Chapter 3 Processes: Distributed System

Chapter 3 Processes
BIT3263 | Distributed System

Prepared by Noris Bt. Ismail
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
Objectives
• Various mechanisms that incorporated in DS to support security.
• Security policies.
• General design issues on security
• Cryptography
BCOMP 2407 Distributed System

ALL RIGHTS RESERVED 2
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide

Security Threats, Policies, and
Mechanisms
Types of security threats to consider:
• Interception – Un authorised party gained access to a service or
data. E.g. Breaking into person’s private directory.
• Interruption – Situation where services/data become unavailable
e.g. DOS attack.
• Modification – Unauthorised changing of data that is no longer
remain to its original specifications.
• Fabrication – Situation where additional data/activity are
generated that would normally not exists. E.g. Intruder may
attempt to add an entry into a password/db file.


Security Policies
• Describes precisely which actions the entities in a system

are allowed to take and vice versa.
• E.g. Students registration system.
• Requirements would include that students should not be
able to
register if he has an outstanding fees.

• Also, there may be a restricted group of people that should
be given read access to registration records, whereas only
the responsible lecturer e.g. program leader/year leader
should
BCOMP be given fullDistributed
2407 access. System ALL RIGHTS RESERVED 4

Security Mechanisms
Types of security mechanisms to consider:
• Encryption – Transform the data in which attacker cannot
understand.
• Authentication – used verify the claimed identity of a user, client,
hosts, servers and other entity.
• Authorization – Check whether client is authorised to perform the
action requested.
• Auditing – Audit logs can be useful for the analysis of a security
breach and taking measures against intruders.

Example: The Globus Security

Architecture
Globus (1)
– A system supporting large scale distributed
computations in many hosts, files, and other resources are

simultaneously used for doing a computations (computational
grids).
1. The environment consists of multiple

administrative domains.
2. Local operations – i.e. operations that are carried out only

within a single domain are subject to a local domain security
Example: The Globus Security

Architecture
4. (2) entities in different
Operations between
domains require mutual authentication.
5. Global authentication replaces local

authentication.
6. Controlling access to resources is subject to

local security only.
7. BCOMP
Users2407
can delegate
Distributedrights
System to processes.
7 ALL RIGHTS RESERVED
Example: The Globus BIT3263 | Distributed System
Security Architecture (2)
Figure 7-1. The Globus security architecture


Design Issue - Focus of Control (1)
Protection of the data

that is associated
with the application
Primary concern is the

Integrity of the data
e.g. Occurs in
database
Systems – various
Integrity constraints to
be automatically
checked each time
the data is modified.
Figure 7-2. Three approaches for protection against security threats. (a)
Protection
BCOMP against
2407invalid operations
Distributed System
Focus of Control (2)

that is associated
with access control
mechanisms. E.g. by
which operations/whom.
e.g. Object-based system.

Need to specify which
clients are permitted to
invoke which methods.
Alternative – Access ctrl
methods to be applied to
an entire interface.
Figure 7-2. Three approaches for protection against security threats. (b) Protection
against
BCOMPunauthorized
2407 invocations.
Distributed System
Focus of Control (3)

Focused directly on the
users irrespective of the
operations they want to
carry out.
e.g. In many
universities/banks, certain
data/applications are
restricted to be used by
faculty/staff members
only. Students are not
allowed.
Figure 7-2. Three approaches for protection against security threats. (c) Protection
against
BCOMPunauthorized
2407 users. Distributed System
Layering of Security Mechanisms (1)
• Figure 7-3. The logical organization of a distributed system into several layers.

Layering of Security Mechanisms (2)
Figure 7-4. Several sites connected through a wide-area backbone service.

Organization located at different sites that are connected through a comm. Service
such as
SMDS (Switched Multi-megabit Data Service)
- Security – Placing encryption device at each SMDS router.

Distribution of Security Mechanisms RISSC – Reduce Interfaces for Secure
System Components.
Figure 7-5. The principle of RISSC as applied to secure distributed systems.
Preventing client and their applications directly accessed to critical services –

RISSC
Approach. Clients and their application run on different machines and can
access the
secured server only through these network interface.

