Advanced Network Security 1. Course Outline Jaap-Henk Hoepman - PowerPoint PPT Presentation

Advanced Network Security 1. Course Outline Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh

About me Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 2

About you Applied cryptography? Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 3

Administrative details n Course code: ● NWI-IMC050, 5 ects n Teachers: ● Jaap-Henk Hoepman ● Harald Vranken n Written exam n Course website ● Not using Blackboard ● Instead see: http://www.cs.ru.nl/~jhh/ans.html n Literature ● Selected papers, see website. n Excercises ● See website. Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 4

Schedule: see website Jaap-Henk Hoepman // Radboud University Nijmegen // 5 28-01-2019 // Course outline

Rough lecture setup n Several papers per lecture ● Read them in advance ● Ask questions you may have about them after lecture n Homework ● Not graded ● But discussed at start of next lecture ● You are strongly advised to do the homework to get some exercise before the exam Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 6

Course contents 7

Advanced Network Security CIA Availability n Two quite separate and distinct parts ● Distributed algorithms, in particular fault tolerance ● More traditional advanced network security, like intrusion detection, wireless/cellular network security, etc. Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 8

Distributed algorithms Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 9

Fault tolerance: Consensus Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 10

Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 11

Consensus n How could you solve it? Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 12

Fault tolerance: self stabilisation Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 13

Self-stabilisation n How could it be achieved? Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 14

Meta-knowledge n Distributed algorithms ● Modelling ● Reasoning ● Designing: “Algorithmics” n Global ‘emergent’ behaviour based on local decisions n The ‘forgotten’ security properties ● Availability ● Privacy Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 15

Questions? If not, let’s hit the road! * jhh@cs.ru.nl twitter: @xotoxot 8 blog.xot.nl 8 www.cs.ru.nl/~jhh Jaap-Henk Hoepman // Radboud University Nijmegen // 16 28-01-2019 // Course outline

Basics of distributed algorithms

Distributed algorithms are everywhere! n Computer networks n Multi-threaded applications ● Message passing ● Shared memory / message passing ● Routing ● User interface ● DNS ● Browser loading page elements ● … ● Operating system ● Services ● Parallel processing Jaap-Henk Hoepman // Radboud University Nijmegen // 18 28-01-2019 // Course outline

A distributed system has concurrency n Several processes ● Each executing actions sequentially n But working independently ● Individual actions on different processes may overlap in time ● Some actions may take much longer to complete than others n And order of actions on different processes not guaranteed Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 19

Concurrency: a basic example i := 1, j := 0, thread i := 2 end thread ; thread j := i end thread ; print j Assume for the moment this is an atomic operation n What will be the output of this simple program? n It depends ● Events never take place instantaneous ● Order of execution is not fixed; determined by scheduler Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 20

i := 1, A basic example: answer j := 0, thread i := 2 end thread ; thread j := i end thread ; n 0 print j n 1 n 2 Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 21

A slightly more complex example i := 1, j := 0, thread i := 2; print j end thread ; thread j := i; print j end thread ; n Again, what will be the output of this program? Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 22

A slightly more complex example: answer i := 1, } j := 0, 0 1 n 2 2 → 2 1- printj -1 2 f- i # ? thread i := 2; 2-1 → ' -1 1- j print j in 1- print , end thread ; n 0 2 e- innen ? , thread j := i; } } „ + nu ; ? print j end thread ; n 1 1 Er ? n 0 1?? ● Depends…. Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 23

i := 1, Indivisibility of events/atomicity j := 0, thread i := 2; print j O n If j:=i and print j are ‘indivisible’ end thread ; o thread j := i; ● Then 0 1 is not a possible output µ print j 1- printje - → 0 - ⇒ 1 1- prints -1 end thread ; 1- i. =L -1 ( i . , → 2 te is ' j 1- print ; 1- prints -1 tj : i -1 1 1- n If j:=i is a read of i followed by a write to j, or if print j is a read of j followed by writing the output to the screen ● Then 0 1 is a possible output i - c- prints .É Äj 0 → ' -1 c- i. =L 1- prints -1 ja Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 24

What about infinite executions? n Possible outputs: 1 11 i := 0; 01 611 001 thread while i == 0 0011 do print i ; 1 000 Note: indentation! 00011 print i end thread ; thread i := 1 end thread ; Jaap-Henk Hoepman // Radboud University Nijmegen // 25 28-01-2019 // Course outline

Scheduling n Scheduler determines next action to be executed ● In a non-deterministic way ● An executed action is called an event n Note: scheduler is not a real system component ● It just models the influence of (external) factors on which action is executed n Fairness: ● A scheduler is fair if an action that is continuously enabled will always executed eventually ● So: the protocol on the previous slide will eventually terminate Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 26

Non determinism vs randomness Non-deterministic Random i := 0, i := 0, thread while i == 0 while i == 0 do print i; do i := random(0,1) ; print i print i We cannot say thread i := 1 anything about likelihood! Possible outputs: Possible outputs: 1 1 p = 0.5 01 01 p = 0.25 001 001 p = 0.125 0001 0001 p = 0.063 00001 00001 p = 0.031 Jaap-Henk Hoepman // Radboud University Nijmegen // 27 28-01-2019 // Course outline

Modelling a distributed system n Node (aka process) ● Executes a sequence of actions ● Each action-execution is an event ● Communicates with other nodes through shared memory or message passing n Graph ! = ($, &) of nodes $ and edges & ● ( = $ the number of nodes ), * ∈ & if node ) can communicate data to * ● ● Graph can be directed or undirected Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 28

Some common topologies in ü : : ) • ✓ seiner ir completely • I connected a r STAR o ( no / l o o . I it I ' \ ° o o o r o o o - ← ~ A broadcast ° in try . Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 29

while truc Causality: Ordering events print J ← action do → → → - ← events printje printj ; - - Let , be the set of events, and let -, . ∈ , be events n Define the ‘happened before’ relation - → . as follows . n If - is executed before . by the same process, or ● IIIout (Message passing) If - is a send event whose value is received by receive event . , or ● variaties (Shared memory) If - is a write event whose value is read by read event .. ● → → ftp.nnti-lhodeb . Transitivity: if - → . and . → 1 then - → 1 i - n 1- i. 2-1 # j noden : ⑨ We assume - ↛ - n 1-1 1- te 1- r 2-1 : → If neither - → . nor . → - then they are concurrent: - ∥ . n We sometimes write . ↚ - to visually emphasise that . may precede - . - ● I shared µ - → . means that - can have a causal influence on . n vondst , ✓ { i -03 This is a irreflexive partial order over all events n 1- i. = 2-1 hoera : Defined by only looking what can externally be observed ● en readi -1 Does not depend on ‘global time’ 4- ik ● modekikker Extending the total order of events on each individual process ● bed Modelling a causal order among events ● Lies + i. ⇒ → ( Kro } 1- k raadt -1 Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 30

Execution n When we run a distributed system, the nodes execute their actions. This leads to ● a particular set of events , ● partially ordered using the happened before relation → ● Note: every run may result in a different set of events and a different order among them n This partial order can be extended to a total order ⇒ ● (There are often many different options) n ,, ⟹ is an execution of the system Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 31