CS542: Topics inDistributed Systems
CS542: Topics inDistributed Systems
Security
Why are Distributed Systems insecure?
Distributed component rely on messages sent and received from network.
Is network (especially WAN networks) secure?» Packets can be intercepted and modified at network layer!
Is client component secure? Is client component who it claims to be? Are users of calling components really who they claim
to be?
Security Threats Security Threats
Leakage: An unauthorized party gains access to a service or data.Attacker obtains knowledge of a withdrawal or account
balance, e.g., via eavesdropping
Tampering: Unauthorized change of data, tampering with a serviceAttacker changes the variable holding your personal data
Vandalism: Interference with proper operation, without gain to the attackerAttacker does not allow any transactions to your accountE.g., DOS=denial of service
How Attacks are Carried OutHow Attacks are Carried Out
Attacks on Communication Channel / Network
Eavesdropping – Obtaining copies of messages without authority.
Masquerading – Sending or receiving messages with the identity of another principal (user or corporation). Identity theft.
Message tampering – Intercepting messages and altering their contents before passing them onto the intended recipient.
Replaying – Intercepting messages and sending them at a later time.
Denial of Service Attack – flooding a channel or other resources (e.g., port) with messages.
Addressing the ChallengesAddressing the Challenges
Leakage: An unauthorized party gains access to a service or data.
– Confidentiality : protection against disclosure to unauthorized individuals.
Tampering: Unauthorized change of data, tampering with a service
– Integrity : protection against alteration or corruption.
Vandalism: Interference with proper operation, without gain to the attacker
– Availability : protection against interference with the means to access the resources.
Security Requirements
Authentication: ensures that sender and receiver are who they are claiming to be
Data integrity: ensure that data is not changed from source to destination
Confidentiality: ensures that data is read only by authorized users
Non-repudiation: ensures that the sender has strong evidence that the receiver has received the message, and the receiver has strong evidence of the sender identity. The sender cannot deny that it has sent the message and the receiver cannot deny that it has received the message
Security Policies & Mechanisms Security Policies & Mechanisms
A Security Policy indicates which actions each entity (user, data, service) is allowed or prohibited to take.
E.g., Only an owner is allowed to make transactions to his account.
A Security Mechanism implements and enforces the policy
Security Mechanisms
Encryption / decryption: transforming data into something an attacker cannot understand and vice-versa, i.e., providing a means to implement confidentiality, as well as allowing user to check whether data have been modified.
Authentication: verifying the claimed identity of a subject, such as user name, password, etc.
Authorization: checking whether the subject has the right to perform the action requested. verify access rights of principal for resource.
Auditing: tracing which subjects accessed what, when, and which way. In general, auditing does not provide protection, but can be a tool for analysis of problems. Mainly an offline analysis tool, often ex-post.
Designing Secure SystemsDesigning Secure Systems
• Need to make worst-case assumptions about attackers:
– exposed interfaces, insecure networks, algorithms and program code available to attackers, attackers may be computationally very powerful
– Typically design system to withstand a known set of attacks (Attack Model or Attacker Model)
– Tradeoff between security and performance impact
• Designing Secure Systems– Traditionally done as a layer on top of existing protocols.
Three phases:
– Design security protocol
– Analyze Protocol Behavior when under attacks
– Measure effect on overall performance if there were no attacks (the common-case)
Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.
Familiar Names in the Security Literature
Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.
Notational Conventions
Cryptographic Terminology
Plain text: the message before encryption. Cipher text: the message after encryption. Key: information needed to convert from plain
text to cipher text (or vice-versa). Function: the encryption or decryption
algorithm used, in conjunction with key, to encrypt or decrypt message.
Key distribution: How to distribute keys between senders and receivers
Requirements for modern cryptography
Kerkhoff’s principle: knowledge of encryption algorithm should not be an advantage
With computers a brute force attempt is possible, i.e. try every possible substitution until a valid message is produced.
Computers are good at this, modern schemes must be computationally hard to solve to remain secure.
