COMM 527: Distributed Systems

Security Models in Distributed Systems

 Learning Objectives

 Security model
 Types of threat
 Basic techniques
 Cryptographic techniques

Secrecy

Authentication

Certificates and credentials

Access control
 Audit trails
 Symmetric and asymmetric encryption algorithms
 Digital signatures
 Secure Socket Layer (SSL)

2
Why Security is so Important in DS?
 There is a pervasive need for measures to guarantee the
privacy, integrity, and availability of resources in distributed
systems.
 Security attacks take various forms: Eavesdropping,
masquerading, tampering, and denial of service.
 Designers of secure distributed systems must cope with the
exposed interfaces and insecure network in an environment
where attackers are likely to have knowledge of the
algorithms used to deploy computing resources.
 Cryptography provides the basis for the authentication of
messages as well as their secrecy and integrity.

3
 How is Security in Real World?

 In the physical world, organizations adopt security policies

that provide the sharing of resources within specified limits.
 Company may permit entry to its building for its employees and for accredited
visitors.
 A security policy for documents may specify groups of employees who can
access classes of documents or it may be defined for individual documents
and users.
 Security policies are enforced with security mechanisms.
 Access to building may be controlled by a reception clerk, who issues badges
to accredited visitors, and enforced by security guard or by electronic door
locks.
 In electronic world, the distinction between security policy
and mechanisms is equally important.

4
 Objects and Principals
Access rights Object
invocation

Client
result Server

Principal (user) Network Principal (server)

 Object (or resource)


Mailbox, system file, part of a commercial web site
 Principal

User or process that has authority (rights) to perform actions

Identity of principal is important

5
 The Enemy
Copy of m

The enemy
m’
Process p Process q
m
Communication channel

 Attacks
 On applications that handle financial transactions or other

information whose secrecy or integrity is crucial

 Enemy (or adversary)
 Threats
 To processes, to communication channels, denial of

service
6
 Secure Channels
Cryptography
Principal A The enemy Principal B

Processp Secure channel Processq

 Properties
Ownership of secrets:

Each process is sure of the identity of the other
Conventional shared crypto keys

Data is private and protected against tampering
Public/private key pair
Protection against repetition and reordering of data
 Employs cryptography

Secrecy based on cryptographic concealment

Authentication based on proof of ownership of secrets
7
 Threats and Forms of Attack

 Security Threats - Three broad Classes:


Leakage: Acquisition of information by unauthorized recipients

Tampering: Unauthorized alteration of information

Vandalism: Interference with the proper operation of systems
 Method of Attacks:
 Eavesdropping - A form of leakage

obtaining private or secret information or copies of messages without authority.
 Masquerading – A form of impersonating

assuming the identity of another user/principal – i.e, sending or receiving messages using the identity of
another principal without their authority.
 Message tampering

altering the content of messages in transit

man in the middle attack (tampers with the secure channel mechanism)
 Replaying

storing secure messages and sending them at a later date
 Denial of service - Vandalism

flooding a channel or other resource, denying access to others

8
 Threats not Defeated by Secure Channels or
Other Cryptographic Techniques
 Denial of service (DoS) attacks
 Deliberately excessive use of resources to the extent that they are

not available to legitimate users


E.g. the Internet 'IP spoofing' attack
 Trojan horses and viruses
 Viruses can only enter computers when program code is imported.

 But users often require new programs, for example:


New software installation

Mobile code downloaded dynamically by existing software (e.g. Java
applets)

Accidental execution of programs

9
 The February 2000 IP Spoofing DDoS Attack

Campus intranets
Firewall

IP = n.n.n.i [Link]
IP = x.x.x.x
Internet

[Link]
IP = y.y.y.y

Untrue!
Compromised host on each local network
sends repeatedly (for all i): Echo request | source = x.x.x.x | destination = n.n.n.i

resulting in: Echo reply | source = n.n.n.i | destination = x.x.x.x

10
 Securing Electronic Transactions
 Email
 Traditionally no support for security.
 But it is important to Keep messages secret.
 Modern mail clients incorporate cryptography.
 Purchase of goods and services
 Banking transactions

11
 Overview of Security Techniques
 Digital cryptography provides the basis for most
computer security mechanisms.
 Cryptography is an art of encoding information in a
format that only intended recipient can access.
 Cryptography can be used to provide a proof of
authenticity of information in a manner analogous to
the use of signature in conventional transactions.

