D ISTRIBUTED S YSTEMS [COMP9243] Lecture 9: Security T HE C AST - PowerPoint PPT Presentation

D ISTRIBUTED S YSTEMS [COMP9243] Lecture 9: Security T HE C AST Slide 1 Slide 3 ➀ Introduction ➁ Cryptography ➂ Secure protocols and communication ➃ Authentication ➄ Authorisation S ECURITY IN D ISTRIBUTED S YSTEMS Confidentiality: information disclosed/services provided only to authorised parties Slide 2 Slide 4 Integrity: alterations can only be made in an authorised way Availability: system is ready to be used by authorised parties T HE C AST 1 T HE C AST 2

S ECURITY P OLICY Security is a question of tradeoffs The Good Guys: Security Policy: ➜ Alice, Bob ➜ A statement of security requirements ➜ Want to communicate securely ➜ Describes which actions entities in a system are allowed to take and which ones are prohibited The Bad Guys: Slide 5 Slide 7 • Entities: users, services, data, machines, etc. ➜ Eve • Operations: read, write, send, start, stop, etc. ➜ The eavesdropper — tries to thwart Alice and Bob’s plans Example: The Alice and Bob After Dinner Speech: ➜ Everyone (staff and students) has an account ➜ google it for more about Alice and Bob ➜ Access to course accounts must be approved ➜ Only course accounts can modify grades Anything missing? B REAKING S ECURITY Vulnerability: A UTHORISED A CTIONS A vulnerability is a weakness in the system that could Security is about making sure that only authorised potentially be exercised (accidentally triggered or actions are performed in the system. intentionally exploited) to cause a breach or violation Example Actions: of the system’s security policy. ➜ Reading data Slide 6 Slide 8 Threat: ➜ Modifying data (writing, creating, deleting) ➜ Using a service A threat is a possible breach of security policy (the ➜ Managing a service potential for an attack). A concrete threat consists of All of these could be abused if performed in a threat-source and an exercisable vulnerability. unauthorised ways. Attack: Examples? When a vulnerability is exercised we call this an attack . S ECURITY P OLICY 3 C LASSES OF S ECURITY T HREATS 4

C LASSES OF S ECURITY T HREATS P ROTECTING A D ISTRIBUTED S YSTEM Interception: unauthorised party has gained access to a Controls: service or data Authentication: verify the claimed identity of an entity Interruption: service or data become unavailable, unusable, destroyed, etc. Authorisation: determine what actions an authenticated Slide 9 Slide 11 entity is authorised to perform Modification: unauthorised changing of data or tampering Auditing: trace which entities access what with a service (so that it no longer adheres to its specifications) Message Confidentiality: secret communication Fabrication: additional data or activity are generated that Message Integrity: tamperproof messages would normally not exist S ECURITY M ECHANISMS A TTACKING A D ISTRIBUTED S YSTEM Good Mechanisms: Attacking the Communication Channel: Encryption: transform data into something an attacker ➜ Eavesdropping cannot understand ➜ Masquerading • A means to implement confidentiality ➜ Message tampering ➜ Denial of service • Support for integrity checks (check if data has been modified) Slide 10 Slide 12 Attacking the Interfaces: Signatures and Digests support for integrity, authentication ➜ Unauthorised access ➜ Denial of Service Secure Protocols support for authentication, authorisation Attacking the Systems: Secure Communication support confidentiality and integrity ➜ Applications Security Architecture based on sound principles such as: ➜ OS small TCB, Principle of Least Privilege, support for ➜ Hardware authorisation P ROTECTING A D ISTRIBUTED S YSTEM 5 S ECURITY M ECHANISMS 6

