Lecture 4 Computer Security & Cryptography Computer Security
Computer Security
description
Transcript of Computer Security
![Page 1: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/1.jpg)
Computer Security
Tran, Van HoaiDepartment of Systems & Networking
Faculty of Computer Science & EngineeringHCMC University of Technology
![Page 2: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/2.jpg)
2009-2010 2
Outline
• Introduction to security• Secure channels• Access control• Security management• Example: electronic payment systems
![Page 3: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/3.jpg)
Security concerns in distributed systems
the rest of
email server
Web server
Desktopcomputers
File server
router/firewall
print and other servers
other servers
Local areanetwork
email server
the Internet
SECURE CHANNELSauthentication
message integrityconfidentiality
ACCESS CONTROLauthorization
![Page 4: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/4.jpg)
What are security threats ? (1)
• Interception: an unauthorized party has gained access to resource– communication between 2 parties has been
overheard by someone else– data illegally copied after breaking into private
directoty• Interrupt: resources unavailable, unusable,
destroyed,…– Denial of Service
![Page 5: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/5.jpg)
What are security threats ? (2)
• Modification: unauthorized changing of data or tampering with a service so that it loses original specifications– changing program to log secretly user’s activities
• Fabrication: additional data or activity generated that would normally not exist– add an entry to password file
![Page 6: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/6.jpg)
Security policy & security mechanisms
• Building a secure system is not to protect against all threats– First, security policies must be created
Security policy = to describewhich actions the entities are allowed to take
and which ones are prohibitedSecurity mechanism = to enforce
security policies
![Page 7: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/7.jpg)
Security mechanisms
• Encryption– hacker cannot understand (cryptography)– provide confidentiality, integrity
• Authentication– verify a claimed identity
• Authorization– check permissions (rights) to perform actions
• Auditing– trace clients’ access
![Page 8: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/8.jpg)
Globus security
![Page 9: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/9.jpg)
Design issuesFocus of control – protection on data
Data is protected against wrong or invalid operations
InvocationMethod
State
Object
Operations can be performed, but main concern is data integrity
![Page 10: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/10.jpg)
Design issuesFocus of control – protection on invocation
Data is protected against unauthorized invocations
InvocationMethod
State
Object
Main concern is access control mechanisms
![Page 11: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/11.jpg)
Design issuesFocus of control – protection on user
Data is protected by checkingthe role of invoker
InvocationMethod
State
Object
Main concern is defining roles that users have
![Page 12: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/12.jpg)
Design issuesLayer of security mechanisms
Application
Middleware
OS Services
OS kernel
Hardware
Transport
Network
Datalink
Physical
Application
Middleware
OS Services
OS kernel
Hardware
Transport
Network
Datalink
Physical
network
low-levelprotocols
high-levelprotocolsMain concern is
where security mechanisms are placed
IDEA: TRUSTdepending on the trust a client has in how secure
the services are in a particular layer
![Page 13: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/13.jpg)
Trust on different layers
SMDS
Encryption device
Different LANs trust each other, but do not trust SMDS
Trust router(encryption device)
If not Use SSL
In distributed system, security mechanisms often placed in middleware
![Page 14: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/14.jpg)
Design issuesDistribution of security mechanisms
• Middleware-base distributed system trusts local OS it depends on– If not, part of functionality of OS must be
integrated in distributed system• Use the approach “Reduced Interfaces for
Secure System Components”servers running secure services
no direct access from other machines
access control device
![Page 15: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/15.jpg)
Design issuesSimplicity
• Few, simple security mechanisms easily understood and trusted to work, the better it is– It is not easy in practice
• Applications are inherently complex, therefore security services, protocols should be simple
![Page 16: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/16.jpg)
Cryptography
Encryption methodPlaintext, P
Encryption key, EKSender
Decryption method Plaintext, P
Decryption key, DK
Receiver
CiphertextC=EK(P)
Passive intrudersonly listen to C
Active intruderscan alter messages
Active intruderscan insert messages
Symmetric cryptosystems: DESPublic-key cryptosystems: RSA
Hash functions: MD5
![Page 17: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/17.jpg)
Secure channels
• Protecting clients and servers against– interception: ensureing confidentiality– modification, fabrication: mutual authentication
and message integrity• authentication and message integrity must go together• Ex: A sends B a message m. A and B both authenticated,
but how guaranteeing m is not modified
![Page 18: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/18.jpg)
Authentication based on shared secret key
ALICE
BOB
A
RB
KA,B(RB)
RA
KA,B(RA)
1
2
3
4
5
Challenge-response protocol- RA, RB: challenge from A, B respectively- KA,B: secret key shared by A, B
- Key distribution center can reduce number of keys- No longer used because defeated by reflection attack
![Page 19: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/19.jpg)
Authentication based on public-key cryptography
ALICE
BOB
KB+(A, RA)
KA+(RA,RB,KA,B)
KA,B(RB)
1
2
3
-KA+, KA
-: public and private keys of A respectively- KA,B: session key shared by A, B
![Page 20: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/20.jpg)
Digital signatures
• Example:– Bob sells Alice an item with price $500– Alice sends Bob an email to confirm– Two issues happen
• Alice needs to be sured Bob maliciously change to price to higher value
• Bob needs to be sures Alice cannot deny the price (preventing second thoughts)
Require a signature associated with the email’s content
![Page 21: Computer Security](https://reader036.fdocuments.us/reader036/viewer/2022062501/5681665d550346895dd9e0f7/html5/thumbnails/21.jpg)
Digital signature using public-key
Bob’s public key, KB
+
Alice’s private key, KA
-m
Bob’s privatekey, KB
-
Alice’s public
key, KA+
m
Alice’s computer Bob’s computer
KB+(m, KA
-(m))KA-(m) KA
-(m)