Chapter7. Security 7.1 Introduction 7.2 Overview of security techniques 7.3 Cryptographic algorithms 7.4 Digital signatures 7.5 Cryptography pragmatics
7.1. Introduction � Why need security mechanisms in DS? – Share of resources – Otherwise, can always be protected by isolation � In the physical world, organizations adopt security policies that provide for the sharing of resources within specified limits – Security policies are enforced with the help of security mechanisms � Focus and concern of the chapter: – Provision of security mechanisms to protect data in DS while allowing interactions between computers implied by security policies 10/11/2005 2
Chapter 2 Revision: Objects and principals Figure 2.13 Access rights Object invocation Client Server result Principal (user) Network Principal (server) � Object (or resource) – Mailbox, system file, part of a commercial web site � Principal – User or process that has authority (rights) to perform actions – Identity of principal is important 10/11/2005 3
Chapter 2 Revision: The enemy Figure 2.14 m Copy of The enemy m’ p m Process q Process Communication channel � Attacks – On applications that handle financial transactions or other information whose secrecy or integrity is crucial � Enemy (or adversary) � Threats – To processes, to communication channels, denial of service 10/11/2005 4
Chapter 2 Revision: Secure channels Figure 2.15 Cryptography Principal B The enemy Principal A Process p Process q Secure channel � Properties � Each process is sure of the identity of the other � Data is private and protected against tampering � Protection against repetition and reordering of data � Employs cryptography � Secrecy based on cryptographic concealment � Authentication based on proof of ownership of secrets 10/11/2005 5
The role of cryptography � Cryptography: art of encoding info. in a format only the intended recipients can access � Alice and Bob: introduced by Rivest et al. 1978, seminar paper public-key cryptosystem � So the sender, Alice, is trying to message Bob... � Over the years, the Alice and Bob story line has become more complicated, something of a high-tech reality show. Not only are Alice and Bob trying to share a secret, say a Valentine's Day poem, but Carol and Dave want in and Eve is trying to eavesdrop Alice First participant Common Terminologies: Bob Second participant Carol Participant in three- and four-party protocols Familiar names (principles) Dave Participant in four-party protocols Eve Eavesdropper used in security protocols Mallory Malicious attacker Sara A server 10/11/2005 6
The story of Alice and Bob � Cryptography is the one area of mathematics where there are people, not just numbers � says Bruce Schneier, CTO of Counterpane Internet Security and author of Applied Cryptography , milestone book opening up knowledge in the field � Ask those in the know about Alice and Bob and you'll inevitably be pointed to an after- dinner speech delivered at a technology seminar in Zurich, Switzerland in 1984 by data security expert John Gordon. In his "Story of Alice and Bob," Gordon refers to the speech as perhaps "the first time a definitive biography of Alice and Bob has been given." � From the speech we learn that "Bob is a subversive stockbroker and Alice is a two-timing speculator" and that they've never actually met one another. Gordon, who runs a consultancy in the U.K., sums up their story like this: "Against all odds, over a noisy telephone line, tapped by the tax authorities and the secret police, Alice will happily attempt, with someone she doesn't trust, whom she cannot hear clearly, and who is probably someone else, to fiddle [with] her tax returns and to organize a coup d'état, while at the same time minimizing the cost of the phone call." 10/11/2005 7
Threats and forms of attack � Eavesdropping – obtaining private or secret information � Masquerading – assuming the identity of another user/principal � Message tampering – altering the content of messages in transit � man in the middle attack (tampers with the secure channel mechanism) � Replaying – storing secure messages and sending them at a later date – maybe effective even with authenticated and encrypted messages � Denial of service – flooding a channel or other resource, denying access to others 10/11/2005 8
Threats not defeated by secure channels or other cryptographic techniques � Denial of service attacks – Deliberately excessive use of resources to the extent that they are not available to legitimate users � Large scale Distributed Denial-of-Service (DDoS) attacks � e .g. the Internet 'IP spoofing' attack, February 2000, brought down some of the largest sites on the Internet including Yahoo! and eBay for hours � In October 2002, a DDoS attack flooded the root DNS servers with traffic aiming to deprive the Internet of the DNS name lookup service (which would have paralyzed the majority of Internet applications). The attack brought down eight out of thirteen root servers, and a slightly longer attack would have had devastating effects on Internet connectivity. � One of the most difficult challenges in defending against DDoS and many other attacks is that attackers often spoof the source IP address of their packets and thus evade traditional packet filters. Unfortunately, the current routing infrastructure cannot detect that a packet’s source IP address has been spoofed or from where in the Internet a spoofed IP packet has originated from. 10/11/2005 9
The February 2000 IP Spoofing DDoS attack Campus intranets Firewall IP = n.n.n.i amazon.com IP = x.x.x.x Internet yahoo.com IP = y.y.y.y Untrue! Compromised host on each local network Echo request | source = x.x.x.x | destination = n.n.n.i sends repeatedly (for all i): resulting in: Echo reply | source = n.n.n.i | destination = x.x.x.x 10/11/2005 10
Threats not defeated by secure channels or other cryptographic techniques � Trojan horses and other viruses – Viruses can only enter computers when program code is imported. – But users often require new programs, for example: � New software installation � Mobile code downloaded dynamically by existing software (e.g. Java applets) � Accidental execution of programs transmitted surreptitiously – Defences: code authentication (signed code), code validation (type checking, proof), sandboxing. – Java designers paid considerable attention to the mechanisms for remote loading in an effort to restrict the exposure � sandbox model, providing protection against mobile code � Gives each application its own environment, each with a security manager that determines which resources are available to the application 10/11/2005 11
7.2. Overview of security techniques � Introducing some more important techniques and mechanisms for securing DS and applications � Modern cryptography includes several secure algorithms for encrypting and decryping messages, all based on the use of secrets called keys . � Cryptographic key : parameter used in an encryption algorithm such that the encryption cannot be reversed without a knowledge of the key � Two main classes of usage: – Shared secret keys : sender and recipient must share a knowledge of the key – Public/private key pairs : sender uses a public key, recipient uses a corresponding private key to decrypt the message 10/11/2005 12
Uses of cryptography: 4 scenerioes � Shall use the familiar names for principles � and the following cryptography notations Alice’s secret key K A Bob’s secret key K B Secret key shared between Alice and Bob K AB Alice’s private key (known only to Alice) K Apriv Alice’s public key (published by Alice for all to read) K Apub { M } K Message M encrypted with key K [ M ] K Message M signed with key K 10/11/2005 13
Scenario 1: Secret communication with a shared secret key Alice and Bob share a secret key K AB . 1. Alice uses K AB and an agreed encryption function E(K AB , M) to encrypt and send any number of messages {M i } KAB to Bob. 2. Bob reads the encrypted messages using the corresponding decryption function D(K AB , M). Alice and Bob can go on using K AB as long as it is safe to assume that K AB has not been compromised . i.e., disclosed Issues: – Key distribution : How can Alice send a shared key K AB to Bob securely? – Freshness of communication : How does Bob know that any {M i } isn’t a copy of an earlier encrypted message from Alice that was captured by Mallory and replayed later? Note Mallory doesn’t need K AB to do so 10/11/2005 14
Recommend
More recommend