CS 407 Distributed System & Databases
Engr. Muhammad Nadeem
Page
1
WEEK #
9

SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS
DAY #
2
5
Security Threats
The main goal of security is to restrict access to information and resources to just
those principals that are
authorized to have access.
Security threats fall into three
broad
classes:
o
Leakage:
Refers to the acquisition of information by unauthorized recipients.
o
Tampering:
Refers to the unauthorized alteration of information.
o
Vandalism:
Refers to interference with the proper operation of a system without gain
to the
perpetrator.
Methods of A
ttack
Methods of attack can be further classified according to the way in which a channel is
misused:
Eavesdropping:
Obtaining copies of messages without authority.
Masquerading:
Sending or receiving messages using the identity o
f another
principal without their authority.
Message tampering:
Intercepting messages and altering their contents before
passing them on to the intended
recipient. The man

in

the

middle attack is a form of
message tampering in which an attacker intercepts
the
very first message in an
exchange of encryption keys to establish a secure channel. The attacker substitutes
compromised keys that enable them to decrypt subsequent messages before re
encrypting
them in the correct
keys and passing them on.
Replaying:
Storing intercepted messages and sending them at a later date. This
attack may be effective even
with authenticated and encrypted messages.
Denial of service:
Flooding a channel or other resource with messages in order to
deny access for others.
Some Basi
c Concept
Cryptography
The art or science encompassing the principles and methods of transforming an intelligible message into one that is
unintelligible, and then retransforming that message back to its original form
Plaintext:
The original intelligible
message
Cipher text:
The transformed message
Cipher
An algorithm for transforming an intelligible message into unintelligible by transposition and/or
substitution
Key
CS 407 Distributed System & Databases
Engr. Muhammad Nadeem
Page
2
Some critical information used by the cipher, known only to the sender & receiver
Encipher (encode)
The process of converting plaintext to
cipher
text
Decipher (decode)
The process of converting cipher
text back into plaintext
Encryption:
Encryption
is the process of encoding a message in such a way as to hide its contents. Modern cry
ptography
includes several secure algorithms for encrypting and decrypting messages. They are all based on the use of secrets
called
keys
.
Encryption Algorithm:
There are two main classes of encryption algorithm in general use.
The first uses
shared secret keys
–
the sender and the recipient must share a knowledge of the key and it
must not be revealed to anyone else.
The second class of encryption algorithms uses
public/private key pairs
. Here the sender of a message uses
a
public key
–
one that has already been published by the recipient
–
to encrypt the message. The recipient
uses a corresponding
private key
to decrypt the message. Although many principals may examine the public
key, only the recipient can decrypt the message, because
they have the private key.
Encryption and Decryption
.
Secret

Key or Symmetric Cryptography
Because of its symmetrical use of keys, secret

key cryptography is often referred to as
symmetric cryptography
,
CS 407 Distributed System & Databases
Engr. Muhammad Nadeem
Page
3
•
Alice and Bob agree on an encryption method and a shared
key
.
•
Alice uses the key and the encryption method to
encrypt
(or
encipher
) a message and sends it to
Bob.
•
Bob uses the same key and the related decryption method to
decrypt
(or
decipher
) the message.
Public Key
or
As
ymmetric Cryptography
Public

key cryptography is referred to as
asymmetric
because the keys used for encryption and decryption are
different, as we shall see below. In the next section, we describe several widely used encryption
functions of both
types.
•
Alice generates a key value (usually a number or pair of related numbers) which she makes public.
•
Alice uses her public key (and some additional information) to determine a second key (her
private key
).
CS 407 Distributed System & Databases
Engr. Muhammad Nadeem
Page
4
•
Alice keeps her priv
ate key (and the additional information she used to construct it) secret.
•
Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice.
•
Alice can use her private key to decrypt this message.
•
No

one without access to Alice’s priv
ate key (or the information used to construct it) can easily decrypt the
message.
WEEK # 9

SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS
DAY #
2
6
Cryptographic Algorithms
Block Ciphers
A block
cipher
is a method of encrypting
text
(to produce
cipher
text)
in which a cryptographic key
and
algorithm
are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one
bit at a time.
Example
DES
,
Triple

DES
Stream Ciphers
A stream
cipher
is a method of encrypting text (to prod
uce
cipher
text) in which a cryptographic key
and
algorithm
are applied to each
binary digit
in a data stream, one bit at a time. This method is not much used in
modern cryptography.
Example
RC4
Hash Algorithms
The key in public

key encryption is based on
a
hash value. This is a value that is computed from a base input
number using a
hashing algorithm. Essentially, the hash value is a summary of the original value. The important
thing about a hash value is that it is nearly impossible to derive the origina
l input number without knowing the data
used to create the hash value.
Example
MD2
,
MD4
,
MD5
,
SHA1
Digital Signatures
CS 407 Distributed System & Databases
Engr. Muhammad Nadeem
Page
5
Digital Signatures: Signing a Document
•
Alice applies a (publicly known)
hash function
to a document that she wishes to “sign.” This
function produces a
digest
of the document (usually a number).
•
Alice then uses her
private
key to “encrypt” the digest.
•
She can then send, or even broadcast, the document with the encrypted digest.
Digital Si
gnature Verification
•
Bob uses Alice’s
public
key to “decrypt” the digest that Alice “encrypted” with her private key.
•
Bob applies the hash function to the document to obtain the digest directly.
•
Bob compares these two values for the digest. If they match,
it proves that Alice signed the document and
that no one else has altered it.
CS 407 Distributed System & Databases
Engr. Muhammad Nadeem
Page
6
Secure Transmission of Digitally Signed Documents
•
Alice uses her
private
key to digitally sign a document. She then uses Bob’s
public
key to encrypt this
digitally signed docum
ent.
•
Bob uses his
private
key to decrypt the document. The result is Alice’s digitally signed document.
•
Bob uses Alice’s
public
key to verify Alice’s digital signature.
Question:
Some of the ways in which conventional email is vulnerable to
eavesdropping, masquerading,
tampering, replay, denial of service. Suggest methods by which email could be protected against each
of these forms of attack.
Answers
Question:
Estimate the time required to crack a 56

bit DES key by a brute

force attack
using a 500 MIPS (million
instruction per second) workstation, assuming that the inner loop for a brute

force attack program
involves around 10 instructions per key value, plus the time to encrypt an 8

byte plaintext (see Figure
7.14). Perform the same cal
culation for a 128

bit IDEA key. Extrapolate your calculations to obtain the
time for a 50,000 MIPS parallel processor (or an Internet consortium with similar processing power).
Answers
CS 407 Distributed System & Databases
Engr. Muhammad Nadeem
Page
7
WEEK # 9

SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS
DAY #
2
7
Lab

Encrypt and Decrypt Data Application
Comments 0
Log in to post a comment