Distributed System Security by tae66661


									Distributed System
Distributed System Security
   Security is important in distributed systems for several
       Authentication: Ensuring clients’ identity are correctly known
       Authorization: Ensuring only specific clients can access data and
        perform transactions
       Accountability: Trace damage from a successful attack, so its
        effects can be reversed
       Availability: Ensuring services provided by a system can
        continue to be used efficiently
       Confidentiality: Safeguard user privacy and prevent the theft of
        data in storage and in transit
       Integrity: Ensuring data and transactions are not tampered with,
        accidentally or maliciously
Security–Enabled Applications
   Security is often considered a limiting force
   However, it should be considered an enabling force
   New applications are possible with security:
       Intranets: Sensitive information can be exchanged, and
        transactions be executed, without risk to threats (internal or
        external), across a private network
       Extranets: Sensitive information exchange and transactions can
        occur between two organizations (across a public network)
       Internets: Sensitive information exchange and transactions can
        occur entirely on the Internet (or some other public network)
       Mobile networks: Sensitive information exchange and
        transactions can occur over the Internet, via one or more
        wireless networks, such as a cellular infrastructure network
Intranet Security – Example
   Consider the network of IBM Canada
   Inside the organization, a large network for
    sharing documents, messaging, and cooperative
    work is in place
   The network is private, meaning its connection
    to the Internet is limited by firewalls and
   In this network, authentication is used to ensure
    confidentiality, but encryption is not used since
    data should never enter the public network
Extranet Security – Example
   Consider the cooperation between a sales
    organization and a credit card company
   Both organizations have Intranets, private
    networks where security is inherent
   For the sales organization to extract funds from
    a customer’s credit card, inter-intranet
    communication must occur
   Typically, encryption and authentication (and
    other techniques) are combined to ensure
Internet Security – Example
 Consider online banking
 Customers access banking websites
  across the Internet (or a public network)
 Transactions between the banking system
  and the customer must be kept secure
     This
         is achieved using encryption and
     authentication (and some other techniques)
Mobile Security – Example
 Consider mobile purchasing, where items
  can be purchased using a portable phone
 Encryption is used for Internet
  communication, but also used for point to
  point communication in the mobile network
     Thisis because message interception in a
     wireless environment represents a different
     kind of, but still relevant, threat
 Authentication is the process of
  determining the identity of a client
 Authentication typically is one of two
     The  client uses a username and a secret
     The client uses a personal certificate, which is
      not accessible by other clients
   Authorization is the process of determining
    if the client attempting to access a
    particular resource should be allowed to
    perform the resource access successfully
     Authorization    is performed using access
      control lists, identifying which clients and
      groups of clients can access each resource
 Confidentiality includes authorization,
  preventing invalid clients from accessing
 However, confidentiality also includes
  protecting data in transit
     This   is normally achieved using cryptography
   Accountability involves tracing
    transactions so that:
     Their effects can be reversed if it is
      determined that the transactions were
      executed by an unauthorized client
     The client can be traced, in order to prevent
      future invalid transactions from taking place
   Ensuring availability involves keeping services
    running, and accessible
   Two types of attacks try to eliminate service
     Directservice attack: A service is attacked in order to
      cause it to crash
     Denial of service attack: A service is accessed
      repeatedly (usually, from many sources) in order to
      prevent legitimate clients from accessing the service
   Ensuring integrity involves protecting data
    from being modified inappropriately
     This  could involve persistent data (e.g. data in
      a local file, or in a database), or transient data
      (e.g. data being transferred over the network)
     Message digests and checksums can help
      determine if data has been altered since they
      should calculate different values for (even
      slightly) different data
   Threat – A potential problem in the security
    infrastructure of a system
   Types of threats:
     Information leakage – information becomes available
      to unauthorized clients
     Information tampering –Clients modify information
      without authorization
     Resource stealing – Unauthorized clients make use of
      system resources (e.g. processing power, memory,
      disk/database space, etc.)
     Vandalism – Clients partially or fully disable the
   Attacks are acts performed in order to carry out
   Types of attacks:
     Masquerading    – A client accesses the system using
      the credentials of another client
     Eavesdropping – Messages are intercepted by
      unauthorized clients to examine their contents
     Request tampering – Messages are modified and re-
      introduced to the system by unauthorized clients
     Replaying – Messages transmitted earlier are re-
      issued to the system several times unmodified
   Masquerading (aka spoofing) is unfortunately all too
    simple to perform in most distributed systems, for
       Sending E-Mail: SMTP mail servers (currently used by nearly all
        mail providers) do not authenticate any users, but rely on client
       Low-level messaging: Messages on networks such as UDP
        packets, Ethernet frames, or ATM cells can easily have
        credentials stolen and copied into another (malicious) message
       Web systems: Web systems using cookies for authentication
        can be easily spoofed by modifying cookie contents directly
• Masquerading can be prevented by
  employing more significant authentication
• Typical techniques include:
  • Inclusion of a certificate or other
    authentication information (in each message)
  • The use of encryption so the certificate cannot
    be stolen
   In most distributed systems eavesdropping
    is as simply as message collection
     Inthese systems, messages do not protect
      the data their contain
   Typical techniques to prevent
     The  use of encryption to prevent the viewing
      of data inside messages
   Tampering in most systems is as easy as
    A  message’s contents can be easily modified in these
   Some techniques to prevent tampering include:
     The  use of checksums or message digests to ensure
      that data has not been tampered with
          However, as the data itself can be modified, the checksum or
           message digest can also be modified to match the new data
     The use of encryption on either the
      checksum/message digest, or the data itself
   Replaying becomes a little more difficult when
    messages are encrypted, but still possible
     An encrypted message that contains an operation can
      be retransmitted multiple times
   When combined with encryption, request
    identification can be a useful way to combat
     Each   message has a unique (globally unique or
      temporarily unique) identified
     When a message with the same identifier is received,
      it can be ignored by a service

