Upload
prosper-owens
View
221
Download
1
Embed Size (px)
Citation preview
1Telecom and InformaticsSecurity and Privacy in Distributed Services
Trial lecture: Security and Privacy in Distributed
Services
Richard Torbjørn Sanders
NTNU Dept. of Telematics / SINTEF ICT
Richard Torbjørn Sanders
NTNU Dept. of Telematics / SINTEF ICT
2Telecom and InformaticsSecurity and Privacy in Distributed Services
Main points
General introduction – no detailed state-of-the-art Define what distributed services are Show how distributed services are modelled in UML Mechanisms at the service session layer
General introduction – no detailed state-of-the-art Define what distributed services are Show how distributed services are modelled in UML Mechanisms at the service session layer
3Telecom and InformaticsSecurity and Privacy in Distributed Services
What is a distributed service?
Daily use: Service is something that an organization or system
provides to the public
Within information and communication technology: Several definitions exist
Daily use: Service is something that an organization or system
provides to the public
Within information and communication technology: Several definitions exist
4Telecom and InformaticsSecurity and Privacy in Distributed Services
Two kinds of service distribution: Client-server paradigm (web services)
One-way initiatives A service as an interface Restricted
Client-server paradigm (web services) One-way initiatives A service as an interface Restricted
Collaborative services (telecom) Multi-way initiatives A service as a collaboration General
Collaborative services (telecom) Multi-way initiatives A service as a collaboration General
Distributed resources
initiativeresponse
Distributed service logic
two-way initiatives
5Telecom and InformaticsSecurity and Privacy in Distributed Services
Definition of service
A service is a collaboration between roles performed by service components (actors) in order to offer functionality to the environment
A service is a collaboration between roles performed by service components (actors) in order to offer functionality to the environment
Actor1 Actor2 Actor3 Actor4 Actor5
Service 3
Service 2
Service 1Service
role
Horizontal composition(within a service)
Vertical composition (within an actor)
6Telecom and InformaticsSecurity and Privacy in Distributed Services
Defining services in the Unified Modeling Language (UML)
buyer : Person seller : PersonSale
Actor objectPeter’s phone
plays
Paul’s PC
plays
OrganisationPublic provideruser
Role name : role typeCollaboration
Service
AssociationCollaboration
Role
7Telecom and InformaticsSecurity and Privacy in Distributed Services
sd successful sale
DeliveryPayment
Payment
DeliveryPayment
Delivery
: buyer : seller
Request (goods)
Offer (quantity, quality, price)
Order (quantity)
Invoice (amount)
: buyer : seller
Request (goods)
Offer (quantity, quality, price)
Order (quantity)
Invoice (amount)
Service interactionsSequence diagram
Interactions
Roles
sd successful sale Cash&Carrysd successful sale No Worriessd successful sale Pay On Delivery
8Telecom and InformaticsSecurity and Privacy in Distributed Services
Collaborations and roles
Sale
buyer : Person 1 seller : Person 1
Collaboration
Role name and type
Connector
9Telecom and InformaticsSecurity and Privacy in Distributed Services
Composite service
Banana distribution
consumer grower
retailer wholesaler buyer
whole : Sale
seller
seller
raw : Sale
buyer
buyer
retail : Sale
seller
Collaboration use
10Telecom and InformaticsSecurity and Privacy in Distributed Services
Security and privacy
Threats to citizens, organisations and society Countermeasures
in the context of distributed services Safety is not treated
e.g. poisonous bananas…
Threats to citizens, organisations and society Countermeasures
in the context of distributed services Safety is not treated
e.g. poisonous bananas…
11Telecom and InformaticsSecurity and Privacy in Distributed Services
Security and privacy issues
Security: Confidentiality: keeping interactions secret from others Integrity: ensuring that interactions are not hampered with Traceability: documenting that interactions have taken place Availability: are services offered as advertised? Authenticity: are the players who they say they are?
Privacy: the right to choose freely what to expose
Security: Confidentiality: keeping interactions secret from others Integrity: ensuring that interactions are not hampered with Traceability: documenting that interactions have taken place Availability: are services offered as advertised? Authenticity: are the players who they say they are?
Privacy: the right to choose freely what to expose
12Telecom and InformaticsSecurity and Privacy in Distributed Services
Layers
Service
Physical Physical
Network Network
Session Session
Application Application
Many security solutions exist
Little done. Focus here!
