Distributed Security - ECEE

slurpslapoutNetworking and Communications

Nov 20, 2013 (3 years and 4 months ago)

77 views

Distributed Systems

Security Overview



Douglas C. Sicker

Assistant Professor

Department of Computer Science and Interdisciplinary
Telecommunications Program


Network Security


What we’ll cover:


What is network security?


What are the goals?


What are the threats?


What are the solutions?


How do they operate?


This is a lot of info and it might take a few reads
to stick.

Network Security


Some issues with the book…


Assumes malicious intent as the reason for
needing security.


Is this valid?


Focus on the protocols (not surprising)


However, the real problems with security are mostly
outside of the technical space (see the Economist
articles).


What else should we consider?


For example, more depth on security models, security policy,
assurance, insurance, risk assessment…


Lastly, keep in mind that even the best protocols can
be misapplied.

Network Security


What do we seek?


Confidentially


Integrity


Availability


Non
-
repudiation


Accounting


Mnemonic

CIA


Let’s start with some general threats


Leakage


Tampering


Vandalism

Network Security


Attacks


Guessing passwords


Exploiting program operation


Intercepting messages


Message replay


Birthday attack


Overloading resources (DDoS)


What’s the easy method of attack?

Network Security

Secure design


It’s a bit of a fallacy, even formal models fail


Why?


There was early work in secure OS.


What do you think derailed this work?


Often the goal is to avoid disasters and minimize
problems


What’s the threat, what’s the attack and how do
we avoid it?


Some things to consider


What’s it worth?


What’s it timeliness?


Network Security

Cryptology, Cryptography, Cryptanalysis


Encryption


Decryption


What’s a key?


Secret


Private


Public


Some uses of cryptographic methods


Secrecy


Authentication


Signature

Network Security

Some Important Notation


Ka


Kab


Kapriv


Kapub


M


{M}K


[M]K


n


H


Some Characters


Alice and Bob


Eve


Mallory


Sue or Sara






Network Security

Secrecy and integrity (shared secret)

A



M

A



E(Kab,M)

A:B

{M}Kab

B



D(Kab,M)


Problems:




Network Security

Authentication (shared secrets)


Ticket

An encrypted item generally provided by an
authentication server that contains an identity and a
shared key generated for that session.


1.
A:S request a ticket to talk to B

2.
S:A {{ticket}Kb, Kab}Ka








Ticket ={Kab, Alice}

3.
A:B {Ticket}Kb, Alice, R


Problems?


Network Security

Secrecy and authentication (Public Keys)

1.
A obtains Kbpub

2.
A:B keyname, {Kab}Kbpub

3.
B decrypts with Kbpriv

4.
Now A and B can use Kab


This is actually a hybrid technique. (why?)

Problems?

Network Security

Digital Signature


A verification that a message has not been
altered.


Generally, the DS is on a digest, not the whole
message


A Digest is a fixed length value computed by a hash
function


1.
A creates a digest

Digest (M)

2.
A:B




M, {Digest (M)}Kapriv

3.
B uses Kapub to decrypt


B now computes digest on M and compares

Network Security


Certificate


A document signed by a trusted principal


Certificate Chain


A hierarchy of trust


Requirements of certificates


Standardized format


Agreed chain construction


Problem: revocation (somewhat solved with
expiry dates)

Figure 7.5

Public
-
key certificate for Bob’s Bank

1.

Certificate type

:

Public key

2.

Name

:

Bob’s Bank

3.

Public key

:

K
Bpub

4.

Certifying authority

:

Fred


The Bankers Federation

5.

Signature

:

{
Digest
(
field 2 + field 3
)}

K
Fpriv

Network Security


Access control


Process of deciding whether to allow a principal to
carry out an operation or a certain resource.


Protection Domain


Abstraction indicating the rights and resources


Really just a set of processes that share access to a
resource.


Implemented by capabilities and ACL


Credentials


Set of evidence provided by a principal


Delegation


giving authority to another principal

Network Security

Cryptographic algorithms


Block ciphers


message is divided into blocks, encrypted and sent


Problem: repeating patterns


Cipher Block Chaining (CBC)


Combine plaintext with previous cipher text (XOR)


Problem: beginning or trailing repetition (solution?)


Stream cipher


Used with realtime communication


Bit by bit encryption


Keystream generator (obscure data)

Figure 7.6

Cipher block chaining

n

n+3

n+2

n+1

XOR

E(K, M)

n
-
1

n
-
2

n
-
3

plaintext blocks

ciphertext blocks

Decryption?