The Use of Encryption for
Authentication and
   Cryptography is the process of temporarily
    obscuring data using a particular algorithm
   There are two types of cryptography:
     Secret key cryptography
        The same key is known to both sides and is used to both
         encrypt and decrypt the data
        Secret key cryptography is difficult since the secret key must
         be exchanged
     Public key cryptography
        Two keys exist (public/well-known and private/secret)
        Either can be used to encrypt, but the other must be used to
Secret Key Cryptography

Machine A             Machine B


  KeyA                    KeyA
Secret Key Cryptography

Machine A               Machine B

  KeyA      data          KeyA
Secret Key Cryptography

Machine A              Machine B


  KeyA                     KeyA
Secret Key Cryptography
   In secret key cryptography, the same key can be
    used for bi-directional communication
   However, the secret key must be exchanged in
    advance for communication to occur
     Another key (or public key cryptography) should be
      used to exchange this key, since if it is acquired by
      another client, that client could use the key for
      eavesdropping, masquerading, and message
Public Key Cryptography

Machine A                 Machine B


 Keypublic                 Keyprivate
Public Key Cryptography

Machine A                 Machine B

 Keypublic   data          Keyprivate
Public Key Cryptography

Machine A                 Machine B


 Keypublic                 Keyprivate
Public Key Cryptography
   Public key cryptography solves the problem of
    key exchange, since one of its keys (the public
    key) can be well-known
     This means even malicious clients can have the
      public key
   Two types of encryption are now possible:
     Encrypt with public key, decrypt with private key
     Encrypt with private key, decrypt with public key
Public Key Cryptography
   Encrypt with public key, decrypt with
    private key
     Sincethe private key is not shared, only the
      owner of the private key can decrypt the
          This is used for confidentiality
     However, since anyone can have the public
      key, masquerading is not prevented
Public Key Cryptography
   Encrypt with private key, decrypt with
    public key
     Sincethe private key is not shared, only the
      owner of the private key can encrypt the
          This is used to ensure that no masquerading is
           taking place
     However,  since anyone can have the public
      key, the message is not kept confidential
Public Key Cryptography
   If we want to prevent masquerading and ensure
    confidentiality, we must combine both
   One method:
     Encrypt a message digest using the sender’s private
      key (masquerading impossible)
     Encrypt the message itself using the receiver’s public
      key (confidentiality ensured)
     The message digest received must be identical to the
      message digest calculated by the receiver
Message Digest
   A message digest is similar to a checksum, in
    that it is a short representation of the message
     If
       the message changes, even by a small amount, the
      message digest will also change
   However, the message digest cannot be used to
    reconstruct the message
   The most common algorithm used for creating
    message digests is the MD5 algorithm
     An MD5 digest is much more accurate than a
Public Key Cryptography
   One problem with the message digest approach
    is the exchange of public keys
     This  is because the public key could have been
      tampered with, and a malicious client’s public key
      could have been received instead
     The effect is that now the malicious client can
      masquerade as the legitimate client, and the
      legitimate client cannot send any data
   This problem can be solved by encrypting the
    public key using the public key of the receiver
    A   public key encrypted this way is called a certificate
   Certificates are distributed by an organization
    called a certificate authority
    A   certificate authority encrypts the client’s public key
      with their own private key
     Most certificate authorities’ public keys are well know
