Hybrid scheme Kerberos protocol � Public-key: nice solution for key distribution, but � Question in Homework 4 computational expensive � Two Key Distribution Centers (KDC): AS, � Secret-key: efficient, but one requirement. TGS. � In applications (particularly, huge data), a hybrid scheme is used � Two types of tickets: ticket-granting ticket � Easy of key distribution (TGT), service-granting ticket (SGT). � Efficiency � AS Exchange � Question: what are the advantages of hybrid scheme? � 1. Client C requests a TGT (on behalf of the user U ) by sending its user’s ID and TGS ID to AS. � 2. AS replies with a encrypted TGT, which is used by the client C later in a TGS Exchange. � 2.1 When message arrives, C asks U for the password, generates the key, and decrypt the incoming message. � TGT has two parts: one part is for the client; the other part is for TGS. � Each part contains the session key to be shared between C and TGS. Also, timestamp + 1 2 lifetime. 1
Kerberos protocol Transport Layer Security (TLS) � Two layers � AS Exchange � TGS Exchange � TLS Record Protocol 3. C requests a SGT (on behalf of the user U ) by � � TLS Handshake Protocol sending its user’s ID, Server S ID, and TGT to AS. 4. TGS decrypts the TGT and verifies it (ID, lifetime). � Then issues a encrypted SGT to C. SGT has the same structure as TGT. � Each part contains another session key to be shared � between C and S. Also, timestamp + lifetime. � AP Exchange 5. C requests access to a service (on behalf of the user � U ), with User ID, and the SGT. � Why two Key Distribution Centers: AS and TGS? User doesn’t need to reenter password for different � services. (binding password to a TGT) Application servers belong to different network � domains, organized by different TGS in different domains. Similarly, a fixed user may use one fixed AS. In this protocol, this user can be served by many TGSs and as a result, can be severed by a large number of application servers. 3 4 2
TLS Record Protocol The TLS Handshake Protocol � Runs on top of a connection-oriented � Its operations � allows the server and client to authenticate each other protocol: TCP; � negotiate encryption and MAC algorithms, � provides two services for SSL connections � agree on keys for the TLS Record Protocol. � May be invoked to change the specification of a secure � confidentiality, integrity. channel. � Keys for symmetric encryption and keys used to � The Handshake protocol is used before transmitting form MAC are generated by the TLS application data. Handshake Protocol. � During Handshake Protocol, pending states are � Input: a message to be transmitted. created. After successfully executing one Handshake Protocol, the pending states become the � Its operations: fragment data into blocks; current states. compress data (optionally); apply a MAC Establish protocol version, session ID, ClientHello cipher suite, compression method, for data-integrity; encrypt for ServerHello exchange random values confidentiality; append SSL record header; Certificate and transmit the result to the receiving O ptionally send server certificate and Certificate Request request client certificate process. ServerHelloDone � At the receiving side, it receives cipher data S end client certificate response if Client Certificate Server requested blocks, decrypts them, verifies the MAC, Certificate Verify optionally decompressed, reassembles the Change Cipher Spec Change cipher suite and finish blocks and delivers the result to higher level Finished handshake application processes. Change Cipher Spec 5 6 Finished 3
Domain Name System (DNS) Domain Name System (DNS) � When the size of Internet was small, � Each node in the tree has a label, and a domain name. � a host file: two columns. � Root label is an empty string � Every host store one copy and update it periodically from a master host file. � Children of a node have different labels � Impossible for today’s Internet � Domain name is a sequence of labels from the current node up to the root, separated by dots. � One simple solution: server � Fully Qualified Domain Name (FQDN): a � Disadvantages: inefficient; unreliable. complete domain name � Another solution: distribution & replication. � Partially Qualified Domain Name (PQDN): a � client/server group model domain name is ended at some node except the root � Two ways to organize name space � Flat: a name is a sequence of characters without structure • cannot be used in a large system such as the Internet. � Hierarchy: each name is composed of several parts. • called domain name space • each organization can choose the prefix name for its host independently. 7 8 4
DNS in the Internet Domain Name System (DNS) � generic domains � Two approaches � Recursive resolution : the resolver expects the server to � country domains supply the final answer � inverse domain � Iterative Resolution • it returns to the client the IP address of the server that it � map an address to a name thinks can resolve the query. � Example: a server has a list of authorized • The client is responsible to repeat the query to this clients, but only IP address from packet. second server. • the server may ask its resolver to send a query to the � Caching technique in DNS DNS server and ask for a mapping of address to � recursive resolution name. � Store the mapping before send it to client • inverse query (or pointer query) � One problem: cache some mapping for a long time. So the • “inverse-IP.in-addr.arpa” client receives an out-of-date mapping. � two simple techniques: “time-to-live” (TTL) � Original server binds a mapping with a TTL value. • It defines the time in seconds that the other servers can cache the mapping information. � Receiving server sets a TTL for each mapping in its cache. 9 1 0 5
Time Cristian’s method: time server � Synchronizing physical clocks � 1. Client process sends a time request to time server. � External synchronization : clock-draft-rate is � 2. After receiving a request, the server replies with bounded by some constant. the time according to its clock. • Time server: Cristian’s method, the Network Time Protocol � Analysis � Internal synchronization : the difference � no upper bound on message transmission between any two computer clocks is bounded by delays. some constant. � Its success is based on that the round-trip times • Master/slaves: the Berkeley’s algorithm for messages exchange are short compared with the required accuracy. � a group of synchronized time servers • multicast its request to all the time servers in the LAN, and use the first replied time. • Better performance: – server failure, reply message omission failure; – the first replied time has smaller value (more close to the perfect time). 1 1 1 2 6
The Berkeley’s algorithm The Network Time Protocol (NTP) � One computer is chosen to be a master � Understand its basic ideas, especially ideas � The master computer periodically selects the other on accuracy of NTP. computers to synchronize their clocks, called slaves . � The slaves send back their clock values to master. � The master estimates their clock times, and computes the average values of all the clock times � T + (round-trip time/2). � The master sends the adjustment amount for each individual slave. � The reason for not sending the updated current time � to avoid the further uncertainty introduced by message transmission time � One possible problem: readings from faulty clocks � One simple fix: select a subset of clocks whose mutual difference is bounded by some specified value 1 1 3 4 7
Logical time and logical clocks Lamport’s logical clocks � Knowing the ordering of events is important � It is a monotonically increasing software counter. It need not relate to a physical clock � not enough with physical time � Two simple points [Lamport 1978] � Each process p i has a logical clock L i � the order of two events in the same process � LC1: L i is incremented by 1 before each event � the event of sending message always happens before the at process p i event of receiving the message. � LC2: (a) when process p i sends message m , it � happened-before relations: partial order, � piggybacks t = L i � HB1, HB2 (b) when p j receives (m,t), it sets L j := � HB3 means happened-before relation is transitive max ( L j , t ) and applies LC1 before p 1 timestamping the event receive ( m) a b m 1 � e → e’ ⇒ L(e) < L(e’) but not vice versa � Example: event b and event e Physical p 2 � shortcoming of Lamport’s clock time c d m 2 1 2 p 3 p 1 a b m 1 e f a → b (at p 1) c → d (at p 2) b → c ( m 1) also d → f ( m 2) 3 4 Physical p 2 time c d m 2 Not all events are related by → , e.g., a → e and e → a 5 1 they are said to be concurrent; write as a || e p 3 e f 1 1 5 6 8
Recommend
More recommend