Cryptography
Fundamental of security in DS is the use of

Cryptographic techniques.
• E.g. S R (send mesg. m)

• Before sending the sender encrypt m m’
(unintelligible)
• Upon receiving, R decrypt m’ m

•Encryption
BCOMP 2407and decryption are accomplished
Distributed System 15 by ALL RIGHTS RESERVED
Cryptography (1)
Figure 7-6. Intruders and eavesdroppers in communication.

Types of Cryptography
• Symmetric Cryptosystem – The same key is used to encrypt
and decrypt a message.
P = DK(EK(P))
• Asymmetric Cryptosystem – The keys for encryption and

decryption are different .
P = DKD(EKE(P))
There is a separate key KE and KD for encryption and

decryption. One is made public and the other is private.
Scenario
• Alice wants to send a confidential mesg to Bob, she should
use Bob’s public key to encrypt the mesg. because Bob is
the only one holding the private decryption key.
A (Bob’s public key) encrypt mesg.
• Bob wants to ensure the mesg comes from Alice, In this case
Alice keep her encryption key private to encrypt the mesg
she sent, and if Bob successfully decrypt the mesg using
Alice’s public key he knows that the mesg comes from Alice
because the decryption
BCOMP 2407 key is
Distributed uniquely tied to the18encryption
System ALL RIGHTS RESERVED
Cryptography (2)
Figure 7-7. Notation used in this chapter.


Symmetric Cryptosystems: DES- Data Encryption Standard
First example of Cryptographic

algo. is DES.
It is designed to operate on
64-bit blocks of data.
A block is transformed into an
encrypted block of output in 16
rounds where each round uses
a different 48 bit key for
encryption.
Each of these 16 keys is

derived from the 56-bit master
key.
Figure 7-8. (a) The principle of DES.

Symmetric Cryptosystems: DES (2)
Each encryption round i takes the

64-bit block produced by the
previous round i-1
The 64 bits are split into left

part L and a right part R ,
i -1 i-1
each containing 32 bits.
The right part is used for the
left part in the next round, that
is
Li = Ri-1
Figure 7-8. (b) Outline of one

encryption round.

Symmetric Cryptosystems: DES (3)
Figure 7-9. Details of per-round key generation in DES.


Public-Key Cryptosystems: RSA – Rivest, Shamir and Adleman
• Generating the private and public keys

requires
four steps:
E.g. 2100 = 2 X 2 X 3 X 5 X 5 X 7
• Choose two very large prime numbers, p and

q.
• Compute n = p × q and z = (p − 1) × (q −
1). 2407
BCOMP Distributed System

DES vs. RSA
• RSA – has a drawback of being

computationally more complex.
• Encrypting mesg. Using RSA is approximately
100-1000 times slower then DES.
• As a consequences, many cryptographic
system use RSA to exchange only shared
keys in a secure way and normal data.
AES: Advanced Encryption Standard

• new (Nov. 2001) symmetric-key NIST standard, replacing DES

• processes data in 126 bit blocks
• 126, 192, or 256 bit keys
• brute force decryption (try each key - . It involves systematically checking all possible
keys until the correct key is found) taking 1 sec on DES, takes 149 trillion years for
AES
ALL RIGHTS RESERVED 6: Network Security 6-25


Block Cipher
64-bit input
6bi 6bi 6bi 6bi 6bi 6bi 6bi 6bi

loop for ts ts ts ts ts ts ts ts
n rounds
T1 T2 T3 T4 T5 T6 T7 T6
• one pass
6 6 6 6 6 6 6 6
bits bits bits bits bits bits bits bits
through: one
64-bit scrambler
input bit affects
eight output 64-bit output
bits
r multiple passes: each input bit afects all output bits
r block ciphers: DES, 3DES, AES

Public key cryptography

symmetric key crypto public key cryptography

r radically different approach
• requires sender, [Diffie-Hellman76, RSA76]
receiver know shared r sender, receiver do not
secret key share secret key
• Q: how to agree on key r public encryption key known
to all
in first place (particularly r private decryption key known
if never “met”)? only to receiver

