Transcript PPT Chapter 21

Chapter 21
Distributed System Security
Copyright © 2008
Introduction
•
•
•
•
Issues in Distributed System Security
Message Security
Authentication of Data and Messages
Third-Party Authentication
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.2
2
Issues in Distributed System Security
• Kinds of security threats in distributed OSs:
–
–
–
–
Leakage  of message contents
Tampering  of message contents
Stealing  use of resources without authorization
Denial of service to authorized users
• Leakage and tampering are threats to message security
• Threats addressed through two means:
– Message security techniques
– Authentication of remote users
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.3
3
Security Mechanisms and Policies
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.4
4
Security Attacks in Distributed
Systems
• Additionally, security attacks can be classified into:
– Passive attacks and active attacks
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.5
5
Message Security
• Approaches to message security can be:
– Link-oriented
• Tends to be expensive
– Cost depends on the number of links over which a message
travels
– End-to-end
• Approach assumed in following discussions
• Three approaches to message security:
– Private (or secret) key encryption
– Public key encryption
– Session keys
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.6
6
Message Security (continued)
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.7
7
Distribution of Encryption Keys
• KDC: Key distribution center
– For public key encryption, KDC maintains a directory
containing public keys of all entities in the system
– When session keys are used, KDC generates a new
session key on demand
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.8
8
Distribution of Public Keys
• Steps
– Step 1: Pi → KDC : EUkdc (Pi, Pj)
– Step 2: KDC → Pi : EUi (Pj, Uj)
Encryption is employed merely to prevent message tampering
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.9
9
Distribution of Session Keys
• Steps
– Step 1: Pi → KDC : Pi, Pj
– Step 2: KDC → Pi : EVi(Pj, Ski,j, EVj(Pi,Ski,j))
– Step 3: Pi → Pj
: EVj(Pi, Ski,j), ESKi,j (< message >)
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.10
10
Preventing Message Replay Attacks
• Message replay attack: intruder copies messages
passing over network and “plays them back” later
– Replayed message may mislead recipient into taking
wrong or duplicate actions
• May affect data consistency
• May reveal confidential information
• Solution: use challenge-response protocol to check
whether message exchange is in real time
– Steps: challenge, response, detect
Pj → Pi : ESKi,j(n)
Pj → Pi : ESKi,j(n+1)
• Challenge string n is called a nonce
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.11
11
Mutual Authentication
• Processes in a communication session should validate
each other’s identity at start of session
– Defeats masquerading attacks
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.12
12
Authentication of Data and Messages
• Authenticity: requires process to verify that data was
originated/sent by a claimed person or process
– And that it has not been tampered with by intruder
• Latter aspect implies integrity of data
• To ensure integrity, use a hash or message digest
– One-way hash function for which a birthday attack is
infeasible
• Certification authority (CA) provides information
concerning encryption keys used by persons or
processes in a secure manner
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.13
13
Certification Authorities and Digital
Certificates
• A certification authority (CA):
– Assigns public and private keys to an entity
• After ascertaining its identity by using some means of
physical verification
• Keys are valid for a specific period of time
– Acts like a key distribution center
– Keeps a record of keys assigned by it
– Issues public key certificates
• Used to avoid man-in-the-middle attacks
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.14
14
Certification Authorities and Digital
Certificates (continued)
• A public key certificate includes:
– Serial number of the certificate
– Owner’s distinguished name (DN)
• DNS name of the owner, and owner’s name, unit, locality,
state, and country in a textual form
– Identifying information of owner
• E.g., address
– Owner’s public key
– Date of issue and date of expiry, and issuer’s DN
– Digital signature on the above information by CA
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.15
15
Message Authentication Codes and
Digital Signature
• A message authentication code (MAC) is used to check
the integrity of data
– A one-way hashing function is used to obtain a message
digest of data
– It is encrypted using a secret key known only by sender
and intended recipient
• A digital signature is used to verify authenticity of data
– This identification is non-repudiable
– Can also be used to detect any modifications of data after
the data was created or sent by a process
– Both are achieved through use of private keys
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.16
16
Message Authentication Codes and
Digital Signature (continued)
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.17
17
Third-Party Authentication
• How does a server know whether a process wishing to
act as its client was created by an authorized user?
– Require each server to authenticate every user through a
password
• Inconvenient
– Use a third-party authenticator and a secure arrangement
• Kerberos  uses an authentication database
• SSL  decentralized
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.18
18
Kerberos
• Developed in project Athena at MIT
• Kerberos authentication server (KAS) uses an
authentication data base
• Authorization is performed by giving tickets to
processes
– A ticket is like a capability, it authorizes a process to use
a service
– It contains the process and server ids, a session key for
communication, and the lifetime over which it is valid
• At log in time, each process gets a ticket to a ticket
granting server (TGS); TGS generates tickets for other
servers
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.19
19
Kerberos (continued)
• When a process wishes to use a server
• It submits a ticket for the server and an authenticator
containing a time-stamp encrypted with the session key
• Server checks validity of ticket, extracts the session key and
checks the authenticator to ensure that the request is made
in ‘real time’
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.20
20
Kerberos (continued)
• Initial authentication:
• Obtaining ticket for server:
• Obtaining service:
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.21
21
Secure Sockets Layer (SSL)
• SSL is a message security protocol providing
authentication and communication privacy
• Works on top of a reliable transport protocol such as
TCP/IP
• Transport layer security (TLS) protocol is based on SSL
3.0
• Two phases:
– SSL handshake protocol
– SSL record protocol
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.22
22
Secure Sockets Layer (SSL)
• Handshake protocol:
–
–
–
–
Performs server authentication
Selection of session’s cryptographic algorithms
(Optionally) performs client authentication
Enables client and server to generate shared secret
• Used to generate session keys
• Record protocol:
– <m, MACm> securely sent using a session key, where m
is text of message
• To avoid man-in-the-middle attacks, certificate is verified
and challenge-response protocol used to authenticate
client
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.23
23
Summary
• Intruders can launch a variety of attacks: leakage,
tampering, masquerading, or denial of service
– Leakage/tampering are threats to message security
• Solution: Use encryption
– Private, public and session keys
– Session keys are typically used
• Message replay attacks can be avoided using
challenge-response protocol
• Third-party authenticators: Kerberos, SSL
• Digital signature: used to verify authenticity of data
– Public key certificate used to securely distribute
public key
Operating Systems, by Dhananjay Dhamdhere
Copyright © 2008
21.24
24