CS542: Topics in Distributed Systems

1
CS542 Topics inDistributed Systems
Security
2
Why are Distributed Systems insecure?

• Distributed component rely on messages sent and
  received from network.
• Is network (especially WAN networks) secure?
• Packets can be intercepted and modified at
  network layer!
• Is client component secure?
• Is client component who it claims to be?
• Are users of calling components really who they
  claim to be?

3
Security Threats

• Leakage An unauthorized party gains access to a
  service or data.
• Attacker obtains knowledge of a withdrawal or
  account balance, e.g., via eavesdropping
• Tampering Unauthorized change of data,
  tampering with a service
• Attacker changes the variable holding your
  personal data
• Vandalism Interference with proper operation,
  without gain to the attacker
• Attacker does not allow any transactions to your
  account
• E.g., DOSdenial of service

4
How Attacks are Carried Out

• Attacks on Communication Channel / Network
• Eavesdropping Obtaining copies of messages
  without authority.
• Masquerading Sending or receiving messages
  with the identity of another principal (user or
  corporation). Identity theft.
• Message tampering Intercepting messages and
  altering their contents before passing them onto
  the intended recipient.
• Replaying Intercepting messages and sending
  them at a later time.
• Denial of Service Attack flooding a channel or
  other resources (e.g., port) with messages.

5
Addressing the Challenges

• Leakage An unauthorized party gains access to a
  service or data.
• Confidentiality protection against disclosure
  to unauthorized individuals.
• Tampering Unauthorized change of data,
  tampering with a service
• Integrity protection against alteration or
  corruption.
• Vandalism Interference with proper operation,
  without gain to the attacker
• Availability protection against interference
  with the means to access the resources.

6
Security Requirements

• Authentication ensures that sender and receiver
  are who they are claiming to be
• Data integrity ensure that data is not changed
  from source to destination
• Confidentiality ensures that data is read only
  by authorized users
• Non-repudiation ensures that the sender has
  strong evidence that the receiver has received
  the message, and the receiver has strong evidence
  of the sender identity. The sender cannot deny
  that it has sent the message and the receiver
  cannot deny that it has received the message

7
Security Policies Mechanisms

• A Security Policy indicates which actions each
  entity (user, data, service) is allowed or
  prohibited to take.
• E.g., Only an owner is allowed to make
  transactions to his account.
• A Security Mechanism implements and enforces the
  policy

8
Security Mechanisms

• Encryption / decryption transforming data into
  something an attacker cannot understand and
  vice-versa, i.e., providing a means to implement
  confidentiality, as well as allowing user to
  check whether data have been modified.
• Authentication verifying the claimed identity of
  a subject, such as user name, password, etc.
• Authorization checking whether the subject has
  the right to perform the action requested. verify
  access rights of principal for resource.
• Auditing tracing which subjects accessed what,
  when, and which way. In general, auditing does
  not provide protection, but can be a tool for
  analysis of problems. Mainly an offline analysis
  tool, often ex-post.

9
Designing Secure Systems

• Need to make worst-case assumptions about
  attackers
• exposed interfaces, insecure networks, algorithms
  and program code available to attackers,
  attackers may be computationally very powerful
• Typically design system to withstand a known set
  of attacks (Attack Model or Attacker Model)
• Tradeoff between security and performance impact
• Designing Secure Systems
• Traditionally done as a layer on top of existing
  protocols.
• Three phases
• Design security protocol
• Analyze Protocol Behavior when under attacks
• Measure effect on overall performance if there
  were no attacks (the common-case)

10
Familiar Names in the Security Literature
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Third Edition.
11
Notational Conventions
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Third Edition.
12
Cryptographic Terminology

• Plain text the message before encryption.
• Cipher text the message after encryption.
• Key information needed to convert from plain
  text to cipher text (or vice-versa).
• Function the encryption or decryption algorithm
  used, in conjunction with key, to encrypt or
  decrypt message.
• Key distribution How to distribute keys between
  senders and receivers

13
Requirements for modern cryptography

• Kerkhoffs principle knowledge of encryption
  algorithm should not be an advantage
• With computers a brute force attempt is possible,
  i.e. try every possible substitution until a
  valid message is produced.
• Computers are good at this, modern schemes must
  be computationally hard to solve to remain
  secure.
• 15 May 1973 American National Bureau of standards
  requests proposals for encryption standard
• Data Encryption Standard, DES, developed.
  Standard describes DEA, Data Encryption Algorithm
• Since November 26, 2001, theres AES, based on
  Rijndael

