PROPRIETARY MATERIAL. ©  2007 The McGraw­Hill Companies, Inc. All rights reserved. No part of this PowerPoint slide  may be displayed, reproduced or distributed 
in any form or by any means, without the prior written permission of the publisher, or used beyond the limited distribution to teachers and educators permitted by McGraw­Hill 
for their individual course preparation. If you are a student using this PowerPoint slide, you are using it without permission. 

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 1
Copyright © 2008


Security issues in distributed systems
• Interprocess messages travel over the network
– Hence intruders can perpetrate attacks through messages

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 2
Copyright © 2008


Security threats in distributed systems

•

Following threats can be posed through messages
– Leakage
* Message contents are read by intruder

– Tampering
* Messages are corrupted or altered

– Stealing
* Resources are accessed without authorization

– Denial of service
* Authorized users are prevented from accessing resources

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 3
Copyright © 2008


Mechanisms and policies for
distributed system security

•  Encryption ensures secrecy and integrity of meta data and messages
•  Key distribution center generates encryption keys for communication
•  Authentication is used to prevent masquerading

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 4
Copyright © 2008


Classes of security attacks

•

Four classes of attacks
– Eavesdropping
* Intruder listens to messages on the network

– Message tampering
* Intruder corrupts or alters messages

– Message replay
* Intruder inserts copies of old messages in message communication
to fool processes

– Masquerading
* Intruder is able to pass off as an authorized user to perform
computations and use resources

Chapter 20: 

Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 5
Copyright © 2008


Message security

•

Three techniques are used for message security
– Private key encryption
* All messages sent to a process are encrypted with its private key
 Problems: Private key is exposed to attacks all through
process lifetime. Difficult for user processes to know each
other’s keys.
 Used for communication from OS to user processes

– Public key encryption
* A process has a (public key, private key) pair
 Encryption is asymmetric: Messages sent to it are encrypted
using its public key; it decrypts them using its private key

– Session key encryption
* A session key is generated for each communication session
between processes
 Limits exposure of the encryption key

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 6
Copyright © 2008


Encryption techniques

•

Public key encryption
– Pi has a pair (Ui, Vi), where Ui, Vi are public, private keys
* Vi cannot be guessed from Ui
* For any message m, Dvi(EUi(Pm)) = Pm for all Ui, Vi
* Sender encrypts using Ui, Pi decrypts using Vi
* Rivest-Shamir-Adelman (RSA) algorithm is used to generate (Ui, Vi)
 Let (u, v) be the pair of keys and x, y < n
» Eu(x) = xu mod n
» Dv(y) = yv mod n

 n is a product of two large prime numbers p and q
» v should be relatively prime to (p – 1) x (q – 1)
» u x v mod [(q – 1 ) x ( q – 1 )] = 1

– Keys are longer than private keys and encryption / decryption is
slower


Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 7
Copyright © 2008


Distribution of encryption keys

•

Processes have to know which keys to use for
encrypting messages to other processes
– A key distribution center (KDC) is a trusted service which
provides the keys securely to processes
– When process Pi wishes to communicate with Pj
* It makes a request to KDC, passing Pj’s id
* KDC actions:
 Public key encryption: Provides public key of Pi
 Session key encryption: Generates a session key and provides
it to Pi. Also enables Pi to pass the key securely to Pj

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—

A Concept­Based Approach , 2 ed

Slide No: 8
Copyright © 2008


Distribution of public keys

•

Steps
– Step 1: Pi → KDC : EUkdc (Pi, Pj)
– Step 2: KDC → Pi : EUi (Pj, Uj)
Encryption is employed merely to prevent message tampering

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 9
Copyright © 2008


Distribution of session keys

•

Steps

– Step 1: Pi → KDC : Pi, Pj
– Step 2: KDC → Pi : EVi(Pj, Ski,j, EVj(Pi,Ski,j))
– Step 3: Pi → Pj

Chapter 20: 
Distributed System Security

: EVj(Pi, Ski,j), ESKi,j (< message >)

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 10
Copyright © 2008


Obtaining a session key

•

In a public key system, a process can itself choose a
session key to communicate with another process
– Step 1: Pi → KDC : EUkdc (Pi, Pj)
– Step 2: KDC → Pi : EUi (Pj, Uj)
– Step 3: Pi → Pj

: EUj(Pi, Ski,j), ESKi,j(< message >)

Pi requests public key of Pj in step 1 and obtains it in step 2. In
step 3, it communicates the selected session key to Pj


Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 11
Copyright © 2008


Preventing message replay attacks

•

How to check whether message m received by Pj from
Pi is a genuine message
– Check whether m was sent by a Pi in ‘real time’
– The Challenge-response protocol is used for this purpose

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 12
Copyright © 2008



Challenge–response protocol

•

Steps
– Challenge
* Pj throws a challenge to the message sender to prove that it is Pi
 It sends a challenge string encrypted using Pi’s key
 The string is called a nonce

– Response
* Message performs following actions
 Decrypts the message
 Transforms the challenge string in expected manner
 Encrypts result so that only Pj can decrypt it and sends it back

– Detect
* Pj decrypts and checks whether the reply is as expected
Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 13
Copyright © 2008


Mutual authentication


•

Processes must authenticate each other before entering
into communication
– Pi chooses and communicates a session key to another process
* Step 1: Pi → KDC : EUkdc (Pi, Pj)
* Step 2: KDC → Pi : EUi (Pj, Uj)
* Step 3: Pi → Pj

: EUj(Pi, Ski,j), ESKi,j(< message >)

