Computer Science 425 Distributed Systems Fall 2009AcknowledgementAdministrative AdministrativeISIS algorithm for total orderingNapsterChord: client to clientSecurity Threats More ConcernsAddressing the Challenges: SecuritySecurity Policies & Mechanisms Designing Secure SystemsFamiliar Names for Principals in Security ProtocolsTwo-party Communication, Pair-wise KeyCryptography NotationsCryptography Authentication Direct Authentication“Optimized” Direct AuthenticationAuthentication Using a Key Distribution Center Needham-Schroeder Authentication Why Do We Need Nonce NA in Message 1? Digital Signatures Digital Certificates Alice’s Bank Account CertificatePublic-Key Certificate for Bob’s BankAccess Control: Protection DomainAccess MatrixAuthorization: Access Control Focus of Access ControlAccess Control MatrixSummaryNeedham–Schroeder Secret-key Authentication ProtocolProtection Mechanisms Access Control Lists (Example) Capabilities (Example)Access ControlComputer Science 425Distributed SystemsFall 2009Lecture 26Security in Distributed SystemsKlara NahrstedtAcknowledgement• The slides during this semester are based on ideas and material from the following sources: – Slides prepared by Professors M. Harandi, J. Hou, I. Gupta, N. Vaidya, Y-Ch. Hu, S. Mitra. – Slides from Professor S. Gosh’s course at University o Iowa.Administrative • MP3 posted – Deadline December 7 (Monday) – pre-competition» Top five groups will be selected for final demonstration on Tuuesday, December 8– Demonstration Signup Sheets for Monday, 12/7, will be made available– Main Demonstration in front of the Qualcomm Representative will be on Tuesday, December 8 afternoon - details will be announced. • HW4 posted – Deadline December 1, 2009 (Tuesday)Administrative• MP3 – Readme file must include:» Bootstraping routine – how one install your system –developers manuscript» How one use your system – usage prescription for users» Known bugs, what are the issues with your system/application – Tar or zip your source code and upload it to agora wiki» URL Information will be provided on the web/in class/on newsgroup– Fill out project template as specified» Template Information will be provided on the web/in class/on newsgroupISIS algorithm for total ordering211221 MessageP2P3P1P43 Agreed Seq33NapsterSSSPPPPPPPeersnapster.com ServersStore their ownfilesStore peer pointers for all files3. Response1. Query2. All servers search their lists (ternary tree algo.)4. ping candidates5. download from best hostChord: client to clientN800Say m=7N32N45File bad.mp3 with key K42 stored hereAt node n, send query for key k to largest successor/finger entry < kif none exist, return successor(n) to requestorAll “arrows” are RPCsN112N96N16Who has bad.mp3?(hashes to K42)Security Threats Leakage: An unauthorized party gains access to a service or data (eavesdropping).Attacker obtains knowledge of a withdrawal or account balanceTampering: Unauthorized change of data, tampering with a serviceAttacker changes the variable holding your personal checking $$ totalVandalism: Interference with proper operation, without gain to the attackerAttacker does not allow any transactions to your accountE.g., DOS=denial of serviceMore ConcernsAttacks on Communication Channel / NetworkEavesdropping – Obtaining copies of messages without authority. Masquerading – Sending or receiving messages with the identity of another principal(user or corporation). Message tampering – Intercepting messages and altering their contents before passing them onto the intended recipient.Replaying – Intercepting messages and sending them at a later time. Denial of Service Attack – flooding a channel or other resources (e.g., port) with messages.Addressing the Challenges: SecurityLeakage: An unauthorized party gains access to a service or data (eavesdropping).– Confidentiality : protection against disclosure to unauthorized individuals.Tampering: Unauthorized change of data, tampering with a service– Integrity : protection against alteration or corruption.Vandalism: Interference with proper operation, without gain to the attacker– Availability : protection against interference with the means to access the resources.Security Policies & Mechanisms A Security Policy indicates which actions each entity (user, data, service) is allowed or prohibited to take.E.g., Only an owner is allowed to make transactions to his account. CIA properties. A Security Mechanism enforces the policy Encryption and decryption: transform data to a form only understandable by authorized users, and vice-versa. Authentication: verify the claimed identity of a user, client, service, process, etc. Authorization: verify access rights for an authenticated entity. Auditing: make record of and check access to data and resources. Mainly an analysis tool to measure the success of security policies and mechanisms.Designing Secure Systems• Make worst-case assumptions about attackers:– exposed interfaces, insecure networks, algorithms and program code available to attackers, attackers may be computationally very powerful – Tradeoff between security and performance impact/difficulty– Typically design system to withstand a known set of attacks• Designing Secure Systems– Traditionally done as a layer on top of existing protocols.Three phases:– Specification of Protocols for Security to satisfy a policy– Analysis of Protocol Behavior when under attacks– Effect on overall performance if there were no attacksFamiliar Names for Principals in Security ProtocolsAlice First participantBob Second participantCarol Participant in three- and four-party protocolsDave Participant in four-party protocolsEve EavesdropperMallory Malicious attackerSara A serverTwo-party Communication, Pair-wise Key• Pairwise keys secure two-party communications– Data confidentiality– Data integrity– Source authenticationKey distribution center (Sara)AliceBobEve or MalloryEavesdrop /modify/InjectCryptography NotationsKAAlice’s secret keyKBBob’s secret keyKABSecret key shared between Alice and BobKAprivAlice’s private key (known only to Alice)KApubAlice’s public key (published by Alice for all to read){M}K(Typical) Message M encrypted with key [M]KMessage Msigned with keyK(Typical)EncryptionPlain Text (M)Encryption K, ECryptography Encoding (encryption) of a message that can only be
View Full Document