Chapter 7 Security

BIT3263 | Distributed System

Prepared by Noris Bt. Ismail
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Objectives
• Various mechanisms that incorporated in DS to support security.
• Security policies.
• General design issues on security
• Cryptography

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Security Threats, Policies, and Mechanisms

Types of security threats to consider:
• Interception – Un authorised party gained access to a service or data. E.g.
Breaking into person’s private directory.
• Interruption – Situation where services/data become unavailable e.g. DOS
attack.
• Modification – Unauthorised changing of data that is no longer remain to its
original specifications.
• Fabrication – Situation where additional data/activity are generated that would
normally not exists. E.g. Intruder may attempt to add an entry into a
password/db file.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Security Policies
• Describes precisely which actions the entities in a system are allowed to take and vice
versa.
• E.g. Students registration system.
• Requirements would include that students should not be able to

register if he has an outstanding fees.

• Also, there may be a restricted group of people that should be given read access to
registration records, whereas only the responsible lecturer e.g. program leader/year leader
should be given full access.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Security Mechanisms
Types of security mechanisms to consider:
• Encryption – Transform the data in which attacker cannot understand.
• Authentication – used verify the claimed identity of a user, client, hosts, servers and other
entity.
• Authorization – Check whether client is authorised to perform the action requested.
• Auditing – Audit logs can be useful for the analysis of a security breach and taking
measures against intruders.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Example: The Globus Security Architecture (1)

Globus – A system supporting large scale distributed computations in many hosts, files, and other
resources are simultaneously used for doing a computations (computational grids).
1. The environment consists of multiple administrative domains.

2. Local operations – i.e. operations that are carried out only within a single domain are subject
to a local domain security policy only.
3. Global operations – i.e. operations involved several domains, require the initiator to be known
in each domain where the operation is carried out.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Example: The Globus Security Architecture (2)

4. Operations between entities in different domains require mutual authentication.
5. Global authentication replaces local authentication.

6. Controlling access to resources is subject to local security only.

7. Users can delegate rights to processes.

8. A group of processes in the same domain can share credentials/ID/Permit.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Example: The Globus Security Architecture (2)

Figure 7-1. The Globus security architecture.

ALL RIGHTS RESERVED
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Design Issue - Focus of Control (1)

Protection of the data

that is associated
with the application

Primary concern is the

Integrity of the data
e.g. Occurs in database
Systems – various
Integrity constraints to
be automatically checked
each time the data is
modified.

Figure 7-2. Three approaches for protection against security threats. (a)
Protection against invalid operations
ALL RIGHTS RESERVED
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Focus of Control (2)

Protection of the data

that is associated
with access control
mechanisms. E.g. by which
operations/whom.

e.g. Object-based system.

Need to specify which clients
are permitted to invoke which
methods.
Alternative – Access ctrl
methods to be applied to an
entire interface.

Figure 7-2. Three approaches for protection against security threats. (b) Protection
against unauthorized invocations.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Focus of Control (3)

Protection of the data

Focused directly on the
users irrespective of the
operations they want to
carry out.

e.g. In many
universities/banks, certain
data/applications are
restricted to be used by
faculty/staff members only.
Students are not allowed.

Figure 7-2. Three approaches for protection against security threats. (c) Protection
against unauthorized users.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Layering of Security Mechanisms (1)

• Figure 7-3. The logical organization of a distributed system into several layers.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Layering of Security Mechanisms (2)

Figure 7-4. Several sites connected through a wide-area backbone service.

Organization located at different sites that are connected through a comm. Service such as
SMDS (Switched Multi-megabit Data Service)
- Security – Placing encryption device at each SMDS router.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Distribution of Security Mechanisms RISSC – Reduce Interfaces

for Secure System Components.

Figure 7-5. The principle of RISSC as applied to secure distributed systems.

Preventing client and their applications directly accessed to critical services – RISSC
Approach. Clients and their application run on different machines and can access the
secured server only through these network interface.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Cryptography
Fundamental of security in DS is the use of Cryptographic techniques.
• E.g. S R (send mesg. m)
• Before sending the sender encrypt m m’ (unintelligible)
• Upon receiving, R decrypt m’ m
• Encryption and decryption are accomplished by using cryptographic methods parameterized
by keys.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Cryptography (1)

Figure 7-6. Intruders and eavesdroppers in communication.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Types of Cryptography
• Symmetric Cryptosystem – The same key is used to encrypt and decrypt a message.
P = DK(EK(P))
• Asymmetric Cryptosystem – The keys for encryption and decryption are different .
P = DKD(EKE(P))
There is a separate key KE and KD for encryption and decryption. One is made public and the
other is private.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Scenario
• Alice wants to send a confidential mesg to Bob, she should use Bob’s public key to encrypt
the mesg. because Bob is the only one holding the private decryption key.
A (Bob’s public key) encrypt mesg.
• Bob wants to ensure the mesg comes from Alice, In this case Alice keep her encryption key
private to encrypt the mesg she sent, and if Bob successfully decrypt the mesg using Alice’s
public key he knows that the mesg comes from Alice because the decryption key is uniquely
tied to the encryption key.
B (Alice’s public key) decrypt mesg.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Cryptography (2)

Figure 7-7. Notation used in this chapter.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Symmetric Cryptosystems: DES- Data Encryption Standard

First example of Cryptographic

algo. is DES.

