1 / 77

Chapter:8 Security

Distributed System. Chapter:8 Security. RTMM Lab Kyung Hee Univ. Motivation. 1. Social implications Do you still trust Your bank Your doctor 2. Economical implications Your company loose credit 3. Legal implication Your company in front of a court. Outline. Introduction

keaton
Download Presentation

Chapter:8 Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Distributed System Chapter:8 Security RTMM Lab Kyung Hee Univ. Real-Time & MultiMedia Lab

  2. Motivation • 1. Social implications Do you still trust • Your bank • Your doctor • 2. Economical implications • Your company loose credit • 3. Legal implication • Your company in front of a court Real-Time & MultiMedia Lab

  3. Outline • Introduction • Cryptography • Secure Channel • Access Control • Security Management • Examples Real-Time & MultiMedia Lab

  4. Introduction • Security in distributed system is generally similar to techniques used in a non-distributed system, but much more difficult to implement • Difficult to get right, impossible to get perfect! Real-Time & MultiMedia Lab

  5. Security Threats • Interception – unauthorized access to data. • Interruption – a service becomes unavailable. • Modification – unauthorized changes to, and tampering of, data. • Fabrication – non-normal, additional activity. Real-Time & MultiMedia Lab

  6. Security Requirements • Authentication: ensures that sender and receiver are who they are claiming to be • Data integrity: ensure that data is not changed from source to destination • Confidentiality: ensures that data is read only by authorized users • Non-repudiation: ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity • The sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message Real-Time & MultiMedia Lab

  7. Security Mechanisms • Encryption • Transform data into something that an attacker cannot understand (confidentiality) • Check whether something has been modified (integrity) • Authentication • Verify the identity of a subject • Authorization – determine if a subject is permitted to request service • Auditing – trace subjects and requests can help catch an attacker Real-Time & MultiMedia Lab

  8. Key Point • Matching security mechanisms to threats is only possible when a Policy on security and security issues exists. • Security Policy: Prescribes how to use mechanisms to protect against attacks. Requires that a model of possible attacks is described Real-Time & MultiMedia Lab

  9. Cryptography(1) Intruders and eavesdroppers in communication. Real-Time & MultiMedia Lab

  10. Cryptography(2) Symmetric system (secret key cryptography): • Use a single key to encrypt the plaintext and decrypt the ciphertext. • sender and receiver share the secret key • e.g. Data Encryption Standard (DES) Asymmetric system (public key cryptography): • Use different keys for encryption and decryption • one is private, the other public • e.g.RSA algorithm Hashing system (message digest): • Only encrypt data and produce a fixed-length digest • There is no decryption; only comparison is possible • e.g. MD5 Real-Time & MultiMedia Lab

  11. Data Encryption Standard (DES) • DES encrypts a 64-bit block of plain text using a 56-bit key • Three phases • Permute the 64 bits in the block • Apply a given operation 16 times on the 64 bits • Permute the 64 bits using the inverse of the original permutation 1st phase IP(input) Round 1 . . . key 2nd phase Round 16 3rd phase IP-1(input) Real-Time & MultiMedia Lab

  12. 2nd Phase: Operation In Each Round • Original Key K is 56 bits • 16 rounds • Each round i select a 48 bit key Kifrom the original 56 bit key K. Perform (F is a given function): 0 63 63 32 31 0 Li-1 Ri-1 Ki F + Li Ri Real-Time & MultiMedia Lab

  13. Encrypting Larger Messages • Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext Block1 Block2 Block3 Block4 IV + + + + DES DES DES DES Cipher1 Cipher2 Cipher3 Cipher4 Real-Time & MultiMedia Lab

  14. DES Properties • Provide confidentiality • No mathematical proof, but practical evidence suggests that decrypting a message without knowing the key requires exhaustive search • To increase security use triple-DES, i.e., encrypt the message three times Real-Time & MultiMedia Lab

  15. Public-Key Cryptography: RSA (Rivest, Shamir, and Adleman) Generating Public and Private Keys • Choose two large prime numbers p and q (~ 256 bit long) and multiply them: n = p*q • Chose encryption key e such that e and (p-1)*(q-1) are relatively prime • Compute decryption key d, where • d = e-1 mod ((p-1)*(q-1)) • (equivalent to d*e = 1 mod ((p-1)*(q-1))) • Public key consist of pair (n, e) • Private key consists of pair (n, d) Real-Time & MultiMedia Lab

