Beruflich Dokumente
Kultur Dokumente
Chapter 8
Introduction to security in distributed systems General issues in authentication and access control Security management: key management Secure group management Authorization management Examples: Kerberos x.509 certificates.
Introduction to Security
Security Introduction Security intro. Security threats Security Policies Security Mechanism.
Design Issues security in DS Focus of Control Layering of security Mechanism Simplicity
Cryptographic Algorithm
Security Intro.
Computer system -> Security ->Dependability : Availability , Reliability , Safely , Maintainability. Confidentiality Information is Disclosed only to authorized parties . Integrity Alteration to system asserts (data, services etc) can be made only in a authorized way .
Types of Threats
Interception Unauthorized gain access to service /Data Interruption Service/Data become unavailable (DOS attack) Modification Unauthorized changing Service/Data Fabrication Additional generation of service/Data that would normally don't exist
2,3,4 are also called Data Falsification
Security Mechanisms
Security Policy Action to take /Prohibited described precisely
Security Mechanism Method by which Policy can be enforced 4 Methods :
Encryption : transforming data to non understandable format Authentication : Verify the Claimed identity of User/Client/Service etc. Authorization : Authorized to Perform action Auditing : Used to trace which client accessed What and which Way
Focus of Control
Layering of security Mechanism Simplicity
Focus of Control
b)
c)
The logical organization of a distributed system into several layers. Distributed Model + Network Model = Logical Layer Model Security is technical Trust is Emotional
The principle of RISSC as applied to secure distributed systems. Trusted Computing Base (TCB)
Set of all mechanism needed to enforce a Security policy and this needed to be Trusted.
The Smaller TCB the Better Security.
Cryptography (1)
Cryptography (2)
Notation
KA, B
Description
Secret key shared by A and B Public key of A Private key of A
K A K A
a) b)
Authentication (1)
Authentication (2)
Authentication based on a shared secret key, but using three instead of five messages.
Authentication (3)
Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol.
Protection Domains
Key Establishment
Secret-key distribution
A capability in Amoeba.
Delegation (1)
Delegation (2)
Kerberos
trusted key server system from MIT provides centralised private-key third-party authentication in a distributed network
allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server
Kerberos 4 Overview
Authentication Server (AS)
user initially negotiates with AS to identify self AS provides a non-corruptible authentication credential (ticket-granting ticket TGT)
Authentication in Kerberos.
A message encrypted with one key requires the other key for decryption
Key Reciprocity
Data encrypted using the public key requires the private key for decryption.
If you know my public key, you can send me via an open channel a message only I can read.
Data encrypted using the private key requires the public key for decryption.
If my public key decrypts an encrypted message I have sent via an open channel, then only I could have sent it.
X.509 Certificates
Keys can be distributed as encapsulated in an X.509 certificate.
The X.509 certificate associates the public key with a qualified name. The X.509 certificate is also signed by a trusted issuer. A certificate authority (CA) is a trusted entity who signs and issues X.509 credentials Examples: NCSA Alliance, DOEgrid CA In the so-called real world: VeriSign
Qualified Name
Persons name Institution Country
C=US, O=National Center for Supercomputing Applications, CN=Edward N. Bola
X.509 Certificates
Obtaining a Certificate
any user with access to the public key of the CA can verify the
Certificate Revocation
certificates have a period of validity may need to revoke before expiration, eg:
1. user's private key is compromised 2. user is no longer certified by this CA 3. CA's certificate is compromised
CAs maintain list of revoked certificates the Certificate Revocation List (CRL) users should check certificates with CAs CRL