Computer Security

Tran, Van HoaiDepartment of Systems & Networking

Faculty of Computer Science & EngineeringHCMC University of Technology

2009-2010 2

Outline

• Introduction to security• Secure channels• Access control• Security management• Example: electronic payment systems

Security concerns in distributed systems

the rest of

email server

Web server

Desktopcomputers

File server

router/firewall

print and other servers

other servers

print

Local areanetwork

email server

the Internet

SECURE CHANNELSauthentication

message integrityconfidentiality

ACCESS CONTROLauthorization

What are security threats ? (1)

• Interception: an unauthorized party has gained access to resource– communication between 2 parties has been

overheard by someone else– data illegally copied after breaking into private

directoty• Interrupt: resources unavailable, unusable,

destroyed,…– Denial of Service

What are security threats ? (2)

• Modification: unauthorized changing of data or tampering with a service so that it loses original specifications– changing program to log secretly user’s activities

• Fabrication: additional data or activity generated that would normally not exist– add an entry to password file

Security policy & security mechanisms

• Building a secure system is not to protect against all threats– First, security policies must be created

Security policy = to describewhich actions the entities are allowed to take

and which ones are prohibitedSecurity mechanism = to enforce

security policies

Security mechanisms

• Encryption– hacker cannot understand (cryptography)– provide confidentiality, integrity

• Authentication– verify a claimed identity

• Authorization– check permissions (rights) to perform actions

• Auditing– trace clients’ access

Globus security

Design issuesFocus of control – protection on data

Data is protected against wrong or invalid operations

InvocationMethod

State

Object

Operations can be performed, but main concern is data integrity

Design issuesFocus of control – protection on invocation

Data is protected against unauthorized invocations

InvocationMethod

State

Object

Main concern is access control mechanisms

Design issuesFocus of control – protection on user

Data is protected by checkingthe role of invoker

InvocationMethod

State

Object

Main concern is defining roles that users have

Design issuesLayer of security mechanisms

Application

Middleware

OS Services

OS kernel

Hardware

Transport

Network

Datalink

Physical

Application

Middleware

OS Services

OS kernel

Hardware

Transport

Network

Datalink

Physical

network

low-levelprotocols

high-levelprotocolsMain concern is

where security mechanisms are placed

IDEA: TRUSTdepending on the trust a client has in how secure

the services are in a particular layer

Trust on different layers

SMDS

Encryption device

Different LANs trust each other, but do not trust SMDS

Trust router(encryption device)

If not Use SSL

In distributed system, security mechanisms often placed in middleware

Design issuesDistribution of security mechanisms

• Middleware-base distributed system trusts local OS it depends on– If not, part of functionality of OS must be

integrated in distributed system• Use the approach “Reduced Interfaces for

Secure System Components”servers running secure services

no direct access from other machines

access control device

Design issuesSimplicity

• Few, simple security mechanisms easily understood and trusted to work, the better it is– It is not easy in practice

• Applications are inherently complex, therefore security services, protocols should be simple

Cryptography

Encryption methodPlaintext, P

Encryption key, EKSender

Decryption method

Plaintext, P

Decryption key, DK

Receiver

CiphertextC=EK(P)

Passive intrudersonly listen to C

Active intruderscan alter messages

Active intruderscan insert messages

Symmetric cryptosystems: DESPublic-key cryptosystems: RSA

Hash functions: MD5

Secure channels

• Protecting clients and servers against– interception: ensureing confidentiality– modification, fabrication: mutual authentication

and message integrity• authentication and message integrity must go together• Ex: A sends B a message m. A and B both authenticated,

but how guaranteeing m is not modified

Authentication based on shared secret key

ALICE

BOB

A

RB

KA,B(RB)

RA

KA,B(RA)

1

2

3

4

5

Challenge-response protocol- RA, RB: challenge from A, B respectively- KA,B: secret key shared by A, B

- Key distribution center can reduce number of keys- No longer used because defeated by reflection attack

Authentication based on public-key cryptography

ALICE

BOB

KB+(A, RA)

KA+(RA,RB,KA,B)

KA,B(RB)

1

2

3

-KA+, KA

-: public and private keys of A respectively- KA,B: session key shared by A, B

Digital signatures

• Example:– Bob sells Alice an item with price $500– Alice sends Bob an email to confirm– Two issues happen

• Alice needs to be sured Bob maliciously change to price to higher value

• Bob needs to be sures Alice cannot deny the price (preventing second thoughts)

Require a signature associated with the email’s content

Digital signature using public-key

Bob’s public key, KB

+

Alice’s private key, KA

-m

Bob’s privatekey, KB

-

Alice’s public

key, KA+

m

Alice’s computer Bob’s computer

KB+(m, KA

-(m))KA-(m) KA

-(m)