15 May 1973 American National Bureau of standards requests proposals for encryption standard
Data Encryption Standard, DES, developed. Standard describes DEA, Data Encryption Algorithm
Since November 26, 2001, there’s AES, based on Rijndael
Encryption
Plain Text (M)
Encryption KBpub, E
Cryptography Cryptography Encoding (encryption) of a message that can only be read
(decryption) by a key.
In shared key cryptography (symmetric cryptography) the sender and the recipient know the key, but no one else does.E.g., DES (Data Encryption Standard) – 56 b key operates on 64 b blocks
of data. Notation: KAB (M).
How do Alice and Bob get the shared key KAB to begin with?
In public/private key pairs messages are encrypted with a published public key, and can only be decrypted by a secret private decryption key.
E.g., RSA / PGP keys – at least 512 b long
Plain Text (M)
Decryption KBpriv, D
DecryptionAlice BobE(K,M)={M}K
D(K, {M}K)=M{M}K
Code for E & Dis “open-source”
(hence known to attacker)
Cryptography Cryptography
Shared versus public/private:
Shared reveals information to too many principles; may need key distribution and revocation/repudiation mechanisms
In electronic commerce or wide area applications, public/private key pairs are preferred to shared keys.
Public/private key encrypt/decrypt ops are costly
May use hybrid: pub/pri generates a shared key.
Presentation of many next few protocols independent of which keying scheme, viz., shared or pub/priv
Symmetric Key
Both the sender and the receiver use the same secret keys
InternetEncrypt withsecret key
Decrypt withsecret key
Plaintext Plaintext
Ciphertext
DES/AES: Symmetric Encryption
One key is used to both encrypt and decrypt data Encryption and decryption functions are often
chosen to be the same Security should not be compromised by making
function well-known as security comes from secret keys
DES/AES: Using Secret Keys
Sender and recipient exchange keys through some secure, trusted, non-network based means.
Sender encodes message using function and sends, knowing that only the holder of the key (the intended recipient) can make sense of it.
Recipient decodes message & knows that only a key-holding sender could have generated it.
Message can be captured but is of no use.
Data Encryption Standard (DES)
DES encrypts a 64-bit block of plain text using a 56-bit key
Three phases1. Permute the 64 bits in the
block
2. Apply a given operation 16 times on the 64 bits
3. Permute the 64 bits using the inverse of the original permutation
Round 1
Round 16
... key
1st phaseIP(input)
3rd phaseIP-1(input)
2nd phase
Initial Permutation (IP)
IP: bit 58 of input becomes 1st bit, bit 50 becomes 2nd bit, etc
58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 462 54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49 41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53 45 37 29 21 13 5 63 55 47 39 31 23 15 7
IP-1: inverse of IP, e.g., IP(1) = 58, IP-1 (58) = 140 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38 6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4 44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42 10 50 18 58 26 33 1 41 9 49 17 57 25
2nd Phase: Operation in each round
16 rounds Each round i select a 48
bit key Ki from the original 56 bit key K. Perform (F is a given function):
+
F
63 0
63 32 31 0
Ki
Li-1 Ri-1
Li Ri
),( 11
1
iiii
ii
KRFLR
RL
Discussion of DES
Even through the DES algorithm is well known, but the key or cipher is difficult to break using analytical methods.
Using a brute-force attack by simply searching for a key is possible. However, for 56-bit key, there are 256 possible key combinations, if we could search one key in 1 µs, then we need 2283 years to try all keys. (Distributed.net broke a DES-56 within 22 hours and 15 minutes, by using 100,000 PCs).
Use 3DES (K1, K2, K3), or DES-128 for high security.
Encrypting Larger Messages
Initialization Vector (IV) is a random number generated by sender and sent together with the ciphertext
+
Block1
Cipher1
DES
+
Block2
DES
+
Block3
DES
+
Block4
DES
Cipher2 Cipher3 Cipher4
IV
Cipher block chaining (CBC)
Each plaintext block is combined with the preceding ciphertext block using XOR
i.e., ciphertextn+1 = plaintextn+1 ciphertextn
For decryption, the opposite is done, since XOR is idempotent, it works.
Weaknesses: if the same message is sent to multiple locations, they’ll be the same and the attacker may infer.