14
Cryptography

• Encoding (encryption) of a message that can only
  be read (decryption) by a key.
• In shared key cryptography (symmetric
  cryptography) the sender and the recipient know
  the key, but no one else does.
• E.g., DES (Data Encryption Standard) 56 b key
  operates on 64 b blocks of data. Notation KAB
  (M).
• How do Alice and Bob get the shared key KAB to
  begin with?
• In public/private key pairs messages are
  encrypted with a published public key, and can
  only be decrypted by a secret private decryption
  key.
• E.g., RSA / PGP keys at least 512 b long

Code for E D is open-source (hence known to
attacker)
D(K, MK)M
E(K,M)MK
MK
Bob
Alice
Decryption
Encryption
Plain Text (M)
Decryption KBpriv, D
Plain Text (M)
Encryption KBpub, E
15
Cryptography

• Shared versus public/private
• Shared reveals information to too many
  principles may need key distribution and
  revocation/repudiation mechanisms
• In electronic commerce or wide area applications,
  public/private key pairs are preferred to shared
  keys.
• Public/private key encrypt/decrypt ops are costly
• May use hybrid pub/pri generates a shared key.
• Presentation of many next few protocols
  independent of which keying scheme, viz., shared
  or pub/priv

16
Symmetric Key

• Both the sender and the receiver use the same
  secret keys

Plaintext
Plaintext
Internet
Encrypt with secret key
Decrypt with secret key
Ciphertext
17
DES/AES Symmetric Encryption

• One key is used to both encrypt and decrypt data
• Encryption and decryption functions are often
  chosen to be the same
• Security should not be compromised by making
  function well-known as security comes from secret
  keys

18
DES/AES Using Secret Keys

• Sender and recipient exchange keys through some
  secure, trusted, non-network based means.
• Sender encodes message using function and sends,
  knowing that only the holder of the key (the
  intended recipient) can make sense of it.
• Recipient decodes message knows that only a
  key-holding sender could have generated it.
• Message can be captured but is of no use.

19
Data Encryption Standard (DES)

• DES encrypts a 64-bit block of plain text using a
  56-bit key
• Three phases
• Permute the 64 bits in the block
• Apply a given operation 16 times on the 64 bits
• Permute the 64 bits using the inverse of the
  original permutation

1st phase IP(input)
Round 1
.
.
.
key
2nd phase
Round 16
3rd phase IP-1(input)
20
Initial Permutation (IP)

• IP bit 58 of input becomes 1st bit, bit 50
  becomes 2nd bit, etc

58 50 42 34 26 18 10 2 60 52 44 36 28 20 12 4 62
54 46 38 30 22 14 6 64 56 48 40 32 24 16 8 57 49
41 33 25 17 9 1 59 51 43 35 27 19 11 3 61 53
45 37 29 21 13 5 63 55 47 39 31 23 15 7

• IP-1 inverse of IP, e.g., IP(1) 58, IP-1 (58)
  1

40 8 48 16 56 24 64 32 39 7 47 15 55 23 63 31 38
6 46 14 54 22 62 30 37 5 45 13 53 21 61 29 36 4
44 12 52 20 60 28 35 3 43 11 51 19 59 27 34 2 42
10 50 18 58 26 33 1 41 9 49 17 57 25
21
2nd Phase Operation in each round
0

• 16 rounds
• Each round i select a 48 bit key Ki from the
  original 56 bit key K. Perform (F is a given
  function)

63
63
32
31
0
Li-1
Ri-1
Ki
F

Li
Ri
22
Discussion of DES

• Even through the DES algorithm is well known, but
  the key or cipher is difficult to break using
  analytical methods.
• Using a brute-force attack by simply searching
  for a key is possible. However, for 56-bit key,
  there are 256 possible key combinations, if we
  could search one key in 1 µs, then we need 2283
  years to try all keys. (Distributed.net broke a
  DES-56 within 22 hours and 15 minutes, by using
  100,000 PCs).
• Use 3DES (K1, K2, K3), or DES-128 for high
  security.

