View
212
Download
0
Tags:
Embed Size (px)
Citation preview
8.1
Learning Objectives
To become familiar with the range of security threats faced by networked and distributed systems (DSs);
To examine various cryptographic techniques fundamental to security in DSs, such as symmetric crytosystem and
asymmetric crytosystem; To fully study the two main parts in security in DS: secure
channel and authorization (access control), using main techniques of encryption, authentication, and access
control;To gain an understanding of the major methods in security
management.
8.2
IntroductionThe security problems in DS arise from the openness of Internet and distributed systems.
Security measures must be incorporated into computer systems whenever they are potential targets for malicious or mischievous attacks.
Security in computer systems is strongly related to the notion of dependability that we justifiably trust to deliver its services. Confidentiality and
integrity are two major properties in such systems.
8.11
Security: Dependability Revisited
In distributed systems, security is the combination of availability, integrity, and confidentiality. A dependable distributed system is thus fault tolerant and secure.
Property Description
Availability Accessible and usable upon demand for authorized entities
Reliability Continuity of service delivery
Safety Very low probability of catastrophes
Confidentiality No unauthorized disclosure of information
Integrity No accidental or malicious alterations of information have been performed (even by authorized entities)
8.13
Definitions
Subject: Entity capable of issuing a request for a service provided by an object
Channel: The carrier of requests and replies for services offered to subjects
Object: Entity providing services to subjects
8.14
Security Model: Threats and forms of attack
Masquerading – assuming the identity of another user/principal
Eavesdropping (Interception)– obtaining private or secret information
Message tampering (Modification)– altering the content of messages in transit
Replaying (Fabrication)– storing secure messages and sending them at a later
date
Denial of service (Interruption)– flooding a channel or other resource, denying access
to others
*
8.15
Types of Threats
Threat Channel Object
Interruption Preventing message transfer Denial of service
Inspection Reading the content of transferred messages
Reading the data contained in an object
Modification Changing message content Changing an object's encapsulated data
Fabrication Inserting messages Spoofing an object
8.16
Security Policy and MechanismsSecurity policy is a set of requirements and guidelines to ensure a desired level of security for the activities that are performed in the system.
Security mechanisms are employed to implement the security policy. Security in DSs can be roughly divided into two major parts: secure channel and authorization.
Secure channel: to ensure secure communication, including authentication, message confidentiality and integrity.Authorization (access control): to ensure that a process gets only those access rights to the resources in a DS it is entitled to.
8.17
Security PoliciesGlobus security architecture
1. Multiple administrative domains2. Local operations subject to local security policies3. Global operations require requester be globally
known4. Interdomain operations require mutual
authentication5. Global authentication replaces local authentication6. Access control is via local security7. Users can delegate privileges to processes8. Credentials can be shared between processes in
the same domain
8.18
Important Security Mechanisms
Encryption: Using cryptographic techniques, encryption transforms data into something an attacker cannot understand (for confidentiality). It also provide support for integrity checks.
Authentication: It is used to verify the claimed identity of a user, client, server and so on.Authorization: It is necessary to check whether a client is authorized to perform the action required.Auditing: It is used to trace which clients accessed what, and in which way, for late security analysis.
8.20
Focus of Control
3 approaches for protection against security threats:
a) Invalid operationsb) Unauthorized invocationsc) Unauthorized users
8.21
Security Mechanism Layering
The logical organization of a distributed system into several layers.
8.23
Trusted Computing Base
• The set of mechanisms needed to enforce a security policy
– The smaller, the better
– Includes OS
– Physical security of machines
8.24
Distribution of Security Mechanisms
The principle of RISSC as applied to secure distributed systems.
8.25
Simplicity
• Simpler systems inspire trust
• Security mechanisms can be complex– Keys– Certificates– Authentication & access control
• Applications needing security often complex themselves
8.27
Cryptosystem TypesSymmetric system: Use single key to encrypt
the plaintext and decrypt the ciphertext. Sender and receiver share secret key.
Asymmetric system: Use different keys for encryption and decryption, of which one is private, and the other public.
Hashing system: Only encrypt data and produce a fixed-length digest. – No decryption– Only comparison– Detect message alteration
8.28
Cryptographic FunctionsMake the encryption method E public, but let the encryption
be parameterized by means of a key S
One-way function: Given some output mout of ES, it is computationally infeasible to find min:ES(min)=mout
Weak collision resistance: Given a pair <m, ES(m)>, it is computationally infeasible to find an m* ≠ m such that
ES (m*) = ES (m)
Strong collision resistance: It is computationally infeasible to find any two different inputs m and m* such that ES (m) = ES (m*)
8.29
Cryptography (2)
Notation used in this chapter.
Notation Description
KA, B Secret key shared by A and B
Public key of A
Private key of A
K A
K A
8.32
Public-Key Cryptosystems: RSA
Generating the private and public key requires four steps:
1. Choose two very large prime numbers, p and q
2. Compute n = p x q and z = (p – 1) x (q – 1)
3. Choose a number d that is relatively prime to z
4. Compute the number e such that e x d = 1 mod z