Security

1
Security

• Chapter 8

2
Types of Threats

• Interception
• Unauthorised party gains access
• Interruption
• Services or Data become unavailable
• Modification
• Unauthorised tampering
• Fabrication
• Additional data or activities that would not
  otherwise exist

3
Security Mechanisms

• Encryption
• Transform data into something an attacker cannot
  understand
• Authentication
• Verify the claimed identity of a user
• Authorisation
• is a client authorised to perform a given action?
• Auditing
• Trace client activity and access

4
Example Globus Security Architecture

• Diagram of Globus security architecture.

5
Focus of Control

• Three approaches for protection against security
  threats
• Protection against invalid operations
• Protection against unauthorised invocations
• Protection against unauthorised users

6
Layering of Security Mechanisms (1)

• The logical organisation of a distributed system
  into several layers.
• Where do security mechanisms need to be placed?

7
Layering of Security Mechanisms (2)

• Several sites connected through a wide-area
  backbone service.
• Intermediate vs. End-To-End Security

8
Distribution of Security Mechanisms

• The principle of RISSC as applied to secure
  distributed systems.
• Security-critical servers are placed on separate
  machines!

9
Cryptography (1)

• Intruders and eavesdroppers in communication.

10
Cryptography (2)

• Notation used in this module.

11
Symmetric Cryptosystems DES (1)

• The principle of DES
• Outline of one encryption round

12
Symmetric Cryptosystems DES (2)

• Details of per-round key generation in DES.

13
Public-Key Cryptosystems RSA

• Generating the private and public key requires
  four steps
• Choose two very large prime numbers, p and q
• Compute n p x q and z (p 1) x (q 1)
• Choose a number d that is relatively prime to z
• Compute the number e such that e x d 1 mod z
• Encryption of m with e c me (mod n)
• Decryption of m with d m cd (mod n)

14
Hash Functions MD5 (1)

• The structure of MD5
• Computes a 128 bit fixed length digest

15
Hash Functions MD5 (2)

• The 16 iterations during the first round in a
  phase in MD5.

16
Authentication (1)

• Authentication based on a shared secret key.
• A identity of Alice RA, RB challenges
  KA,B(x) encryption of x

17
Authentication (2)

• Authentication based on a shared secret key, but
  using three instead of five messages. Does it
  still work?

18
Authentication (3)

• The reflection attack.

19
Key Establishmentover insecure networks

• The principle of the Diffie-Hellman key exchange.
• Both use gxy mod n as their shared key.

20
Authentication Using a Key Distribution Center (1)

• The principle of using a KDC to avoid scalability
  problems.
• Problem KDC needs to contact Bob

21
Authentication Using a Key Distribution Center (2)

• Using a ticket and letting Alice set up a
  connection to Bob.

22
Authentication Using a Key Distribution Center (3)

• The Needham-Schroeder authentication protocol.
• Alice and Bob create nonces RA1, RA2, and RB.

23
Authentication Using a Key Distribution Center (4)

• Protection against malicious reuse of a
  previously generated session key in the
  Needham-Schroeder protocol
• Alice includes a nonce received from Bob for this
  session.

24
Authentication Using Public-Key Cryptography

• Mutual authentication in a public-key
  cryptosystem.

25
Digital Signatures (1)

• Digital signing a message using public-key
  cryptography.
• K-A(m) acts as Alices signature.

26
Digital Signatures (2)

• Digitally signing a message using a message
  digest.
• Only hash value gets encrypted!

27
General Issues in Access Control

• General model of controlling access to objects.
• Reference Monitor checks if subject is authorised
  to request an operation.

28
Access Control Matrix

• Comparison between ACLs and capabilities for
  protecting objects.
• Using an ACL
• Using capabilities.

29
Protection Domains

• The hierarchical organisation of protection
  domains as groups of users.
• Another option role based groups

30
Firewalls

• A common implementation of a firewall.

31
Protecting the Target (1)
8-27

• The organisation of a Java sandbox.

32
Protecting the Target (2)
8-28

• A sandbox
• A playground

33
Protecting the Target (3)
8-29

• The principle of using Java object references as
  capabilities.
• No runtime references can be generated by the
  downloaded program!

34
Protecting the Target (4)

• The principle of stack introspection.
• Every invocation is redirected through a
  Reference Monitor.

35
Key Distribution (1)

• Secret-key distribution
• Requires secure channels!

36
Key Distribution (2)

• Public-key distribution (see also menezes.a96).

37
Example Kerberos (1)

• Authentication in Kerberos.
• AS Authentication Server TGS Ticket Granting
  Server

38
Example Kerberos (2)

• Setting up a secure channel in Kerberos.

39
SESAME Components

• Overview of components in SESAME.

40
Privilege Attribute Certificates (PACs)

• The organisation of a SESAME Privilege Attribute
  Certificate.

41
Electronic Payment Systems (1)

• Payment systems based on direct payment between
  customer and merchant.
• Paying in cash.
• Using a check.
• Using a credit card.

42
Electronic Payment Systems (2)

• Payment systems based on money transfer between
  banks.
• Payment by money order.
• Payment through debit order.

43
Privacy (1)

• Information hiding in a traditional cash payment.

44
Privacy (2)
Information
Party

• Information hiding in a traditional credit-card
  system (see also camp.lj96a)

45
E-cash

• The principle of anonymous electronic cash using
  blind signatures.

46
Secure Electronic Transactions (SET)

• The different steps in SET.