23
Encrypting Larger Messages

• Initialization Vector (IV) is a random number
  generated by sender and sent together with the
  ciphertext

Block1
Block2
Block3
Block4
IV




DES
DES
DES
DES
Cipher1
Cipher2
Cipher3
Cipher4
24
Cipher block chaining (CBC)

• Each plaintext block is combined with the
  preceding ciphertext block using XOR
• i.e., ciphertextn1 plaintextn1 ? ciphertextn
• For decryption, the opposite is done, since XOR
  is idempotent, it works.
• Weaknesses if the same message is sent to
  multiple locations, theyll be the same and the
  attacker may infer.
• To add different piece of plaintext at the
  beginning of each message

25
A Scheme of Cipher Block Chaining
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Third Edition.
26
Stream ciphers

• CBC is inappropriate for some apps., e.g.,
  encryption of telephone conversations
• gt Stream ciphers solve this problem
• Main idea is to construct a keystream generator.
• Its analogous to adding noise to the system

27
A Stream Cipher
Source G. Coulouris et al., Distributed Systems
Concepts and Design, Third Edition.
28
DES Properties

• Provide confidentiality
• No mathematical proof, but practical evidence
  suggests that decrypting a message without
  knowing the key requires exhaustive search
• To increase security use triple-DES, i.e.,
  encrypt the message three times

29
Secret Key Encryption

• Disadvantage Number of keys needed increases
  quadratically by number of objects (one key per
  pair of communicating objects)
• Another problem with private key
• Key distribution
• Public Key (Asymmetric) Encryption overcomes
  these problem

30
Public-Key Cryptosystems RSA

• Asymmetric algorithm a private and a public key
  are used
• First proposed by Diffie and Hellman
• Basis Trap-door functions
• Are special type of one-way-functions that has a
  secret exit, it is easy to compute it in one-way
  but it is infeasible to compute the inverse if
  the secret is unknown
• Two keys, Ke and Kd
• D(Kd, E(Ke, M)) M
• RSA (Rivest, Shamir, and Adelman) Algorithm

31
Public-Key Cryptography RSA (Rivest, Shamir,
Adleman)

• Sender uses a public key
• Advertised to everyone
• Receiver uses a private key

Plaintext
Plaintext
Internet
Encrypt with public key
Decrypt with private key
Ciphertext
32
Asymmetric Encryption

• Gives 'one-way' security.
• Two keys generated, one used with decryption
  algorithm (private key) and one with encryption
  algorithm (public key).
• Generation of private key, given public key is
  computationally hard.
• Does not need secure key transmission mechanism
  for key distribution.

33
Asymmetric Encryption Using Public Keys

• Recipient generates key pair.
• Public key is published by trusted service.
• Sender gets public key, and uses it to encode
  message.
• Recipient decrypts message with its private key.
• Replies can be encoded using senders public key
  from the trusted distribution service.
• Message can be captured but is of no use.

34
RSA Algorithm

• Generating the private and public key requires
  four steps
• Choose two very large prime numbers, p and q
• Compute n p x q and z (p 1) x (q 1)
• Choose a number d that is relatively prime to z
• Compute the number e such that e x d 1 mod z

35
Generating Public and Private Keys

• Public key consist of pair (n, e)
• Private key consists of pair (n, d)

36
RSA Encryption and Decryption

• Encryption of message block m
• c me mod n
• Decryption of ciphertext c
• m cd mod n

37
Example (1/2)

• Choose p 7 and q 11 ? n pq 77
• Compute encryption key e (p-1)(q-1) 610 60
  ? chose e 13 (13 and 60 are relatively prime
  numbers)
• Compute decryption key d such that 13d 1 mod
  60 ? d 37 (3713 481)

38
Example (2/2)

• n 77 e 13 d 37
• Send message block m 7
• Encryption c me mod n 713 mod 77 35
• Decryption m cd mod n 3537 mod 77 7

39
Properties

• Confidentiality
• A receiver B computes n, e, d, and sends out (n,
  e)
• Everyone who wants to send a message to A uses
  (n, e) to encrypt it
• How difficult is to recover d ? (Someone that can
  do this can decrypt any message sent to B!)
• Recall that
• d is relatively prime to (p-1)(q-1)
• So to find d, you need to find prime factors p
  and q
• This is provably very difficult

40
Public Key Encryption

• Transmission of message is secure
• as only B has the matching private key to decrypt
  message
• Differences between public and secret key
• One pair of keys generated for every object, so
  number of keys is linear to number of objects
• Because different functions
• use of public keys is more complicated for reply
  messages. A must generate pair of keys and
  publish its public key, which B acquires to
  encrypt reply message

41
Pretty Good Privacy

• Public Key encryption used in PGP
• Generally available, and can be used for
• encryption of messages
• digital signatures.
• PGP combines DES and RSA
• DES fast, but symmetric, hence key distribution
  problem
• RSA slower, but no key distribution problem
• Solution Use RSA to encrypt and distribute key
  for DES encryption!!!