Академический Документы
Профессиональный Документы
Культура Документы
Objectives
• Various mechanisms that incorporated in DS to support security.
• Security policies.
• General design issues on security
• Cryptography
grids).
Figure 7-2. Three approaches for protection against security threats. (b) Protection
against
BCOMPunauthorized
2407 invocations.
Distributed System
ALL RIGHTS RESERVED 10
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
e.g. In many
universities/banks, certain
data/applications are
restricted to be used by
faculty/staff members
only. Students are not
allowed.
Figure 7-2. Three approaches for protection against security threats. (c) Protection
against
BCOMPunauthorized
2407 users. Distributed System
ALL RIGHTS RESERVED 11
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
• Figure 7-3. The logical organization of a distributed system into several layers.
Cryptography (1)
Types of Cryptography
• Symmetric Cryptosystem – The same key is used to encrypt
and decrypt a message.
P = DK(EK(P))
P = DKD(EKE(P))
Scenario
• Alice wants to send a confidential mesg to Bob, she should
use Bob’s public key to encrypt the mesg. because Bob is
the only one holding the private decryption key.
• Bob wants to ensure the mesg comes from Alice, In this case
Alice keep her encryption key private to encrypt the mesg
she sent, and if Bob successfully decrypt the mesg using
Alice’s public key he knows that the mesg comes from Alice
because the decryption
BCOMP 2407 key is
Distributed uniquely tied to the18encryption
System ALL RIGHTS RESERVED
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
Cryptography (2)
It is designed to operate on
64-bit blocks of data.
A block is transformed into an
encrypted block of output in 16
rounds where each round uses
a different 48 bit key for
encryption.
E.g. 2100 = 2 X 2 X 3 X 5 X 5 X 7
• brute force decryption (try each key - . It involves systematically checking all possible
keys until the correct key is found) taking 1 sec on DES, takes 149 trillion years for
AES
bits
r multiple passes: each input bit afects all output bits
r block ciphers: DES, 3DES, AES
Security Management
BCOMP 2407
ALL RIGHTS RESERVED Distributed System 28
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
Key Establishment
-Value n & g – two large num. agreed upon by Alice and Bob.
-Value x and y is secret for both parties.
-Alice send value n and g together with g x mod n – send as
plaintext.
- Now both party have shared secret key g xy mod n
X – Private key
BCOMP 2407 gx mod n – Public key
ALL RIGHTS RESERVED Distributed System 29
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
Figure 7-34. (a) Secret-key distribution. [see also Menezes et al. (1996)].
The shared secret key must be communicated along a secure channel but if
there is no
keys available, they can send it through a phone call/send on a floppy disks.
BCOMP 2407
ALL RIGHTS RESERVED Distributed System 30
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
Figure 7-34. (b) Public-key distribution [see also Menezes et al. (1996)].
Public key certificates – consists of public key together with a string identifying
the entity to which that the key is associated.
The public key + identifier signed by certification authority. E.g. the public keys
of
various certification authorities are built into most Web browsers and shipped
with the
BCOMP 2407
binaries ALL RIGHTS RESERVED Distributed System 31
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY
References
These slides are taken from Tanenbaum & Van Steen, Distributed Systems:
Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved.
0-13-239227-5
Sub Point #1
BB Network
Components
Sub Point #3
Best Practice BB
Network Design
End of Lecture