WEEK # 9 - SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS

kitlunchroomΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 3 χρόνια και 9 μήνες)

70 εμφανίσεις

CS 407 Distributed System & Databases


Engr. Muhammad Nadeem

Page
1

WEEK #
9

-

SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS

DAY #
2
5

Security Threats



The main goal of security is to restrict access to information and resources to just

those principals that are
authorized to have access.



Security threats fall into three
broad

classes:

o

Leakage:

Refers to the acquisition of information by unauthorized recipients.

o

Tampering:

Refers to the unauthorized alteration of information.

o

Vandalism:

Refers to interference with the proper operation of a system without gain

to the
perpetrator.


Methods of A
ttack

Methods of attack can be further classified according to the way in which a channel is

misused:



Eavesdropping:

Obtaining copies of messages without authority.



Masquerading:


Sending or receiving messages using the identity o
f another

principal without their authority.



Message tampering:

Intercepting messages and altering their contents before

passing them on to the intended
recipient. The man
-
in
-
the
-
middle attack is a form of

message tampering in which an attacker intercepts
the
very first message in an

exchange of encryption keys to establish a secure channel. The attacker substitutes

compromised keys that enable them to decrypt subsequent messages before re

encrypting

them in the correct
keys and passing them on.



Replaying:
Storing intercepted messages and sending them at a later date. This

attack may be effective even
with authenticated and encrypted messages.



Denial of service:

Flooding a channel or other resource with messages in order to

deny access for others.


Some Basi
c Concept

Cryptography

The art or science encompassing the principles and methods of transforming an intelligible message into one that is
unintelligible, and then retransforming that message back to its original form

Plaintext:

The original intelligible

message

Cipher text:

The transformed message

Cipher

An algorithm for transforming an intelligible message into unintelligible by transposition and/or
substitution

Key

CS 407 Distributed System & Databases


Engr. Muhammad Nadeem

Page
2

Some critical information used by the cipher, known only to the sender & receiver

Encipher (encode)

The process of converting plaintext to
cipher
text


Decipher (decode)

The process of converting cipher

text back into plaintext


Encryption:

Encryption

is the process of encoding a message in such a way as to hide its contents. Modern cry
ptography
includes several secure algorithms for encrypting and decrypting messages. They are all based on the use of secrets
called
keys
.


Encryption Algorithm:

There are two main classes of encryption algorithm in general use.




The first uses
shared secret keys


the sender and the recipient must share a knowledge of the key and it
must not be revealed to anyone else.




The second class of encryption algorithms uses
public/private key pairs
. Here the sender of a message uses
a
public key


one that has already been published by the recipient


to encrypt the message. The recipient
uses a corresponding
private key
to decrypt the message. Although many principals may examine the public
key, only the recipient can decrypt the message, because

they have the private key.


Encryption and Decryption



.



Secret
-
Key or Symmetric Cryptography

Because of its symmetrical use of keys, secret
-
key cryptography is often referred to as
symmetric cryptography
,

CS 407 Distributed System & Databases


Engr. Muhammad Nadeem

Page
3





Alice and Bob agree on an encryption method and a shared
key
.



Alice uses the key and the encryption method to
encrypt

(or
encipher
) a message and sends it to
Bob.



Bob uses the same key and the related decryption method to
decrypt

(or
decipher
) the message.



Public Key

or
As
ymmetric Cryptography

Public
-
key cryptography is referred to as
asymmetric
because the keys used for encryption and decryption are
different, as we shall see below. In the next section, we describe several widely used encryption
functions of both
types.







Alice generates a key value (usually a number or pair of related numbers) which she makes public.



Alice uses her public key (and some additional information) to determine a second key (her
private key
).

CS 407 Distributed System & Databases


Engr. Muhammad Nadeem

Page
4



Alice keeps her priv
ate key (and the additional information she used to construct it) secret.



Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice.



Alice can use her private key to decrypt this message.



No
-
one without access to Alice’s priv
ate key (or the information used to construct it) can easily decrypt the
message.

WEEK # 9
-

SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS

DAY #
2
6

Cryptographic Algorithms

Block Ciphers

A block

cipher

is a method of encrypting

text

(to produce

cipher

text)
in which a cryptographic key
and

algorithm

are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one
bit at a time.


Example
DES
,
Triple
-
DES

Stream Ciphers

A stream

cipher

is a method of encrypting text (to prod
uce

cipher

text) in which a cryptographic key
and

algorithm

are applied to each

binary digit

in a data stream, one bit at a time. This method is not much used in
modern cryptography.


Example
RC4

Hash Algorithms

The key in public
-
key encryption is based on

a

hash value. This is a value that is computed from a base input
number using a

hashing algorithm. Essentially, the hash value is a summary of the original value. The important
thing about a hash value is that it is nearly impossible to derive the origina
l input number without knowing the data
used to create the hash value.

Example
MD2
,
MD4
,
MD5
,
SHA1


Digital Signatures


CS 407 Distributed System & Databases


Engr. Muhammad Nadeem

Page
5


Digital Signatures: Signing a Document



Alice applies a (publicly known)
hash function

to a document that she wishes to “sign.” This
function produces a
digest

of the document (usually a number).



Alice then uses her
private

key to “encrypt” the digest.



She can then send, or even broadcast, the document with the encrypted digest.

Digital Si
gnature Verification



Bob uses Alice’s
public

key to “decrypt” the digest that Alice “encrypted” with her private key.



Bob applies the hash function to the document to obtain the digest directly.



Bob compares these two values for the digest. If they match,

it proves that Alice signed the document and
that no one else has altered it.

CS 407 Distributed System & Databases


Engr. Muhammad Nadeem

Page
6

Secure Transmission of Digitally Signed Documents



Alice uses her
private
key to digitally sign a document. She then uses Bob’s
public

key to encrypt this
digitally signed docum
ent.



Bob uses his
private

key to decrypt the document. The result is Alice’s digitally signed document.



Bob uses Alice’s
public

key to verify Alice’s digital signature.


Question:

Some of the ways in which conventional email is vulnerable to
eavesdropping, masquerading,
tampering, replay, denial of service. Suggest methods by which email could be protected against each
of these forms of attack.



Answers



Question:

Estimate the time required to crack a 56
-
bit DES key by a brute
-
force attack
using a 500 MIPS (million
instruction per second) workstation, assuming that the inner loop for a brute
-
force attack program
involves around 10 instructions per key value, plus the time to encrypt an 8
-
byte plaintext (see Figure
7.14). Perform the same cal
culation for a 128
-
bit IDEA key. Extrapolate your calculations to obtain the
time for a 50,000 MIPS parallel processor (or an Internet consortium with similar processing power).

Answers

CS 407 Distributed System & Databases


Engr. Muhammad Nadeem

Page
7




WEEK # 9
-

SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS

DAY #
2
7

Lab
-

Encrypt and Decrypt Data Application