95-702 Distributed Systems 1!Master of Information System Management 95-702 Distributed Systems Security: Four Important Cryptographic Protocols95-702 Distributed Systems 2!Master of Information System Management Instructor’s Guide for Coulouris, Dollimore, Kindberg and Blair, Distributed Systems: Concepts and Design Edn. 5 © Pearson Education 2012 The enemy Communication channel Copy of m Process p Process q m The enemy m’95-702 Distributed Systems Cryptographic Protocols Definition: A protocol is a series of steps, involving two or more parties, designed to accomplish a task1. Examples: Interacting with a waiter at dinner, Voting, HTTP, TCP, UDP. Definition: A cryptographic protocol is a protocol that uses cryptography1. Examples: Bitcoin, SSL, HTTPS, Kerberos, Project 2. 3!Master of Information System Management 1. From “Applied Crypotography” by Schneier95-702 Distributed Systems 4!Master of Information System Management Some Attacks and an Assumption • Eavesdropping or listening in. • Masquerading or pretending to be someone you are not. • Tampering by a man in the middle. • Replaying of old messages. • Denial of service. • Today’s big assumption: “I’m OK, you’re OK, the network is the problem!”.95-702 Distributed Systems 5!Master of Information System Management Cast of Characters Alice! First participant!Bob! Second participant!Trent! A trusted third party!Carol! Participant in three-party protocols!Eve! Eavesdropper!Mallory! Malicious attacker!Sara! A trusted server!95-702 Distributed Systems 6!Master of Information System Management Cryptography Notation KA! Alice’s key that she keeps secret.!KB! Bob’s key that he keeps secret.!KAB! Secret key shared between Alice and Bob!KApriv! Alice’s private key (known only to Alice in asymmetric key crypto)!KApub! Alice’s public key (published by Alice for all to read)!{!M!}!K! Message! M! encrypted with key !K![!M!]K! Message !M! signed with key! K!95-702 Distributed Systems 7!Master of Information System Management Two Major Categories of Encryption Algorithms Symmetric key encryption. Also called secret key crypto. Alice sends {M}Kab and Bob can read it. Bob knows Kab. Asymmetric key encryption. Also called public key crypto. Alice sends {M}KBpub and Bob can read it. Bob knows KBpriv. Public key encryption is typically 100 to 1000 times slower than secret key encryption.95-702 Distributed Systems Quiz 8!Master of Information System Management If public key crypto is so slow, why is it used? Answer: To encrypt a symmetric key. And to provide long term signatures.95-702 Distributed Systems 9!Master of Information System Management Scenario 1 (Like WWII & TEA) Communication with a shared secret key. Alice and Bob share KAB. Alice computes E(KAB,Mi) for each message i. She sends these to Bob. Bob uses D(KAB, {Mi} KAB ) and reads each Mi. How do Bob and Alice communicate the key KAB? How does Bob know that {Mi} KAB isn’t a replay of an old message?95-702 Distributed Systems 10!Master of Information System Management Scenario 2 (Like Kerberos) Alice wishes to access a service provided by Bob. Alice asks Sarah for a ticket to talk to Bob. Sarah knows Alice’s password so she can compute KA. Sarah send to Alice {{Ticket}KB,KAB}KA. A challenge! Alice knows her password and is able to compute KA. Note that the password is never placed on the network. Alice is able to compute {Ticket}KB and KAB. How? Alice sends a read request to Bob. She sends {Ticket}KB,Alice,Read. Another challenge! Bob uses KB to read the content of the Ticket. The Ticket is KAB,Alice. Bob and Alice then use this session key to communicate. Old tickets may be replayed by Mallory. Suppose Mallory has captured an old session keyKAB . Does not scale well : Sarah must know KA, KB …. Sarah is a single point of failure.95-702 Distributed Systems 11!Master of Information System Management 11!Master of Information System Management Scenario 3 (Authentication) Alice wishes to convince Bob that she sent the message M. She computes a digest of M, Digest(M). If the Digest method is a good one, it is very difficult to find another message M’ so that Digest(M) == Digest(M’). Alice makes the following available to the intended users: M,{Digest(M)}KApriv. Bob obtains the signed document, extracts M and computes Digest(M). Bob decrypts {Digest(M)}KApriv using KApub and compares the result with his calculated Digest(M). If they match, the signature is valid. Can Alice claim that she did not sign the message? What if she claims she released her KApriv ? Still useful if Bob and Alice trust each other.95-702 Distributed Systems 12!Master of Information System Management Scenario 4 (Like SSL) Bob and Alice wish to establish a shared secret KAB. Alice retrieves Bob’s public key. This key comes in a certificate. So, Bob’s public key has been signed by a trusted third party, Trent. Alice verifies that Trent signed the public key KBpub. Alice generates KAB and encrypts it with KBpub. Bob has many public keys and so Alice sends a key name along as well. Alice sends key name, {KAB}KBpub. Bob uses the key name to select the correct private key and computes {{KAB}KBpub} KBpriv == KAB. The man in the middle attack may be used when Alice first retrieves what she thinks is Bob’s public key. Mallory may supply his own public key (also signed by Trent).95-702 Distributed Systems 13!Master of Information System Management The Needham–Schroeder Secret-Key Authentication Protocol (Scenario 2 with more detail) Header! Message! Notes!1. A->S:!A, B, NA!A requests S to supply a key for communication!with B.!2. S->A:! {NA , B, KAB, !{KAB, A}KB}KA!S returns a message encrypted in A’s secret key,!containing a newly generated key KAB and a!‘ticket’ encrypted in B’s secret key. The nonce NA !demonstrates that the message was sent in response!to the preceding one. A believes that S sent the!message because only S knows A’s secret key.! !3. A->B:!A sends the ‘ticket’ to B.!4. B->A:!B decrypts the ticket and uses the new key KAB to!encrypt another nonce NB.!5. A->B:!A demonstrates to B that it was the sender of the!previous message by returning an agreed!transformation of NB.!{KAB, A}KB!{NB}KAB!{NB - 1}KAB!95-702 Distributed Systems 14!Master of Information System Management System Architecture of Kerberos Server!Client!DoOperation!Authentication!database!Login!session
View Full Document
Unlocking...