      (included in web browsers and other encryption
     If a CA’s public key is not known, its certificate can be
      downloaded (encrypted by the private key of another
      CA, whose public key is known)
   Certificates are immune to tampering, since they
    use private key encryption
     However, they do not hide their contents, since
      anyone with the public key of the CA can decrypt the
      message (which is everyone)
   The use of certificates can also stop
    masquerading, since they cannot be forged,
    without breaking the encryption algorithm
     However,    you must be careful not to include the
      certificate unencrypted, since it could be duplicated in
      another message, allowing masquerading
Key Distribution Services
 Keys in secret key encryption and public
  key encryption are generated in a service
  called the Key Distribution Service (KDS)
 In distributed systems, the KDS is remote
  to the services that require these keys
 However, we cannot exchange secret or
  private keys unencrypted, since
  unauthorized clients could intercept them
Key Distribution
   Services that require keys have a pre-
    installed secret (or private) key used for
    acquiring keys from KDSs
     The KDSs will also have this key installed
     This key is exchange by some other means
      (usually, manually, without sending it over the
      network at all)
Key Distribution
   When a service requires a key, the KDS uses
    this pre-installed secret (or private) key to
    encrypt the new key
   This key is sent (encrypted) to the service that
    made the request
   The key is decrypted by the service and can now
    be used
   This algorithm is called the Needham/Schroeder
    Protocol (NSP)
Encryption Standards
   Secret key cryptography (also called
    symmetric key cryptography) algorithms:
     DigitalEncryption Standard (DES)
     International Data Encryption Algorithm
   Public key cryptography (also called
    asymmetric key cryptography) algorithms:
     Rivest,   Shamir, and Adelman (RSA)
Authentication &
   A principal is a system participant (usually, a
    user) in a distributed system
   Principals can act under different roles
     For  instance, user Joan Smith may participate in a
      system as its system administrator, but also as a user
      of the system
   The purpose of authentication is to distributed a
    set of credentials to each principal
   Typical methods for authentication include:
     Userlogin (manual or automatic)
     Acquiring the user’s certificate
   Normally, the system will return some security
    identifier as a result of the authentication
     These  credentials (including the security identifier)
      are the proof of authentication
     Without this information, the client will not be able to
      access secure services
Authorization & Authentication
   A principal’s credentials contain a description of
    the identity (a security identifier) of the principal
     The process of obtaining credentials is called
   Credentials are used by services to determine
    whether requests made by the principal should
    be granted or denied
     The  process of determining, through the credentials, if
      a principal should be able to access a resource, is
      called authorization
Authorization (Access Control)
   As mentioned previously, a principal acquires credentials
    (which includes the principal’s identity information)
    during authentication
   In some systems, credentials may also include a list of
       Usually, a list of privileges describes all roles in which the
        principal should be allowed to participate
       A particular resource may allow access by one or more roles
       Any principal who does not have credentials containing any of
        these roles, should be denied access to the resource during
Access Policies
   An access policy describes the security
    permissions for a resource
   Typically, an access policy will list the roles that
    should be allowed access to the resource
     Perhaps,  the access policy will list the roles for each
      individual method
     This allows each method to have different
Access Policy: Auction Example

