CS 407 Distributed System & Databases
WEEK # 9 - SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS
DAY # 25
Security Threats


The main goal of security is to restrict access to information and resources to just those principals that are
authorized to have access.
Security threats fall into three broad classes:
o Leakage: Refers to the acquisition of information by unauthorized recipients.
o Tampering: Refers to the unauthorized alteration of information.
o Vandalism: Refers to interference with the proper operation of a system without gain to the
perpetrator.
Methods of Attack
Methods of attack can be further classified according to the way in which a channel is misused:





Eavesdropping: Obtaining copies of messages without authority.
Masquerading: Sending or receiving messages using the identity of another principal without their authority.
Message tampering: Intercepting messages and altering their contents before passing them on to the intended
recipient. The man-in-the-middle attack is a form of message tampering in which an attacker intercepts the
very first message in an exchange of encryption keys to establish a secure channel. The attacker substitutes
compromised keys that enable them to decrypt subsequent messages before re encrypting them in the correct
keys and passing them on.
Replaying: Storing intercepted messages and sending them at a later date. This attack may be effective even
with authenticated and encrypted messages.
Denial of service: Flooding a channel or other resource with messages in order to deny access for others.
Some Basic Concept
Cryptography
The art or science encompassing the principles and methods of transforming an intelligible message into one that is
unintelligible, and then retransforming that message back to its original form
Plaintext:
The original intelligible message
Cipher text:
The transformed message
Cipher
An algorithm for transforming an intelligible message into unintelligible by transposition and/or
substitution
Key
Engr. Muhammad Nadeem
Page 1
CS 407 Distributed System & Databases
Some critical information used by the cipher, known only to the sender & receiver
Encipher (encode)
The process of converting plaintext to cipher text
Decipher (decode)
The process of converting cipher text back into plaintext
Encryption:
Encryption is the process of encoding a message in such a way as to hide its contents. Modern cryptography
includes several secure algorithms for encrypting and decrypting messages. They are all based on the use of secrets
called keys.
Encryption Algorithm:
There are two main classes of encryption algorithm in general use.

The first uses shared secret keys – the sender and the recipient must share a knowledge of the key and it
must not be revealed to anyone else.

The second class of encryption algorithms uses public/private key pairs. Here the sender of a message uses
a public key – one that has already been published by the recipient – to encrypt the message. The recipient
uses a corresponding private key to decrypt the message. Although many principals may examine the public
key, only the recipient can decrypt the message, because they have the private key.
Encryption and Decryption
.
Secret-Key or Symmetric Cryptography
Because of its symmetrical use of keys, secret-key cryptography is often referred to as symmetric cryptography,
Engr. Muhammad Nadeem
Page 2
CS 407 Distributed System & Databases
•
•
•
Alice and Bob agree on an encryption method and a shared key.
Alice uses the key and the encryption method to encrypt (or encipher) a message and sends it to
Bob.
Bob uses the same key and the related decryption method to decrypt (or decipher) the message.
Public Key or Asymmetric Cryptography
Public-key cryptography is referred to as asymmetric because the keys used for encryption and decryption are
different, as we shall see below. In the next section, we describe several widely used encryption functions of both
types.
•
Alice generates a key value (usually a number or pair of related numbers) which she makes public.
•
Alice uses her public key (and some additional information) to determine a second key (her private key).
Engr. Muhammad Nadeem
Page 3
CS 407 Distributed System & Databases
•
Alice keeps her private key (and the additional information she used to construct it) secret.
•
Bob (or Carol, or anyone else) can use Alice’s public key to encrypt a message for Alice.
•
Alice can use her private key to decrypt this message.
•
No-one without access to Alice’s private key (or the information used to construct it) can easily decrypt the
message.
WEEK # 9 - SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS
DAY # 26
Cryptographic Algorithms
Block Ciphers
A block cipher is a method of encrypting text (to produce cipher text) in which a cryptographic key
and algorithm are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one
bit at a time. Example DES, Triple-DES
Stream Ciphers
A stream cipher is a method of encrypting text (to produce cipher text) in which a cryptographic key
and algorithm are applied to each binary digit in a data stream, one bit at a time. This method is not much used in
modern cryptography. Example RC4
Hash Algorithms
The key in public-key encryption is based on a hash value. This is a value that is computed from a base input
number using a hashing algorithm. Essentially, the hash value is a summary of the original value. The important
thing about a hash value is that it is nearly impossible to derive the original input number without knowing the data
used to create the hash value. Example MD2,MD4,MD5,SHA1
Digital Signatures
Engr. Muhammad Nadeem
Page 4
CS 407 Distributed System & Databases
Digital Signatures: Signing a Document
•
Alice applies a (publicly known) hash function to a document that she wishes to “sign.” This
function produces a digest of the document (usually a number).
•
Alice then uses her private key to “encrypt” the digest.
•
She can then send, or even broadcast, the document with the encrypted digest.
Digital Signature Verification
•
Bob uses Alice’s public key to “decrypt” the digest that Alice “encrypted” with her private key.
•
Bob applies the hash function to the document to obtain the digest directly.
•
Bob compares these two values for the digest. If they match, it proves that Alice signed the document and
that no one else has altered it.
Engr. Muhammad Nadeem
Page 5
CS 407 Distributed System & Databases
Secure Transmission of Digitally Signed Documents
•
Alice uses her private key to digitally sign a document. She then uses Bob’s public key to encrypt this
digitally signed document.
•
Bob uses his private key to decrypt the document. The result is Alice’s digitally signed document.
•
Bob uses Alice’s public key to verify Alice’s digital signature.
Question:
Some of the ways in which conventional email is vulnerable to eavesdropping, masquerading,
tampering, replay, denial of service. Suggest methods by which email could be protected against each
of these forms of attack.
Answers
Question:
Estimate the time required to crack a 56-bit DES key by a brute-force attack using a 500 MIPS (million
instruction per second) workstation, assuming that the inner loop for a brute-force attack program
involves around 10 instructions per key value, plus the time to encrypt an 8-byte plaintext (see Figure
7.14). Perform the same calculation for a 128-bit IDEA key. Extrapolate your calculations to obtain the
time for a 50,000 MIPS parallel processor (or an Internet consortium with similar processing power).
Answers
Engr. Muhammad Nadeem
Page 6
CS 407 Distributed System & Databases
WEEK # 9 - SECURITY TECHNIQUES IN DISTRIBUTED SYSTEMS
DAY # 27
Lab - Encrypt and Decrypt Data Application
Engr. Muhammad Nadeem
Page 7