Security solution not possible
13Telecom and InformaticsSecurity and Privacy in Distributed Services
Confidentialitysd successful sale
: buyer : seller
Request (goods)
Offer (quantity, quality, price)
Keeping interactions secret from others Countermeasures:
Avoidance through encryption at the network level Many standard solutions are available
Challenges: Ease of use for the public
Set up, understand consequences and scope
Keeping interactions secret from others Countermeasures:
Avoidance through encryption at the network level Many standard solutions are available
Challenges: Ease of use for the public
Set up, understand consequences and scope
Eavesdropping
14Telecom and InformaticsSecurity and Privacy in Distributed Services
Integritysd order
: buyer : seller
Order (goods)
Invoice (amount)
Ensuring that interactions are not hampered with Countermeasures:
Detection through use of checksums at the network level Avoidance through encryption at the network level
Many standard solutions are available
Ensuring that interactions are not hampered with Countermeasures:
Detection through use of checksums at the network level Avoidance through encryption at the network level
Many standard solutions are available
Changing content
15Telecom and InformaticsSecurity and Privacy in Distributed Services
Traceabilitysd order
: buyer : seller
Order (goods)
Invoice (amount)
Ensuring that messages or sessions are not repudiated Countermeasures:
Prevention through digital signatures at the network level Standard solutions are available
Ensuring that messages or sessions are not repudiated Countermeasures:
Prevention through digital signatures at the network level Standard solutions are available
Deny exchange
16Telecom and InformaticsSecurity and Privacy in Distributed Services
Availabilitysd successful sale
: buyer : seller
Request (goods)
{no answer}
Ensuring that services are offered as advertised “Denial of service attack”
Countermeasures: Blocking requests from bogus sources at the network level
Not easy to identify bogus sources Role request mechanisms at the session layer
Ensuring that services are offered as advertised “Denial of service attack”
Countermeasures: Blocking requests from bogus sources at the network level
Not easy to identify bogus sources Role request mechanisms at the session layer
Denial of service
17Telecom and InformaticsSecurity and Privacy in Distributed Services
Role request pattern - session layer
requesting : ActorTypeA requested : ActorTypeB
ActorStateMachine1. Request (seller, buyer)
3. Confirm (seller)
Buyer
2. Play (seller)
Seller
connector
Requests from illegitimate or infected actors should be discarded Easier than at the network level?
Requests from illegitimate or infected actors should be discarded Easier than at the network level?
18Telecom and InformaticsSecurity and Privacy in Distributed Services
Authenticitysd successful sale
: buyer : seller
Request (goods)
Offer (quantity, quality, price)
Ensuring that role players are who they say they are Countermeasures:
Certificates and authentication protocols at the network level Can be cumbersome
Trusted mechanism at the session layer better?
Ensuring that role players are who they say they are Countermeasures:
Certificates and authentication protocols at the network level Can be cumbersome
Trusted mechanism at the session layer better?
Masquerading/ phishing
19Telecom and InformaticsSecurity and Privacy in Distributed Services
Session layer support for authenticity
requesting : ActorTypeA requested : ActorTypeB
ActorStateMachine1. Request (seller, buyer)
3. Confirm (seller)
Buyer
2. Play (seller)
Sellerseller
Ensure proper identity of the parties Or support sessions between anonymous (but trusted) parties
Mechanism supported by a trusted session layer
Ensure proper identity of the parties Or support sessions between anonymous (but trusted) parties
Mechanism supported by a trusted session layer
Ensure identities of parties
20Telecom and InformaticsSecurity and Privacy in Distributed Services
Emerging security threats
Dynamic role playing (role learning) adds new security threats
Dynamic role playing (role learning) adds new security threats
21Telecom and InformaticsSecurity and Privacy in Distributed Services
Role learning pattern
X: Gadget W: SalesServer
Request(seller, buyer)
Confirm(sellerPOD)
BuyerSellerPOD
: ServiceBroker
Lookup(se
llerP
OD, Buye
r)
Result(i
dBuyerP
OD, pro
vider)
Exp
ort
(Buy
erP
OD
)
provider:ServiceRoleProvider
Imp
ort
(idB
uye
rPO
D)
CA’BuyerPOD
buyerBuyerPOD
Is the service role provider to be trusted? Downloading “Trojan horses” - viruses
Is the service role provider to be trusted? Downloading “Trojan horses” - viruses
Request(sellerPOD, buyerPOD)
buyerPOD sellerPOD
22Telecom and InformaticsSecurity and Privacy in Distributed Services
Privacy
“The right to be let alone” (1890) “The right to choose freely what to expose” (1967) Protect information concerning persons and organisations
Interests, actions, geographical position Contact lists Role playing capabilities
“People are not concerned about privacy as long as the threat does not become tangible”
Trade-off between privacy and availability / functionality “Amazon recommends…”
“The right to be let alone” (1890) “The right to choose freely what to expose” (1967) Protect information concerning persons and organisations
Interests, actions, geographical position Contact lists Role playing capabilities
“People are not concerned about privacy as long as the threat does not become tangible”
Trade-off between privacy and availability / functionality “Amazon recommends…”
23Telecom and InformaticsSecurity and Privacy in Distributed Services
Session layer support for privacy
requesting : ActorTypeA requested : ActorTypeB
ActorStateMachine1. Request (seller, buyer)
3. Confirm (seller)
2. Play (seller)
Sellerseller
Mechanism supported by a trusted session layer Mechanism supported by a trusted session layer
Protect private informatione.g. about role playing preferences
Buyer
24Telecom and InformaticsSecurity and Privacy in Distributed Services
Conclusion
Security and privacy issues partially dealt with by existing mechanisms
Distributed Services face new threats role learning disclosing role preferences
Trusted session layer support can be beneficial Ensure sessions between legitimate actors Support anonymity when desired Must protect personal data such as role preferences
Trusted third party provider necessary!
Security and privacy issues partially dealt with by existing mechanisms
Distributed Services face new threats role learning disclosing role preferences
Trusted session layer support can be beneficial Ensure sessions between legitimate actors Support anonymity when desired Must protect personal data such as role preferences
Trusted third party provider necessary!