Page 1 CS162 Operating Systems and Systems Programming Lecture 25 Protection and Security in Distributed Systems April 27, 2010 Ion Stoica http://inst.eecs.berkeley.edu/~cs162 Lec 25.2 27/4/10 CS162 ©UCB Spring 2010 Goals for Today • Security Properties – Authentication – Data integrity – Confidentiality – Non-repudiation • Cryptographic Mechanisms Note: Some slides and/or pictures in the following are adapted from slides ©2005 Silberschatz, Galvin, and Gagne Note: Some slides and/or pictures in the following are adapted from slides ©2005 Silberschatz, Galvin, and Gagne, and lecture notes by Kubiatowicz Lec 25.3 27/4/10 CS162 ©UCB Spring 2010 Protection vs Security • Protection: one or more mechanisms for controlling the access of programs, processes, or users to resources – Page Table Mechanism – File Access Mechanism • Security: use of protection mechanisms to prevent misuse of resources – Misuse defined with respect to policy » E.g.: prevent exposure of certain sensitive information » E.g.: prevent unauthorized modification/deletion of data – Requires consideration of the external environment within which the system operates » Most well-constructed system cannot protect information if user accidentally reveals password • What we hope to gain today and next time – Conceptual understanding of how to make systems secure – Some examples, to illustrate why providing security is really hard in practice Lec 25.4 27/4/10 CS162 ©UCB Spring 2010 Preventing Misuse • Types of Misuse: – Accidental: » If I delete shell, can’t log in to fix it! » Could make it more difficult by asking: “do you really want to delete the shell?” – Intentional: » Some high school brat who can’t get a date, so instead he transfers $3 billion from B to A. » Doesn’t help to ask if they want to do it (of course!) • Three Pieces to Security – Authentication: who the user actually is – Authorization: who is allowed to do what – Enforcement: make sure people do only what they are supposed to do • Loopholes in any carefully constructed system: – Log in as superuser and you’ve circumvented authentication – Log in as self and can do anything with your resources; for instance: run program that erases all of your files – Can you trust software to correctly enforce Authentication and Authorization?Page 2 Lec 25.5 27/4/10 CS162 ©UCB Spring 2010 Security Requirements • Authentication – Ensures that a user is who is claiming to be • Data integrity – Ensure that data is not changed from source to destination or after being written on a storage device • Confidentiality – Ensures that data is read only by authorized users • Non-repudiation – Sender can’t later claim didn’t send data – Receiver can’t claim didn’t receive data Lec 25.6 27/4/10 CS162 ©UCB Spring 2010 Securing Communication: Cryptography • Cryptography: communication in the presence of adversaries • Studied for thousands of years – See the Simon Singh’s The Code Book for an excellent, highly readable history • Central goal: confidentiality – How to encode information so that an adversary can’t extract it, but a friend can • General premise: there is a key, possession of which allows decoding, but without which decoding is infeasible – Thus, key must be kept secret and not guessable Lec 25.7 27/4/10 CS162 ©UCB Spring 2010 Using Symmetric Keys • Same key for encryption and decryption Internet Encrypt with secret key Decrypt with secret key Plaintext (m) m Ciphertext Lec 25.8 27/4/10 CS162 ©UCB Spring 2010 Symmetric Keys • Can just XOR plaintext with the key – Easy to implement, but easy to break using frequency analysis • More sophisticated (e.g., block cipher) algorithms – Works with a block size (e.g., 64 bits) » To encrypt a stream, can encrypt blocks separately, or link themPage 3 Lec 25.9 27/4/10 CS162 ©UCB Spring 2010 Symmetric Key Ciphers - DES & AES • Data Encryption Standard (DES) – Developed by IBM in 1970s, standardized by NBS/NIST – 56-bit key (decreased from 64 bits at NSA’s request) – Still fairly strong other than brute-forcing the key space » But custom hardware can crack a key in < 24 hours – Today many financial institutions use Triple DES = DES applied 3 times, with 3 keys totaling 168 bits • Advanced Encryption Standard (AES) • Replacement for DES standardized in 2002 • Key size: 128, 192 or 256 bits • How fundamentally strong are they? • No one knows (no proofs exist) Lec 25.10 27/4/10 CS162 ©UCB Spring 2010 Authentication via Symmetric Crypto • Authenticate entity by its secret key • Example: – You know Alice’s secret key – You are talking with a person claiming she is Alice – Question: How do you verify she is indeed Alice? – Answer: Just verify she knows Alice’s secret key! Lec 25.11 27/4/10 CS162 ©UCB Spring 2010 Example: Client-Server Authentication • Client’s secret key: CHK • Server’s secret key: SHK • Notation: E(m,k) – encrypt message m with key k • x, y: nonces (random values) – Avoid replay attacks, e.g., attacker impersonating client or server • K – session key used for data communication – minimize # of messages containing CHK / SHK E(x, CHK) E(x+1, SHK), E(y,SHK) E(y+1, CHK) E(K,SHK) client server E(message …, K) Lec 25.12 27/4/10 CS162 ©UCB Spring 2010 Administrivia • Final Exam – Friday, May 14, 7:00PM-10:00PM – All material from the course » With slightly more focus on second half, but you are still responsible for all the material – Two sheets of notes, both sides • Should be working on Project 4 – Final Project due on Friday, May 7Page 4 Lec 25.13 27/4/10 CS162 ©UCB Spring 2010 Integrity: Cryptographic Hashes • Basic building block for integrity: hashing – Associate hash with byte-stream, receiver verifies match » Assures data hasn’t been modified, either accidentally - or maliciously • Approach: - Sender computes a digest of message m, i.e., H(m) » H() is a publicly known hash function - Send digest (d = H(m)) to receiver in a secure way, e.g., » Using another physical channel » Using
View Full Document
Unlocking...