                              setPrice(): granted

Item for Sale                 getInfo(): granted     seller
                              getPrice(): granted
Access policy:
setPrice(): seller
getInfo(): browser, seller     setPrice(): denied
getPrice(): browser, seller    getInfo(): granted

                               getPrice(): granted   browser
Authorization in Clients
   Authorization usually takes place entirely in the
    service itself
   Sometimes, the clients may wish to determine if
    an operation is allowed before it is attempted
     Typically, distributed system middleware will allow
      clients to perform an authorization check to make this
   Access (from the client’s point of view) is either
    granted or denied
Authorization in Services
   Normally, authorization is transparent to the
    A  security infrastructure in a middleware will usually
      include access control features
   A service will simple declare its access policies
     This  typically is described at the method granularity
      (i.e. permissions are granted for each method)
     This type of security model is known as declarative
      security, and is present in many distributed systems
      (such as web services, Enterprise JavaBeans,
      CORBA, etc.)
   Non-repudiation services exist to ensure
    accountability of clients and servers
   A middleware service that ensures non-
    repudiation, monitors all requests
     Therefore, when a request is made, the client and
      service are known to the security infrastructure
     If something goes wrong, the culprit can be tracked
      down as the client and server are both known by their
      credentials (and the identities contained therein)
   Non-repudiation services are typically not
    employed to prevent access to resources, but to
    ensure that the user who made the access is
    always known
   e.g. In a document sharing system, if a user
    modified a document, the last user to change the
    document can be traced
     Ifparts of the document are lost as a result, the
      company using the distributed system with non-
      repudiation can track the culprit and handle the
      situation accordingly
   Another use of non-repudiation comes
    when services are charged
     Non-repudiation ensures that successful
      requests are known, as well as the principals
     Therefore, whether or not to charge a user for
      the accesses he/she made, can be
   The same notes used for non-repudiation are
    also used for auditing
     For example, if an attack occurs, an audit may take
      place to see where the vulnerabilities were in the
          e.g. The administrator may wish to see determine how
           masquerading had occurred (such as which principal was
           used) to determine if there is a potentially weak password
   For auditing, however, failed/denied accesses
    should also be recorded (in persistent storage)

