5a.1

Security

I – General principles

ITCS 4010 Grid Computing, UNC-Charlotte B. Wilkinson, 2005

5a.2

• First, we will look at general methods of making a secure connection, which are widely applicable.

• Then, look at the specifics for grid computing, which has additional security requirements and constraints.

5a.3

Basic Principles

5a.4

Secure Connections

• Secure connections are needed in many computer related activities, including e-business and grid computing.

5a.5

Dealing with users and resources

Two critically important factors are:

• Authentication– Process of deciding whether a particular

identity is who he says he is (applies to humans and systems)

• Authorization– Process of deciding whether a particular

identity can access a particular resource– Access control Broader aspect of

authorization controlling specific types of access.

5a.6

Authentication

Password-Based

• User enters a user name and password.

• User name and password sent through network to server.

• Server validates name and password and responds.

5a.7

Name and Password

• Consider a login prompt:

login% abwThere is no such userlogin%

5a.8

Name and Password

• A different login prompt behavior:

login% abwpassword% ******authentication failedlogin%

• Second version a little more secure because it reveals less information to a potential intruder, but ...

5a.9

Name and Password

• Since name and password sent in plain text, vulnerable to interference and being stolen.

• Need a system in which in one can be sure of sender.

5a.10

Two aspects:

• Send information in an encrypted form.

• Have a trusted third party or some sure way of proving identity.

5a.11

Data Confidentiality

• Information exchange needs to protected against eavesdroppers.

• Make data in a form that makes it unreadable except by the parties that are to read it.

5a.12

CryptographyBasic idea:

Encryption• Convert the original message (clear text, or

plain text) to the encrypted message (ciphertext)

Decryption• Reverse process of retrieving plaintext from

encrypted text

5a.13

Can either:

• Make encryption/decryption algorithm(s) hidden, so that an intruder cannot know it,

or, better:

• Use known algorithms and use a hidden key with the algorithms.

5a.14

Cryptography algorithms with keys

• Converts data into scrambled binary patterns, using a large binary number called a key.

• A key is also used to convert the scrambled patterns back to the original data.

• Algorithms are well-known - it is a specific key(s) that must be kept secure.

5a.15

Secret Key Cryptography• Sender and receiver has a same secret key in

their possession.

• Sender uses secret key to encrypt data.

• Receiver uses same key to decrypt data.

• Known as symmetric cryptography. Key is called a symmetric key.

5a.16

Encryption and Decryption

My message that must be kept secret

Original data

Cipher data Original

data

Same key

1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE

My message that must be kept secret

5a.17

Simple Secret-Key ExampleData (“abra”) has binary representation:

01100001011000100011100101100001

Choose random string of bits as key:

10011101010010001111010101011100

Exclusive-OR patterns to get encrypted message:

11111100001010101000011100111101

To get original message back, use same algorithm and key! Practical algorithms much more complex.

5a.18

Common Symmetric Key Cryptography Systems

• Data Encryption Standard (DES) 56-bit key plus 8 parity bits - IBM 1970’s.

• Triple-DES 112 bit key plus 16 parity bits or 168-bit plus 24 parity bits.

• RC2 and RC4 variable sized key, often 40 to 128 bits.

5a.19

Problemswith Symmetric Key Cryptography

• Need a way of both sender and receiver to obtain secret key without anyone else knowing the key.

• Need a different key for each receiver that a sender may communicate with.

5a.20

Advantagesof Symmetric Key Cryptography

• Fast encryption/decryption (compared to asymmetric key cryptography (see next).

Used because of speed in conjunction with asymmetric key cryptography.

5a.21

Public-Key Cryptography• Public invention due to Whitfield Diffie & Martin

Hellman at Stanford Univ. in 1976 (known earlier in classified community, UK)

• Probably most significant advance in the 3000 year history of cryptography

• Uses clever application of number theoretic concepts of functions

• Complements rather than replaces secret key cryptography

5a.22

Public Key Cryptography(Asymmetric key pair)

Two keys are formed:

• a public key to encrypt the transmission, and• a private key to decrypt the transmission

(or vice versa).

5a.23

Encryption and Decryption

My message that must be kept secret

Original data

Cipher data

Original data

1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE

My message that must be kept secretPublic

keyPrivate

Key

Receiver’s

5a.24

Public Key and Private Key

• Public and private keys are pairs such that a message encrypted with the public key can only be decrypted with the private key (and vice versa).

• Public key, as name suggests, is available to all.

