Outline Announcement Authentication Cryptography Authentication Quiz 3 at the end of today s class Announcement You must do your demo before 4 30pm April 29 2003 Name server program1 Prefix table Logical Prefix Server IP Server Port Remote directory 128 186 120 34 1281 tmp XXX cop5611 DFS program1 128 186 120 53 1282 tmp XXX cop5611 DFS linprog1 128 186 120 33 1280 tmp liux cop5611 DFS program3 128 186 120 55 1285 tmp XXX cop5611 DFS You need to have your servers running before you come to my office I will test your system through your client program and based on your report January 14 2019 COP 5611 Operating Systems 2 Introduction The fundamental problem to security in distributed systems is the use of cryptographic techniques Access matrix model can be used to prevent unauthorized accesses if the users that claimed to be are true However in distributed systems the user authentication becomes a big problem January 14 2019 COP 5611 Operating Systems 3 Introduction cont January 14 2019 COP 5611 Operating Systems 4 Potential Threats A threat to a system in which an intruder can have access to only the ciphertext is called a ciphertextonly attack A threat to a system in which an intruder can have access to both ciphertext and a considerable amount of corresponding plaintext is called a known plaintext attack A threat to a system in which an intruder can obtain ciphertext corresponding to plaintext of his choice is referred to as a chosen plaintext attack January 14 2019 COP 5611 Operating Systems 5 Design Principles Shannon s principle Shannon s principle of diffusion Spread the correlation and dependencies among key string variables over substrings as much as possible Shannon s principle of confusion Change a piece of information so that the output has no obvious relation to the input Exhaustive search principle The determination of the key requires an exhaustive search of the an extremely large space January 14 2019 COP 5611 Operating Systems 6 Private Key Cryptography Data encryption standard DES It is a block cipher that crypts 64 bit data blocks using a 56 bit key Two basic operations Permutation Substitution Three stages Initial permutation stage Complex transformation stage Final permutation stage January 14 2019 COP 5611 Operating Systems 7 Private Key Cryptography cont January 14 2019 COP 5611 Operating Systems 8 Private Key Cryptography cont January 14 2019 COP 5611 Operating Systems 9 Private Key Cryptography cont January 14 2019 COP 5611 Operating Systems 10 Public Key Cryptography Private key cryptography and conventional cryptographic techniques require the distribution of secret keys Known as the key distribution problem Public key cryptography solves the key distribution problem by making the encryption procedure and the associated key available in the public domain January 14 2019 COP 5611 Operating Systems 11 Public Key Cryptography cont Now it is possible for two users to have a secure communication even they have not communicated before Implementation issues One way functions January 14 2019 COP 5611 Operating Systems 12 RSA Method The encryption key is a pair e n The decryption key is a pair d n January 14 2019 COP 5611 Operating Systems 13 RSA Method cont Generating the private and public key requires four steps Choose two very large prime numbers p and q Compute n p x q and z p 1 x q 1 Choose a number d that is relatively prime to z Compute the number e such that e x d 1 mod z January 14 2019 COP 5611 Operating Systems 14 Authentication In distributed systems authentication means verifying the identity of communicating entities to each other The assumption is that the communication network is not secure in that an intruder can copy and play back a message on the network The textbook called it interactive secure connections January 14 2019 COP 5611 Operating Systems 15 Authentication cont Authentication based on a shared secret key January 14 2019 COP 5611 Operating Systems 16 Authentication cont Authentication based on a shared secret key but using three instead of five messages January 14 2019 COP 5611 Operating Systems 17 Authentication cont The reflection attack January 14 2019 COP 5611 Operating Systems 18 Authentication Using a Key Distribution Center The principle of using a KDC January 14 2019 COP 5611 Operating Systems 19 Authentication Using a Key Distribution Center cont Using a ticket and letting Alice set up a connection to Bob January 14 2019 COP 5611 Operating Systems 20 Authentication Using a Key Distribution Center cont The Needham Schroeder authentication protocol January 14 2019 COP 5611 Operating Systems 21 Authentication Using a Key Distribution Center cont Protection against malicious reuse of a previously generated session key in the Needham Schroeder protocol January 14 2019 COP 5611 Operating Systems 22 Authentication Using Public Key Cryptography Mutual authentication in a public key cryptosystem January 14 2019 COP 5611 Operating Systems 23 Message Integrity and Confidentiality Message integrity means that messages are protected against modification Confidentiality ensures that messages cannot be intercepted and read by eavesdroppers Digital signatures A user cannot forge the signature of other users A sender of a signed message cannot deny the validity of his signature on the message A recipient of a signed message cannot modify the signature in the message January 14 2019 COP 5611 Operating Systems 24 Digital Signatures Digital signing a message using public key cryptography January 14 2019 COP 5611 Operating Systems 25 Digital Signatures cont January 14 2019 COP 5611 Operating Systems 26 Digital Signatures cont Digitally signing a message using a message digest January 14 2019 COP 5611 Operating Systems 27 Key Establishment The principle of Diffie Hellman key exchange January 14 2019 COP 5611 Operating Systems 28 Key Distribution January 14 2019 COP 5611 Operating Systems 29 Key Distribution cont January 14 2019 COP 5611 Operating Systems 30 Kerberos January 14 2019 COP 5611 Operating Systems 31 Kerberos cont Setting up a secure channel in Kerberos January 14 2019 COP 5611 Operating Systems 32 Electronic Payment Systems Payment systems based on direct payment between customer and merchant a b c Paying in cash Using a check Using a credit card January 14 2019 COP 5611 Operating Systems 33 Electronic Payment Systems cont Payment systems based on money transfer between banks a Payment by money order b Payment through debit order
View Full Document
Unlocking...