Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Outline • Announcement • Authentication

advertisement

Outline

• Announcement

• Authentication

– Cryptography

– Authentication

• Quiz #3 at the end of today’s class

Announcement

• You must do your demo before 4:30pm, April 29, 2003

• Name server: program1

• Prefix table

Logical Prefix Server IP Server Port Remote directory

/ 128.186.120.34 1281 /tmp/XXX/cop5611-DFS

/program1 128.186.120.53 1282 /tmp/XXX/cop5611-DFS

/linprog1 128.186.120.33 1280 /tmp/liux/cop5611-DFS

/program3 128.186.120.55 1285 /tmp/XXX/cop5611-DFS

• You need to have your servers running before you come to my office

– I will test your system through your client program and based on your report

April 16, 2020 COP 5611 - Operating Systems 2

Introduction

• The fundamental problem to security in distributed systems is the use of cryptographic techniques

– Access matrix model can be used to prevent unauthorized accesses if the users that claimed to be are true

– However, in distributed systems, the user authentication becomes a big problem

April 16, 2020 COP 5611 - Operating Systems 3

Introduction

– cont.

April 16, 2020 COP 5611 - Operating Systems 4

Potential Threats

• A threat to a system in which an intruder can have access to only the ciphertext is called a ciphertextonly attack

• A threat to a system in which an intruder can have access to both ciphertext and a considerable amount of corresponding plaintext is called a known-plaintext attack

• A threat to a system in which an intruder can obtain ciphertext corresponding to plaintext of his choice is referred to as a chosen-plaintext attack

April 16, 2020 COP 5611 - Operating Systems 5

Design Principles

• Shannon’s principle

– Shannon’s principle of diffusion – Spread the correlation and dependencies among key-string variables over substrings as much as possible

– Shannon’s principle of confusion – Change a piece of information so that the output has no obvious relation to the input

• Exhaustive search principle

– The determination of the key requires an exhaustive search of the an extremely large space

April 16, 2020 COP 5611 - Operating Systems 6

Private Key Cryptography

• Data encryption standard (DES)

– It is a block cipher that crypts 64-bit data blocks using a 56-bit key

– Two basic operations

• Permutation

• Substitution

– Three stages

• Initial permutation stage

• Complex transformation stage

• Final permutation stage

April 16, 2020 COP 5611 - Operating Systems 7

Private Key Cryptography

– cont.

April 16, 2020 COP 5611 - Operating Systems 8

Private Key Cryptography

– cont.

April 16, 2020 COP 5611 - Operating Systems 9

Private Key Cryptography

– cont.

April 16, 2020 COP 5611 - Operating Systems 10

Public Key Cryptography

• Private key cryptography and conventional cryptographic techniques require the distribution of secret keys

– Known as the key distribution problem

• Public key cryptography solves the key distribution problem by making the encryption procedure and the associated key available in the public domain

April 16, 2020 COP 5611 - Operating Systems 11

Public Key Cryptography

– cont.

• Now it is possible for two users to have a secure communication even they have not communicated before

• Implementation issues

– One-way functions

April 16, 2020 COP 5611 - Operating Systems 12

RSA Method

• The encryption key is a pair (e, n)

• The decryption key is a pair (d, n)

April 16, 2020 COP 5611 - Operating Systems 13

RSA Method – cont.

• Generating the private and public key requires four steps

– Choose two very large prime numbers, p and q

– Compute n = p x q and z = (p – 1) x (q – 1)

– Choose a number d that is relatively prime to z

– Compute the number e such that e x d = 1 mod z

14 April 16, 2020 COP 5611 - Operating Systems

Authentication

• In distributed systems, authentication means verifying the identity of communicating entities to each other

– The assumption is that the communication network is not secure in that an intruder can copy and play back a message on the network

– The textbook called it “interactive secure connections”

April 16, 2020 COP 5611 - Operating Systems 15

Authentication

– cont.

