25
Distributed System – Security Aspects
| Date post: | 12-Apr-2017 |
| Category: |
Engineering |
| Upload: | smita-gupta |
| View: | 220 times |
| Download: | 1 times |
Distributed System – Security Aspects
OUTLINE
INTRODUCTION Terminologies DDBMS Rules DB Security & Monitoring
LITERATURE REVIEW PROBLEM STATEMENT CONCLUSION REFERENCES
2
3
INTRODUCTION• Terminologies:
• DBMS: Collection of components that support data acquisition, dissemination, storage, maintenance, retrieval and formatting.
• D-DBMS: Logically inter-related collection of shared data physically distributed over a computer network; Each of this is stored on one or more computers under the control of separate DBMS.
[Fig. 1-A: DBMS Rules[4] ]
Fig. 1-B: DB security and monitoring[3]
5
LITERATURE-REVIEW
6
LITERATURE-REVIEW(1/2)
• Title: “Testing Data Integrity in Distributed Systems”[1]
Author: Manika Mittal, Ronak Sangani, Kriti Srivastava Year of Publication: 2015
• Aim: To present a technique to test distributed environments against attacks on data integrity.
• Keywords: Distributed System; Two Phase Commit Protocol; Hash Function; Collisions
7
LITERATURE-REVIEW(1/2 Cont..)• Introduction:
– In this age of big data every small or big, old or new data is considered to be of great importance.
– Data is being frequently created, copied and moved around.– With rapid increase in data, security threats have also increased.– This is the main reason why enterprises use their own private data storage
instead of using public clouds.– Privacy preservation is a must in Social Network, E-Commerce, and Service
Orientation and Cloud.– Threats can be classified as: damaging existing data, stealing information,
creating disruption in the network, exposing confidential data and corruption.
• History:
‾ History shows that security breach has happened in even the largest and leading organizations.
‾ In 2010, Google revealed that it had been a victim of cyber-attack, where some of its intellectual properties were stolen.
‾ In 2011, Sony play station network was hacked, which shut the service for several days and millions of user information was exposed.
LITERATURE-REVIEW(1/2 Cont..)
• Existing System:
– Distributed System (DS) is a collection of independent nodes, as shown in Fig.1-C[1], each of which store data fragments ( D1, D2, etc.).
Fig.1-C:Distributed System with replicated data fragments. [1]
LITERATURE-REVIEW(1/2 Cont..)
• Data Storage in Distributed System:
‾ The data to be stored is split into fragments and these fragments are distributed across several nodes. This process is called Data Fragmentation.
‾ Data Replication has the following advantages:‾ Even if a site fails but has its data replicated on another site, that data
would still be accessible. This improves both availability and reliability.‾ Placing a copy of data within close proximity to the process using them
will reduce the access time of that data leading to enhanced performance.
• Maintaining consistency: Two Phase Commit Protocol :
‾ In order to achieve the tight consistency, we use the two phase commit protocol(2PC):‾ Phase 1: Voting Phase ‾ Phase 2: Decision Phase
LITERATURE-REVIEW(1/2 Cont..)
• Example[1]: The coordinator wants to update a replica of some data in the database while P1 and P2 are the participant nodes which also contain replicas of the same data.
LITERATURE-REVIEW(1/2 Cont..)
LITERATURE-REVIEW(1/2 Cont..)
• Problem: Attack on Integrity of Data:
⁻ Suppose an attacker makes an illegal modification to a copy of data in Node 1 (Fig.1-C[1]). For the user, who requests access to data D1, the DS is a coherent system and he is unaware of which copy of data is made available to him.
⁻ Due to the attack, the content of D1 in Node1 is different from that in Node 2. ⁻ Since the user has no way of verifying the integrity of data he will not realize
that the data has been changed and he may continue using the malicious data D1.
• Solution: Hash Functions:
‾ A hash function is a one way function which takes as input a message of any arbitrary length and returns a fixed length output which is called the hash or message digest of the input message.
‾ This hash value is appended with the message and recomputed by the receiver in order to detect attacks on data.
LITERATURE-REVIEW(1/2 Cont..)
LITERATURE-REVIEW(1/2 Cont..)
• Modified Two Phase Commit Protocol:
– The calculation of hash values for data can be done at the end of 2PC Protocol, as shown in Fig. 4[1], every time a data is updated or added to the DS.
LITERATURE-REVIEW(1/2 Cont..)