  16. RSA Encryption and Decryption • Encryption of message block m: • c = memod n • Decryption of ciphertext c: • m = cd mod n e.g. choose p=7 & q=11 Real-Time & MultiMedia Lab

  17. Properties • Confidentiality • A receiver B computes n, e, d, and sends out (n, e) • Everyone who wants to send a message to A uses (n, e) to encrypt it • How difficult is to recover d ? (Someone that can do this can decrypt any message sent to B!) • Recall that d = e-1mod ((p-1)*(q-1)) • So to find d, you need to find primes factors p and q • This is provable very difficult Real-Time & MultiMedia Lab

  18. Message Digest (MD) 5 • Can provide data integrity and non-repudation • Used to verify the authentication of a message • Idea: compute a hash on the message and send it along with the message • Receiver can apply the same hash function on the message and see whether the result coincides with the received hash Real-Time & MultiMedia Lab

  19. Message Digest Operation • Transformation contains complex operations 128 constant Message (padded) 512 bits 512 bits 512 bits Transformation Transformation . . . Transformation Message digest Real-Time & MultiMedia Lab

  20. MD5: Operation in each round • The 16 iterations during the first round in a phase in MD5. The 16 iterations during the first round in a phase in MD5. Real-Time & MultiMedia Lab

  21. Applications of Cryptography Two Major Issues in DS Security • Secure communications between parties. • Authorization. • Note that authentication and message integrity as technologies rely on each other • Secure channels protect against (protected by): • Interception (confidentiality). • Modification (auth. and integrity). • Fabrication (auth. and integrity). Authentication Message Integrity Confidentiality Real-Time & MultiMedia Lab

  22. 1 A RB 2 KA,B(RB) 3 RA 4 KA,B(RA) 5 Authentication • Authentication based on a shared secret key • A, B: sender and receiver identities • KA,B: shared secret key • RA,RB: random numbers exchanged by A and B to verify identities Bob Alice Real-Time & MultiMedia Lab

  23. “Optimization” • Is this authentication protocol secure? 1 A, RA RB, KA,B(RA) 2 Bob Alice KA,B(RB) 3 Real-Time & MultiMedia Lab

  24. 3 A, RB Bob 2nd session RB2, KA,B(RB) 4 KA,B(RB) 5 1st session Reflection Attack • An attacker (Chuck) can fool Bob in believing that he is Alice! 1 A, RC 1st session RB, KA,B(RC) 2 Chuck Alice Real-Time & MultiMedia Lab

  25. Authentication using KDC(Basic Protocol) • KDC – Key Distribution Center • Maintain only N keys in the system: one for each node 1 A, B KDC (generates KA,B) Bob Alice KA,KDC(KA,B) KB,KDC(KA,B) 2 2 Real-Time & MultiMedia Lab

  26. Authentication using KDC(Ticket Based) • No need for KDC to contact Bob 1 A, B KDC KA,KDC(KA,B), KB,KDC(KA,B) 2 Bob Alice A, KB,KDC(KA,B) 3 • Vulnerable to replay attacks if Chuck gets hold on KB,KDCold Real-Time & MultiMedia Lab

  27. Authentication using KDC(Needham-Schroeder Protocol) • Relate messages 1 and 2: use challenge response mechanism • RA1, RA2, RB: nonces • Nonce: random number used only once to relate two messages 1 RA1,A,B KDC KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B)) 2 KA,B(RA2), KB,KDC(A, KA,B) Bob Alice 3 KA,B(RA2-1, RB) 4 KA,B(RB-1) 5 • Vulnerable to replay attacks if Chuck gets hold on KA,B Real-Time & MultiMedia Lab

  28. KA,KDC(B,KA,B, KB,KDCold(A,KA,B)) 2 (replayed message) Alice KA,B(RA2), KB,KDCold(A, KA,B) 3 KA,B(RA2-1, RB) 4 KA,B(RB-1) 5 What if RA1 is Missing? • Assume Chuck intercepted • KA,KDC(B,KA,B, KB,KDCold(A,KA,B)) • Knows KB,KDCold 1 A,B KDC Chuck (KB,KDCold) Bob (KB,KDC) Here Chuck gets KA,B ! Real-Time & MultiMedia Lab