12
Classes of Cryptography Algorithms

 There are two main classes:

 Shared Secret Keys:


The sender and recipient share a knowledge of the key and it
must not be revealed to anyone.
 Public/Private Key Pair:


The sender of a message uses a recipient’s public key to encrypt
the message.

The recipient uses a corresponding private key to decrypt the
message.
 Uses of Cryptography:
 Secrecy and integrity (to stop eavesdropping and tampering) + also

use redundant information (checksums) for maintaining integrity.

 Authentication

 Digital Signatures

13
 Security Notations –
Familiar Names and Notations in Security Literature

KA Alice’s secret key

KB Bob’s secret key
KAB Secret key shared between Alice and Bob
KApriv Alice’s private key (known only to Alice)
KApub Alice’s public key (published by Alice for all to read)
{M} Message M encrypted with key K
K
[M]K Message M signed with key K

Alice First participant

Bob Second participant
Carol Participant in three- and four-party protocols
Dave Participant in four-party protocols
Eve Eavesdropper
Mallory Malicious attacker
Sara A server
14
 Cryptographic Algorithms
Message M, key K, published encryption and decryption functions E, D
 Symmetric (secret key)
E(K, M) = {M}K D(K, E(K, M)) = M
Same key for E and D
M must be hard (infeasible) to compute if K is not known.
Usual form of attack is brute-force: try all possible key values for a known pair M, {M} K.
Resisted by making K sufficiently large ~ 128 bits
 Asymmetric (public key)
Separate encryption and decryption keys: Ke, Kd

E(Ke, M) = {M} Ke D(Kd. E(Ke, M)) = M

depends on the use of a trap-door function to make the keys. E has high computational cost.
Very large keys > 512 bits
 Hybrid protocols - used in SSL (now called TLS)
Uses asymmetric crypto to transmit the symmetric key that is then used to encrypt a session.

15
 Secret Communication with a Shared Secret Key

Alice wishes to send some information secretly. Alice and Bob share a
secret key KAB.
1. Alice uses KAB and an agreed encryption function E(KAB, M) to
encrypt and send any number of messages {Mi}KAB to Bob.
2. Bob reads the encrypted messages using the corresponding
decryption function D(KAB, M).
Alice and Bob can go on using KAB as long as it is safe to assume that KAB has not been
compromised.
Issues:
 Key distribution: How can Alice send a shared key KAB to Bob securely?
 Freshness of communication: How does Bob know that any {Mi} isn’t a copy of an
earlier encrypted message from Alice that was captured by Mallory and replayed
later? Problem: if the message is a request to pay some money to someone. Mallory
might trick Bob into paying twice?

16
The Secret-Key Encryption Model

17
 Authenticated Communication with Public Keys

Bob has a public/private key pair <KBpub, KBpriv> & establishes KAB as
follows:
[Link] obtains Bob's public key KBpub
[Link] creates a new shared key KAB , encrypts it using KBpub using a
public-key algorithm and sends the result to Bob.
3. Bob uses the corresponding private key KBpriv to decrypt it.
(If they want to be sure that the message hasn't been tampered with, Alice can add an
agreed value to it and Bob can check it.)

