Security and Authentication (continued) CS-4513 D-Term 2007 (Slides include materials from Operating System Concepts, 7th ed., by Silbershatz, Galvin, & Gagne, Modern Operating Systems, 2nd ed., by Tanenbaum, and Distributed Systems: Principles & Paradigms, 2nd ed. By Tanenbaum and Van Steen) CS-4513, D-Term 2007 Security and Authentication 1 Review • Authentication • How to identify someone • How to establish that they are who they say they are • Fundamental to establishing authority in Distributed Systems • Everything else is based on trust that the person or agent doing something has the authority to do it • Threats • Masquerading as someone else • Intercepting / corrupting communications CS-4513, D-Term 2007 Security and Authentication 2 Review (continued) • Passwords • Easy to steal • Easy to guess or “crack” • Human frailties • Errors • Dilemmas (“social engineering”) CS-4513, D-Term 2007 Security and Authentication 3 Video CS-4513, D-Term 2007 Security and Authentication 4 Reading Assignments • Allman, Eric, “E-mail Authentication: what? Why? How?,” ACM Queue, November 2006, pp 30-34. (.pdf) • One of – Tanenbaum, MOS, Chapter 9 – Silbershatz, OSP, Chapters 14-15 – Tanenbaum & van Steen, Chapter 9 CS-4513, D-Term 2007 Security and Authentication 5 Fun with Cryptography • What is cryptography about? • General Principles of Cryptography • Basic Protocols – Single-key cryptography – Public-key cryptography • A short intro to key distribution CS-4513, D-Term 2007 Security and Authentication 6 Cryptography as a Security Tool • Broadest security tool available – Fundamental foundation for secure storage and communication – Basis for establishing trust – Means to constrain potential senders (sources) and / or receivers (destinations) of messages – Means to detect/prevent intrusion or corruption – (Cannot prevent denial of service attacks) CS-4513, D-Term 2007 Security and Authentication 7 Principles • Cryptography is about the exchange of messages • The key to success is that all parties to an exchange trust that the system will both protect them from threats and accurately convey their message • TRUST is essential CS-4513, D-Term 2007 Security and Authentication 8 Note • Data storage is just another means of communication • Writing data Sending message • Reading data Receiving message • Perhaps much, much later! • Integrity of data Integrity of message CS-4513, D-Term 2007 Security and Authentication 9 Basic Premise of Cryptography • Algorithms are (usually) public • Orders of magnitude easier to compute in forward (normal) direction than in reverse (attack) direction • Keys are always secret • Enough bits to prevent trying all key values • Key management is a very big deal • Heart of all successful cryptographic systems CS-4513, D-Term 2007 Security and Authentication 10 Conventional Wisdom • Algorithms must be public and verifiable • We need to be able to estimate the risk of compromise • The solution must practical for its users, and impractical for an attacker to break CS-4513, D-Term 2007 Security and Authentication 11 Public Policy Dilemma • Algorithm intended to be a public standard must be subject to scrutiny of its users • I.e., banks, industry, commerce, etc. • To establish trust that it is good enough! • Any algorithm good enough to protect billions of $$ of funds & commerce will be too hard for governments to penetrate! • Crime, terrorism, etc. CS-4513, D-Term 2007 Security and Authentication 12 Ergo … • Governments tend to use secret encryption methods and algorithms for the most secure communications • Sometimes, confidence in such algorithms is misplaced! CS-4513, D-Term 2007 Security and Authentication 13 History • Most secret algorithms have been broken • Prior to computing age, at least • Vulnerabilities • Redundancy in human languages • Repeatability or lack of randomness in algorithm • Repeatability or lack of randomness in keys CS-4513, D-Term 2007 Security and Authentication 14 Guidelines • Cryptography is always based on algorithms which are orders of magnitude easier to compute in the forward (normal) direction than in the reverse (attack) direction. • The attacker’s problem is never harder than trying all possible keys • The more material the attacker has the easier his task CS-4513, D-Term 2007 Security and Authentication 15 Example • What is 314159265358979 314159265358979? vs. • What are prime factors of 3912571506419387090594828508241? CS-4513, D-Term 2007 Security and Authentication 16 Caveat • We cannot mathematically PROVE that the inverse operations are really as hard as they seem to be…It is all relative… The Fundamental Tenet of Cryptography: If lots of smart people have failed to solve a problem, it won’t be solved (soon) CS-4513, D-Term 2007 Security and Authentication 17 Time marches on… • We must assume that there will always be improvements in computational power, mathematics and algorithms. – Messages which hang around get less secure with time! • Increases in computing power help the good guys and hurt the bad guys for new and short-lived messages CS-4513, D-Term 2007 Security and Authentication 18 Two fundamental approaches • Symmetric • Sender and receiver must share the key • Asymmetric • Keys are paired • Sender uses one, receiver uses its mate CS-4513, D-Term 2007 Security and Authentication 19 Two fundamental approaches • Symmetric • Sender and receiver must share the key • there must be a secure way to get key from one to the other • Asymmetric • Keys are paired • Sender uses one, receiver uses its mate • there must be a secure way to get key from one to the other CS-4513, D-Term 2007 Security and Authentication 20 Secret key cryptography (Symmetric) K T Cleartext CS-4513, D-Term 2007 f (T,K) K C Cyphertext Security and Authentication g (C,K) T Cleartext 21 Secret Key Methods • DES (56 bit key) • IDEA (128 bit key) • http://www.mediacrypt.com/community/index.asp • Triple DES (three 56 bit keys) • AES – From NIST, 2000 – choice of key sizes up to 256 bits and more – Commercial implementations available CS-4513, D-Term 2007 Security and Authentication 22 Reducing the Vulnerability • Minimize the amount of information encrypted with shared key K • Use K to encrypt a random number to obtain a session key • I.e., used for one connection, conversation, exchange, etc. • Discarded when channel is ended. CS-4513, D-Term 2007 Security and Authentication 23 Diffie – Hellman Alice Agree on p,g choose random A Bob choose random B TA = gA mod p TB = gB mod p compute (TB)A compute (TA)B Shared secret key for this session is gAB mod p CS-4513, D-Term 2007 Security and Authentication 24 D–H Problems • Not in itself an encryption method – we must still do a secret key encryption • The body of the message • Still must distribute the shared key safely • Subject to a “man in the middle” attack • (Alice thinks she is talking to Bob, but actually Trudy is intercepting all of the messages and substituting her own) CS-4513, D-Term 2007 Security and Authentication 25 Questions about Secret Key Methods? CS-4513, D-Term 2007 Security and Authentication 26 RSA Public Key Cryptography (Asymmetric Keys) Key #1 T Cleartext f () Key #2 C Cyphertext f () T Cleartext Key #1 can be either a Public Key or a Private Key. Key #2 is then the corresponding Private Key or Public Key. CS-4513, D-Term 2007 Security and Authentication 27 RSA Public Key Cryptography • Rivest, Shamir and Adelman (1978) • I can send messages that only you can read • I can verify that you and only you could have sent a message • I can use a trusted authority to distribute my public key – The trusted authority is for your benefit! CS-4513, D-Term 2007 Security and Authentication 28 RSA Details • Uses same operation to encrypt and decrypt • To encrypt, we will use “e” as a key, to decrypt we will use “d” as a key • e and d are inverses with respect to the chosen algorithm CS-4513, D-Term 2007 Security and Authentication 29 RSA Details (continued) • Based on mathematical premise that finding prime factors of large numbers is difficult computationally • No known solution despite 100’s of years of trying! • Note: Finding primes is also hard CS-4513, D-Term 2007 Security and Authentication 30 RSA Details (continued) • Let p and q be two large primes • 500-700 bits in length • Let n = p q Let z = (p – 1) (q – 1) • Choose d to be relatively prime to z • Choose e such that d e = 1 mod z • Publish n and either d or e (but not both!) CS-4513, D-Term 2007 Security and Authentication 31 RSA Details (continued) • Encryption: Cyphertext = (Cleartext)e mod n • Decryption: Cleartext = (Cyphertext)d mod n • Typical d will be on the order of 500 to 700 bits • The cost of the algorithm is between 1 and 2 the size of n, – Each operation is a giant shift and add (multiply by a power of 2) CS-4513, D-Term 2007 Security and Authentication 32 RSA Details (continued) • References – Tanenbaum & van Steen, §9.1.3 – Silbershatz, §15.4.1.2 CS-4513, D-Term 2007 Security and Authentication 33 RSA Problems • It is computationally much more costly than typical secret-key methods • Impractical to use for message encryption • Use RSA to encrypt a random session key • Encrypt the message with the session key and append/prefix the RSA encrypted key • Requires a “Public Key Infrastructure” for effective key generation and distribution • Chain of trust thing again! CS-4513, D-Term 2007 Security and Authentication 34 Questions about Public Key Encryption? CS-4513, D-Term 2007 Security and Authentication 35 Authentication using Secure Channels CS-4513, D-Term 2007 Security and Authentication 36 Authentication using Secure Channels CS-4513, D-Term 2007 Security and Authentication 37 Authentication using Secure Channels CS-4513, D-Term 2007 Security and Authentication 38 What is wrong with this “Optimization”? CS-4513, D-Term 2007 Security and Authentication 39 Subject to “Reflection Attack” • Attacker cons Bob into encrypting RB for him • “Reflection” attack CS-4513, D-Term 2007 Security and Authentication 40 Reflection Attack CS-4513, D-Term 2007 Security and Authentication 41 Key Distribution Server • Alice requests secure channel to Bob • KDC generates session key KA,B • KDC sends secure messages to both Alice and Bob containing KA,B CS-4513, D-Term 2007 Security and Authentication 42 Key Distribution Server (continued) • Alice requests secure channel to Bob • KDC generates session key KA,B and ticket to speak with Bob • Alice uses ticket to contact Bob CS-4513, D-Term 2007 Security and Authentication 43 Needham-Schroeder Protocol • Nonce – a random number that is never re-used • E.g., RA1, RA2, and RB • Prevents intruder from replaying old tickets CS-4513, D-Term 2007 Security and Authentication 44 Kerberos • Single sign-on system • One login used to generate tickets for authenticating shared services on distributed system • No passwords maintained by any client • Two parts • AS – Authentication Service • TGS – Ticket Granting Service • Once authenticated, user may ask TGS for a ticket for a session with any service. CS-4513, D-Term 2007 Security and Authentication 45 Kerberos (continued) CS-4513, D-Term 2007 Security and Authentication 46 Kerberos (continued) • With ticket, Alice can communicate securely with Bob. • Alice knows it is Bob because only Bob could descript ticket • Bob knows that it is Alice because TGS said it was • Timestamp prevents replaying old sessions CS-4513, D-Term 2007 Security and Authentication 47 Key Distribution • Many variations – Secret (symmetric) keys – Public (asymmetric) keys • Always based on trust • Central part of any distributed system that requires authentication CS-4513, D-Term 2007 Security and Authentication 48 Questions? CS-4513, D-Term 2007 Security and Authentication 49

Descargar
# Security and Authentication (continued)