DOC PREVIEW
CMU ISM 95702 - 14_Security

This preview shows page 1-2-3-4-5-38-39-40-41-42-43-76-77-78-79-80 out of 80 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 80 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

95-702 Distributed Systems 1!Master of Information System Management 95-702 Distributed Systems Lecture 14: Security Notes from Coulouris95-702 Distributed Systems 2!Master of Information System Management Computer Security • Needed because of the desire to share resources. • Security policies are enforced by security mechanisms. • Cryptography provides the basis for most security mechanisms but is a distinct subject. • Two great books are Schneier’s “Applied Cyptography” and “The Code Book” by Singh.95-702 Distributed Systems 3!Master of Information System Management Threat Categories • Leakage is any unauthorized acquisition of information • Tampering is unauthorized alteration of information • Vandalism is interference with proper operation with no gain to the perpetrator95-702 Distributed Systems 4!Master of Information System Management Some Attacks • Eavesdropping • Masquerading • Tampering, e.g., “the man in the middle attack” • Replaying • Denial of service95-702 Distributed Systems 5!Master of Information System Management Assumptions & Guidelines • Interfaces are exposed. • Networks are insecure. • Algorithms are available to attackers. We assume they understand RSA, DES, etc. • Attackers may have have large resources. • Limit the lifetime and scope of secrets. • Minimize the trusted base.95-702 Distributed Systems 6!Master of Information System Management Cast of Characters Alice! First participant!Bob! Second participant!Carol! Participant in three- and four-party protocols!Dave! Participant in four-party protocols!Eve! Eavesdropper!Mallory! Malicious attacker!Sara! A server!95-702 Distributed Systems 7!Master of Information System Management Cryptography Notation KA! Alice’s key that she keeps secret.!KB! Bob’s key that he keeps secret.!KAB! Secret key shared between Alice and Bob!KApriv! Alice’s private key (known only to Alice in asymmetric key crypto)!KApub! Alice’s public key (published by Alice for all to read)!{!M!}!K! Message! M! encrypted with key !K![!M!]K! Message !M! signed with key! K!95-702 Distributed Systems 8!Master of Information System Management Categories of Encryption Algorithms Symmetric key encryption. Also called secret key crypto. Alice sends {M}Kab and Bob can read it. Bob knows Kab. Asymmetric key encryption. Also called public key crypto. Alice sends {M}KBpub and Bob can read it. Bob knows KBpriv. Public key encryption is typically 100 to 1000 times slower than secret key encryption.95-702 Distributed Systems 9!Master of Information System Management Scenario 1 Communication with a shared secret key. Alice and Bob share KAB. Alice computes E(KAB,Mi) for each message i. She sends these to Bob. Bob uses D(KAB, {Mi} KAB ) and reads each Mi. Problems? How do Bob and Alice communicate the key KAB? How does Bob know that {Mi} KAB isn’t a replay of an old message?95-702 Distributed Systems 10!Master of Information System Management Scenario 2 Alice wishes to access files held by Bob. Alice asks Sarah for a ticket to talk to Bob. Sarah knows Alice’s password so she can compute KA. Sarah send to Alice {{Ticket}KB,KAB}KA. A challenge! Alice knows her password and is able to compute KA. Note that the password is never placed on the network. Alice is able to compute {Ticket}KB and KAB. How? Alice sends a read request to Bob. She sends {Ticket}KB,Alice,Read. Another challenge! Bob uses KB to read the content of the Ticket. The Ticket is KAB,Alice. Bob and Alice then use this session key to communicate. Problems? Old tickets may be replayed by Mallory. Suppose she has an old session key. Does not scale well : Sarah must know KA, KB ….95-702 Distributed Systems 11!Master of Information System Management 11!Master of Information System Management Scenario 3 Alice wishes to sign a digital message M. She computes a digest of M, Digest(M). If the Digest method is a good one, it is very difficult to find another message M’ so that Digest(M) == Digest(M’). Alice makes the following available to the intended users: M,{Digest(M)}KApriv. Bob obtains the signed document, extracts M and computes Digest(M). Bob decrypts {Digest(M)}KApriv using KApub and compares the result with his calculated Digest(M). If they match, the signature is valid.95-702 Distributed Systems 12!Master of Information System Management Scenario 4 Bob and Alice wish to establish a shared secret KAB. Alice uses a key distribution service to get Bob’s public key. This key comes in a certificate. So, Bob’s public key has been signed by a trusted third party, Trent. Alice verifies that Trent signed the public key KBpub. Alice generates KAB and encrypts it with KBpub. Bob has many public keys and so Alice sends a key name along as well. Alice sends key name, {KAB}KBpub. Bob uses the key name to select the correct private key and computes {{KAB}KBpub} KBpriv == KAB. Problem: The man in the middle attack may be used when Alice first contacts the key distribution service. Mallory may return his own public key (also signed by Trent).95-702 Distributed Systems 13!Master of Information System Management Alice’s Bank Account Certificate 1. !Certificate type!:! Account number!2. !Name!:! Alice!3. !Account!:! 6262626!4. !Certifying authority!:! Bob’s Bank!5. !Signature!:! {Digest(field 2 + field 3)}!KBpriv!95-702 Distributed Systems 14!Master of Information System Management Public-Key Certificate for Bob’s Bank 1. !Certificate type!:! Public key!2. !Name!:! Bob’s Bank!3. !Public key!:! KBpub!4. !Certifying authority!:! Fred – The Bankers Federation!5. !Signature!:!{Digest(field 2 + field 3)}!KFpriv!95-702 Distributed Systems 15!Master of Information System Management Digital Signatures With Public Keys {h}KpriMSigningVerifyingE(Kpri, h)128 bitsH(M)hMhH(doc)D(Kpub,{h}) {h}Kprih'h = h'?Msigned doc95-702 Distributed Systems 16!Master of Information System Management Low-Cost Signatures with a Shared Secret Key MSigningVerifyingH(M+K)hh'H(M+K)hh = h'?KMsigned docMK95-702 Distributed Systems 17!Master of Information System Management X509 Certificate Format S!u!b!jec!t!D!i!s!t!i!n!g!u!is!he!d N!a!m!e, !Pu!b!l!ic !K!e!y!Iss!ue!r! D!i!s!t!i!n!g!u!is!he!d N!a!m!e, !Si!g!n!at!u!r!e!Pe!ri!o!d !o!f !v!a!li!d!i!t!y! N!o!t !Be!f!o!r!e!Da!t!e, !No!t !A!f!t!e!r!D!ate!A!d!m!i!ni!str!a!t!ive!i!n!fo!rma!ti!o!n! V!er!si!o!n!,


View Full Document

CMU ISM 95702 - 14_Security

Documents in this Course
Homework

Homework

12 pages

Lecture

Lecture

25 pages

Lecture

Lecture

21 pages

Lecture

Lecture

24 pages

Exam

Exam

11 pages

Homework

Homework

16 pages

Homework

Homework

38 pages

lecture

lecture

38 pages

review

review

7 pages

lecture

lecture

18 pages

review

review

8 pages

Chapter2

Chapter2

32 pages

Lecture 4

Lecture 4

47 pages

Lecture

Lecture

22 pages

Naming

Naming

26 pages

lecture

lecture

34 pages

lecture

lecture

42 pages

lecture

lecture

112 pages

Lecture

Lecture

33 pages

Axis

Axis

43 pages

lecture

lecture

32 pages

review

review

17 pages

Lecture

Lecture

53 pages

Lecture

Lecture

80 pages

Lab

Lab

14 pages

Load more
Download 14_Security
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view 14_Security and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view 14_Security 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?