95-702 Distributed SystemsThe enemyCryptographic ProtocolsSome Attacks and an AssumptionCast of CharactersCryptography NotationTwo Major Categories of Encryption AlgorithmsQuizScenario 1 (Like WWII & TEA)Scenario 2 (Like Kerberos)Scenario 3 (Authentication)Scenario 4 (Like SSL)The Needham–Schroeder Secret-Key Authentication Protocol (Scenario 2 with more detail)System Architecture of KerberosSSL Overview (Scenario 4 with more detail)Message Authentication Codes (MACs)SSL Protocol StackTLS Handshake ProtocolTLS Handshake Configuration OptionsCombining ProtocolsWriting a simple SSL ClientCreating a Truststore(1) Use keytool - genkey to create an RSA key pairPowerPoint PresentationSlide 25(2) Use keytool –export to generate a self-signed RSA certificate (holding no private key)(3) Use keytool –import to place the certificate into a truststoreSlide 28Slide 29File OrganizationClient.javaSlide 32Slide 33Server.javaSlide 35Slide 36Slide 37Slide 38On the serverOn the clientConfiguring a Web Application to Use SSLSlide 42Slide 43Use admin tool to tell Tomcat about SSLTestingSlide 46Slide 47Slide 4895-702 Distributed Systems1Master of Information System Management95-702 Distributed SystemsSecurity: Four Important Cryptographic Protocols95-702 Distributed Systems2Master of Information System ManagementInstructor’s Guide for Coulouris, Dollimore, Kindberg and Blair, Distributed Systems: Concepts and Design Edn. 5 © Pearson Education 2012 The enemyCommunication channelCopy of mProcess pProcess qmThe enemym’95-702 Distributed SystemsCryptographic ProtocolsDefinition: A protocol is a series of steps, involving two or more parties, designed to accomplish a task1.Examples: Interacting with a waiter at dinner, Voting, HTTP, TCP, UDP. Definition: A cryptographic protocol is a protocol that uses cryptography1.Examples: Bitcoin, SSL, HTTPS, Kerberos, Project 2.3Master of Information System Management1. From “Applied Crypotography” by Schneier95-702 Distributed Systems4Master of Information System ManagementSome Attacks and an Assumption•Eavesdropping or listening in.•Masquerading or pretending to be someone you are not.•Tampering by a man in the middle.•Replaying of old messages.•Denial of service.•Today’s big assumption: “I’m OK, you’re OK, the network is the problem!”.95-702 Distributed Systems5Master of Information System ManagementCast of CharactersAlice First participantBob Second participantTrent A trusted third partyCarol Participant in three-party protocolsEve EavesdropperMallory Malicious attackerSara A trusted server95-702 Distributed Systems6Master of Information System ManagementCryptography NotationKAAlice’s key that she keeps secret.KBBob’s key that he keeps secret.KABSecret key shared between Alice and BobKAprivAlice’s private key (known only to Alice in asymmetric key crypto)KApubAlice’s public key (published by Alice for all to read){M}KMessage M encrypted with key K[M]KMessage M signed with key K95-702 Distributed Systems7Master of Information System ManagementTwo Major Categories of Encryption AlgorithmsSymmetric key encryption. Also called secret key crypto. Alice sends {M}Kab and Bob can read it. Bob knows Kab. Asymmetric key encryption. Also called public key crypto. Alice sends {M}KBpub and Bob can read it. Bob knows KBpriv.Public key encryption is typically 100 to 1000times slower than secret key encryption.95-702 Distributed SystemsQuiz8Master of Information System ManagementIf public key crypto is so slow, why is it used?Answer: To encrypt a symmetric key.And to provide long term signatures.95-702 Distributed Systems9Master of Information System ManagementScenario 1 (Like WWII & TEA)Communication with a shared secret key.Alice and Bob share KAB.Alice computes E(KAB,Mi) for each message i.She sends these to Bob.Bob uses D(KAB, {Mi} KAB ) and reads each Mi. How do Bob and Alice communicate the key KAB?How does Bob know that {Mi} KAB isn’t a replay of an old message?95-702 Distributed Systems10Master of Information System ManagementScenario 2 (Like Kerberos)Alice wishes to access a service provided by Bob.Alice asks Sarah for a ticket to talk to Bob.Sarah knows Alice’s password so she can compute KA.Sarah send to Alice {{Ticket}KB,KAB}KA. A challenge!Alice knows her password and is able to compute KA.Note that the password is never placed on the network. Alice is able to compute {Ticket}KB and KAB. How?Alice sends a read request to Bob. She sends{Ticket}KB,Alice,Read. Another challenge!Bob uses KB to read the content of the Ticket.The Ticket is KAB,Alice. Bob and Alice then use this session key to communicate.Old tickets may be replayed by Mallory. Suppose Mallory hascaptured an old session keyKAB .Does not scale well : Sarah must know KA, KB ….Sarah is a single point of failure.95-702 Distributed Systems11Master of Information System Management11Master of Information System ManagementScenario 3 (Authentication)Alice wishes to convince Bob that she sent the message M.She computes a digest of M, Digest(M).If the Digest method is a good one, it is very difficult to find anothermessage M’ so that Digest(M) == Digest(M’).Alice makes the following available to the intended users:M,{Digest(M)}KApriv. Bob obtains the signed document, extracts M and computes Digest(M).Bob decrypts {Digest(M)}KApriv using KApub and compares theresult with his calculated Digest(M). If they match, the signatureis valid.Can Alice claim that she did not sign the message? Whatif she claims she released her KApriv ? Still useful if Bob and Alice trusteach other.95-702 Distributed Systems12Master of Information System ManagementScenario 4 (Like SSL)Bob and Alice wish to establish a shared secret KAB.Alice retrieves Bob’s public key.This key comes in a certificate. So, Bob’s public key has beensigned by a trusted third party, Trent.Alice verifies that Trent signed the public key KBpub.Alice generates KAB and encrypts it with KBpub.Bob has many public keys and so Alice sends a key name alongas well.Alice sends key name, {KAB}KBpub.Bob uses the key name to select the correct private key and computes {{KAB}KBpub} KBpriv == KAB. The man in the middle attack may be used when Alice first retrieves what she thinks is Bob’s public key. Mallory may supply his own public key (also signed by Trent).95-702 Distributed Systems13Master of Information System ManagementThe Needham–Schroeder Secret-Key Authentication Protocol (Scenario
View Full Document