CSE 803 Introduction to

Distributed Computing

Company
LOGO
1
 Security
• Definition
– set of measures to guarantee the privacy, integrity and
availability of resources:
• objects, databases, servers, processes, channels, etc
– involves protection of objects and securing processes and
communication channels
• Security policies
– specify who is authorized to access resources (e.g. file
 ownership)

• Security mechanisms


– enforce security policy (e.g. file access control)



2
 Threat & Attack
In the literature, the terms threat and attack are commonly used to
mean more or less the same thing.
• Threat
– A potential for violation of security, which exists when there is a
circumstance, capability, action, or event that could breach security
and cause harm. That is, a threat is a possible danger that might
exploit a vulnerability.
• Attack
- An assault on system security that derives from an intelligent
threat; that is, an intelligent act that is a deliberate attempt
(especially in the sense of a method or technique) to evade security

services and violate the security policy of a system.

3
 Security
Model
• Object: intended for use by different clients, via
remote invocation
• Principal: authority on whose behalf invocation is
issued
Access
rights Object
invocation

Client
result Server


Principal Network Principal

(user) (server)


4
 The enemy
Processes: encapsulate
resources, interact by
messages Messages:
exposed to attack by enemy
Copy of m

The enemy
m’
Process p Process
m q
Communication channel
Security threats: what & where

File Switching Terminal

Stor Processor Node
e Data Data
Link Link

Unauthorized Eavesdropping Unauthorized usage

Access Hacking Tampering Password
Viruses Replaying cracking

6
 Security threats

• Online shopping/banking
– intercept credit card information
– purchase goods using stolen credit card details
– replay bank transaction, e.g. credit an account
• Online stock market information service
– observe frequency or timing of requests to deduce useful
information, e.g. the level of stock
• Website
– flooding with requests (denial of service)
• My computer


– receive/download malicious code (virus)

7
 Types of security
Threats
• Eavesdropping
– obtaining copies of messages without authority
• Masquerading
– sending/receiving messages using the identity of another
principal without their authority
• Message tampering
– intercepting and altering messages
• Replaying
– intercepting, storing and replaying messages
• Denial of service


– flooding a channel with requests to deny access to others

8
 Defeating the enemy:
how?
• Encryption (scrambling a message to hide its contents)
– does not prove identity of sender
• Shared secrets (keys)
– messages encrypted with the shared key
– can only be decrypted if the key is known
• Identification (are you who you are?)
– password protection, etc
• Authentication (are you who you say you are?)
– include in message identity of principal/data, timestamp
– encrypt with shared key

9
 Secure channels

Processes: reliably know identity of principal

Messages: protected against tampering, timestamped
to
prevent replaying/reordering.
Principal A Principal
B

Process p Secure Process

channel q

10
 Threats due to
mobility...
• Mobile code (Java JVM)
– applets, mobile agents (travel collecting information)
– downloaded from server, run locally
• Security issues: what if the program...
– illegally writes to a file?
– writes over another program’s memory?
– crashes?
• Some solutions
– stored separately from other classes
– type-checking and code-validation (instruction subset)
– still does not guard fully against programming errors...

11
 Designing secure
systems
• Basic message
– networks are insecure
– interfaces are exposed
• Threat analysis
– assume worst-case scenario
– list all threats - complex scenarios!!!
• Design guidelines
– log at points of entry so that violations detected
–

limit the lifetime and scope of each secret
– publish algorithms, restrict access to shared keys
– minimize trusted base

12
 Main security
techniques
• Access control
– implement resource protection, e.g. file protection
– essential in distributed systems (remote login)
• Firewalls
– monitor traffic into and out of intranet
• Cryptographic algorithms
– ciphers
– authentication
– digital signatures


13
 Main security techniques:
Access control
• Definition
– ensure that users/processes access computer resources in a
controlled and authorized manner
• Protection domain
– is a set of rights for each resource, e.g. Unix files
– associated with each principal
• Two implementations of protection domains
– Capabilities
• request accompanied by key, simple access check
• open to key theft, or key retained when person left

company
– Access control lists
• list of rights stored with each resource
• request requires authentication of principal
14
 Access
control
Subject Reference Target
Monitor object

Access Access Access

Request Check OK

Access
denied

How it works: Reference Monitor

• intercepts all access attempts
• authenticates request and principal’s credentials
• applies access control
– if Yes, access proceeds
– if No, access is denied, error message returned to the
subject 15
 Firewalls: How does it work

• Monitor and control all communication into and out of an

intranet.
• Service control:
– filter requests for services on internal hosts
– e.g. reject HTTP request unless to official webserver
• Behaviour control
– prevent illegal or anti-social behaviour
– e.g. filter ‘spam’ messages
• User control:
– allow access to authorised group of users
– e.g. dial-up services

16
 Firewalls

• A set of processes, at different protocol levels:

• IP packet filtering
– screening of source & destination, only ‘clean’ packets proceed
– performed in OS kernel of router
• TCP gateway
– monitors TCP connection requests
• Application-level gateway
– runs proxy for an application on TCP gateway, e.g. Telnet
• Bastion


– separate computer within intranet

– protected by IP packet filtering, runs TCP/application gateway

17
 Firewall
a) Filtering
configurations Route
Protected
router
r/ intranet
filter
Internet

web/ftp
server

b) Filtering router and

R/filter Bastion
bastion

Internet

web/ftp
server

c) Screened subnet for R/filter Bastion R/filter

bastion

Internet

web/ftp
server

18
 Key Distributions

• Symmetric key cryptography

- requires sender, receiver know shared secret key

• Public key cryptography

- sender, receiver do not share secret key

- public encryption key known to all
- private

decryption key known only to receiver

19
 Symmetric key cryptography

KS KS

plaintext encryption ciphertext decryption plaintext

message, m algorithm algorithm
K (m) m = KS(KS(m))
S

symmetric key crypto: Bob and Alice share same

(symmetric) key: K
• e.g., key is knowing substitution pattern in mono
alphabetic substitution cipher