It is designed to operate on 64-bit

blocks of data.
A block is transformed into an
encrypted block of output in 16
rounds where each round uses a
different 48 bit key for encryption.

Each of these 16 keys is derived

from the 56-bit master key.

Figure 7-8. (a) The principle of DES.

ALL RIGHTS RESERVED
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Symmetric Cryptosystems: DES (2)

Each encryption round i takes the

64-bit block produced by the
previous round i-1

The 64 bits are split into left

part L and a right part R ,
i -1 i-1
each containing 32 bits.
The right part is used for the
left part in the next round, that
is
Li = Ri-1

Figure 7-8. (b) Outline of one

encryption round.
ALL RIGHTS RESERVED
No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Symmetric Cryptosystems: DES (3)

Figure 7-9. Details of per-round key generation in DES.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Public-Key Cryptosystems: RSA – Rivest, Shamir and Adleman

• Generating the private and public keys requires
four steps:

E.g. 2100 = 2 X 2 X 3 X 5 X 5 X 7

• Choose two very large prime numbers, p and q.

• Compute n = p × q and z = (p − 1) × (q − 1).

• Choose a number d that is relatively prime to z.

• Compute the number e such that

e × d = 1 mod z.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

DES vs. RSA

• RSA – has a drawback of being computationally more complex.
• Encrypting mesg. Using RSA is approximately 100-1000 times slower then DES.

• As a consequences, many cryptographic system use RSA to exchange only

shared keys in a secure way and normal data.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

AES: Advanced Encryption Standard

• new (Nov. 2001) symmetric-key NIST standard, replacing DES
• processes data in 126 bit blocks

• 126, 192, or 256 bit keys

• brute force decryption (try each key - . It involves systematically checking all possible
keys until the correct key is found) taking 1 sec on DES, takes 149 trillion years for
AES

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Block Cipher 64-bit input

6bi 6bi 6bi 6bi 6bi 6bi 6bi 6bi

loop for ts ts ts ts ts ts ts ts
n rounds
T1 T2 T3 T4 T5 T6 T7 T6

• one pass through: one 6 6 6 6 6 6 6 6

bits bits bits bits bits bits bits bits
input bit affects eight
output bits 64-bit scrambler

64-bit output

r multiple passes: each input bit affects all output bits

r block ciphers: DES, 3DES, AES

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Public key cryptography

symmetric key crypto public key cryptography
• requires sender, r radically different approach
[Diffie-Hellman76, RSA76]
receiver know shared
r sender, receiver do not
secret key share secret key
• Q: how to agree on key r public encryption key known
in first place (particularly to all
r private decryption key known
if never “met”)? only to receiver

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Security Management
• General management of cryptographic keys
• Problem of securely managing a group of servers

• Authorization management by looking at capabilities(attribute certificates)

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Key Establishment

Figure 7-33. The principle of Diffie-Hellman key exchange.

-Value n & g – two large num. agreed upon by Alice and Bob.
-Value x and y is secret for both parties.
-Alice send value n and g together with g x mod n – send as plaintext.
- Now both party have shared secret key g xy mod n
X – Private key gx mod n – Public key

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Key Distribution (1)

Figure 7-34. (a) Secret-key distribution. [see also Menezes et al. (1996)].

The shared secret key must be communicated along a secure channel but if there is no
keys available, they can send it through a phone call/send on a floppy disks.

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Key Distribution (2)

Figure 7-34. (b) Public-key distribution [see also Menezes et al. (1996)].

Public key certificates – consists of public key together with a string identifying the entity to
which that the key is associated.
The public key + identifier signed by certification authority. E.g. the public keys of various
certification authorities are built into most Web browsers and shipped with the binaries

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

References
These slides are taken from Tanenbaum & Van Steen, Distributed Systems:
Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved.
0-13-239227-5

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

Sub Point #1
Security Threats,
Policies, and
Mechanisms

Sub Point #4
Diffie-Hellman Key KEY Sub Point #2
The Globus Security
Exchange POINTS Architecture

Sub Point #3
Cryptography

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide
 FACULTY OF INFORMATION & COMMUNICATION TECHNOLOGY

BIT3263 | Distributed System

End of Lecture

ALL RIGHTS RESERVED

No part of this document may be reproduced without written approval from Limkokwing University of Creative Technology Worldwide