CS162 Operating Systems and Systems Programming Lecture 26 Protection and Security in Distributed Systems IIReview: Authentication: Identifying UsersReview: Private Key CryptographyGoals for TodayPublic Key EncryptionPublic Key Encryption DetailsSecure Hash FunctionSignatures/Certificate AuthoritiesSecurity through SSLSSL PitfallsCryptographic SummaryAdministriviaAside: Powers of 10 and 2Issue from Midterm II: two-level page tableRecall: Authorization: Who Can Do What?How fine-grained should access control be?Authorization ContinuedHow to perform Authorization for Distributed Systems?Distributed Access ControlAnalysis of Previous SchemeAnalysis ContinuedInvoluntary InstallationEnforcementState of the WorldOther Security ProblemsSecurity Problems: Buffer-overflow ConditionThe Morris Internet WormSome other AttacksTenex Password CheckingDefeating Password CheckingDefense in Depth: Layered Network SecurityShrink Wrap Software WoesKen Thompson’s self-replicating programSelf Replicating Program ContinuedConclusionCS162Operating Systems andSystems ProgrammingLecture 26Protection and Security in Distributed Systems IIDecember 5, 2007Prof. John Kubiatowiczhttp://inst.eecs.berkeley.edu/~cs162Lec 26.212/05/07 Kubiatowicz CS162 ©UCB Fall 2007Review: Authentication: Identifying Users•How to identify users to the system?–Passwords»Shared secret between two parties»Since only user knows password, someone types correct password must be user typing it»Very common technique–Smart Cards»Electronics embedded in card capable of providing long passwords or satisfying challenge response queries»May have display to allow reading of password»Or can be plugged in directly; several credit cards now in this category–Biometrics»Use of one or more intrinsic physical or behavioral traits to identify someone»Examples: fingerprint reader, palm reader, retinal scan»Becoming quite a bit more commonLec 26.312/05/07 Kubiatowicz CS162 ©UCB Fall 2007Review: Private Key Cryptography•Private Key (Symmetric) Encryption:–Single key used for both encryption and decryption•Plaintext: Unencrypted Version of message•Ciphertext: Encrypted Version of message•Important properties–Can’t derive plain text from ciphertext (decode) without access to key–Can’t derive key from plain text and ciphertext–As long as password stays secret, get both secrecy and authentication•Symmetric Key Algorithms: DES, Triple-DES, AES InsecureTransmission(ciphertext)DecryptKeyEncryptKeyPlaintextPlaintextSPY CIALec 26.412/05/07 Kubiatowicz CS162 ©UCB Fall 2007Goals for Today•Public Encryption•Use of Cryptographic Mechanisms•Authorization Mechanisms•Worms and VirusesNote: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne Note: Some slides and/or pictures in the following areadapted from slides ©2005 Silberschatz, Galvin, and Gagne. Many slides generated from my lecture notes by Kubiatowicz.Lec 26.512/05/07 Kubiatowicz CS162 ©UCB Fall 2007Public Key Encryption•Can we perform key distribution without an authentication server?–Yes. Use a Public-Key Cryptosystem.•Public Key Details–Don’t have one key, have two: Kpublic, Kprivate»Two keys are mathematically related to one another»Really hard to derive Kpublic from Kprivate and vice versa–Forward encryption:»Encrypt: (cleartext)Kpublic= ciphertext1»Decrypt: (ciphertext1)Kprivate = cleartext–Reverse encryption:»Encrypt: (cleartext)Kprivate = ciphertext2»Decrypt: (ciphertext2)Kpublic = cleartext–Note that ciphertext1 ciphertext2»Can’t derive one from the other!•Public Key Examples:–RSA: Rivest, Shamir, and Adleman»Kpublic of form (kpublic, N), Kprivate of form (kprivate, N)»N = pq. Can break code if know p and q–ECC: Elliptic Curve CryptographyLec 26.612/05/07 Kubiatowicz CS162 ©UCB Fall 2007•Idea: Kpublic can be made public, keep Kprivate private•Gives message privacy (restricted receiver):–Public keys (secure destination points) can be acquired by anyone/used by anyone–Only person with private key can decrypt message•What about authentication?–Use combination of private and public key–AliceBob: [(I’m Alice)Aprivate Rest of message]Bpublic–Provides restricted sender and receiver•But: how does Alice know that it was Bob who sent her Bpublic? And vice versa…BprivateAprivatePublic Key Encryption DetailsAlice BobBpublicApublicInsecure ChannelInsecure ChannelLec 26.712/05/07 Kubiatowicz CS162 ©UCB Fall 2007Secure Hash Function•Hash Function: Short summary of data (message)–For instance, h1=H(M1) is the hash of message M1»h1 fixed length, despite size of message M1.»Often, h1 is called the “digest” of M1.•Hash function H is considered secure if –It is infeasible to find M2 with h1=H(M2); ie. can’t easily find other message with same digest as given message.–It is infeasible to locate two messages, m1 and m2, which “collide”, i.e. for which H(m1) = H(m2)–A small change in a message changes many bits of digest/can’t tell anything about message given its hash•Hash function Examples: MD5, SHA-1, SHA-256DFCD3454BBEA788A751A696C24D97009CA992D17The red foxruns acrossthe iceHashFunctionHashFunction52ED879E70F71D926EB6957008E03CE4CA6945D3FoxLec 26.812/05/07 Kubiatowicz CS162 ©UCB Fall 2007Signatures/Certificate Authorities•Can use Xpublic for person X to define their identity–Presumably they are the only ones who know Xprivate.–Often, we think of Xpublic as a “principle” (user)•Suppose we want X to sign message M?–Use private key to encrypt the digest, i.e. H(M)Xprivate–Send both M and its signature:»Signed message = [M,H(M)Xprivate]–Now, anyone can verify that M was signed by X»Simply decrypt the digest with Xpublic»Verify that result matches H(M)•Now: How do we know that the version of Xpublic that we have is really from X???–Answer: Certificate Authority»Examples: Verisign, Entrust, Etc.–X goes to organization, presents identifying papers»Organization signs X’s key: [ Xpublic, H(Xpublic)CAprivate]»Called a “Certificate”–Before we use Xpublic, ask X for certificate verifying key»Check that signature over Xpublic produced by trusted authority•How do we get keys of certificate authority?–Compiled into your browser, for instance!Lec 26.912/05/07 Kubiatowicz CS162 ©UCB Fall 2007(pms)Ks•SSL Web Protocol–Port 443: secure http–Use public-key encryption for
View Full Document
Unlocking...