 Mallory might intercept Alice’s initial request to a key

distribution service for Bob’s public-key certificate and send a
response containing his own public key. He can then intercept
all the subsequent messages.
18
The Public-Key Encryption Model

19
The Public-Key Authentication Model

20
Digital Signatures

22
 Certificates

 Similar to passport or driver’s license

Name Rajkumar Buyya

Issuer 111, Barry Street State of
Victoria
Public Key Carlton Seal
Signature BD 01-0X-197X
Male 165cms, 65Kg
B&W Eyes

23
 Your New Certificate

Certificate: Validity Start

Data:
Version: 3 (0x2)
Serial Number: 28 (0x1c)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, O=VeriSign, CN=VeriSign Certification Authority
Validity
Not Before: Apr 22 [Link] 2003 GMT
Not After : Apr 22 [Link] 2004 GMT
Subject: /O=Grid/O=Globus/OU=[Link]/CN=Rajkumar Buyya
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
[Link]
<snip>
[Link]
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
[Link]
<snip>
[Link]
24
 Certification Authorities (CAs)
 A small set of trusted entities
known as Certification Authorities
(CAs) are established to sign
certificates
 A Certification Authority is an
entity that exists only to sign user Name: CA
Issuer: CA
certificates
CA’s Public Key
 The CA signs its own certificate CA’s Signature
which is distributed in a trusted
manner

25
 Access Control
 Protection domain
 A set of <resource, rights> pairs

 Two main approaches to implementation:

 Access Control List (ACL) associated with each object


E.g. UNIX file access permissions

For more complex object types and user communities,
ACLs can become very complex
 Capabilities associated with principals
drwxr-xr-x gfc22 staff 264 Oct 30 16:57 Acrobat User Data
-rw-r--r--

Like a key
gfc22 unknown 0 Nov 1 09:34 Eudora Folder
-rw-r--r-- gfc22 staff 163945 Oct 24 00:16 Preview of [Link]
drwxr-xr-xFormat:

gfc22 <resource
staff id,
264permitted operations,
Oct 31 13:09 iTunes
-rw-r--r-- gfc22 staff 325 Oct 22 22:59 list of broken [Link]
authentication code>

26
Kerberos Authentication and Key Distribution
Service
 Secures communication with servers on a local network
 Developed at MIT in the 1980s to provide security
across a large campus network > 5000 users
 Standardized and now included in many operating systems
 Internet RFC 1510, OSF DCE
 BSD UNIX, Linux, Windows 2000, NT, XP, etc.
 Available from MIT
 Kerberos server creates a shared secret key for any required
server and sends it (encrypted) to the user's computer
 User's password is the initial secret shared with Kerberos

27
 System Architecture of Kerberos
Needham - Schroeder
TGS: Ticket-
Kerberos Key Distribution Centre S protocol
granting
service Authentication 1. A->S: A, B, NA
database
Step A Authen- Ticket-
Granting
2. S->A: {NA , B, KAB,
tication
1. Request for service A Service T
TGS ticket {KAB, A}KB}KA
2. TGS 3. A->B: {KAB, A}KB
ticket
Step B 4. B->A: {N }K
B AB
3. Request for
server ticket 5. A->B: {NB - 1}KAB
Login Step C
session setup
4. Server ticket
5. Service N is a random number caller
Server request nonce to prevent replay attack
session setup Service
function
Request encrypted with session key
DoOperation
Reply encrypted with session key Step A once per login session

Step B once per server session

Client Server Step C once per server transaction

A B

28
 What are Intrusions?

 Intrusions are actions that attempt

to bypass security mechanisms of
computer systems. They are
caused by:
– Attackers accessing the system from
Internet
– Insider attackers - authorized users
attempting to gain and misuse non-
authorized privileges
Compute
 Typical intrusion scenario
r
Scanning Network
activity

Attacker Machine with

vulnerability
29
 What are Intrusions?

 Intrusions are actions that attempt

to bypass security mechanisms of
computer systems. They are
caused by:
– Attackers accessing the system from
Internet
– Insider attackers - authorized users
attempting to gain and misuse non-
authorized privileges
Compute
 Typical intrusion scenario
r
Scanning Network
activity

Attacker Compromised
Machine
30
 Intrusion Detection Systems
 Intrusion Detection System
– Combination of software and hardware that attempts to perform intrusion detection
– Raises the alarm when possible intrusion happens Example of SNORT
 Traditional intrusion detection system IDS tools are based on rule
signatures of known attacks (MS-SQL “Slammer” worm)
 Limitations any -> udp port 1434
– Signature database has to be manually revised
for each new type of discovered intrusion
(content:"|81 F1 03 01 04
– Substantial latency in deployment of newly created signatures across the computer 9B 81 F1 01|";
system content:"sock";
– They cannot detect emerging cyber threats content:"send")
– Not suitable for detecting policy violations and insider abuse
– Do not provide understanding of network traffic
– Generate too many false alarms
– Not suited for detecting multi-step attacks [Link]
[Link]