• Private key only known by it’s owner.

• Not possible to find the private key from the public key for all practical purposes.

5a.25

Public-Key Cryptography

5a.26

Public Key Cryptography

Example

Rivest, Shanir, and Adleman (RSA)

RSA algorithm invented by Ronald L. Rivest, Adi Shamir, and Leonard Adleman in 1977.

Variable sized key, usually between 512 - 2048 bits.

5a.27

RSA Algorithm• Find P and Q, two large prime numbers

(e.g., 1024-bit).

• Choose E such that:

1. E is greater than 1,2. E is less than PQ, and3. E and (P-1)(Q-1) have no prime factors in

common (relatively prime).

E does not have to be prime, but it must be odd. (P-1)(Q-1) can't be prime because it's an even number.

5a.28

RSA Algorithm (cont.)

• Compute D such that (DE - 1) is evenly divisible by (P-1)(Q-1).

Simply find an integer X that causes D = (X(P-1)(Q-1) + 1)/E to be an integer, then use that value of D.

5a.29

RSA Algorithm (cont.)

Encryption function is:

C = (TE) mod PQwhere:– C is the encrypted message (ciphertext)

a positive integer),– T is the message being encrypted

plaintext (a positive integer).

T must be less than the modulus, PQ.

5a.30

RSA Algorithm (cont.)Decryption function is:

T = (CD) mod PQwhere:

– C is the encrypted message (ciphertext) a positive integer),

– T is the message being encrypted plaintext (a positive integer).

5a.31

RSA Algorithm (cont.)• Your public key is the pair (PQ, E).• Your private key is the number D (reveal it to

no one).

PQ called the modulusE is the public exponent.D is the secret exponent.

No known easy methods of calculating D, P, or Q given only (PQ, E) (your public key) if P and Q are very large (1024 bit or more).

5a.32

• Though it is widely suspected to be true, it is not yet proven that no easy methods of factoring exist.

• It is not yet proven that the only way to crack RSA is to factor PQ.

• See http://en.wikipedia.org/wiki/RSA for interesting attempts to break code.

5a.33

Example of the RSA AlgorithmFirst prime number: P = 61Second prime number Q = 53

Modulus: PQ = 3233 Public exponent: E = 17Private exponent: D = 2753

Destroy P and Q after computing E and D.

Your public key is (E, PQ). Your private key is D.

5a.34

Example of the RSA Algorithm (cont.)

Encryption function

encrypt(T) = (TE) mod PQ = (T17) mod 3233

Decryption function

decrypt(C) = (CD) mod PQ = (C2753) mod 3233

5a.35

Example of the RSA Algorithm (cont.)

To encrypt the plaintext value 123, do this:

encrypt(123) = (12317) mod 3233 = 855

To decrypt the ciphertext value 855, do this:

decrypt(855) = (8552753) mod 3233 = 123

5a.36

Aside• Idea of public key schemes was published in

1977 by Diffie & Hellman.

• Concept previously described in a classified report in 1970 by James Ellis (UK). Subsequently declassified in 1987.

• In classified documents, RSA discovered first, then Diffie-Hellman, opposite to the order of public discovery!

5a.37

How secure is public key encryption?

• Like secret key schemes, brute force exhaustive search attack is always theoretically possible

but

• Requires the use of very large numbers• Hence slower than secret key schemes

5a.38

Aside

• One grid computing project done last year was breaking codes by exhaustive search.

5a.39

Sequential Search

tst s/p

(a) Searching each sub-space sequentially

Start Time

t

Solution foundxts/p

Sub-spacesearch

From : Parallel Programming: Techniques and Application Using Networked Workstations and Parallel Computers 2nd edition, by Barry Wilkinson & Michael Allen, Prentice Hall 2004.

5a.40

Using Multiple Identical Grid

Services

Solution found

t

(b) Searching each sub-space in parallel

Searching each sub-space in parallel

Solution found

5a.41

Non-repudiation

• Public key cryptography can provide for non-repudiation

– Sender cannot deny they sent out a message if encrypted with their private key. Can be read with their public key.

5a.42

Non-repudiation

My message that must be kept secret

Original data

Cipher data

Original data

1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE

My message that must be kept secretPrivate

key

Public Key

Sender’s

5a.43

Question - Why is it not sufficient to simply encrypt with receiver’s public key and decrypt with receiver’s private key:

My message that must be kept secret

Original data

Cipher data

Original data

1SEJGDAKLIRD4BNIOAWNM69CVPQEKTDGE

My message that must be kept secretPublic

keyPrivate

Key

Receiver’s

5a.44

Answer

• Anyone has access access to the public key and could send the message.

