Preamble to Lectures 3 and 4

1
Preamble to Lectures 3 and 4

• What is missing so far in terms of making
  commercial applications and services?
• Security
• Availability
• Fault-tolerance
• Scalability
• etc

Advantage in re-use of distributed system services
2
Fundamentals Stream Lecture 3

• Overview of Lecture
• Security in distributed systems
• Principles of security
• Basics of cryptography
• Secret key encryption
• Public key encryption
• Access Control
• Authentication and key distribution
• Case study Kerberos
• Additional reading
• CDK chapter 5

3
Introducing Security
A historical perspective
4
Security Vulnerabilities in Distributed Systems
1. Eavesdropping
Aha, Ive just found your password
5
Security Vulnerabilities in Distributed Systems
I am amazon.com, honest, so please send me your
credit card details
2. Masquerading
6
Security Vulnerabilities in Distributed Systems
Please credit my account with 1m, not 1
3. Tampering
7
Security Vulnerabilities in Distributed Systems
4. Replaying
Lets have that one again
8
The Added Threat of Mobile Code

• What is mobile code?
• The ability to move codedata to a given
  environment where it will execute locally
• Examples include Java, and mobile agent systems
  such as Aglets and Tacoma
• Additional vulnerabilities
• Can by-pass security mechanisms
• Can attack from the inside

See also practical stream
9
Principles of Security

• Provide secure channels
• gt encryption
• Assume mutual suspicion
• gt authentication
• Need to know
• gt access control

10
Introduction to Cryptography

• To encrypt a message M with key k

Plain text, M
Cipher text, C FK(M)
Insecure Channel
FK
Encryption Algorithm
Key

• To decrypt the coded message C FK(M),
• need the decryption key K,
• perform the inverse process to recover M.

11
Basic Cryptography Techniques (1)

• Substitution ciphers
• Letters are shifted with respect to a key
• mono-alphabetic e.g. Caesar cipher
• znkyk iovnkxy gxk kgye zu hxkgq (key ?)
• poly-alphabetic e.g. Vigenère cipher
• uses a word/phrase as a key
• write key repeatedly below message
• code wrt Vigenère table (code letter
  inter-section of letters from plaintext key)
• also one-time pad, codebook ciphers

12
Basic Cryptography Techniques (2)

• Transposition ciphers
• Letters are re-ordered with respect to a key
• ? letter frequency unchanged
• fixed period (length)
• rail-fence ciphers
• columnar transposition
• choose keyword, write message as a matrix of the
  same width as the key
• use alphabetic order of letters in keyword to
  reorder columns of matrix

K 231, M IBM C MIB
M a simple example a i p e x m l s m l
e a p e C aipexmlsmleape
13
Secret Key Encryption

• A key, k, is only known to authorised people
• a.k.a. private key encryption
• Sender receiver must share knowledge of k
• acquired through a secure channel
• The encryption function, F must also be known
• This function need not be kept secret
• Commonly uses same key for encryption and
  decryption ? symmetrical encryption

14
Encryption/ Decryption Using Secret Keys
Sender, A
1. acquire K 2. C FK(M) 3. send C
Receiver, B
C
1. acquire K 2. receive C 3. F-1K(C) M
K key M message (plaintext) C
ciphertext F encryption function F-1
decryption function
15
Public Key Encryption

• First proposed by Diffie Hellman (1976) to
  eliminate the need for trust
• Encryption key, e, is made public
• Decryption key, d, kept private (personal)
• Relationship between e and d is a one-way
  function
• Based on product of 2 v. large primes (gt10100)
• Determining prime factors of such a number is
  computationally intense slow
• Asymmetrical encryption since e ? d

16
Examples of Established Encryption Techniques

• Data Encryption Standard (DES), 1977
• Secret key, based on sequence of substitutions
  and permutations (use controlled by US
  government)
• Concerns over 56-bit key not being sufficient
• Widely used, very fast, implemented in hardware
• RSA algorithm (Rivest, Shamir, Adelman, 1978
• Public key, based on difficulty in finding
  factors of large numbers
• No need to worry about distributing keys securely
• Slower than DES

17
Alternative Techniques

• Triple-DES - more complex (slower) than DES
• 4? Fenced DES - nearly as fast as DES
• AES - new standard replacing DES 2001
• others including IDEA, Blowfish, RC4, SEAL, ...
  
• PGP - Pretty Good Privacy
• Uses RSA for key transport, IDEA for bulk
  encryption
• Gaining popularity, freeware program
• Often used on internet

18
Access Control

• What is access control?
• A means of restricting access to services in a
  potentially distributed environment
• Different clients may be given different levels
  of access rights
• More specifically
• Servers receive requests of the form
• ltop, principal, resource gt
• Server decides whether the stated operation on
  the resource is permitted for the given principal
• Establishment of protection domain for clients

19
Implementing Access Control

• Capabilities
• Each process maintains a set of capabilities
  defining its access rights
• ltresource, permitted ops, authentication codegt
• Server must validate capability on each operation
• Access control lists (ACLs)
• Server maintains an access control list for each
  resource
• ltdomain, permitted operationsgt
• Server must lookup table on each client request

20
Capabilities and ACLs A Comparison

• Advantages of capabilities over ACLs
• Simple and lightweight validation of requests
• Advantages of ACLs over capabilities
• Capabilities suffer from 2 major problems
• Key theft
• Difficulties in revocation

N.B. Hybrid solutions have been developed
21
Authentication Secret Key Distribution

• Needham and Schroeders protocol (1978)
• Provides an authentication server
• addresses the problems of authentication
• and secure key distribution
• Two models
• one based on secret keys
• one based on public keys
• (not discussed here)

22
Needham and Schroeders Secret- Key Protocol
Authentication Server, S
B
A
23
Features/ Problems with Needham Schroeders
Protocol

• Any message encrypted in K(A,B)
• Must have come from A or B (or S), and
• Can only be decrypted by A or B (or S)
• Authentication server must be trustworthy
• B does not know that message 3 is fresh
• Remedied by including a timestamp, t
• Hence message 3 becomes K(A,B, A, tK(A)

24
Case Study Kerberos

• What is it?
• An authentication protocol developed at MIT
• Based on Needham Schroeders secret key
  protocol
• Timestamps on message 3 are included - to fix the
  previously identified problem
• Widely used, e.g. access to NFS and AFS,
  integrated into DCE, Windows 2000, etc.

25
Systems Architecture of Kerberos
26
Expected Learning Outcomes

• You should be able to appreciate the various
  security vulnerabilities in a modern distributed
  system, and the general security principles to
  address such threats
• You should understand the basic principles
  underpinning cryptography and access control
• You should be able to compare and contrast the
  different approaches to cryptography and also
  access control

27
Expected Learning Outcomes (continued)

• You should have a deep understanding the
  algorithm for authentication and secret key
  distribution, and also its role in Kerberos
• Again, you should be able to relate the concepts
  introduced in this lecture to those introduced in
  the practical stream (use of Java RMI security)

28
Exam Question of the Week

• A) Discuss in detail the major security
  vulnerabilities found in modern distributed
  systems. In your answer comment also on the
  specific issues raised by mobile code for
  security. 5 marks
• B) Describe the security architecture offered by
  the Java language for programming distributed
  systems. Discuss the extent to which such
  proposals address the concerns raised above.
  8
  marks
• C) Present an overview of the Needham and
  Schroeder algorithm for authentication and secret
  key distribution. Describe in detail the final
  two stages of this algorithm and why they are
  importance for the overall correctness of the
  protocol. 7 marks