Security issues in Distributed Systems: Is Kerberos the Answer? Prepared by Emir Accilien CMPT 585 001 For Dr. RobilaIntroduction Nowadays, distributed systems are very popular and widely used throughout the globe. Most companies uses some flavor of distributed system to connect their various branches located in different geographic locations. In computer science, distributed Systems studies the coordinated use of physically distributed computers (Wikipedia.com). In addition, as stated by Andrew S. Tanenbaum, "Distributed systems need radically different software than centralized systems do." While it is a desirable concept to use distributed systems widely, some concerns remain to be addressed. One of the main concerns that users face when using distributed system is ‘security authentication, integrity and confidentiality, and authorization’. Modern computer systems provide service to multiple users and require the ability to identify the user making a request accurately. In traditional systems, the user's identity is verified by checking a password typed during login; the system records the identity and uses it to determine what operations may be performed. The process of verifying the user's identity is called authentication. Password-based authentication is not suitable for use on computer networks. Passwords sent across the network can be intercepted and subsequently used by eavesdroppers to impersonate the user. While this vulnerability has been long known, it was recently demonstrated on a major scale with the discovery of planted password collecting programs at critical points on the Internet (CERT CA-94). There are many different types of distributed computing systems and many challenges to overcome in successfully designing one. The main goal of a distributed computing system is to connect users and resources in a transparent, open, and scalable way. Ideally, this arrangement is drastically more fault tolerant and more powerful than many combinations of stand-alone computer systems. An example of a distributed system is the World Wide Web. As you are reading a web page, you are actually using the distributed system that comprises the site. As you are browsing the web, your web browser running on your own computer communicates with different web servers that provide web pages. Possibly, your browser uses a proxy server to access the web contents stored on web servers faster and more securely. To find these servers, it also uses the distributed domain name system. Your web browser communicates with all of these servers over the internet, via a system of routers which are themselves part of a large distributed system. Of course, just as security is a major concern for any system, so is the security for distributed systems. In fact, security among distributed systems is more complex and requires more…. Properties of Distributed Systems Openness Openness is the property of distributed systems such that each subsystem is continually open to interaction with other systems, i.e. clients or servers. Web Services protocols are standards that enable distributed systems to be extended and scaled. In general, an open system that scales has an advantage over a perfectly closed and self-contained system. Consequently, open distributed systems are required to meet the following challenges:Monotonicity: Once something is published in an open distributed system, it cannot be taken back. Pluralism: Different subsystems of an open distributed system include heterogeneous, overlapping and possibly conflicting information. There is no central arbiter of truth in open distributed systems. unbounded non-determinism: Asynchronously, different subsystems can come up and go down and communication links can come in and go out between subsystems of an open distributed system. Therefore the time that it will take to complete an operation cannot be bounded in advance. Scalability A scalable system is one that can easily be altered to accommodate changes in the number of users, resources and computing entities affected by it. Scalability can be measured in three different dimensions: Load scalability — A distributed system should make it easy for us to expand and contract its resource pool to accommodate heavier or lighter loads. Geographic scalability — A geographically scalable system is one that maintains its usefulness and usability, regardless of how far apart its users or resources are. Administrative scalability — No matter how many different organizations need to share a single distributed system, it should still be easy to use and manage. Note: Some loss of performance may occur in a system that allows itself to scale in one or more of these dimensions. Architecture of Distributed Systems Client-server — Smart client code contacts the server for data, then formats and displays it to the user. Input at the client is committed back to the server when it represents a permanent change. 3-tier architecture — Three tier systems move the client intelligence to a middle tier so that stateless clients can be used. This simplifies application deployment. Most web applications are 3-Tier.N-tier architecture — N-Tier refers typically to web applications, which further forward their requests to other enterprise services. This type of application is the one most responsible for the success of application servers. Tightly coupled (clustered) — Refers typically to a set of highly integrated machines that run the same process in parallel, subdividing the task in parts that are made individually by each one, and then put back together to make the final result. Peer-to-peer — an architecture where there is no special machine or machines that provide a service or manage the network resources. Instead, all responsibilities are uniformly divided among all machines, known as peers.Service oriented — Where system is organized as a set of highly reusable services that could be offered through a standardized interfaces. Mobile code — Based on the architecture principle of moving processing closest to source of data Replicated repository — Where repository is replicated among distributed system to support online / offline processing provided this lag in data update is acceptable. The Proposal As noted earlier, password-based authentication is not suitable for use on computer networks. Eavesdroppers can intercept passwords sent