Chapter 20 - Distributed system security. This chapter discusses authentication and message security measures used in distributed operating systems to thwart such attacks. Methods of verifying authenticity of data are also discussed.
Trang 1in any form or by any means, without the prior written permission of the publisher, or used beyond the limited distribution to teachers and educators permitted by McGrawHill for their individual course preparation. If you are a student using this PowerPoint slide, you are using it without permission.
Trang 2Security issues in distributed systems
• Interprocess messages travel over the network
– Hence intruders can perpetrate attacks through messages
Trang 3Security threats in distributed systems
• Following threats can be posed through messages
Trang 4Mechanisms and policies for distributed system security
• Encryption ensures secrecy and integrity of meta data and messages
• Key distribution center generates encryption keys for communication
• Authentication is used to prevent masquerading
Trang 5Classes of security attacks
• Four classes of attacks
Trang 6Message security
• Three techniques are used for message security
– Private key encryption
* All messages sent to a process are encrypted with its private key
Problems: Private key is exposed to attacks all through process lifetime Difficult for user processes to know each other’s keys
Used for communication from OS to user processes
– Public key encryption
* A process has a (public key, private key) pair
Encryption is asymmetric: Messages sent to it are encrypted
using its public key; it decrypts them using its private key
– Session key encryption
* A session key is generated for each communication session
between processes
Limits exposure of the encryption key
Trang 7Encryption techniques
• Public key encryption
* V i cannot be guessed from U i
* For any message m, D vi (E Ui (P m )) = P m for all U i , V i
* Sender encrypts using U i , P i decrypts using V i
* Rivest-Shamir-Adelman (RSA) algorithm is used to generate (U i , V i)
Let (u, v) be the pair of keys and x, y < n
» E u (x) = x u mod n
» D v (y) = y v mod n
» v should be relatively prime to (p – 1) x (q – 1)
» u x v mod [(q – 1 ) x ( q – 1 )] = 1
– Keys are longer than private keys and encryption / decryption is slower
Trang 8Distribution of encryption keys
• Processes have to know which keys to use for
encrypting messages to other processes
– A key distribution center (KDC) is a trusted service which
provides the keys securely to processes
– When process Pi wishes to communicate with Pj
* It makes a request to KDC, passing P j’s id
* KDC actions:
Public key encryption: Provides public key of P i
Session key encryption: Generates a session key and provides
it to P i Also enables P i to pass the key securely to P j
Trang 9Distribution of public keys
Trang 10Distribution of session keys
• Steps
– Step 1: Pi → KDC : Pi, Pj
– Step 2: KDC → Pi : EVi(Pj, Ski,j, EVj(Pi,Ski,j))
– Step 3: Pi → Pj : EVj(Pi, Ski,j), ESKi,j (< message >)
Trang 11Obtaining a session key
• In a public key system, a process can itself choose a
session key to communicate with another process
– Step 1: Pi → KDC : EUkdc (Pi, Pj)
– Step 2: KDC → Pi : EUi (Pj, Uj)
– Step 3: Pi → Pj : EUj(Pi, Ski,j), ESKi,j(< message >)
Pi requests public key of Pj in step 1 and obtains it in step 2 In
step 3, it communicates the selected session key to Pj
Trang 12Preventing message replay attacks
• How to check whether message m received by Pj from
Pi is a genuine message
– Check whether m was sent by a Pi in ‘real time’
– The Challenge-response protocol is used for this purpose
Trang 13Challenge–response protocol
• Steps
– Challenge
* P j throws a challenge to the message sender to prove that it is P i
It sends a challenge string encrypted using P i’s key
The string is called a nonce
– Response
* Message performs following actions
Decrypts the message
Transforms the challenge string in expected manner
Encrypts result so that only P j can decrypt it and sends it back
– Detect
* P j decrypts and checks whether the reply is as expected
Trang 14* Step 3: P i → P j : E Uj (P i , Sk i,j ), E SKi,j (< message >)
– The recipient process must authenticate the sender using the challenge–response protocol
* Step 4: P j → P i : E Ui (P j , n)
* Step 5: P i → P j : E Uj (n+1)
– Now the communication can begin
Trang 15Authentication of data and messages
• Authenticity and integrity of data
Trang 16Integrity of data
• Integrity is ensured through use of a message digest
– Message digest v of data d is a fixed length hash value obtained from d
* It is obtained by employing a one-way hash function
* Given v, it should be impossible to construct a data d’ such that v is
its message digest
It is called a birthday attack