• Authentication based on a shared secret key.

April 16, 2020 COP 5611 - Operating Systems 16

Authentication

– cont.

• Authentication based on a shared secret key, but using three instead of five messages.

April 16, 2020 COP 5611 - Operating Systems 17

Authentication

– cont.

• The reflection attack.

April 16, 2020 COP 5611 - Operating Systems 18

Authentication Using a Key Distribution Center

• The principle of using a KDC.

April 16, 2020 COP 5611 - Operating Systems 19

Authentication Using a Key Distribution Center – cont.

• Using a ticket and letting Alice set up a connection to Bob.

April 16, 2020 COP 5611 - Operating Systems 20

Authentication Using a Key Distribution Center – cont.

• The Needham-Schroeder authentication protocol.

April 16, 2020 COP 5611 - Operating Systems 21

Authentication Using a Key Distribution Center – cont.

• Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol.

April 16, 2020 COP 5611 - Operating Systems 22

Authentication Using Public-Key Cryptography

• Mutual authentication in a public-key cryptosystem.

April 16, 2020 COP 5611 - Operating Systems 23

Message Integrity and Confidentiality

• Message integrity means that messages are protected against modification

• Confidentiality ensures that messages cannot be intercepted and read by eavesdroppers

• Digital signatures

– A user cannot forge the signature of other users

– A sender of a signed message cannot deny the validity of his signature on the message

– A recipient of a signed message cannot modify the signature in the message

April 16, 2020 COP 5611 - Operating Systems 24

Digital Signatures

• Digital signing a message using public-key cryptography.

April 16, 2020 COP 5611 - Operating Systems 25

Digital Signatures

– cont.

April 16, 2020 COP 5611 - Operating Systems 26

Digital Signatures

– cont.

• Digitally signing a message using a message digest.

April 16, 2020 COP 5611 - Operating Systems 27

Key Establishment

• The principle of Diffie-Hellman key exchange.

April 16, 2020 COP 5611 - Operating Systems 28

Key Distribution

April 16, 2020 COP 5611 - Operating Systems 29

Key Distribution

– cont.

April 16, 2020 COP 5611 - Operating Systems 30

Kerberos

April 16, 2020 COP 5611 - Operating Systems 31

Kerberos

– cont.

• Setting up a secure channel in Kerberos.

April 16, 2020 COP 5611 - Operating Systems 32

Electronic Payment Systems

Payment systems based on direct payment between customer and merchant.

a) Paying in cash.

b) Using a check.

c) Using a credit card.

April 16, 2020 COP 5611 - Operating Systems 33

Electronic Payment Systems

– cont.

• Payment systems based on money transfer between banks.

a) Payment by money order.

b) Payment through debit order.

April 16, 2020 COP 5611 - Operating Systems 34

E-cash

April 16, 2020 COP 5611 - Operating Systems 35

Secure Electronic Transactions

April 16, 2020 COP 5611 - Operating Systems 36

Summary

• Cryptography is a fundamental problem in security of distributed systems

– Based on private keys

– Based on public keys

• Authentication in distributed systems

• There are still a lot of challenges and research issues in this area

April 16, 2020 COP 5611 - Operating Systems 37

Related documents
BOARD OF REGENTS STATE OF IOWA REGENT MERIT SYSTEM
BOARD OF REGENTS STATE OF IOWA REGENT MERIT SYSTEM
What to expect from COP 17? Ee forum marketplace 10 november
What to expect from COP 17? Ee forum marketplace 10 november
COP Night Beach Bash General Reception Monday, 8 November
COP Night Beach Bash General Reception Monday, 8 November
Vision 2020 Junior Delegate Application
Vision 2020 Junior Delegate Application
Computer Science Minor
Computer Science Minor
Communities of Practice: The Leading Edge
Communities of Practice: The Leading Edge
What is a CoP
What is a CoP
Download
advertisement