5a.45

Public Key CryptographyDouble Encryption

My message that must be kept secret

My message that must be kept secret

yuicfhkh[pa2354mghdas67f

Receiver’s public key

Receiver’s private Key

Original data

Transmitted data

Original data

Sender Receiver

Sender’s public

key

Sender’s private

Key

Slow but secure.

5a.46

Problem with Public Key Cryptography used alone

• Slow

• Can only send encrypted data for decryption to one destination at a time (not broadcast).

This aspect does not seem to be addressed in the literature. Maybe not a big deal.

5a.47

Problem with Public Key Cryptography used alone

• If you want to send data to a destination that only it could decrypt, one would use its public key to encrypt, but:

Cannot be sure that a particular sender is sending the message encrypted with the public key as everyone knows this key.

5a.48

Data Confidentially and Data Integrity

5a.49

Data Confidentially and Data Integrity

• Data Confidentiality - information exchange needs to protected against eavesdroppers.

• Data Integrity - need to assure that message was not modified in transit (intentionally or by accident).

5a.50

Achieving Data Confidentially and Data Integrity

• “Encrypt” data in a form that makes it unreadable except by the parties that are to read it, and

• Attach a binary pattern with the message computed from the message, which changes if the message has been altered.

5a.51

Digital Signatures

• A way of achieving authentication and data integrity.

• Uses a hash function to create a message digest, a “footprint” of the message, which is encrypted with sender’s private key to create a digital signature.

• Digital signature attached to message.

5a.52

Hash Function

• Applying hash function to data will create a small fixed sized block of data, called in this in text a message digest.

• Cannot obtain original data from the digest - hence one-way.

• Changes to the data will usually alter the message digest.

5a.53

Digital Signature

my message that must be kept secret

asthf12934

Hash function Sender’s

Private Key

DataMessage

Digest

Digital Signature

Attach digital signature to message (data)

5a.54

Checking digital signatureReceiver can do the following:

1. Create a message digest from message using same hash function.

2. Decrypt message digest with sender’s public key.

3. Compare two message digests - if same message should be from sender and not altered.

5a.55

Checking digital signature

This is my message

Public keyPrivate Key

Original data

Network Original data

Digital signature

Hash

Hash

If same, data ok

5a.56

• Digital signature alone not sufficient to ensure data not altered and is from the sender.

• Possible that public key is a fake. Still could get matching digital signatures.

5a.57

Certificates

• A digital document belonging to the “End-Entity” listing its specific public key.

• A trusted party (a certificate authority, CA) certifies that the public key does in fact belong to the end-entity on the certificate.

• Certificate comparable to a Driver’s license or passport.

5a.58

Certificate

Certificate

This certificate belongs to: Barry Wilkinson

Public key of certificate owner:

Signature of Certificate Authority: MyCAOther information also on certificate, see later.

5a.59

Certificate Authority

• Certificate Authority has to first create it’s own certificate to identify itself (keeping its private key protected).

• End-Entities submit their details to CA for CA to issue a certificate back to End-Entity.

5a.60

Types of Certificates

• X.509 most widely used.

• Defined by International Telecommunications Union (ITU)

• Version 1 defined in 1988

• Version 2 , Version 3 (1996) adds fields, see next slide.

5a.61

X.509 Format (version 3)

Certificate version

Certificate serial number

Issuer signature algorithm ID

Issuer X-500 name

Validity period

Subject X-500 name

Subject public key information: Algorithm ID; Public key value

Issuer unique ID

Subject unique ID

Extensions

Issuer digital signature

5a.62

5a.63

Public Key CertificatesIf• you trust the Certificate Authorityand• you are confident that the key that you have is

really the public key of the Certificate Authoritythen• you can decrypt the certificate with confidence to

obtain the public key of the sender.

Read http://docs.sun.com/source/816-6154-10/contents.htm, section starting with Certificates and Authentication

5a.64

Public Key and Secret Key Cryptography Together

• Public Key and Secret Key Cryptography generally used together.

• Public key Cryptography with Certificates and a Certificate Authority (CA) used to establish a secure authenticated connection between parties. Then:– Secret key passed between parties.– Secret key cryptography used to encrypt data, which is

much faster than public key cryptography.

