Goals for Today CS162 Operating Systems and Systems Programming Lecture 25 Security Properties Protection and Security in Distributed Systems Authentication Data integrity Confidentiality Non repudiation Cryptographic Mechanisms April 27 2010 Ion Stoica http inst eecs berkeley edu cs162 Note Some slides and or pictures in the following are adapted from slides 2005 Silberschatz Galvin and Gagne Gagne and lecture notes by Kubiatowicz 27 4 10 CS162 UCB Spring 2010 Protection vs Security Preventing Misuse Types of Misuse Protection one or more mechanisms for controlling the access of programs processes or users to resources Accidental If I delete shell can t log in to fix it Could make it more difficult by asking do you really want to delete the shell Page Table Mechanism File Access Mechanism Intentional Security use of protection mechanisms to prevent misuse of resources Some high school brat who can t get a date so instead he transfers 3 billion from B to A Doesn t help to ask if they want to do it of course Misuse defined with respect to policy Three Pieces to Security E g prevent exposure of certain sensitive information E g prevent unauthorized modification deletion of data Authentication who the user actually is Authorization who is allowed to do what Enforcement make sure people do only what they are supposed to do Requires consideration of the external environment within which the system operates Most well constructed system cannot protect information if user accidentally reveals password Loopholes in any carefully constructed system Log in as superuser and you ve circumvented authentication Log in as self and can do anything with your resources for instance run program that erases all of your files Can you trust software to correctly enforce Authentication and Authorization 27 4 10 CS162 UCB Spring 2010 What we hope to gain today and next time Conceptual understanding of how to make systems secure Some examples to illustrate why providing security is really hard in practice 27 4 10 CS162 UCB Spring 2010 Lec 25 2 Lec 25 3 Lec 25 4 Page 1 Securing Communication Cryptography Security Requirements Cryptography communication in the presence of adversaries Studied for thousands of years Authentication Ensures that a user is who is claiming to be See the Simon Singh s The Code Book for an excellent highly readable history Data integrity Ensure that data is not changed from source to destination or after being written on a storage device Central goal confidentiality How to encode information so that an adversary can t extract it but a friend can Confidentiality General premise there is a key possession of which allows decoding but without which decoding is infeasible Ensures that data is read only by authorized users Non repudiation Thus key must be kept secret and not guessable Sender can t later claim didn t send data Receiver can t claim didn t receive data 27 4 10 CS162 UCB Spring 2010 27 4 10 Lec 25 5 Using Symmetric Keys Lec 25 6 Symmetric Keys Can just XOR plaintext with the key Same key for encryption and decryption Plaintext m CS162 UCB Spring 2010 Easy to implement but easy to break using frequency analysis More sophisticated e g block cipher algorithms m Works with a block size e g 64 bits To encrypt a stream can encrypt blocks separately or link them Encrypt with secret key Internet Decrypt with secret key Ciphertext 27 4 10 CS162 UCB Spring 2010 27 4 10 Lec 25 7 Page 2 CS162 UCB Spring 2010 Lec 25 8 Authentication via Symmetric Crypto Symmetric Key Ciphers DES AES Authenticate entity by its secret key Data Encryption Standard DES Developed by IBM in 1970s standardized by NBS NIST 56 bit key decreased from 64 bits at NSA s request Still fairly strong other than brute forcing the key space Example But custom hardware can crack a key in 24 hours Today many financial institutions use Triple DES DES applied 3 times with 3 keys totaling 168 bits You know Alice s secret key You are talking with a person claiming she is Alice Question How do you verify she is indeed Alice Answer Just verify she knows Alice s secret key Advanced Encryption Standard AES Replacement for DES standardized in 2002 Key size 128 192 or 256 bits How fundamentally strong are they No one knows no proofs exist 27 4 10 CS162 UCB Spring 2010 27 4 10 Lec 25 9 CS162 UCB Spring 2010 Example Client Server Authentication Client s secret key CHK Server s secret key SHK Notation E m k encrypt message m with key k Administrivia client Final Exam server E x C Friday May 14 7 00PM 10 00PM All material from the course HK K y SH x y nonces random values Avoid replay attacks e g attacker impersonating client or server With slightly more focus on second half but you are still responsible for all the material E HK 1 S E x E y 1 Two sheets of notes both sides CHK Should be working on Project 4 HK E K S E me ssage Lec 25 10 Final Project due on Friday May 7 K K session key used for data communication minimize of messages containing CHK SHK 27 4 10 CS162 UCB Spring 2010 27 4 10 Lec 25 11 Page 3 CS162 UCB Spring 2010 Lec 25 12 Integrity Cryptographic Hashes Operation of Hashing for Integrity Basic building block for integrity hashing Associate hash with byte stream receiver verifies match corrupted msg plaintext m Assures data hasn t been modified either accidentally or maliciously m NO Approach Sender computes a digest of message m i e H m Internet Digest H is a publicly known hash function H m Send digest d H m to receiver in a secure way e g digest Digest H m digest Using another physical channel Using encryption Upon receiving m and d receiver re computes H m to see whether result agrees with d 27 4 10 CS162 UCB Spring 2010 27 4 10 Lec 25 13 Standard Cryptographic Hash Functions Idea use two different keys one to encrypt e and one to decrypt d Developed in 1991 Rivest Produces 128 bit hashes Widely used RFC 1321 Broken A key pair Crucial property knowing e does not give away d Therefore e can be public everyone knows it If Alice wants to send to Bob she fetches Bob s public key say from Bob s home page and encrypts with it Recent work quickly finds collisions SHA 1 Secure Hash Algorithm Lec 25 14 Asymmetric Encryption Public Key MD5 Message Digest version 5 CS162 UCB Spring 2010 Developed by NSA in 1995 as successor to MD5 Produces 160 bit hashes Widely used SSL TLS SSH PGP IPSEC Broken Alice can t decrypt what she s sending to Bob but then neither can anyone else except Bob Recent work finds collisions though not
View Full Document
Unlocking...