Distributed Systems

Security

0 TODO: add link to comp systems summary <15-10-20, yourname> 0

[[toc]]

Challenges of Security

Threats and Attacks

Threats

Main classes of security threats

Attacks

Threats from Mobile Code

Information Leakage

Securing Electronic Transactions

Example security policies

Designing Secure Systems

Worst case assumptions

Design Guidelines

Cryptography

Standard participants

Notation

Scenario 1: Secret communication via shared secret key

Alice and Bob share a secret key $k_{AB}$, and agree upon an encryption/decryption algorithm.

If the decrypted message makes sense or contains an agreed upon-value (checksum etc), Bob can be confident:

Issues

Alice needs to send something with the message so that Bob can verify it isn’t a replay

Scenario 2: Authenticated communication with a server

  1. Alice sends a plaintext message to Sara stating identity and requesting a ticket for access to Bob
  2. Sara sends a ticket ${K_{AB}, \text{Alice}}{K_B}$ to Alice encrypted with $k_A$ containing ticket encrypted by $k_B$, and a new secret key $k{AB}$: ${{\text{Ticket}}{K_B}, K{AB}}_{K_A}$
  3. Alice decrypts with $K_A$, giving a ticket for Bob and a shared key:
    • Alice can’t tamper with the ticket, as it’s encrypted with $K_B$
  4. Alice sends the ticket to Bob with her identity and request $R$ to access a file: ${\text{Ticket}}_{K_B}, Alice, R$
  5. Bob decrypts the ticket with $K_B$, allowing him to confirm Alice’s identity, and establishes a shared session key $K_{ AB }$

Issues

Scenario 3: Challenge-response

Scenario 4: Authenticated communication with public keys

Digital Signature

Digital Signatures with Public Keys

MACs - Digital signatures with secret keys

MACs

Certificates

Certificate Chain

public-key-infrastructure-hierarchy

Cryptographic Algorithms

Stream Cipher

Cipher Block Chaining (CBC)

CBC

Transport Layer Security

Handshake Protocol

TLS Handshake Protocol

Security Measures

Protocol stack

TLS Protocol Stack

Record Protocol

TLS Record Protocol

Java secure server

Kerberos

Security Objects

Architecture

Kerberos

Implementation


Edit this page.