Network Security


Shannon


The E


Confusion (obscure)


Diffusion (randomize)


Symmetric Algorithms


TEA


DES


IDEA


AES


Asymmetric Algorithms


RSA


Diffie Hellman

Network Security

Cryptographic algorithms

Secret key (Symmetric)

D (K, E(K,M)) = M

If you know M and {M}K, a brute force attack takes

2
n
-
1

(average)

2
n

(maximum)


Public/private key (Asymmetric)

Involves a trapdoor or secret exit

Generally a mathematical concept


Product of 2 large primes (easy), Factoring that product (hard)


Function of a curve

Figure 7.10 TEA in use

void tea(char mode, FILE *infile, FILE *outfile, unsigned long k[]) {

/* mode is ’e’ for encrypt, ’d’ for decrypt, k[] is the key.*/


char ch, Text[8]; int i;


while(!feof(infile)) {



i = fread(Text, 1, 8, infile);

/* read 8 bytes from infile into Text */



if (i <= 0) break;



while (i < 8) { Text[i++] = ' ';}

/* pad last block with spaces */



switch (mode) {



case 'e':




encrypt(k, (unsigned long*) Text); break;



case 'd':




decrypt(k, (unsigned long*) Text); break;



}



fwrite(Text, 1, 8, outfile);

/* write 8 bytes from Text to outfile */


}

}

Figure 7.9

TEA decryption function

void decrypt(unsigned long k[], unsigned long text[]) {


unsigned long y = text[0], z = text[1];


unsigned long delta = 0x9e3779b9, sum = delta << 5; int n;


for (n= 0; n < 32; n++) {



z
-
= ((y << 4) + k[2]) ^ (y + sum) ^ ((y >> 5) + k[3]);



y
-
= ((z << 4) + k[0]) ^ (z + sum) ^ ((z >> 5) + k[1]);



sum
-
= delta;


}


text[0] = y; text[1] = z;

}

Network Security

Digital Signature


Authenticate


Unforgeable


Nonrepudiation


=>
Bind identity to document


Two mechanisms


Digital signature (Private or public)


Digital function (Secure hash)

Digital signatures with public keys

{h}
Kpri
M
Signing
Verif ying
E(K
pri
, h)
128 bit s
H(M)
h
M
h
H(doc)
D(K
pub
,{h})
{h}
Kpri
h'
h = h'?
M
signed doc
1.
A generates Kapub and Kapriv (Makes Kapub available)

2.
A computes digest M => H(M); S= {H(M)}Kapriv

3.
A:B M, S

4.
B decrypts S with Kapub => H(M); computes H(M) and compares

Low
-
cost signatures with a shared secret key

M
Signing
Verif ying
H(M+K)
h
h'
H(M+K)
h
h = h'?
K
M
signed doc
M
K
1.
A generates K; sends it to B (securely)

2.
A computes h=H(M+K)

3.
A:B M,h

4.
B computes H(M+K) and compares

Network Security

Characteristics of a Secure Digest Function

1.
Given M, it is easy to compute h

2.
Given h, it is hard to compute M

3.
Given H(M), it should be very hard to find H(M)=H(M
1
)


MD5 and SHA are examples of secure digests



Network Security

Certificate standards and authorities


X.509


provides the standard format; binds public
key to a subject based on a trusted signature


Includes a validity period


Certificate Authority


Provided by a certificate authority


Verisign …

Network Security

Pragmatics


Review the book for info on performance of
protocols


Politics of security are quite messy


Government resistance


International front


Criminal front


Many issues to consider, even as a technologist


Corporate drivers versus Government (national and
public safety drivers)


Corporate and government versus civil liberties


Figure 7.15

The Needham

Schroeder secret
-
key
authentication protocol

Header

Message

Notes

1. A
-
>S:

A, B, N
A

A requests S to supply a key for communication

with B.

2. S
-
>A:

{
N
A
, B, K
AB
,

{
K
AB
, A
}
K
B
}
K
A

S returns a message encrypted in A’s secret key,

containing a newly generated key
K
AB
and a

‘ticket’ encrypted in B’s secret key. The nonce
N
A


demonstrates that the message was sent in response

to the preceding one. A believes that S sent the

message because only S knows A’s secret key.



3. A
-
>B:

A sends the ‘ticket’ to B.

4. B
-
>A:

B decrypts the ticket and uses the new key
K
AB

to

encrypt another nonce
N
B
.

5. A
-
>B:

A demonstrates to B that it was the sender of the

previous message by returning an agreed

transformation of
N
B
.

{
K
AB
, A
}
K
B

{
N
B
}
K
AB

{
N
B

-

1}
K
AB

Figure 7.16

System architecture of Kerberos

Server

Client

DoOperation

Authentication

database

Login

session setup

Ticket
-

granting


service T

Kerberos Key Distribution Centre

Server

session setup

Authen
-

tication

service A

1. Request for

TGS ticket

2. TGS

ticket

3. Request for

server ticket

4. Server ticket

5.



Service



request

Request encrypted with session key

Reply encrypted with session key

Service

function

Step B

Step A

Step C

C

S

Network Security

Kerberos
-
MIT extension of N&S

1.
C:A

C,T,n

2.
A:C

{Kct,n}Kc, {ticket(C,T)}Kt




{ticket(C,T)}Kt = {C,T,t1,t2,Kct}Kt

3.
C:T

{auth(C)}Kct, {ticket(C,T)}Kt, S, n





{auth(C)}Kct = {C,t}Kct

4.
T:C

{Kcs,n}Kct, {ticket(C,S)}Ks

5.
C:S

{auth(C)}Kcs, {(ticket(C,S)}Ks, request, n

6.
S:C

{n}Kcs, reply