5a.65

Use of Public Key Infrastructure(PKI)

• Several network protocols have embedded public key and/or secret key cryptographic algorithms.

• Most notable is SSL (Secure Socket Layer) Protocol), which can be added on top of protocols such as http (i.e. https), FTP (sftp), and telnet. – described later

5a.66

Others include:

• S/MIME (Secure Multipurpose Internet Mail Extensions) -- for secure email, developed by RSA Data Security Inc, see:

http://www.rsa.com/smime

• SET (Secure Electronic Transaction) -- for

secure e-commerce, developed jointly by Visa, Mastercard, IBM, and other companies, for secure credit card transactions over the Internet, see:

http://www.setco.org

5a.67

Certificate Authorities• Commercial Certificate Authorities exist, such as:

– VeriSign Inc.– Entrust Technologies Inc.,

• Web browsers have built-in recognition such trusted CAs, allowing SSL and other secure connections.

5a.68

General Public Key Infrastructure

From: “Deploying a Public Key Infrastructure,” IBM Redbook, SG24-5512-00.

5a.69

Certificate Repository

• Used to store:– Issued certificates– Revoked certificates (CRLs - Certificate

Revocation List)– Might be accessed through LDAP

(Lightweight Directory Access Protocol)

5a.70

Registration Authority

• Acts for CA for some management functions (see IBM Redbooks).

• Not strictly necessary as CA could do all functions.

5a.71

CA’s own certificateCA needs it own certificate identify itself• First it generates key pair.• It protect its private key. (This is vitally important!)• It then creates a

certificate and signsit with its private key:

CA’s public key

Certificate

CA’s digital signature

CA’s X-500 name

5a.72

Requesting a certificate from a CA

• Usually the requesting client generates a public/private key pair and then submits an unsigned certificate to the CA.

• The certificate returned signed by the CA contains the public key.

5a.73

QuestionWhy usually does the CA not generate the public/private key pair for the requester?

Answer

Because it would require the private key to be sent to the requester.If the requester generates the private key, it is more secure as it does not leave requester.

5a.74

Using a signed certificate to send a secure message

• One can attached it to your message.• Alternatively, the message is sent without a

certificate and the receiver has to retrieve the certificate from a public place.

Either way, the receiver checks the signature. It has to be CA it can trust.

5a.75

CertificateLifetime

• Certificates have a limited lifetime for security purposes, i. e. certificates are issued with an expiration date.

• Have a renewal process but user will normally have same public/private key pair.

5a.76

Systems/protocols using security mechanisms

5a.77

SSL (Secure Socket Layer) Protocol

• Uses public/private keys.

• Introduced by Netscape and widely adopted.

• Supported by both Netscape and Microsoft Internet Explorer browser.

• TLS (Transport Layer Security) newer but similar.

5a.78

• Requires several message to be exchanged between client and server

• Described here in four phases.

5a.79

Phase I

• Client starts handshake and sends:– a random number, X.– list of supported ciphers and compression

algorithms

5a.80

Phase II

• Server selects cipher and compression algorithm, and notifies client. Then it sends:– another random number, Y.– a server certificate which includes public

key

5a.81

Phase III

• Client sends:– a “premaster” secret encrypting it with

server public key– possibly a client certificate

5a.82

Phase IV• Handshake finished. Message sent to inform client.

• Server and client each generate a master secret by combining random numbers X and Y, and the premaster secret.

• Several secret keys are generated from the master secret, one to encrypt the data.

• Encrypted data then sent to client.

5a.83

5a.84

SSLEnsures:

• Authentication (by verifying certificates)

• Confidentiality ((by encrypting data with secret key)

• Integrity (by digesting data)

Non-repudiation not ensured because Message Authentication Code (MAC) of transmitted data calculated with common secret key.

5a.85

Globus Grid Security Infrastructure(GSI)

• Uses public key cryptography.• Secure communication for authentication etc.• Task communication can be encrypted with

shared key if required.• Security across organizational boundaries• Proxies provide “single sign-on”.

Next set of slides (Grid computing Security).

5a.86

More InformationOn-line

• “Deploying a Public Key Infrastucture,” IBM Redbooks, www.redbooks.ibm.com, 2000, SG24-5512-00.

• For SSL protocol: http://developer.netscape.com/docs/manuals/security/sslin/index.html

• Digital signatures:

http://www.youdzone.com/signature.html

5a.87

Books

• Cryptography and Network Security 3rd edition, by William Stalling.