Chapter 21 Distributed System Security Copyright © 2008

Chapter 21

Distributed System SecurityCopyright © 2008

Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.2Operating Systems, by Dhananjay Dhamdhere 2

Introduction

• Issues in Distributed System Security• Message Security• Authentication of Data and Messages• Third-Party Authentication


Issues in Distributed System Security

• Kinds of security threats in distributed OSs:– Leakage of message contents– Tampering of message contents– Stealing use of resources without authorization– Denial of service to authorized users

• Leakage and tampering are threats to message security• Threats addressed through two means:

– Message security techniques– Authentication of remote users


Security Mechanisms and Policies


Security Attacks in Distributed Systems

• Additionally, security attacks can be classified into: – Passive attacks and active attacks


Message Security

• Approaches to message security can be:– Link-oriented

• Tends to be expensive– Cost depends on the number of links over which a message

travels

– End-to-end• Approach assumed in following discussions

• Three approaches to message security:– Private (or secret) key encryption– Public key encryption– Session keys


Message Security (continued)


Distribution of Encryption Keys

• KDC: Key distribution center– For public key encryption, KDC maintains a directory

containing public keys of all entities in the system– When session keys are used, KDC generates a new

session key on demand

Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.9

Distribution of Public Keys

• Steps – Step 1: Pi → KDC : EUkdc

(Pi, Pj)

– Step 2: KDC → Pi : EUi (Pj, Uj)

Encryption is employed merely to prevent message tampering

Operating Systems, by Dhananjay Dhamdhere 9


Distribution of Session Keys

• Steps– Step 1: Pi → KDC : Pi, Pj

– Step 2: KDC → Pi : EVi(Pj, Ski,j, EVj(Pi,Ski,j))

– Step 3: Pi → Pj : EVj(Pi, Ski,j), ESKi,j

(< message >)



Preventing Message Replay Attacks

• Message replay attack: intruder copies messages passing over network and “plays them back” later– Replayed message may mislead recipient into taking

wrong or duplicate actions• May affect data consistency• May reveal confidential information

• Solution: use challenge-response protocol to check whether message exchange is in real time– Steps: challenge, response, detect

Pj → Pi : ESKi,j(n)

Pj → Pi : ESKi,j(n+1)

• Challenge string n is called a nonce


Mutual Authentication

• Processes in a communication session should validate each other’s identity at start of session– Defeats masquerading attacks


Authentication of Data and Messages

• Authenticity: requires process to verify that data was originated/sent by a claimed person or process– And that it has not been tampered with by intruder

• Latter aspect implies integrity of data

• To ensure integrity, use a hash or message digest– One-way hash function for which a birthday attack is

infeasible• Certification authority (CA) provides information

concerning encryption keys used by persons or processes in a secure manner


Certification Authorities and Digital Certificates

• A certification authority (CA):– Assigns public and private keys to an entity

• After ascertaining its identity by using some means of physical verification

• Keys are valid for a specific period of time– Acts like a key distribution center– Keeps a record of keys assigned by it– Issues public key certificates

• Used to avoid man-in-the-middle attacks


Certification Authorities and Digital Certificates (continued)

• A public key certificate includes:– Serial number of the certificate– Owner’s distinguished name (DN)

• DNS name of the owner, and owner’s name, unit, locality, state, and country in a textual form

– Identifying information of owner• E.g., address

– Owner’s public key– Date of issue and date of expiry, and issuer’s DN– Digital signature on the above information by CA


Message Authentication Codes and Digital Signature

• A message authentication code (MAC) is used to check the integrity of data– A one-way hashing function is used to obtain a message

digest of data– It is encrypted using a secret key known only by sender

and intended recipient• A digital signature is used to verify authenticity of data

– This identification is non-repudiable– Can also be used to detect any modifications of data after

the data was created or sent by a process– Both are achieved through use of private keys


Message Authentication Codes and Digital Signature (continued)


Third-Party Authentication

• How does a server know whether a process wishing to act as its client was created by an authorized user?– Require each server to authenticate every user through a

password• Inconvenient

– Use a third-party authenticator and a secure arrangement• Kerberos uses an authentication database• SSL decentralized


Kerberos

• Developed in project Athena at MIT• Kerberos authentication server (KAS) uses an

authentication data base• Authorization is performed by giving tickets to

processes– A ticket is like a capability, it authorizes a process to use

a service– It contains the process and server ids, a session key for

communication, and the lifetime over which it is valid• At log in time, each process gets a ticket to a ticket

granting server (TGS); TGS generates tickets for other servers



Kerberos (continued)

• When a process wishes to use a server• It submits a ticket for the server and an authenticator

containing a time-stamp encrypted with the session key• Server checks validity of ticket, extracts the session key

and checks the authenticator to ensure that the request is made in ‘real time’



Kerberos (continued)

• Initial authentication:

• Obtaining ticket for server:

• Obtaining service:


Secure Sockets Layer (SSL)

• SSL is a message security protocol providing authentication and communication privacy

• Works on top of a reliable transport protocol such as TCP/IP

• Transport layer security (TLS) protocol is based on SSL 3.0

• Two phases:– SSL handshake protocol– SSL record protocol


Secure Sockets Layer (SSL)

• Handshake protocol:– Performs server authentication– Selection of session’s cryptographic algorithms– (Optionally) performs client authentication– Enables client and server to generate shared secret

• Used to generate session keys• Record protocol:

– <m, MACm> securely sent using a session key, where m is text of message

• To avoid man-in-the-middle attacks, certificate is verified and challenge-response protocol used to authenticate client


Summary

• Intruders can launch a variety of attacks: leakage, tampering, masquerading, or denial of service– Leakage/tampering are threats to message security

• Solution: Use encryption– Private, public and session keys– Session keys are typically used

• Message replay attacks can be avoided using challenge-response protocol

• Third-party authenticators: Kerberos, SSL• Digital signature: used to verify authenticity of data

– Public key certificate used to securely distribute public key

Documents

Chapter 21 Distributed System Security Copyright © 2008