– The recipient process must authenticate the sender using the
challenge–response protocol
* Step 4: Pj → Pi : EUi (Pj, n)
* Step 5: Pi → Pj : EUj(n+1)

– Now the communication can begin
Chapter 20:  * Step 6: Pi
Distributed System Security

→ Pj :Dhamdhere: Operating Systems—
ESKi,j(< message >)
A Concept­Based Approach , 2 ed

Slide No: 14
Copyright © 2008


Authentication of data and messages


•

Authenticity and integrity of data
– Authenticity
* Implies that data was originated or sent by a claimed person, and
that it has not been tampered with

– Integrity
* Implies that data has not been tampered with

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 15
Copyright © 2008


Integrity of data

•

Integrity is ensured through use of a message digest
– Message digest v of data d is a fixed length hash value obtained
from d
* It is obtained by employing a one-way hash function
* Given v, it should be impossible to construct a data d’ such that v is
its message digest

 It is called a birthday attack

– The pair < d, v > is stored
* To check whether d has been tampered with, the hash value of d is
obtained and compared with v

– v or < d, v > is encrypted to protect against tampering
* It makes the integrity check foolproof
Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 16
Copyright © 2008


Authenticity of data

•

Authenticity has two requirements
– Integrity of data
* It is ensured through use of the message digest (see previous slide)

– Successful decryption of v or < d, v > should verify that it was
originated or sent by the claimed entity
* It is ensured by encrypting v or < d, v > with the encryption key of
the originator or sender of d

* The process wishing to verify authenticily of d must obtain
encryption key of the data’s originator or sender
 A certification authority is used to securely obtain the
encryption key of the originator or sender of d
* Successful decryption of d or < d, v > now implies authenticity of
data
Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 17
Copyright © 2008


Certification authority (CA)

•

CA assigns public and private keys to an entity after
ascertaining its identity though physical verification
– It issues a public key certificate containing following information
* Serial no, owner’s distinguishing name, identification information
* Owner’s public key
* Date of issue and expiry
* Digital signature by the CA

– A process obtains the certificate of the server it wishes to use
– It authenticates the server to prevent a man-in-the-middle attack

* In this attack, an intruder masquerades as a server
 Intercepts messages, provides fake certificate
 Digital signature thwarts such attacks
Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 18
Copyright © 2008


Message authentication code (MAC)
and Digital signature

•

MAC is used to check integrity of data, digital signature
is used to ensure authenticity of data
– Message authentication code (MAC)
* Message digest v of data d is obtained using a one-way hashing fn
* v is encrypted so that only the intended receiver of d can decrypt it

– Digital signature
* Pi, the originator or sender of d encrypts it to obtain v
* Encrypts v and, optionally, a time stamp with its own private key to
obtain the DSd, the digital signature for d
* The pair < d, DSd > is stored or transmitted
* Recipient of < d, DSd > decrypts it using public key of Pi

 Successful decryption guarantees authenticity
 P cannot deny having originated or sent d (non-repudiability)

i
Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 19
Copyright © 2008


Use of a digital signature

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 20
Copyright © 2008


Third party authentication

•


How does a server know that a process that wishes to
use its services was created by an authorized user?
– A third party authenticator performs two functions to facilitate
answering of this question
* Authentication
 It authenticates a user
* Secure arrangement to introduce an authorized user to a server
 This way, a server knows that a user is genuine

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 21
Copyright © 2008


Kerberos

•

Features of Kerberos
– Authentication is performed through an authentication data base
– Authorization is performed by providing tickets to processes
* A ticket is like a capability, it authorizes a process to use a service
* It contains the process and server ids, a session key for
communication, and the lifetime over which it is valid
* At log in time, each process gets a ticket to a ticket granting server

(TGS); TGS generates tickets for other servers

– When a process wishes to use a server
* It submits a ticket for the server and an authenticator containing a
time-stamp encrypted with the session key
* Server checks validity of ticket, extracts the session key and checks
the authenticator to ensure that the request is made in ‘real time’
Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 22
Copyright © 2008


Kerberos

•  Client is a process that operates on
   user’s computer and obtains services
   on behalf of the user
•  Step 1.3 provides session key and
   ticket for TGS
•  Step 2.1 provides session key and
   ticket for a server
•  Steps 3.1, 3.2 implement invocation
    of a service

Chapter 20: 

Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 23
Copyright © 2008


Secure sockets layer (SSL)

•

SSL is a message security protocol providing
authentication and communication privacy
– SSL handshake protocol is used before a client-server session
starts
* It uses RSA public-key encryption to authenticate the server
* It also optionally authenticates the client
* Generates symmetric session keys for the session

– SSL record protocol
* Performs actual message exchange using the session key

– Message integrity is provided through MAC and authenticity
through digital signature

Chapter 20: 
Distributed System Security


Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed

Slide No: 24
Copyright © 2008


Secure sockets layer (SSL)

•

SSL Handshake protocol
– Client sends client-hello message containing the string nclient
– Server sends server-hello message containing nserver
– Server sends its digital certificate; optionally asks for the client’s
– Client sends encrypted premaster secret message containing a
48-byte premaster secret encrypted with server’s public key
– Both client and server now generate master secret from the
premaster secret, nclient and nserver using a standard one-way
function
– Four keys are generated from the premaster secret
* two are used for encryption of messages between the client and the
server, and two are used for generating MACs

Chapter 20: 
Distributed System Security

Dhamdhere: Operating Systems—
A Concept­Based Approach , 2 ed


Slide No: 25
Copyright © 2008