Security Management
• General management of cryptographic keys

• Problem of securely managing a group of servers
• Authorization management by looking at capabilities(attribute certificates)
BCOMP 2407
ALL RIGHTS RESERVED Distributed System 28
Key Establishment
Figure 7-33. The principle of Diffie-Hellman key exchange.
-Value n & g – two large num. agreed upon by Alice and Bob.
-Value x and y is secret for both parties.
-Alice send value n and g together with g x mod n – send as
plaintext.
- Now both party have shared secret key g xy mod n
X – Private key
BCOMP 2407 gx mod n – Public key
Key Distribution (1)
Figure 7-34. (a) Secret-key distribution. [see also Menezes et al. (1996)].
The shared secret key must be communicated along a secure channel but if
there is no
keys available, they can send it through a phone call/send on a floppy disks.
BCOMP 2407
Key Distribution (2)
Figure 7-34. (b) Public-key distribution [see also Menezes et al. (1996)].
Public key certificates – consists of public key together with a string identifying
the entity to which that the key is associated.
The public key + identifier signed by certification authority. E.g. the public keys
of
various certification authorities are built into most Web browsers and shipped
with the
BCOMP 2407
binaries ALL RIGHTS RESERVED Distributed System 31
References
These slides are taken from Tanenbaum & Van Steen, Distributed Systems:
Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved.
0-13-239227-5
ALL RIGHTS RESERVED

Sub Point #1
BB Network
Components
Sub Point #4 Sub Point #2

Improving BB Network KEY BB Network
Architectures vs.
Performance POINTS Technologies
Sub Point #3
Best Practice BB
Network Design
ALL RIGHTS RESERVED

End of Lecture
ALL RIGHTS RESERVED


Chapter 3 Processes: Distributed System

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Chapter 3 Processes: Distributed System

Загружено:

Авторское право:

Доступные форматы

Chapter 3 Processes

BIT3263 | Distributed System

BIT3263 | Distributed System

BCOMP 2407 Distributed System

BIT3263 | Distributed System

BCOMP 2407 Distributed System

BIT3263 | Distributed System

• Describes precisely which actions the entities in a system

register if he has an outstanding fees.

BIT3263 | Distributed System

BCOMP 2407 Distributed System

BIT3263 | Distributed System

Example: The Globus Security

computations in many hosts, files, and other resources are

1. The environment consists of multiple

2. Local operations – i.e. operations that are carried out only

BIT3263 | Distributed System

Example: The Globus Security

5. Global authentication replaces local

6. Controlling access to resources is subject to

Example: The Globus BIT3263 | Distributed System

Security Architecture (2)

Figure 7-1. The Globus security architecture

BIT3263 | Distributed System

Protection of the data

Primary concern is the

BIT3263 | Distributed System

Focus of Control (2)

Protection of the data

e.g. Object-based system.

BIT3263 | Distributed System

Focus of Control (3)

Protection of the data

BIT3263 | Distributed System

Layering of Security Mechanisms (1)

BCOMP 2407 Distributed System

BIT3263 | Distributed System

Layering of Security Mechanisms (2)

Figure 7-4. Several sites connected through a wide-area backbone service.

BIT3263 | Distributed System

Figure 7-5. The principle of RISSC as applied to secure distributed systems.

Preventing client and their applications directly accessed to critical services –

BIT3263 | Distributed System

Fundamental of security in DS is the use of

• E.g. S R (send mesg. m)

• Upon receiving, R decrypt m’ m

BIT3263 | Distributed System

Figure 7-6. Intruders and eavesdroppers in communication.

BCOMP 2407 Distributed System

BIT3263 | Distributed System

• Asymmetric Cryptosystem – The keys for encryption and

There is a separate key KE and KD for encryption and

BIT3263 | Distributed System

A (Bob’s public key) encrypt mesg.

BIT3263 | Distributed System

Figure 7-7. Notation used in this chapter.

BCOMP 2407 Distributed System

BIT3263 | Distributed System

First example of Cryptographic

Each of these 16 keys is

BIT3263 | Distributed System

Each encryption round i takes the

The 64 bits are split into left