16
LITERATURE-REVIEW(2/2)
• Title: “Special aspects of the development of the security infrastructure for DCSs”[2]
Authors: Julia Dubenskaya, Andrey Demichev, Alexander Kryukov, and Nikolay Prikhodko
Year of Publication: 2015
• Aim: To introduce an approach to avoid using the proxy certificates. This makes the security infrastructure of distributed computing systems (DCS) simpler for development, support and use.
• Keywords: web service, GRID, PKI, proxy certificate
17
• The development of the modern Web technology sets a crucial task of building heterogeneous and geographically dispersed DCS;
• E.g. GRIDs, which provide users with di erent computing resources by ffmeans of a unified interface.
• The advantage of DCS is the simplification of an access to clouds, supercomputers, databases and, as consequence, growth of e ciency of ffiscientific research and engineering developments in aero and hydrodynamics, laser and atomic industry and in many other areas.
• Two main problems which must be resolved by the DCS security infrastructure:– Security of communications;– Delegation of authority from one service to others during processing of user
requests.
LITERATURE-REVIEW(2/2 Cont..)
• DCS security infrastructure:
‾ Providing the security of DCS implies solving the following basic problems: 1) Authentication. 2) Authorization. 3) Delegation.
‾ Let us consider the delegation procedure in DCS for the following task flow (see Fig. 5):• A Client asks a Service to perform a request.• The Service1 sends a sub-request to Service2.
Fig. 5: Delegation of credentials[2]
LITERATURE-REVIEW(2/2 Cont..)
LITERATURE-REVIEW(2/2 Cont..)• How a delegation is carried out ?
– Solution used in GRID:
The proxy certificate has the following properties:o It is signed with standard X.509;o Contains both public and private keys; o Needs no password ;o Cannot be revoked;o Used by GRID services, to act on behalf of the proxy issuer.
• To reduce the chance for proxy certificate to be stolen, the proxy must have very short lifetime.
• This leads to the problem of the renovation of the proxy.• The possible solution is the MyProxy service.
LITERATURE-REVIEW(2/2 Cont..)• Security infrastructure without proxy certificates:
‾ Let us consider a set of entities (services or users) which interact with each other and are divided into two classes:
• Services and users which produce requests on behalf of themselves; • Services which produce requests on behalf of other entities.
‾ TASK EXECUTION: Entities of first type are services which play a role of access points. The entities of second class are data storage services.
‾ All services are registered in an VS (Validation Service), means all requests from unknown services will be rejected.
‾ Each request processed is accompanied by an accounting information. ‾ Accounting information is a triple of the following objects:
ac = {h, Entitys, Entityd},
Fig. 6: New architecture of security infrastructure of DCS. [2]
LITERATURE-REVIEW(2/2 Cont..)
‾ In processing the request, the VS accumulates chains of accounting information for each request in the DCS.
‾ This information can be used for revocation of the request at any stage of processing.
LITERATURE-REVIEW(2/2 Cont..)
Table1: Features comparison with and without proxy[2]
23
PROBLEM STATEMENT– If the system does not have a global Hash Store then any illegal
modification made to one replica of data fragment, by the testing model will go undetected.
– On the other hand if the system does have a global Hash Store but the testing model can find a collision for a data fragment in feasible time using the above approach then again the illegal modification will go undetected and the DS would fail the Data Integrity Test.
– The disadvantage of the approach in LR2 is the need to generate a separate hash for each request.
24
CONCLUSION
‾ The testing strategy introduced in LR1 will help a user to evaluate the trustworthiness of different DSs and choose the one which is strongest against Data Integrity attacks.
‾ By adding global Hash Store to a DS will make the hash values of all the data fragments, available to the authenticated users.
‾ The approach in LR2 allows to eliminate the use of credential management service such as MyProxy to simplify the development of DCS, its installation and support and, finally, interaction of users with the systems.
25
REFERENCES
1. Manika Mittal, Ronak Sangani, Kriti Srivastava ,“Testing Data Integrity in Distributed System”, 1877-0509 © 2015-Elsevier; doi: 10.1016/j.procs.2015.03.077.
2. Julia Dubenskaya, Andrey Demichev, Alexander Kryukov, and Nikolay Prikhodko ,“Special aspects of the development of the security infrastructure for distributed computing systems”, © 2015-Elsevier; doi: 10.1016/j.procs.2015.11.059
3. http://www.buydata.me/data-management.html
4. http://exploredatabase.blogspot.in/2015/03/dates-twelve-rules-for-distributed-database.html
