IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of...

IM NTUIM NTU

Distributed Information Systems Distributed Information Systems 20042004 SecuritySecurity -- -- 11

Security

Yih-Kuen Tsay

Dept. of Information Management

National Taiwan University

IM NTUIM NTU

Introduction

• Security Needs– Secrecy, integrity, etc.– Arise from the desire to share resources

• Security Policies– Specify who are authorized to access what resources– Independent of the technology used

• Security Mechanisms– Enforce security policies

• Security Models– Help understand and analyze the above

IM NTUIM NTU

Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.

The Evolution of Security Needs

IM NTUIM NTU

Components of a Security Model

IM NTUIM NTU

The Enemy in Network Security

IM NTUIM NTU

Familiar Names in the Security Literature

IM NTUIM NTU

Classes of Security Threats

• Leakage– Acquisition of information by unauthorized

parties

• Tampering (Modification)– Unauthorized alteration of information

• Vandalism– Interference with the proper operation without

gain to the perpetrator

IM NTUIM NTU

Methods of Attack

• Eavesdropping– Release of message contents and traffic

analysis

• Masquerading• Message Tampering (Modification)

– Man-in-the-middle attack

• Replaying• Denial of Service• Mobile Code

IM NTUIM NTU

Designing Secure Systems

• Use best standards available

• Informal analysis and checks

• Formal validation

• Security logs and auditing

IM NTUIM NTU

Security Requirements

• Secrecy (Confidentiality)

• Data Integrity

• Authentication

• Non-repudiation

• Availability

• …

IM NTUIM NTU

Source: W. Stallings, “Cryptography and Network Security”

The Secret-Key Encryption Model

IM NTUIM NTU

The Public-Key Encryption Model

IM NTUIM NTU

The Public-Key Authentication Model

IM NTUIM NTU

Notational Conventions

IM NTUIM NTU

Performance of Cryptographic Algorithms

IM NTUIM NTU

A Scheme of Cipher Block Chaining

IM NTUIM NTU

A Stream Cipher

IM NTUIM NTU

Digital Signatures with Secret Keys

IM NTUIM NTU

Digital Signatures with Public Keys

IM NTUIM NTU

Alice’s Bank Account Certificate

IM NTUIM NTU

A Public Key Certificate of Bob’s Bank

IM NTUIM NTU

The Needham-Schroeder Authentication Protocol

IM NTUIM NTU

Kerberos

• Developed at MIT

• For protecting networked services

• Based on the Needham-Schroeder protocol

• Current version: Kerberos Version 5

• Source code available

• Also used in OSF DCE, Windows 2000, ...

IM NTUIM NTU

Kerberos Architecture

IM NTUIM NTU

Distributed Information Systems Distributed Information Systems 20042004 SecuritySecurity -- -- 2525Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.

The Kerberos Protocol

IM NTUIM NTU

auth(C) contains C,t.

ticket(C,S) contains C,S,t1,t2,KCS.

The Kerberos Protocol (cont.)

IM NTUIM NTU

The Secure Sockets Layer (SSL)

• Originated by Netscape, now a nonproprietary standard (SSLv3)

• Provides secure end-to-end communications

• Operates between TCP/IP (or any other reliable transport protocol) and the application

• Built into most browsers and servers

IM NTUIM NTU

The SSL Protocol Stack

IM NTUIM NTU

How SSL Works

• Sessions between a client and a server are established by the Handshake Protocol

• A session defines a set of security parameters, including peer certificate, cipher spec, and master secret

• Multiple connections can be established within a session, each defining further security parameters such as keys for encryption and authentication

• Security parameters dictate how application data are processed by the SSL Record Protocol into TCP segments

IM NTUIM NTU

Security Functions of SSL

• Confidentiality: using one of DES, Triple DES, IDEA, RC2, RC4, …

• Integrity: using MAC with MD5 or SHA-1

• Authentication: using X.509v3 digital certificates

IM NTUIM NTU

Distributed Information Systems Distributed Information Systems 20042004 SecuritySecurity -- -- 3131Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.

The SSL Handshake Protocol

IM NTUIM NTU

The SSL Record Protocol

IM NTUIM NTU

Micropayments

• The price of some goods may be lower than the standard transaction fees

• Micropayments offer a way for selling small-value products and services

• Technology providers: eCharge (via phone bills), Qpass (monthly bills), Millicent (prepay electronic cash), ...

IM NTUIM NTU

The Millicent Scrip Scheme

• Scrip is a form of digital cash valid only for a specific vender.

• Format:

• Scrip is generated and distributed by brokers.

IM NTUIM NTU

Millicent Architecture

IM NTU Distributed Information Systems 2004 Security -- 1 Security Yih-Kuen Tsay Dept. of...

Documents

Kuen-Horng Lu*

Mutants and Their Uses - Pick Kuen

Analysis of Algorithms - 國立臺灣大學im.ntu.edu.tw/.../lib/exe/fetch.php?media=courses:alg2019:ch3_slide… · Analysis of Algorithms (Based on [Manber 1989]) Yih-Kuen Tsay

02 yoo kuen chan

Alfred Kuen - Cum Sa Interpret Am Biblia

Er Chie suang er chie kuen kuen · Nunchaku en un dia! Traditional Shaolin Two-Sectional Staff Forms suang er chie kuen Single & Double Nunchaku Er Chie kuen. Shao-lin Kung Fu & Tai

15118774 Tiet Sin Kuen Iron Thread

Gung Gee Fook Fu Kuen

GUU YIH Plastics Co.,Ltd

HER YIH 合億興業股份有限公司 HYDRAULIC · 合億興業股份有限公司 her yih hydraulic components co., ltd. her yih hydraulic components co., l td. her yih hydraulic

Presented by Yiin-Kuen(Michael) Fuh

04 yoo kuen chan

1 Integrating Logic Retiming and Register Placement Tzu-Chieh Tien, Hsiao-Pin Su, Yu-Wen Tsay Yih-Chih Chou, and Youn-Long Lin Department of Computer Science

Wing Chun Kuen Leung Ting

Pp2 chapter 1 cheeyong & yih shyang

NP-Completeness - (Based on [Manber 1989])im.ntu.edu.tw/.../lib/exe/fetch.php?media=courses:alg2019:ch11_slid… · NP-Completeness (Based on [Manber 1989]) Yih-Kuen Tsay Department

Wing Tsun Kuen

Tachung (T.C.) YIH, Ph.D., Fellow ASME

Minister Visits Ma Kuen i

Iron Shirt Tiet Sin Kuen