To add different piece of plaintext at the beginning of each message
Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.
A Scheme of Cipher Block Chaining
Stream ciphers
CBC is inappropriate for some apps., e.g., encryption of telephone conversations
==> Stream ciphers solve this problem
Main idea is to construct a keystream generator.It’s analogous to adding “noise” to the system
Source: G. Coulouris et al., Distributed Systems: Concepts and Design, Third Edition.
A Stream Cipher
DES Properties
Provide confidentiality» No mathematical proof, but practical evidence
suggests that decrypting a message without knowing the key requires exhaustive search
» To increase security use triple-DES, i.e., encrypt the message three times
Secret Key Encryption
Disadvantage: Number of keys needed increases quadratically by number of objects (one key per pair of communicating objects…)
Another problem with private key:Key distribution
Public Key (Asymmetric) Encryption overcomes these problem
Public-Key Cryptosystems: RSA
Asymmetric algorithm: a private and a public key are used
First proposed by Diffie and Hellman Basis: Trap-door functions
Are special type of one-way-functions that has a secret exit, it is easy to compute it in one-way but it is infeasible to compute the inverse if the secret is unknown
Two keys, Ke and Kd
D(Kd, E(Ke, M)) = M RSA (Rivest, Shamir, and Adelman) Algorithm
Public-Key Cryptography: RSA (Rivest, Shamir, Adleman)
Sender uses a public key» Advertised to everyone
Receiver uses a private key
InternetEncrypt withpublic key
Decrypt withprivate key
Plaintext Plaintext
Ciphertext
Asymmetric Encryption
Gives 'one-way' security. Two keys generated, one used with decryption
algorithm (private key) and one with encryption algorithm (public key).
Generation of private key, given public key is computationally hard.
Does not need secure key transmission mechanism for key distribution.
Asymmetric Encryption: Using Public Keys
Recipient generates key pair. Public key is published by trusted service. Sender gets public key, and uses it to encode
message. Recipient decrypts message with its private
key. Replies can be encoded using sender’s public
key from the trusted distribution service. Message can be captured but is of no use.
RSA Algorithm
Generating the private and public key requires four steps:Choose two very large prime numbers, p and q
Compute n = p x q and z = (p – 1) x (q – 1)
Choose a number d that is relatively prime to z
Compute the number e such that e x d = 1 mod z
Generating Public and Private Keys
Public key consist of pair (n, e) Private key consists of pair (n, d)
RSA Encryption and Decryption
Encryption of message block m: » c = me mod n
Decryption of ciphertext c: » m = cd mod n
Example (1/2)
Choose p = 7 and q = 11 n = p*q = 77
Compute encryption key e: (p-1)*(q-1) = 6*10 = 60 chose e = 13 (13 and 60 are relatively prime numbers)
Compute decryption key d such that 13*d = 1 mod 60 d = 37 (37*13 = 481)
Example (2/2)
n = 77; e = 13; d = 37
Send message block m = 7
Encryption: c = me mod n = 713 mod 77 = 35
Decryption: m = cd mod n = 3537 mod 77 = 7
Properties
Confidentiality A receiver B computes n, e, d, and sends out (n, e)
» Everyone who wants to send a message to A uses (n, e) to encrypt it
How difficult is to recover d ? (Someone that can do this can decrypt any message sent to B!)
Recall that
d is relatively prime to (p-1)*(q-1) So to find d, you need to find prime factors p and q
» This is provably very difficult
Public Key Encryption
Transmission of message is secure » as only B has the matching private key to decrypt message
Differences between public and secret key» One pair of keys generated for every object, so number
of keys is linear to number of objects
Because different functions:» use of public keys is more complicated for reply messages. A
must generate pair of keys and publish its public key, which B acquires to encrypt reply message
Pretty Good Privacy
Public Key encryption used in PGP Generally available, and can be used for
» encryption of messages » digital signatures.
PGP combines DES and RSA» DES fast, but symmetric, hence key distribution
problem» RSA slower, but no key distribution problem» Solution: Use RSA to encrypt and distribute key
for DES encryption!!!
Top Related