31
 Data Mining for Intrusion Detection

Increased interest in data mining based intrusion detection

• Attacks for which it is difficult to build signatures
• Unforeseen/Unknown/Emerging attacks
Misuse detection
 Building predictive models from labeled data sets (instances are labeled as
“normal” or “intrusive”) to identify known intrusions
 High accuracy in detecting many kinds of known attacks
 Cannot detect unknown and emerging attacks
Anomaly detection
 Detect novel attacks as deviations from “normal” behavior
 Potential high false alarm rate - previously unseen (yet legitimate) system
behaviors may also be recognized as anomalies

32
 Secure Socket Layer (SSL)

 Key distribution and secure channels for internet commerce


Hybrid protocol; depends on public-key cryptography

Originally developed by Netscape Corporation (1994) and supported by most
browsers and is widely used in Internet commerce.

Extended and adopted as an Internet standard with the name Transport Level
Security (TLS) – and several software libraries and toolkits are available to support
it [[Link]]

Provides the security in all web servers and browsers and in secure versions of
Telnet, FTP and other network applications
 Key Feature

Negotiable encryption and authentication algorithms. In an open network we
should NOT assume that all parties use the same client software or all client/server
software includes a particular encryption algorithms.
 Design requirements

Secure communication without prior negotiation or help from third parties

Free choice of crypto algorithms by client and server

communication in each direction can be authenticated, encrypted or both 33
 Secure Socket Layer (SSL)

 The secure channel is fully configurable.

 TLS consists of two layers:
 TLS Record Protocol Layer: implements a secure channel,
encrypting and authenticating messages transmitted through
any connection oriented protocol. It is realized at session layer.
 Handshake Layer: Containing Handshake protocol and two
other related protocols that establish and maintain a TLS
session (i.e., secure channel) between client and server.

Both layers are implemented by software libraries at application

level in the client and the server.

34
 SSL Protocol Stack
changes the
secure channel
to a new spec

negotiates cipher
suite, exchanges SSL
Handshake SSL Change SSL Alert
certificates and key HTTP Telnet
masters Cipher Spec Protocol
protocol

implements the
secure channel SSL Record Protocol

Transport layer (usually TCP)

Network layer (usually IP)

SSL protocols: Other protocols:

35
 TLS/SSL Handshake Protocol
(Handshake is Performed over an Existing Connection)

ClientHello Establish protocol version, session ID,

cipher suite, compression method,
ServerHello exchange random start values

Certificate
Certificate Request Optionally send server certificate and
request client certificate
ServerHelloDone

Client Certificate Server Send client certificate response if

A Certificate Verify B requested

Change Cipher Spec

Change cipher suite and finish
Finished
handshake
Change Cipher Spec
Finished

36
 SSL Handshake Configuration Options

Component Description Example

Key exchange the method to be used for RSA with public-key
method exchange of a session key certificates
Cipher for data the block or stream cipher to be IDEA (International Data
transfer used for data Encryption Algorithm)
Message digest for creating message SHA (Secure Hash Algorithm)
function authentication codes (MACs)

37
SSL Record Protocol Operation: A Pipeline for
Data Transformation
abcdefghi
Application data
Fragment/combine

Record protocol units abc def ghi

Compress
Compressed units

Hash
MAC
Encrypt

Encrypted
Transmit

TCP packet

38
 Summary

 Threats for the security in distributed systems are pervasive.

 It is essential to protect the resources, communication
channels and interfaces of distributed systems and applications
against attacks.
 Public-key and secret-key (shared-key) cryptography provide
the basis for authentication and for secure communication.
 Kerberos and SSL are widely used system components that
support secure and authenticated communication.
 Intrusions must be detected and dealt with to prevent thieves
from breaking your security.

39