  29. RA1,A,C KA,KDC(RA1,KA,C, KC,KDC(A,KA,C)) 2 KA,C(RA2), KC,KDC(A, KA,C) 3 KA,C(RA2-1, RB) 4 KA,C(RB-1) 5 What if B is Missing from Message 2? • Assume Chuck intercepts message 1 1 RA1,A,B KDC Bob (KB,KDC) Alice Chuck (KB,KDCold) Here Chuck gets KA,C ! Real-Time & MultiMedia Lab

  30. What if Chuck gets KA,Bold? • Assume Chuck intercepted • KA,B(RA2), KB,KDC,(A,KA,B) • Knows KA,Bold 1 RA1,A,B KDC KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B)) 2 KA,Bold(RA2), KB,KDC(A, KA,Bold) Bob Alice 3 (replayed message) Chuck (KA,Bold) KA,Bold(RA2-1, RB) 4 KA,Bold(RB-1) 5 Real-Time & MultiMedia Lab

  31. Defend Against leaking of KA,B • Message 5 (former 3) contains an encrypted nonce (KB,KDC(RB1)) provided by Bob • Chuck can no longer replay message 4 (former 3) 1 A KB,KDC(RB1) 2 3 RA1,A,B, KB,KDC(RB1) KDC KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B,RB1)) 4 KA,B(RA2), KB,KDC(A, KA,B,RB1) Bob Alice 5 KA,B(RA2-1, RB2) 6 KA,B(RB2-1) 7 Real-Time & MultiMedia Lab

  32. 1 KB+(A, RA) KA+(RA, RB,KA,B) 2 KA,B(RB) 3 Authentication Using Public-Key Crypthography • KA+, KB+: public keys Bob Alice Real-Time & MultiMedia Lab

  33. More on Secure Channels • In addition to authentication, a secure channel also requires that messages are confidential, and that they maintain their integrity. • For example: Alice needs to be sure that Bob cannot change a received message and claim it came from her. And Bob needs to be sure that he can prove the message was sent by/from Alice, just in case she decides to deny ever having sent it in the first place. • Solution: Digital Signing. Real-Time & MultiMedia Lab

  34. Digital Signatures • Digital signing a message using public-key cryptography. • This is implemented in the RSA technology. • Note: the entire document is encrypted/signed - this can sometimes be a costly overkill. Real-Time & MultiMedia Lab

  35. Digital Signature Digests • Digitally signing a message using a message digest. • Message is sent as plaintext. However, the digest can be used to assure Bob of message integrity. Real-Time & MultiMedia Lab

  36. 8.3 Access Control "The art of war teaches us to rely not on the likelihood of the enemy's not coming, but on our own readiness to receive him; not on the chance of his not attacking, but rather on the fact that we have made our position unassailable".The art of war, Sun Tzu Real-Time & MultiMedia Lab

  37. Reference Monitor Object Subject Request for operation Authorized Request 8.3.1 General Issues in Access Control • Controlling an access to an object is all about protecting the object against invocations by subjects that are not allowed to have specific method carry out. • Also, protection may include the object management issues, such as creating, renaming, or deleting objects. • Protection is often enforced by reference monitor. A reference monitor records which subject may do what and decides whether subject allowed to have specific operation carried out. Real-Time & MultiMedia Lab

  38. Access Control Matrix • A common approach to modeling the access rights of subjects with respect to objects, is to construct an access control matrix. • Each subject is represented by a row in this matrix. • Each object is represented by a column. • If a Matrix is denoted ‘M’, then an Entry M [ s, o] lists precisely which operation subjects s can request the invocation of method ‘m’ of a object ‘o’. • Problem: • For large environment, where we have thousands of users and millions of objects that require protection, implementing Access control matrix is not efficient. • Many entries in the matrix will be empty: a single subject will generally have access to relatively few objects. Real-Time & MultiMedia Lab

  39. Access Control Matrix (2) • Two Techniques • Access Control List (ACL): in which each object maintain a list of the access rights of subjects that want to access the object. • Matrix is distributed column-wise across all objects, and that empty entries are left out. • Each object has its own ACL. • Capabilities: in which, distribute the matrix row –wise by giving each subject a list of capabilities it has for each object. In other words, a capability corresponds to an entry in the access control matrix. • Not having the capability for a specific object means that subject has no access rights for the object. Real-Time & MultiMedia Lab