H OW T O M AKE I T E ASIER Distribution of Mechanisms: ➜ Trusted Computing Base (TCB): those parts of the system that Less Good Mechanisms: are able to compromise security ➜ The smaller the TCB the better. Obscurity: count on system details being unknown Slide 13 Slide 15 ➜ May have to implement key services yourself Intimidation: count on fear to keep you safe � Physically separate security services from other services Simplicity: ➜ Simplicity contributes to trust ➜ Very difficult to make a simple secure system W HY S ECURITY IS H ARD Weakest Link: ➜ Security of a system is only as strong as its weakest link ➜ Need to make sure all weak links are removed F OUNDATIONS ➜ One bug is enough ➜ Cryptography ➜ People are often the weakest link • Ciphers Complexity: • Signatures and Digests Slide 14 Slide 16 ➜ Security involves many separate subsystems • Secure Communication ➜ Complex to set up and use • Security Protocols ➜ People won’t use complex systems ➜ Authentication Pervasiveness: ➜ Authorisation ➜ Application level ➜ Middleware level ➜ Network level ➜ OS level, Hardware Level H OW T O M AKE I T E ASIER 7 C RYPTOGRAPHY 8

C RYPTOGRAPHY E NCRYPTION The Basic Idea: The essence of encryption functions: Passive intruder Active intruder Active intruder only listens to C can alter messages can insert messages Find a function E that is easy to compute, but for which it is hard to compute T from { T } K E without a matching decryption key K D for K E . ➜ “Hard to compute” means that it must take at least hundreds of Slide 17 Slide 19 Encryption Decryption years to reverse E without knowledge of K D or to compute K D Ciphertext Plaintext, P Plaintext method C = E (P) method K ➜ Such functions are known as one-way functions. Encryption Decryption key, E key, D Cipher must be resilient to: Receiver Sender K K ➜ Ciphertext only attacks ➜ Map cleartext (or plaintext) T to ciphertext (or cryptogram ) C ➜ Known plaintext attacks ➜ Mapping is by a well-known function parameterised by a key K ➜ Chosen plaintext attacks ➜ T infeasible to reconstruct from C without knowledge of key ➜ Brute-force attacks ➜ E ( K E , T ) = { T } K E ; D ( K D , C ) = { C } K D ; {{ T } K E } K D = T What properties should a good cipher possess? ➜ Confusion and Diffusion Cryptographer: ➜ Confusion : every bit of key influences large number of ➜ Uses cryptography to convert plaintext into ciphertext ciphertext bits ➜ Diffusion : every bit of plaintext influences large number of Cryptanalyst: ciphertext bits Slide 18 Slide 20 ➜ Uses cryptanalysis to attempt to turn ciphertext back into ➜ Fast to compute, ideally in hardware. Is this always good? plaintext ➜ Not critically depend on users selecting “good” keys ➜ Cryptanalysis: the science of making encrypted data ➜ Have been heavily scrutinised by experts unencrypted ➜ Based on operations which are provably “hard” to invert ➜ Easy to use E NCRYPTION 9 E NCRYPTION 10

S YMMETRIC CIPHERS Encrypt In practice, keys are of finite length. Consequences? Cipher ➜ Finite key space ⇒ susceptible to exhaustive search K Plaintext text ➜ Longer keys ⇒ more time needed for brute-force attack • Time to guess a key is exponential in the number of bits of Slide 21 Slide 23 Decrypt the key � Longer keys also make E and D more expensive ➜ Cipher must be secure against any systematic attack ➜ Secret key: K E = K D significantly faster than exhaustive search of key space � fast ⇒ suited for large data volumes � Secure channel is needed to establish the shared, secret key ➜ How many keys needed for N agents? ➼ For any two agents, one key is needed B ASIC C IPHERS Substitution Ciphers: ➜ Each plaintext character replaced by a ciphertext character T INY E NCRYPTION A LGORITHM (TEA) ➜ Caesar cipher: shift alphabet x positions • Easy to break using statistical properties of language Symmetric encryption algorithm by Wheeler & Needham: ➜ Book cipher: replace words by location of word in book ➜ Encode a 64-bit block ( text ) consisting of two 32-bit integers • Knowledge of book is the key ➜ Using a 128-bit key ( k ) represented by four 32-bit integers Slide 22 Slide 24 ➜ Despite its simplicity, TEA is a secure and reasonably fast One Time Pads: encryption algorithm ➜ Random string XORed with plaintext ➜ Can easily be implemented in hardware ➜ Information theoretically secure ➜ Approximately three times as fast as DES ➜ Random string must: ➜ Achieves complete diffusion • Have no pattern or be predictable • Not be reused • Not be known by cryptanalyst ➜ Key distribution problem S YMMETRIC CIPHERS 11 T INY E NCRYPTION A LGORITHM (TEA) 12