CORBA Security Services
CORBA Security Features
   Allows for the use of multiple secure socket standards,
    most notably:
       Secure Sockets Layer (SSL)
       Kerberos
       Transport Layer Security (TLS)
   Security tasks:
       Authentication (identification) – clients and objects
       Authorization (access control)
       Auditing (tracing operation attempts) & non-repudiation
       Message integrity and confidentiality protection (using the secure
        socket standards mentioned above (and others)
       Administration of security policies
CORBA Security Levels
   CORBA allows applications to be either security-
    aware, or security-unaware
     Security-unaware applications are the easiest to
      develop, because no security code is required
          An administrator will simply configure the security policies
           (such as the access control lists for each resource)
     Security-aware    applications are used when more
      flexibility or security power is required
          Some security code will be required in these applications
Secure Sockets Layer (SSL)
   SSL is a technology that uses certificates and
    public key encryption to provide a TCP-style
    socket that offers confidentiality and integrity
     In other words, SSL is like a regular socket, except
      that it also encrypts data
     SSL is already very popular in web applications, and
      is also quite common in distributed systems,
      particularly those written using CORBA
          SSL is the security mechanism protecting your information
           when you do online banking and purchasing
     SSL comes in many strengths (40 bit key, 56 bit key,
      128 bit key, etc.) (however beyond 128 bit is illegal)
   Kerberos is similar to SSL except that it uses
    secret key cryptography for encryption
     Kerberos  was developed by MIT for military
     Secret key cryptography provides both confidentiality
      and integrity protection, since the secret key is only
      known to sender and receiver
     Authentication is unnecessary since the identity of the
      sender and receiver can be assumed as they possess
      the secret key
Transport Layer Security (TLS)
   TLS is the successor to SSL
     TLS   provides stronger encryption than SSL
   TLS also uses public key encryption in
    order to preserve message confidentiality
    and integrity
Secure Sockets
 A more detailed discussion of SSL and
  Kerberos is beyond the scope of this
 CORBA can use Kerberos, SSL, or
  another secure socket technology
     When   used in combination with a , it can be
     assumed that messages will arrive, and retain
     integrity and confidentiality
Secure Sockets in CORBA
   Although secure sockets are very useful for
    ensuring message transmission, they are not
    complete for distributed systems
     Kerberos,   SSL, and other secure socket technologies
      do not secure a chain of requests
     In other words, as a request goes from point-to-point,
      it can be secured using SSL, but it cannot be secured
      as it follows a multi-point path
   CSI allows end-to-end security for messages as they
    pass through a distributed system
       CSIv2 stands for Common Secure Interoperability (version 2)
       CSIv2 uses SSL or TLS (or another protocol) for point-to-point
   What is also useful about CSI, is that it can be used to
    secure messages that use more than one technology in
       For example, if the message is sent via CORBA, then sent using
        the Enterprise JavaBean (EJB) architecture, the message is still
        secure from end to end
CORBA Authorization
   Knowing that messages will arrive intact and
    unexamined, does not prevent unauthorized
    users from access resources
     Authentication     must take place in order to identify the
          In CORBA, the credentials are stored in the ‘Current’ object
           (also used in Transactions)
     Authorization is provided by access control lists for
      each of the resource’s methods
          The run-time security infrastructure for CORBA normally
           manages these ACLs transparently (for security-unaware
CORBA Authorization
   The credentials of the principal are stored in the
    Current object (which you might remember from
    the Transaction discussion) after authentication
     Credentials are stored in an object of type
   The ORB will now include these credentials in all
    subsequent requests to resources in the system
   The service’s ORB will ensure that the
    credentials provided in each request match the
    access control configuration the administrator
    created for that resource’s method
Credentials in CORBA
   Credentials in CORBA are enablers
    A  user having the appropriate credentials can
      use resource that have been granted to them
   Credentials in CORBA are used to track
    down sources of problems
     Auditing  and non-repudiation use credentials
      in order to trace attacks, illegal uses, or
      unusual faults to do apparently normal use
Other Security
Private Networks
   A network is a private network, if it is not
    connected to a public network, except
    when connected through a firewall
    A  public network is any network, to which
      anyone could connect, which has no enforced
      security infrastructure
Private Networks
   Private networks are useful in
    organizations, since information can be
    shared freely
     Encryption is not generally used inside the
      private network
     Encryption is used when messages leave the
      private network
Private Networks
 public network                 private network
 e.g. The Internet

                                 private network participants


Virtual Private Network
   A virtual private network (VPN) is a private network that
    uses authentication and encryption to provide an
    environment similar to a private network
       However, a VPN actually is a subset of a public network
       A VPN is more practical for organization whose campuses are
        spread all over the world, since a VPN can be created in the
   Information can be shared, but it must be encrypted
   Users must be authenticated before they can participate
    in the VPN
 Virtual Private Networks
private network             public network      private network
                            e.g. The Internet

                  secure channels

    firewall                                      firewall
   A firewall is a barrier between a private
    network and a public network
     The  firewall protects the private network from
      attackers on the public network
     The firewall does not protect the private
      network from attackers on the private network
   Firewalls intercept all messages coming into a
    private network, and messages going out of a
    private network
     Usually, the messages going from the private network
      to the public network are not stopped
          However, firewalls can also block these messages
     Usually, the messages going into the private network
      (from the public network) are stopped, based on the
      configuration of the firewall
Firewall Configuration
   A firewall is configured to allow some messages
    into the network, and deny entry to other
     e.g. A firewall may be configured to allow HTTP
      requests to enter, since a web server is running inside
      the private network
     Therefore, the firewall may be configured to allow
      messages addressed to port 80 (the standard HTTP
      port) to pass into the PN
   Firewalls are configured by the system

To top