  40. Access Control Matrix (3) Ref: http://www.owasp.org/columns/jwilliams/jwilliams3.html Real-Time & MultiMedia Lab

  41. Fig: Using ACL Server Client Create access request r as subject s ACL Object if (s appear in ACL) if (r appear in ACL [s]) grant access; Access Control Matrix (4) Fig: Using Capabilities Server Client Create access request r for object o Pass capability Object if (r appear in C) grant access; Real-Time & MultiMedia Lab

  42. Protection Domains • ACLs and capabilities help on efficiently implementing an access control matrix by ignoring all empty entries. • Nevertheless, an ACL or capability list can still become quite large if no further measures are taken. • One general way to reducing ACLs is to make use of “protection domain”. • One approach to create “protection domain” is the formation of “groups”. • Most common technique for forming a group is “hierarchical approach” Real-Time & MultiMedia Lab

  43. Protection Domains • Hierarchical Approach: • Advantage: managing group membership is relatively easy and that very large groups can be constructed efficiently. • Disadvantage: looking up a member can be quite costly if the membership database is distributed. • Alternative Approach: Instead of letting the reference monitor do all the work, an alternative is to let each subject carry a “certificate” listing the groups it belongs to. Whenever subject sends request, he handover the certificate to the reference monitor. It order to ensure that certificate is genuine digital signature mechanism is used. Real-Time & MultiMedia Lab

  44. 8.3.2 Firewalls • Firewall is the special kind of reference monitor, which has capability to disconnects any part of distributed system from the outside world. • All the outgoing and specially incoming packets are routed through special computer and inspected before they are passed. • Unauthorized traffic is discarded and not allowed to continue. Real-Time & MultiMedia Lab

  45. Limitations of Firewalls • These are not capable of providing granular access control in which just part of application functionality is opened to specific group of users. • Does not provide integrity or confidentiality. • Do not predict or record suspicious activity, nor do they send alerts/alarms unless they are bundled with an IDS. Real-Time & MultiMedia Lab

  46. Packet Filtering Firewalls • Packet Filtering Firewalls: Examining packet header and make a decision based on rules e.g. protocol, Source address / destination address, Source port / destination port, etc • Advantages: • Conceptually Simple • Higher Performance • More transparent • Disadvantages • Difficulty of setting up packet filter rules • Lack of Authentication Real-Time & MultiMedia Lab

  47. Application level Gateways Firewalls • Application level Gateways: Examining contents of all incoming an outgoing packets. Typical example is mail gateway. • Advantages • More rigorous security • Less Transparent • Better Control • Disadvantages • Additional processing overhead on each connection Real-Time & MultiMedia Lab

  48. 8.3.3 Secure Mobile Code • An important development in modern distributed systems is the ability to migrate the code between hosts instead of just migrating passive data. • However mobile code introduces a number of serious security threads such as • How to protect agents from malicious hosts that try to steal or modify information carried by agent? • How to protect hosts against malicious agents? Real-Time & MultiMedia Lab

  49. Protecting an Agent (1) • Scenario # 1 • Consider a mobile agent that is roaming a distributed system on behalf of a user. • Such a agent may be searching for the cheapest airplane ticket from Seoul to Karachi, and has been authorized by its owner to make the reservation as soon as it found a flight. • For this purpose, the agent may carry an electronic card. • Security Concerns: • When ever the agent moves to a host, that host should not be allowed to steal the agent’s credit card information. • Agent should be protected against the modifications that make the owner pay much more than actually is needed. Real-Time & MultiMedia Lab

  50. Protecting an Agent (2) • Unfortunately, fully protecting an agent against all types of attacks is impossible. • This impossibility is primarily caused by the fact that no hard guarantees can be given that a host will do what it promises. • Alternative Approach: is to organize agents in such a way that modification can be at least detected. This approach has been followed in Ajanta system (Karnik and Tripathi, 2001) • Ajanta provides 3 mechanisms through which agent owner can be able to detect modifications. • Read only state • Append only logs and • Selective revealing of state to certain servers Real-Time & MultiMedia Lab

More Related