Syllabus   Blank Homework  
Notes   Labs   Scores   Blank

Lecture Notes
Dr. Tong Lai Yu, March 2010
    0. Review and Overview
    1. An Introduction to Distributed Systems
    2. Deadlocks
    3. Distributed Systems Architecture
    4. Processes
    5. Communication
    6. Distributed OS Theories
        7. Distributed Mutual Exclusions
    8. Agreement Protocols
    9. Distributed Scheduling
    10. Distributed Resource Management
    11. Recovery and Fault Tolerance
    12. Security and Protection
    No steam or gas ever drives anything until it is confined.
    No life ever grows great until it is focused, dedicated, disciplined.
    						Henry Emerson Fosdick
    Security and Protection
    1. Potential Information Security Violations

    2. Aspects of Security

    3. Protection versus Security

    4. Design Principles

    5. Access Matrix Model

      A model of protection abstracts the essential features of a protection system so that various properties of it can be proven.

    6. Capabilities

    7. Access Control List

    8. The Lock-Key Method

    9. Encryption

      To provide data security. Store and transmit information in an encoded form that does not make any sense.

      The basic mechanism:

      encryption Function

      Decryption Function

      All of this only works under three conditions:

      Public key encryption: new mechanism for encryption where knowing the encryption key does not help you to find decryption key, or vice versa.

      Encryption procedure E and decryption procedure D must satisfy the following properties:

      1. for every message M, D(E(M)) = M
      2. E and D can be efficiently applied to any message M
      3. it is extremely hard to derive D from E

      e.g. Safe mail:

      Does such a scheme exist?

      The RSA ( Rivest-Shamir-Adleman ) scheme:

    10. Digital Signatures

      Positive identification: can also use public keys to certify identity:

      These two forms of encryption can be combined together. To identify sender in secure mail, encrypt first with your private key, then with receiver's public key. The encryption/decryption functions to send from B to A are:

      encrypted text = E ( D( P, d-keyB ), e-keyA )
      decrypted text = E ( D( P, d-keyA ), e-keyB )

      Digital Signature

      Encryption appears to be a great way to thwart listeners. It does not help with Trojan Horses, though.

      Old Data Encryption Standard (DES) is not public-key based, but as implemented efficiently and appeared to be relatively safe.

      New Advanced Encryption Standard (AES), called Ryndal (pronounced "rine doll").

      General problem: how do we know that an encryption mechanism is safe? It is extremely hard to prove. This is a hot topic for research: theorists are trying to find provably hard problems, and use them for proving safety of encryption.

      Summary of Protection: very hard, but is increasingly important as things like electronic funds transfer become more and more prevalent.

    11. Wi Fi Security
    12. What is PKI?
      • Public Key Infrastructure
      • Collection of digital certificates:
        1. objects that bind identity information to keys using distinguished names
        2. used to verify identities of servers/services or individuals/clients
      • Used to provide authentication, non-repudiation

    13. PKI Components
      • Digital certificates
      • Digital signatures
      • Certificate Authority
      • Key management protocols
      • Public key -- distributed, preferably through a centralized directory; used to encrypt data
      • Private key -- used to decrypt or electronically sign data; preferably protected with passphrase

    14. Digital Certificates
      • Issued to or generated by an owning entity ( client or server )
          --Often issued by trusted authority for authentication systems
      • Contains identifying information
          --Owner name, owner public key, key validity timeframe, issuer identity
      • Can contain additional information for specific applications

    15. Certificate Authority ( CA )
      • Responsible for issuing certificates
      • Trust aggregation point
      • Performs identity verification for certificate requests
      • Signs public keys of entities that prove their identity
      • Public and private CA's

    16. CA - Certificate Management
      • CA's must accommodate key revocation ( CRL )
          -- Entities need a method to recover from a compromised key
          -- Verifying parties should check CRL before authenticating identity
      • May provide key recovery services
          -- Lost private keys, forgotten passwords

    17. Key Management Protocols
      • X.509 used for most PKI implementations
      • Key contains two sections:
        1. Data section includes identity, use information, public key, CRL location
        2. Signature section includes algorithm, encrypted hash of identity section data
      • Signature section signed by CA's private key

    18. Key File Formats
      • DER ( Distinguished Encoding Rules ) -- Certificate in ASN.1 file format
          --Includes .der, .cer file extensions
      • PEM ( Privacy Enhanced Mail ) -- Base64 encoded DER file
      • PKCS#12 ( Public Key Crytography Standard #12 ) -- Storage of private and associated public keys, password
      • PKCS#7 -- Format to disseminate certificates ( such as a CA certificate )

    19. Trust and Key Distribution
      • Trust is a critical component of PKI
      • In large PKI deployments, impossible to trust everyone directly
          --Trust is extended through relationships with other trusted entities
      • Trust can be centrally managed, or distributed

    20. Wireless Network Authentication Architecture
      • Deploying 802.1x assumes user database exists
          --Microsoft AD, LDAP, Cisco Secure ACS, Sun iPlanet, etc.
      • Integrity of user database influences security of WLAN

    21. User Database Recommendations
      • Enforce strong password selection
      • Audit regularly for weak passwords
          --Expire weak passords, force reset
      • Enable failed login account lockout
      • Monitor accounts for signs of abuse
      • Consider time-based authorization
          --Do users require to access WLAN 24-hours a day?
      • Limit number of simultaneous logins
      • Grant access to limited user population