20
 Public key cryptography
+ Bob’s public
K
B key

- Bob’s private
K
B key

plaintext encryption ciphertext decryption plaintext

message, m algorithm + algorithm message
K (m) - +
B m = KB (K (m))
B

21
 Cryptographic algorithms

• Encryption
– apply rules to transform plaintext to cipher text
– defined with a function F and key K
– denote message M encrypted with K by FK(M) = {M}K
• Decryption
– uses inverse function
• F-1K({M}K) = M
– can be symmetric (based on secret key known to both parties)
– or asymmetric (based on public key)
– separate computer within intranet
– protected by IP packet filtering, runs TCP/application gateway

22
 Cryptographic algorithms

Symmetric (secret key): TEA, DES

• – secret key shared between principals
• – encryption with non-destructive opns (XOR) plus transpose
• – decryption possible only if key known
• – brute force attack (check {M}K for all values of key) hard
(exponential in no of bits in key)
Asymmetric (public key): RSA
• – pair of keys (very large numbers), one public and one private
• – encryption with public key
• – decryption possible only if private key known

• – factorizing large numbers (over 150 decimal digits) hard

23
 symmetric cryptography
• Tiny Encryption Algorithm(TEA)
– simple & concise, yet secure and reasonably fast
- Simple, symmetric (secret key) algorithm
– written in C [Wheeler & Needham 1994]
–key 128 bits (k[0]..k[3]),plaintext 64 bits (2 x 32 bits, text[0], text[1])
– in 32 rounds combines plaintext and key, swapping the two halves of
plaintext, XOR (^) and bitwise shift (<< >>)
• DES (The Data Encryption Standard 1977)
– US standard for business applications till recently
– 64 bit plaintext, 56 bit key
– cracked in 1997 (secret challenge message decrypted)

– triple-DES (key 112 bits) still secure, poor performance

• AES (Advanced Encryption Standard)
– invitation for proposals 1997
– in progress 24
– key size 128, 192 and 256 bits
 Asymmetric cryptography

• Trap-door functions
– pair of keys (e.g. large numbers)
– encryption function easy to compute (e.g. multiply keys)
– decryption function infeasible unless secret known (e.g. factorise
the product if one key not known)
• Idea
– two keys produced: encryption key made public, decryption key
kept secret
– anyone can encrypt messages, only participant with decryption
key can operate the trap door
• Examples


– a few practical schemes: RSA

25
 RSA(Rivest, Shamir and Adelman)
• How it works
– relies on N = P × Q (product of two very large primes)
– factorization of N hard
– choose keys e, d such that e × d = 1 mod Z where Z = (P-1) × (Q-1)
• It turns out...
– can encrypt M by Me mod N
– can decrypt by Cd mod N (C is encrypted message)
• Thus
– can freely make e and N public, while retaining d
In 1978 Rivest et al thought factorising numbers > 10200 would take
more than four billion [Link] (ca 2000)– faster computers, better
methods numbers with 155 (= 500 bits) decimal digits successfully
factorised
Is 512 bit keys insecure! The future?
- keys with 230 decimal digits (= 768 bits) recommended and 2048 bits
26
used in some applications (e.g. defence)
 Digital signatures

• Why needed?
– alternative to handwritten signatures
– authentic, difficult to forge and undeniable
• How it works
– relies on secure hash functions which compress a message into a so
called digest
– sender encrypts digest and appends to message as a signature
– receiver verifies signature
– generally public key cryptography used, but secret key also possible


27
 Cryptographic Protocol
• Definition
– is an abstract or concrete protocol that perform security related
function and applies cryptographic methods often as sequence of
cryptographic primitives.
- a protocol describes how the data structures and algorithms should be
used.
Cryptographic protocols are widely used for secure applications-level data
transport. A cryptographic protocol usually incorporates at least some of
these aspects.
 Key agreement on establishment
 Entity authentication

 Symmetric encryption and message authentication material
construction
 Secured application-level data transport
 Non-repudation
For example,TLS is a cryptographic protocol that is used to secure web 28
 Authentication

• Definition
– protocol for ensuring authenticity of the sender
• Secret-key protocol [Needham & Schroeder ‘78]
– based on secure key server that issues secret keys
– flaw corrected ’81
– implemented in Kerberos
• Public-key protocol [Needham & Schroeder ‘78]
– does not require secure key server (7 steps)
 – flaw discovered with CSP/FDR

– SSL (Secure Sockets Layer) similar to it

29
 Secure Communication

• Secure communication provides a range of information

security solutions to ensure communications security over
public and local network.
• It includes IPsec,SSL ,PGP(Preety Good Protocols),Virtual
Private Network(VPNs).

30
 Network Auditing

• Network Auditing is the collective measures done to analyze ,study ang

gather data about a network with the purpose of ascertaining its health in
accordance with network /organization requirements.
• It works through a systematic process where a network is analyzed for :
- security
-Implementation of control
-Availability
-Management
-performance
• It uses both manual and automated technique to gather data and review
network
 posture. It reviews:
-Each of node a network
-Network Control and security processes
-Network monitoring processes
-other Data 31