
• Key usage
• Key management is entirely above the APIs

23
Access Control in DS

• Three approaches for protection against security
  threats
• Protection against invalid operations
• Protection against unauthorized invocations
• Protection against unauthorized users

24
Summary for DS security

• It is essential to protect the resources,
  communication channels and interfaces of
  distributed systems and applications against
  attacks.
• This is achieved by the use of access control
  mechanisms and secure channels.
• Public-key and secret-key cryptography provide
  the basis for authentication and for secure
  communication.
• Kerberos are widely-used system components that
  support authenticated communication.

25
Network security

• Send and receive
• Data Transportation
• Sequence of signals
• Resemble and present
• Route
• Loss and corruption of data

26
Sniffing and spoofing

• A packet sniffer is a wire-tap devices that plugs
  into computer networks and eavesdrops on the
  network traffic. Like a telephone wiretap allows
  the FBI to listen in on other people's
  conversations, a "sniffing" program lets someone
  listen in on computer conversations.
• Web Spoofing is a security attack that allows an
  adversary to observe and modify all web pages
  sent to the victim's machine, and observe all
  information entered into forms by the victim. The
  attacker can observe and modify all web pages and
  form submissions, even when the browser's "secure
  connection" indicator is lit. The user sees no
  indication that anything is wrong.

27
ISO/OSI Security Architecture

• Data confidentiality
• Data integrity
• Data origin authentication to corroborate the
  source
• Peer-entity authentication to verify the
  identity of a peer entity
• Non-repudiation to create evidence that data has
  been sent or received. (proof of origin and
  delivery)

28
(No Transcript)
29
Package-Encapsulation
30
Network Security Issues

• Sharing
• Complexity
• Perimeter
• Points of attack
• Anonymity
• Unknown path

31
The Internet layers

• Actual four layers
• Application layer Telnet, FTP, HTTP, SMTP or SET
• Transport layer TCP, UDP
• Internet layer IP
• Interface layers the Network Interface Card
  (Physical)

32
TCP/IP Security

• IPSEC (IP Security ) provides security for every
  one using IP without changing the interface to
  IP.
• The IP authentication header (AH), covered in RFC
  1826
• The IP encapsulating security payload (ESP),
  covered in RFC 1827
• Transport mode
• encrypts only the data portion (payload) of each
  packet, but leaves the header untouched.
• Tunnel mode
• encrypts both the header and the payload. On the
  receiving side, an IPSec-compliant device
  decrypts each packet.

33
Location and syntax of the authentication header
8 bits
8 bits
16 bits
Reserved
Next header
Payload length
Security parameters index
32 bits
Sequence number field
32 bits
Authentication data
32 bits MAC or Digital signature
IPv6 header Hop-by-hop routing Auth. Header
Dest. Options TCP Data
34
Authentication header for tunnel mode
The ESP Header
Security parameters index
Opaque transform data
Encapsulated data
IP header
Other IP header
ESP header
35
Secure Socket Layer Protocol

• SSL was developed by Netscape for electronic
  transaction security. (TLS Transport Layer
  Security is similar to it)
• A protocol layer is added below the application
  layer for
• Negotiating encryption and authentication
  methods.
• Bootstrapping secure communication
• It consists of two layers
• The Record Protocol Layer implements a secure
  channel by encrypting and authenticating messages
• The Handshake Layer establishes and maintains a
  secure session between two nodes.

36
SSL Protocol Stack
37
SSL Record Protocol

• The record protocol takes an application message
  to be transmitted
• fragments the data into manageable blocks
• optionally compresses the data
• computes a message authentication code (MAC)
• encrypts
• adds a header.

38
SSL Handshake Protocol
Cipher suite a list of cryptographic algorithm
supported by the client
Phase 1 Establish security capabilities
Phase 2 Sever authentication and key exchange
Phase 3 Client authentication and key exchange
Phase 4 Finish
The client sends a change Cipher Spec message and
copies the pending CipherSpec into the current
CipherSpec.
39
An Example

• M1
• ClientHello
• ClientRandom28
• Sugessted Cipher Suites
• TLS_RSA_WITH_IDEA_CBC_SHA
• TLS_RSA_WITH_DES_CBC_SHA
• TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
• Suggested Compression Algorithm none
• M2
• ServerHello
• ServerRandom28
• Use Cipher Suite
• TLS_RSA_WITH_IDEA_CBC_SHA
• Session ID 0x00372d4XS
• Certificate
• Subject
• Public Key
• Issuer
• Subject

• M3
• A ClientKeyExchange RSA_Encrypt
• B ChangeCipherSpec NONE
• C Finished MD5(M1M2M3A) SHA (M1M2M3A)
• M4
• A ChangeCipherSpec NONE
• B Finished MD5(M1M2M3AM3C) SHA
  (M1M2M3AM3C)

40
Firewalls

• Firewall the general name for any security
  system protecting the boundary of an internal
  network.
• Bastion host a computer system with strong
  security as it is exposed to the outside world.
• Tasks of a firewall
• AC based on sender or receiver addresses
• AC based on the service requested
• Hiding the internal network (topology, addresses,
  traffic)
• Virus checking on incoming messages
• Authentication based on source of traffic
• Logging of Internet activities.

41
Packet Filtering

• Operates as a router and makes decisions as to
  whether or not to pass a packet based on its
  source/destination addresses.
• Source addresses
• Destination addresses
• Protocol
• Connection
• The gateway on the outside LAN protects against
  incoming packets. The gateway on the inside LAN
  protects against outgoing packets.

42
Proxy Servers

• To implement policies based on user identities
  and hide information about the internal network
• Another example of controlled invocation.
• It intercepts the clients request and decides
  whether it is permitted according to its security
  rules.

43
Firewall Filtering

• Firewall filtering can be done at diff. levels
• TCP gateway checks all TCP connection requests
  and segment transmissions. TCP segments will be
  checked for correctness and may be routed to an
  application-level gateway for content checking.
• Application-level filtering (proxy gateway)
  inspects the content of incoming/outgoing
  messages.
• To prevent applets to be downloaded to the inside
  LAN, all Web traffic could be directed through a
  Web proxy gateway. The gateway accepts regular
  HTTP requests, but may discard certain
  requests/pages.

44
Firewall Configuration

• A common implementation of a firewall.

45
Network Security Specialties
More Intruders
46
Three Classes of Intruders

• Masquerader unauthorized user who penetrates a
  system exploiting a legitimate users account
  (outside)
• Misfeasor - legitimate user who makes
  unauthorized accesses or misuses his privileges
  (inside)
• Clandestine user - seizes supervisory control to
  evade auditing and access controls or suppress
  audit collection (insideoutside)

47
Intruders

• Intruder attacks range from benign to serious
• Benign intruders tolerable but consume resources
• Difficult to know in advance the type of intruder
  
• Really growing problem
• globalization
• the move to Client/Server architectures

48
Attack Sophistication vs.Intruder Technical
Knowledge
Auto Coordinated
Tools
Cross site scripting
stealth / advanced scanning techniques
High
Staged
packet spoofing
denial of service
distributed attack tools
sniffers
Intruder Knowledge
sweepers
www attacks
automated probes/scans
GUI
back doors
network mgmt. diagnostics
disabling audits
hijacking sessions
burglaries
Attack Sophistication
exploiting known vulnerabilities
password cracking
self-replicating code
password guessing
Low
2000
1980
1985
1990
1995
Source Carnegie Mellon University
49
Summary

• Introduction
• Authentication
• Kerberos
• DSSA/SPX
• Network Security
• TCP/IP Security
• SSL/TLS
• Firewalls