Security

Chapter 8

 Introduction to security in distributed systems General issues in authentication and access control Security management: key management Secure group management Authorization management Examples: Kerberos x.509 certificates.

Introduction to security in distributed systems

Security in Distributed systems (2 parts) Communication between users , Processes. Authorization (Access Control Right) Security Management (management of keys, security groups etc)

Introduction to Security
Security Introduction Security intro. Security threats Security Policies Security Mechanism.
Design Issues security in DS Focus of Control Layering of security Mechanism Simplicity

Cryptographic Algorithm

Security Intro.
Computer system -> Security ->Dependability : Availability , Reliability , Safely , Maintainability. Confidentiality Information is Disclosed only to authorized parties . Integrity Alteration to system asserts (data, services etc) can be made only in a authorized way .

Types of Threats
Interception Unauthorized gain access to service /Data Interruption Service/Data become unavailable (DOS attack) Modification Unauthorized changing Service/Data Fabrication Additional generation of service/Data that would normally don't exist
2,3,4 are also called Data Falsification

Security Mechanisms
Security Policy Action to take /Prohibited described precisely
Security Mechanism Method by which Policy can be enforced 4 Methods :
Encryption : transforming data to non understandable format Authentication : Verify the Claimed identity of User/Client/Service etc. Authorization : Authorized to Perform action Auditing : Used to trace which client accessed What and which Way

 Design Issues security in DS

Focus of Control
Layering of security Mechanism Simplicity

Focus of Control

3 approaches for protection against security threats

a) Protection against invalid operations Protection against unauthorized invocations Protection against unauthorized users

b)

c)

Layering of Security Mechanisms (1)

The logical organization of a distributed system into several layers. Distributed Model + Network Model = Logical Layer Model Security is technical Trust is Emotional

Layering of Security Mechanisms (Example)

Several sites connected through a wide-area backbone service.

Distribution of Security Mechanisms

The principle of RISSC as applied to secure distributed systems. Trusted Computing Base (TCB)
Set of all mechanism needed to enforce a Security policy and this needed to be Trusted.
The Smaller TCB the Better Security.

Cryptography (1)

Intruders and eavesdroppers in communication.

Cryptography (2)

Notation
KA, B

Description
Secret key shared by A and B Public key of A Private key of A

K A K A

Notation used in this chapter.

Symmetric Cryptosystems: DES (1)

a) b)

The principle of DES Outline of one encryption round

Symmetric Cryptosystems: DES (2)

Details of per-round key generation in DES.

Public-Key Cryptosystems: RSA

Generating the private and public key requires four steps: 1. Choose two very large prime numbers, p and q 2. Compute n = p x q and z = (p 1) x (q 1) 3. Choose a number d that is relatively prime to z 4. Compute the number e such that e x d = 1 mod z

Hash Functions : MD5 (1)

The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value.

The structure of MD5

Authentication (1)

Authentication based on a shared secret key.

Authentication (2)

Authentication based on a shared secret key, but using three instead of five messages.

Authentication (3)

The reflection attack.

Authentication Using a Key Distribution Center (1)

The principle of using a KDC.

Authentication Using a Key Distribution Center (2)

Using a ticket and letting Alice set up a connection to Bob.

Authentication Using a Key Distribution Center (3)

The Needham-Schroeder authentication protocol.

Authentication Using a Key Distribution Center (4)

Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol.

Authentication Using Public-Key Cryptography

Mutual authentication in a public-key cryptosystem.

General Issues in Access Control

General model of controlling access to objects.

Access Control Matrix

Comparison between ACLs and capabilities for protecting objects. a) Using an ACL b) Using capabilities.

Protection Domains

The hierarchical organization of protection domains as groups of users.

Key Establishment

The principle of Diffie-Hellman key exchange.

Key Distribution (1)

Secret-key distribution

Key Distribution (2)

Public-key distribution (see also [menezes.a96]).

Secure Group Management

Securely admitting a new group member.

Capabilities and Attribute Certificates (1)

48 bits Server port 24 bits Object 8 bits Rights 48 bits Check

A capability in Amoeba.

Capabilities and Attribute Certificates (2)

Generation of a restricted capability from an owner capability.

Delegation (1)

The general structure of a proxy as used for delegation.

Delegation (2)

Using a proxy to delegate and prove ownership of access rights.

Kerberos
trusted key server system from MIT provides centralised private-key third-party authentication in a distributed network
allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server

two versions in use: 4 & 5

Kerberos 4 Overview
Authentication Server (AS)
user initially negotiates with AS to identify self AS provides a non-corruptible authentication credential (ticket-granting ticket TGT)

Ticket Granting server (TGS)

users subsequently request access to other services from TGS on basis of users TGT

Example: Kerberos (1)

Authentication in Kerberos.

Example: Kerberos (2)

Setting up a secure channel in Kerberos.

PKI: Public Key Infrastructure

User (or entity) gets a related key pair:
one private key, known only to the user one public key, distributable to the world

A message encrypted with one key requires the other key for decryption

Key Reciprocity
Data encrypted using the public key requires the private key for decryption.
If you know my public key, you can send me via an open channel a message only I can read.

Data encrypted using the private key requires the public key for decryption.
If my public key decrypts an encrypted message I have sent via an open channel, then only I could have sent it.

How Keys Get Around

Public keys can be freely distributed
Allows messages to be encrypted just for you.

Your private key doesnt get around.

Period. Thats why its private.

X.509 Certificates
Keys can be distributed as encapsulated in an X.509 certificate.
The X.509 certificate associates the public key with a qualified name. The X.509 certificate is also signed by a trusted issuer. A certificate authority (CA) is a trusted entity who signs and issues X.509 credentials Examples: NCSA Alliance, DOEgrid CA In the so-called real world: VeriSign

Each credential identifies its CA

X.509 Certificate = License

Identifies you and your institution Cant be self-created

Created for you by your institution

Getting one isnt an instantaneous process

Whats in an X.509 Certificate?

Entitys qualified name Entitys public key Name of the issuing CA Signature of issuing CA Validity dates (start and end dates) Other stuff version information, etc.

Qualified Name
Persons name Institution Country
C=US, O=National Center for Supercomputing Applications, CN=Edward N. Bola

X.509 Certificates

Obtaining a Certificate
any user with access to the public key of the CA can verify the

user public key that was certified

only the CA can modify a certificate without being detected cannot be forged, certificates can be placed in a public directory

Certificate Revocation
certificates have a period of validity may need to revoke before expiration, eg:
1. user's private key is compromised 2. user is no longer certified by this CA 3. CA's certificate is compromised

CAs maintain list of revoked certificates the Certificate Revocation List (CRL) users should check certificates with CAs CRL