– The pair < d, v > is stored
* To check whether d has been tampered with, the hash value of d is obtained and compared with v
– v or < d, v > is encrypted to protect against tampering
* It makes the integrity check foolproof
Trang 17Authenticity of data
• Authenticity has two requirements
– Integrity of data
* It is ensured through use of the message digest (see previous slide)
– Successful decryption of v or < d, v > should verify that it was
originated or sent by the claimed entity
* It is ensured by encrypting v or < d, v > with the encryption key of the originator or sender of d
* The process wishing to verify authenticily of d must obtain encryption key of the data’s originator or sender
A certification authority is used to securely obtain the encryption key of the originator or sender of d
* Successful decryption of d or < d, v > now implies authenticity of
data
Trang 18Certification authority (CA)
• CA assigns public and private keys to an entity after
ascertaining its identity though physical verification
– It issues a public key certificate containing following information
* Serial no, owner’s distinguishing name, identification information
* Owner’s public key
* Date of issue and expiry
* Digital signature by the CA
– A process obtains the certificate of the server it wishes to use
– It authenticates the server to prevent a man-in-the-middle attack
* In this attack, an intruder masquerades as a server
Intercepts messages, provides fake certificate
Digital signature thwarts such attacks
Trang 19Message authentication code (MAC)
and Digital signature
• MAC is used to check integrity of data, digital signature
is used to ensure authenticity of data
– Message authentication code (MAC)
* Message digest v of data d is obtained using a one-way hashing fn
– Digital signature
* P i , the originator or sender of d encrypts it to obtain v
* Encrypts v and, optionally, a time stamp with its own private key to obtain the DS d , the digital signature for d
* The pair < d, DS d > is stored or transmitted
* Recipient of < d, DS d > decrypts it using public key of P i
Successful decryption guarantees authenticity
P cannot deny having originated or sent d (non-repudiability)
Trang 20Use of a digital signature
Trang 21Third party authentication
• How does a server know that a process that wishes to
use its services was created by an authorized user?
– A third party authenticator performs two functions to facilitate
answering of this question
* Authentication
It authenticates a user
* Secure arrangement to introduce an authorized user to a server
This way, a server knows that a user is genuine
Trang 22• Features of Kerberos
– Authentication is performed through an authentication data base
– Authorization is performed by providing tickets to processes
* A ticket is like a capability, it authorizes a process to use a service
* It contains the process and server ids, a session key for communication, and the lifetime over which it is valid
* At log in time, each process gets a ticket to a ticket granting server
(TGS); TGS generates tickets for other servers
– When a process wishes to use a server
* It submits a ticket for the server and an authenticator containing a
time-stamp encrypted with the session key
* Server checks validity of ticket, extracts the session key and checks the authenticator to ensure that the request is made in ‘real time’
Trang 23• Client is a process that operates on user’s computer and obtains services
on behalf of the user
• Step 1.3 provides session key and ticket for TGS
• Step 2.1 provides session key and ticket for a server
• Steps 3.1, 3.2 implement invocation
of a service
Trang 24Secure sockets layer (SSL)
• SSL is a message security protocol providing
authentication and communication privacy
– SSL handshake protocol is used before a client-server session
starts
* It uses RSA public-key encryption to authenticate the server
* It also optionally authenticates the client
* Generates symmetric session keys for the session
– SSL record protocol
* Performs actual message exchange using the session key
– Message integrity is provided through MAC and authenticity
through digital signature
Trang 25Secure sockets layer (SSL)
• SSL Handshake protocol
– Client sends client-hello message containing the string nclient
– Server sends server-hello message containing nserver
– Server sends its digital certificate; optionally asks for the client’s
– Client sends encrypted premaster secret message containing a 48-byte premaster secret encrypted with server’s public key
– Both client and server now generate master secret from the
function
– Four keys are generated from the premaster secret
* two are used for encryption of messages between the client and the server, and two are used for generating MACs