Upload
marianna-woods
View
234
Download
5
Tags:
Embed Size (px)
Citation preview
Chapter 21
Distributed System SecurityCopyright © 2008
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.2Operating Systems, by Dhananjay Dhamdhere 2
Introduction
• Issues in Distributed System Security• Message Security• Authentication of Data and Messages• Third-Party Authentication
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.3Operating Systems, by Dhananjay Dhamdhere 3
Issues in Distributed System Security
• Kinds of security threats in distributed OSs:– Leakage of message contents– Tampering of message contents– Stealing use of resources without authorization– Denial of service to authorized users
• Leakage and tampering are threats to message security• Threats addressed through two means:
– Message security techniques– Authentication of remote users
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.4Operating Systems, by Dhananjay Dhamdhere 4
Security Mechanisms and Policies
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.5Operating Systems, by Dhananjay Dhamdhere 5
Security Attacks in Distributed Systems
• Additionally, security attacks can be classified into: – Passive attacks and active attacks
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.6Operating Systems, by Dhananjay Dhamdhere 6
Message Security
• Approaches to message security can be:– Link-oriented
• Tends to be expensive– Cost depends on the number of links over which a message
travels
– End-to-end• Approach assumed in following discussions
• Three approaches to message security:– Private (or secret) key encryption– Public key encryption– Session keys
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.7Operating Systems, by Dhananjay Dhamdhere 7
Message Security (continued)
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.8Operating Systems, by Dhananjay Dhamdhere 8
Distribution of Encryption Keys
• KDC: Key distribution center– For public key encryption, KDC maintains a directory
containing public keys of all entities in the system– When session keys are used, KDC generates a new
session key on demand
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.9
Distribution of Public Keys
• Steps – Step 1: Pi → KDC : EUkdc
(Pi, Pj)
– Step 2: KDC → Pi : EUi (Pj, Uj)
Encryption is employed merely to prevent message tampering
Operating Systems, by Dhananjay Dhamdhere 9
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.10
Distribution of Session Keys
• Steps– Step 1: Pi → KDC : Pi, Pj
– Step 2: KDC → Pi : EVi(Pj, Ski,j, EVj(Pi,Ski,j))
– Step 3: Pi → Pj : EVj(Pi, Ski,j), ESKi,j
(< message >)
Operating Systems, by Dhananjay Dhamdhere 10
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.11Operating Systems, by Dhananjay Dhamdhere 11
Preventing Message Replay Attacks
• Message replay attack: intruder copies messages passing over network and “plays them back” later– Replayed message may mislead recipient into taking
wrong or duplicate actions• May affect data consistency• May reveal confidential information
• Solution: use challenge-response protocol to check whether message exchange is in real time– Steps: challenge, response, detect
Pj → Pi : ESKi,j(n)
Pj → Pi : ESKi,j(n+1)
• Challenge string n is called a nonce
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.12Operating Systems, by Dhananjay Dhamdhere 12
Mutual Authentication
• Processes in a communication session should validate each other’s identity at start of session– Defeats masquerading attacks
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.13Operating Systems, by Dhananjay Dhamdhere 13
Authentication of Data and Messages
• Authenticity: requires process to verify that data was originated/sent by a claimed person or process– And that it has not been tampered with by intruder
• Latter aspect implies integrity of data
• To ensure integrity, use a hash or message digest– One-way hash function for which a birthday attack is
infeasible• Certification authority (CA) provides information
concerning encryption keys used by persons or processes in a secure manner
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.14Operating Systems, by Dhananjay Dhamdhere 14
Certification Authorities and Digital Certificates
• A certification authority (CA):– Assigns public and private keys to an entity
• After ascertaining its identity by using some means of physical verification
• Keys are valid for a specific period of time– Acts like a key distribution center– Keeps a record of keys assigned by it– Issues public key certificates
• Used to avoid man-in-the-middle attacks
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.15Operating Systems, by Dhananjay Dhamdhere 15
Certification Authorities and Digital Certificates (continued)
• A public key certificate includes:– Serial number of the certificate– Owner’s distinguished name (DN)
• DNS name of the owner, and owner’s name, unit, locality, state, and country in a textual form
– Identifying information of owner• E.g., address
– Owner’s public key– Date of issue and date of expiry, and issuer’s DN– Digital signature on the above information by CA
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.16Operating Systems, by Dhananjay Dhamdhere 16
Message Authentication Codes and Digital Signature
• A message authentication code (MAC) is used to check the integrity of data– A one-way hashing function is used to obtain a message
digest of data– It is encrypted using a secret key known only by sender
and intended recipient• A digital signature is used to verify authenticity of data
– This identification is non-repudiable– Can also be used to detect any modifications of data after
the data was created or sent by a process– Both are achieved through use of private keys
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.17Operating Systems, by Dhananjay Dhamdhere 17
Message Authentication Codes and Digital Signature (continued)
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.18Operating Systems, by Dhananjay Dhamdhere 18
Third-Party Authentication
• How does a server know whether a process wishing to act as its client was created by an authorized user?– Require each server to authenticate every user through a
password• Inconvenient
– Use a third-party authenticator and a secure arrangement• Kerberos uses an authentication database• SSL decentralized
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.19
Kerberos
• Developed in project Athena at MIT• Kerberos authentication server (KAS) uses an
authentication data base• Authorization is performed by giving tickets to
processes– A ticket is like a capability, it authorizes a process to use
a service– It contains the process and server ids, a session key for
communication, and the lifetime over which it is valid• At log in time, each process gets a ticket to a ticket
granting server (TGS); TGS generates tickets for other servers
Operating Systems, by Dhananjay Dhamdhere 19
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.20
Kerberos (continued)
• When a process wishes to use a server• It submits a ticket for the server and an authenticator
containing a time-stamp encrypted with the session key• Server checks validity of ticket, extracts the session key
and checks the authenticator to ensure that the request is made in ‘real time’
Operating Systems, by Dhananjay Dhamdhere 20
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.21Operating Systems, by Dhananjay Dhamdhere 21
Kerberos (continued)
• Initial authentication:
• Obtaining ticket for server:
• Obtaining service:
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.22Operating Systems, by Dhananjay Dhamdhere 22
Secure Sockets Layer (SSL)
• SSL is a message security protocol providing authentication and communication privacy
• Works on top of a reliable transport protocol such as TCP/IP
• Transport layer security (TLS) protocol is based on SSL 3.0
• Two phases:– SSL handshake protocol– SSL record protocol
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.23Operating Systems, by Dhananjay Dhamdhere 23
Secure Sockets Layer (SSL)
• Handshake protocol:– Performs server authentication– Selection of session’s cryptographic algorithms– (Optionally) performs client authentication– Enables client and server to generate shared secret
• Used to generate session keys• Record protocol:
– <m, MACm> securely sent using a session key, where m is text of message
• To avoid man-in-the-middle attacks, certificate is verified and challenge-response protocol used to authenticate client
Operating Systems, by Dhananjay Dhamdhere Copyright © 2008 21.24Operating Systems, by Dhananjay Dhamdhere 24
Summary
• Intruders can launch a variety of attacks: leakage, tampering, masquerading, or denial of service– Leakage/tampering are threats to message security
• Solution: Use encryption– Private, public and session keys– Session keys are typically used
• Message replay attacks can be avoided using challenge-response protocol
• Third-party authenticators: Kerberos, SSL• Digital signature: used to verify authenticity of data
– Public key certificate used to securely distribute public key