Computer Science 328 Distributed Systems

1
Computer Science 328Distributed Systems

• Lecture 14
• Security in Distributed Systems

2
Security Needs

• Protection of services Protection of shared
  resources and distributed services.
• Identification and authentication User
  identification and access protection for
  resources and services.
• Transaction security Protection of commercial
  transactions and sensitive messages on the
  internet.
• Security is defined by a security policy and
  implemented by a security mechanism.

3
Security Threats

• Interception An unauthorized party gains access
  to a service or data (eavesdropping).
• Interruption Causing interruption or damage to
  a service or data to make it unavailable,
  unusable or destroyed (denial of service attack
  or data corruption).
• Modification Unauthorized change of data,
  tampering with a service (change of transmitted
  data, tampering with logs).
• Fabrication Incorporating extraneous and
  damaging additional data or activities, e.g.
  adding passwords into password file.

4
Security Threats in Comm. Channels

• Eavesdropping Obtaining copies of messages
  without authority.
• Masquerading Sending or receiving messages
  with the identity of another principal.
• Message tampering Intercepting messages and
  altering their contents before passing them onto
  the intended recipient.
• man-in-the-middle attack intercepts the first
  message (in an exchange of encryption keys to
  establish a secure channel)
• Replaying Intercepting messages and sending
  them at a later time.
• Denial of Service Attack flooding a channel or
  other resources with messages.

5
Security Policies Mechanisms

• Security Policy indicates which actions each
  entity (user, data, service) is allowed or
  prohibited to take.
• Security Mechanism enforces the policy
• Encryption transform data to a form only
  understandable by authorized users.
• Authentication verify the claimed identity of a
  user, client, service, program, etc.
• Authorization verify access rights for an
  authenticated entity.
• Auditing make record of and check access to
  data and resources. Mainly an analysis tool to
  measure the success of security policies and
  mechanisms

6
Familiar Names for Principals in Security
Protocols
7
Cryptography Notations
8
Cryptography

• Encoding (encryption) of a message that can only
  be read (decryption) by a key.
• In shared key cryptography (symmetric
  cryptography) the sender and the recipient know
  the key, but no one else does.
• How do Alice and Bob get the shared key KAB to
  begin with certificates.
• In public/private key pairs messages are
  encrypted with a published public key, and can
  only be decrypted by a secret private decryption
  key.

D(K, MK)M
E(K,M)MK
MK
Bob
Alice
Decryption
Encryption
Plain Text (M)
Decryption K, D
Plain Text (M)
Encryption K, E
9
Authentication

• Use of cryptography for safeguarding
  communication between two principals.
• In direct authentication, the server uses a
  shared secret key to authenticate the client.
• In indirect authentication, a trusted
  authentication server provides a ticket to an
  authenticated client.
• The authentication server knows keys of
  principals and generates temporary shared keys.
• In electronic commerce or wide area applications,
  public/private key pairs are used rather than
  shared keys.

10
Direct Authentication

• Authentication based on a shared secret key.

11
Optimized Direct Authentication

• Authentication based on a shared secret key, but
  using three instead of five messages.

12
Reflection Attack
13
Direct Authentication

14
Authentication Using a Key Distribution Center

• Using a ticket and letting Alice set up a
  connection to Bob.

15
Needham-Schroeder Authentication

Authentication System
KA KB
System A
KA
System B
KB
16
Why Do We Need Nonce NA in Message 1?

Because we need to relate message 2 to message 1
Authentication System
KA KB
System A
KA
Chuck has stolen KB and Intercepted message 2
System C
KB
17
Why do We Need to Include B in Message 2?

Authentication System
KA KB
Alice
KA
Chuck
KB
18
Why do We Need the Challenge KAB(NA) in Message
3?

Authentication System
KA KB
Message 3 may be intercepted by Chuck. If Chuck
manages to bet KAB, what happens?
System A
KA
System B
KB
19
NeedhamSchroeder Secret-key Authentication
Protocol
Header
Message
Notes
1. A-gtS
A requests S to supply a key for communication
A, B, NA
with B.
S returns a message encrypted in As secret key,
2. S-gtA
NA , B, KAB,
containing a newly generated key KAB and a
KAB, AKBKA
ticket encrypted in Bs secret key. The nonce
NA
demonstrates that the message was sent in response
to the preceding one. A believes that S sent the
message because only S knows As secret key.

A sends the ticket to B.
KAB, AKB
3. A-gtB
B decrypts the ticket and uses the new key KAB to
NBKAB
4. B-gtA
encrypt another nonce NB.
A demonstrates to B that it was the sender of the
NB - 1KAB
5. A-gtB
previous message by returning an agreed
transformation of NB.
20
System Architecture of Kerberos
21
Kerberos Authentication
Duration in which the ticket is valid

ticket(C,T)KTC,T, t1,t2, KCTKT
Authentication Service (AS)
KA
KA
KT
KC
System C (Client)
KA
Ticket Service (T)
KS KS
System S (Server)
KS
KDC
22
Digital Signatures

• Cryptography is also used to verify that a
  message or document is a true copy by verified
  signature.

B
A
m
m
As Pub Key, KA
Bs Pub Key, KB
Bs Priv. Key, KB-
As Priv. Key, KA-
Digital Signature Using Public-Private Keys
A
B
Digest Function
m
m
As Priv. Key, KA-
As Pub Key, KA
Digest Function
m,D(m)
Compare
D(m)
m,D(m)
Digital Signature Using Message Digest
23
Digital Certificates

• A digital certificate is a statement signed by a
  third party principal.
• To be useful, certificates must have
• A standard format, for construction and
  interpretation
• A protocol for constructing chains of
  certificates
• A trusted authority at the end of the chain

Service (S)
Request with digital signature
Alice
CertificateShe is Alice
Certificate
KS-
Certificate
Third Party
Transaction
KS-
KS
24
Alices Bank Account Certificate
Alice may pretend to be the bank and create a new
key pair, KB, KB-
25
Public-Key Certificate for Bobs Bank
1.
Certificate type

Public key
2.
Name

Bobs Bank
3.
Public key

KBpub
4.
Certifying authority

Fred The Bankers Federation
5.
Signature

Eventually KF-, KF have to be obtained reliably.