Review Public Key Encryption Details Idea Kpublic can be made public keep Kprivate private CS162 Operating Systems and Systems Programming Lecture 27 Insecure Channel Bpublic Aprivate Alice Protection and Security II ManyCore Operating Systems Bprivate Apublic Bob Insecure Channel Gives message privacy restricted receiver Public keys can be acquired by anyone used by anyone Only person with private key can decrypt message What about authentication Alice Bob I m Alice Aprivate Rest of message Bpublic Provides restricted sender and receiver Suppose we want X to sign message M Use private key to encrypt the digest i e H M Xprivate Send both M and its signature December 8 2008 Prof John Kubiatowicz http inst eecs berkeley edu cs162 Signed message M H M Xprivate Now anyone can verify that M was signed by X 12 08 08 Goals for Today Simply decrypt the digest with Xpublic Verify that result matches H M Kubiatowicz CS162 UCB Fall 2008 Security through SSL SSL Web Protocol Use of Cryptographic Mechanisms Authorization Mechanisms Worms and Viruses Port 443 secure http Use public key encryption for key distribution Lec 27 2 nc ns certs pms Ks Server has a certificate signed by certificate authority Contains server info organization IP address etc Also contains server s public key and expiration date Establishment of Shared 48 byte master secret Client sends 28 byte random value nc to server Server returns its own 28 byte random value ns plus its certificate certs Client verifies certificate by checking with public key of certificate authority compiled into browser Also check expiration date Note Some slides and or pictures in the following are adapted from slides 2005 Silberschatz Galvin and Gagne Also slides on Taint Tracking adapted from Nickolai Zeldovich 12 08 08 Kubiatowicz CS162 UCB Fall 2008 Lec 27 3 Client picks 46 byte premaster secret pms encrypts it with public key of server and sends to server Now both server and client have nc ns and pms 12 08 08 Each can compute 48 byte master secret using one way and collision resistant function on three values Random nonces nc and ns make sure master secret fresh Kubiatowicz CS162 UCB Fall 2008 Lec 27 4 Recall Authorization Who Can Do What How do we decide who is authorized to do actions in the system Access Control Matrix contains all permissions in the system How fine grained should access control be Example of the problem Suppose you buy a copy of a new game from Joe s Game World and then run it It s running with your userid Resources across top It removes all the files you own including the project due the next day Files Devices etc Domains in columns How can you prevent this A domain might be a user or a group of permissions E g above User D3 can read F2 or execute F3 Have to run the program under some userid Could create a second games userid for the user which has no write privileges Like the nobody userid in UNIX can t do much In practice table would be huge and sparse Two approaches to implementation Access Control Lists store permissions with each object Still might be lots of users UNIX limits each file to r w x for owner group world More recent systems allow definition of groups of users and permissions for each group Capability List each process tracks objects has permission to touch 12 08 08 Popular in the past idea out of favor today Consider page table Each process has list of pages it has access to not each page has list of processes Kubiatowicz CS162 UCB Fall 2008 Lec 27 5 Authorization Continued Principle of least privilege programs users and systems should get only enough privileges to perform their tasks But what if the game needs to write out a file recording scores Would need to give write privileges to one particular file or directory to your games userid But what about non game programs you want to use such as Quicken Now you need to create your own private quicken userid if you want to make sure tha the copy of Quicken you bought can t corrupt non quicken related files But how to get this right Pretty complex 12 08 08 Kubiatowicz CS162 UCB Fall 2008 How to perform Authorization for Distributed Systems Different Authorization Domains Very hard to do in practice How do you figure out what the minimum set of privileges is needed to run your programs People often run at higher privilege then necessary Such as the administrator privilege under windows One solution Signed Software Only use software from sources that you trust thereby dealing with the problem by means of authentication Fine for big established firms such as Microsoft since they can make their signing keys well known and people trust them Actually not always fine recently one of Microsoft s signing keys was compromised leading to malicious software that looked valid What about new startups Who validates them How easy is it to fool them 12 08 08 Kubiatowicz CS162 UCB Fall 2008 Lec 27 7 Lec 27 6 Issues Are all user names in world unique No They only have small number of characters kubi mit edu kubitron lcs mit edu kubitron cs berkeley edu However someone thought their friend was kubi mit edu and I got very private email intended for someone else Need something better more unique to identify person Suppose want to connect with any server at any time Need an account on every machine possibly with different user name for each account OR Need to use something more universal as identity 12 08 08 Public Keys Called Principles People are their public keys Kubiatowicz CS162 UCB Fall 2008 Lec 27 8 Distributed Access Control Owner Owner Key Key 0x22347EF 0x22347EF Access Control List ACL for X ACL verifier Hash Timestamp R Key 0x546DFEFA34 Signature owner RW Key 0x467D34EF83 RX Group Key 0xA2D3498672 Client 1 Domain 1 Ke C lie Kc 9A C X B r ve d 7D er ea 4 Ks R x66 a 0 at y d Read Group Server 1 Domain 2 nt GACL File File XX Identities checked via signatures and public keys Client can t generate request for data unless they have private key to go with their public identity Server won t use ACLs not properly signed by owner of file No problems with multiple domains since identities designed to be cross domain public keys domain neutral Revocation Group ACL GACL verifier Hash Timestamp Key 0xA786EF889A Signature group Key 0x6647DBC9AC Distributed Access Control List ACL Analysis of Previous Scheme Positive Points Server 2 Domain 3 What if someone steals your private key Need to walk through all ACLs with your key and change This is very expensive Better to have unique
View Full Document
Unlocking...