August 6, 2003

1
Rakesh Reddy Carnegie Mellon University
Security Systems for Distributed Models in
Ptolemy II
Mentors Professor Edward Lee Yang Zhao
http//chess.eecs.berkeley.edu

• Motivation
• Distributed models have the ability to perform
  tasks that single computers can not. These
  systems can be used to perform mass computation
  like Search for Extraterrestrial Intelligence at
  Home (SETI_at_home) which analyzes data from space
  by sending information to home computer systems
  to be processed or as control systems such a
  project by Partners for Advanced Transit and
  Highways which is developing a system for cars to
  communicate with each other to avoid accidents
  and aid traffic flow.
• One of the main concerns with using distributed
  models is security. The two main security leaks
  are
• Security sensitive data can be intercepted and
  read.
• Unauthorized parties can send models that would
  harm system stability such as viruses.
• The solution to these issues is the use of
  cryptographic services.

Digital Signature The purpose of a digital
signature is to verify who the sender is.
Digital signatures are based on calculating the
message digest of a piece of data and encrypting
the message hash using the private key of an
asymmetric algorithm. The SignatureSigner actor
then outputs the encrypted message hash, public
key, and the original message. The
SignatureVerifier actor receives the public key,
encrypted message hash and original message.
Using the public key it decrypts the message
hash. The message hash for the original message
is then calculated and compared to the message
hash that has been decrypted. If the hashes are
equal then the message verification is
successful. The digital signature allows us to
determine if the information is from someone we
trust and to ensure data was not changed in
transit.
Signature with Hybrid Encryption Model
Symmetric Cryptography Symmetric cryptography,
also known as secret key or private key
cryptography, is based on a key that is known to
only those who should have it. Most symmetric
ciphers process data in blocks of 64 or 128 bits.
This makes it more difficult to break. The
SymmetricEncryption actor sends the encrypted
data, key and parameter. The SymmetricDecryption
actor receives the encrypted data, key and
parameter, and uses it to decrypt the data. The
parameter information is only used for certain
modes of encryption. The mode specifies how
the block cipher should encrypt the data. The
mode could be Electronic Code Book which is
similar to a replacement scheme or a Cipher Block
Chaining scheme which uses the prior block to
encrypt the next block. The main weakness of
symmetric cryptography is transporting the
generated secret key. Sending the key with the
data makes encryption useless since anyone
eaves-dropping on the data line will be able to
obtain the key.
Conclusion The model above is an example of how
cryptographic services can be used to secure data
and eliminate security risks in distributed
models. The signature actors ensure that data is
from a trusted source and has not been modified
in transit. The asymmetric and symmetric actors
work in tandem in what is know as hybrid
encryption. Hybrid encryption uses an asymmetric
algorithm and the receivers public key to encrypt
the private key of the symmetric algorithm and a
symmetric algorithm to quickly encrypt data.
Hybrid encryption eliminates the weaknesses of
both types of algorithms and ensures that data is
secure.
Asymmetric Cryptography Asymmetric cryptography
uses a public/private key pair. The public key
can be known to everyone while only one person
knows the corresponding private key. Encryption
is done by using the public key and is sent to
the person with the corresponding private key.
The private key is then used to decrypt the
message. In the model above, the
AsymmetricDecryption actor sends the
AsymmetricEncryption actor its public key. The
AsymmetricEncryption actor then uses this public
key to encrypt the secret key data from the
SymmetricEncryption actor and sends it to the
AsymmetricDecryption actor for decryption.
Asymmetric algorithms rely on the fact that a
message encrypted using the public key, can only
decrypt with the private key. The drawback to
asymmetric algorithms is they are much slower in
encrypting data compared to symmetric algorithms.
Ptolemy II Ptolemy II is a Java based software
package that is used to model heterogeneous
systems using models of computation known as
actors. Ptolemy II also leverages the
infrastructure to implement distributed models.
A feature that makes Ptolemy II powerful for
distributed models is Mobile Models. Instead of
simply passing data, Ptolemy can pass models that
can change how the rest of the model operates.
This added functionality however leads to many
security risks such as malicious models from
unknown actors that must be addressed.
August 6, 2003