CS162 Operating Systems and Systems Programming Lecture 26 Protection and Security in Distributed Systems December 1st 2008 Prof John Kubiatowicz http inst eecs berkeley edu cs162 Review RPC Information Flow Machine B Server callee 12 01 08 return Client Stub send Packet Handler receive unbundle mbox2 ret vals bundle ret vals return Server send Stub call receive unbundle args Kubiatowicz CS162 UCB Fall 2008 Network Machine A call Network Client caller bundle args mbox1 Packet Handler Lec 26 2 Review Distributed File Systems Read File Network Client Data Server VFS Virtual File System layer Provides mechanism which gives same system call interface for different types of file systems Distributed File System Transparent access to files stored on a remote disk NFS Network File System AFS Andrew File System Caching for performance Cache Consistency Keeping contents of client caches consistent with one another If multiple clients some reading and some writing how do stale cached copies get updated NFS check periodically for changes AFS clients register callbacks so can be notified by server of Kubiatowicz changesCS162 UCB Fall 2008 12 01 08 Lec 26 3 Goals for Today Finish discussing distributed file systems Caching Security Mechanisms Authentication Authorization Enforcement Cryptographic Mechanisms Note Some slides and or pictures in the following are adapted from slides 2005 Silberschatz Galvin and 12 01 08 Kubiatowicz CS162 UCB Fall 2008 Lec 26 4 Gagne Many slides Gagne generated from my lecture notes Protection vs Security Protection one or more mechanisms for controlling the access of programs processes or users to resources Page Table Mechanism File Access Mechanism Security use of protection mechanisms to prevent misuse of resources Misuse defined with respect to policy E g prevent exposure of certain sensitive information E g prevent unauthorized modification deletion of data Requires consideration of the external environment within which the system operates Most well constructed system cannot protect information if user accidentally reveals password What we hope to gain today and next time Conceptual understanding of how to make systems secure Some examples to illustrate why providing security is really hard in practice 12 01 08 Kubiatowicz CS162 UCB Fall 2008 Lec 26 5 Preventing Misuse Types of Misuse Accidental If I delete shell can t log in to fix it Could make it more difficult by asking do you really want to delete the shell Intentional Some high school brat who can t get a date so instead he transfers 3 billion from B to A Doesn t help to ask if they want to do it of course Three Pieces to Security Authentication who the user actually is Authorization who is allowed to do what Enforcement make sure people do only what they are supposed to do Loopholes in any carefully constructed system Log in as superuser and you ve circumvented authentication Log in as self and can do anything with your resources for instance run program that erases all of your files Can you trust software to correctly enforce Authentication and Authorization 12 01 08 Kubiatowicz CS162 UCB Fall 2008 Lec 26 6 Authentication Identifying Users How to identify users to the system Passwords Shared secret between two parties Since only user knows password someone types correct password must be user typing it Very common technique Smart Cards Electronics embedded in card capable of providing long passwords or satisfying challenge response queries May have display to allow reading of password Or can be plugged in directly several credit cards now in this category Biometrics Use of one or more intrinsic physical or behavioral traits to identify someone Examples fingerprint reader palm reader retinal scan Becoming quite a bit more common 12 01 08 Kubiatowicz CS162 UCB Fall 2008 Lec 26 7 Passwords Secrecy System must keep copy of secret to check against passwords eggpla nt What if malicious user gains access to list of passwords Need to obscure information somehow Mechanism utilize a transformation that is difficult to reverse without the right key e g encryption Example UNIX etc passwd file passwd one way transform hash encrypted passwd System stores only encrypted version so OK even if someone reads the file When you type in your password system compares encrypted version Problem Can you trust encryption algorithm Example one algorithm thought safe had back door Governments want back door so they can snoop Also security through obscurity doesn t work GSM encryption algorithm was secret accidentally released Berkeley grad students cracked in a few hours 12 01 08 Kubiatowicz CS162 UCB Fall 2008 Lec 26 8 Passwords How easy to guess Ways of Compromising Passwords Password Guessing Often people use obvious information like birthday favorite color girlfriend s name etc Dictionary Attack Work way through dictionary and compare encrypted version of dictionary words with entries in etc passwd Dumpster Diving Find pieces of paper with passwords written on them Also used to get social security numbers etc Paradox Short passwords are easy to crack Long ones people write down Technology means we have to use longer passwords UNIX initially required lowercase 5 letter passwords total of 265 10million passwords In 1975 10ms to check a password 1 day to crack In 2005 01 s to check a password 0 1 seconds to crack Takes less time to check for all words in the dictionary 12 01 08 Kubiatowicz CS162 UCB Fall 2008 Lec 26 9 Passwords Making harder to crack How can we make passwords harder to crack Can t make it impossible but can help Technique 1 Extend everyone s password with a unique number stored in password file Called salt UNIX uses 12 bit salt making dictionary attacks 4096 times harder Without salt would be possible to pre compute all the words in the dictionary hashed with the UNIX algorithm would make comparing with etc passwd easy Also way that salt is combined with password designed to frustrate use of off the shelf DES hardware Technique 2 Require more complex passwords Make people use at least 8 character passwords with upper case lower case and numbers 708 6x1014 6million seconds 69 days 0 01 s check Unfortunately people still pick common patterns e g Capitalize first letter of common word add one digit 12 01 08 Kubiatowicz CS162 UCB Fall 2008 Lec 26 10 Passwords Making harder to crack con t Technique 3 Delay checking of passwords If attacker doesn t have access to etc passwd delay every remote login attempt by 1
View Full Document
Unlocking...