Outline Announcement Authentication Cryptography Authentication Quiz 3 at

Outline • Announcement • Authentication – Cryptography – Authentication • Quiz #3 at the end of today’s class 9/25/2020 COP 5611 - Operating Systems 1

Announcement • You must do your demo before 4: 30 pm, April 29, 2003 • Name server: program 1 • Prefix table Logical Prefix Server IP Server Port Remote directory / 128. 186. 120. 34 1281 /tmp/XXX/cop 5611 -DFS /program 1 128. 186. 120. 53 1282 /tmp/XXX/cop 5611 -DFS /linprog 1 128. 186. 120. 33 1280 /tmp/liux/cop 5611 -DFS /program 3 128. 186. 120. 55 1285 /tmp/XXX/cop 5611 -DFS • You need to have your servers running before you come to my office – I will test your system through your client program and based on your report 9/25/2020 COP 5611 - Operating Systems 2

Introduction • The fundamental problem to security in distributed systems is the use of cryptographic techniques – Access matrix model can be used to prevent unauthorized accesses if the users that claimed to be are true – However, in distributed systems, the user authentication becomes a big problem 9/25/2020 COP 5611 - Operating Systems 3

Introduction – cont. 9/25/2020 COP 5611 - Operating Systems 4

Potential Threats • A threat to a system in which an intruder can have access to only the ciphertext is called a ciphertextonly attack • A threat to a system in which an intruder can have access to both ciphertext and a considerable amount of corresponding plaintext is called a known-plaintext attack • A threat to a system in which an intruder can obtain ciphertext corresponding to plaintext of his choice is referred to as a chosen-plaintext attack 9/25/2020 COP 5611 - Operating Systems 5

Design Principles • Shannon’s principle – Shannon’s principle of diffusion – Spread the correlation and dependencies among key-string variables over substrings as much as possible – Shannon’s principle of confusion – Change a piece of information so that the output has no obvious relation to the input • Exhaustive search principle – The determination of the key requires an exhaustive search of the an extremely large space 9/25/2020 COP 5611 - Operating Systems 6

Private Key Cryptography • Data encryption standard (DES) – It is a block cipher that crypts 64 -bit data blocks using a 56 -bit key – Two basic operations • Permutation • Substitution – Three stages • Initial permutation stage • Complex transformation stage • Final permutation stage 9/25/2020 COP 5611 - Operating Systems 7

Private Key Cryptography – cont. 9/25/2020 COP 5611 - Operating Systems 8

Private Key Cryptography – cont. 9/25/2020 COP 5611 - Operating Systems 9

Private Key Cryptography – cont. 9/25/2020 COP 5611 - Operating Systems 10

Public Key Cryptography • Private key cryptography and conventional cryptographic techniques require the distribution of secret keys – Known as the key distribution problem • Public key cryptography solves the key distribution problem by making the encryption procedure and the associated key available in the public domain 9/25/2020 COP 5611 - Operating Systems 11

Public Key Cryptography – cont. • Now it is possible for two users to have a secure communication even they have not communicated before • Implementation issues – One-way functions 9/25/2020 COP 5611 - Operating Systems 12

RSA Method • The encryption key is a pair (e, n) • The decryption key is a pair (d, n) 9/25/2020 COP 5611 - Operating Systems 13

RSA Method – cont. • Generating the private and public key requires four steps – Choose two very large prime numbers, p and q – Compute n = p x q and z = (p – 1) x (q – 1) – Choose a number d that is relatively prime to z – Compute the number e such that e x d = 1 mod z 9/25/2020 COP 5611 - Operating Systems 14

Authentication • In distributed systems, authentication means verifying the identity of communicating entities to each other – The assumption is that the communication network is not secure in that an intruder can copy and play back a message on the network – The textbook called it “interactive secure connections” 9/25/2020 COP 5611 - Operating Systems 15

Authentication – cont. • Authentication based on a shared secret key. 9/25/2020 COP 5611 - Operating Systems 16

Authentication – cont. • Authentication based on a shared secret key, but using three instead of five messages. 9/25/2020 COP 5611 - Operating Systems 17

Authentication – cont. • The reflection attack. 9/25/2020 COP 5611 - Operating Systems 18

Authentication Using a Key Distribution Center • The principle of using a KDC. 9/25/2020 COP 5611 - Operating Systems 19

Authentication Using a Key Distribution Center – cont. • Using a ticket and letting Alice set up a connection to Bob. 9/25/2020 COP 5611 - Operating Systems 20

Authentication Using a Key Distribution Center – cont. • The Needham-Schroeder authentication protocol. 9/25/2020 COP 5611 - Operating Systems 21

Authentication Using a Key Distribution Center – cont. • Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol. 9/25/2020 COP 5611 - Operating Systems 22

Authentication Using Public-Key Cryptography • Mutual authentication in a public-key cryptosystem. 9/25/2020 COP 5611 - Operating Systems 23

Message Integrity and Confidentiality • Message integrity means that messages are protected against modification • Confidentiality ensures that messages cannot be intercepted and read by eavesdroppers • Digital signatures – A user cannot forge the signature of other users – A sender of a signed message cannot deny the validity of his signature on the message – A recipient of a signed message cannot modify the signature in the message 9/25/2020 COP 5611 - Operating Systems 24

Digital Signatures • Digital signing a message using public-key cryptography. 9/25/2020 COP 5611 - Operating Systems 25

Digital Signatures – cont. 9/25/2020 COP 5611 - Operating Systems 26

Digital Signatures – cont. • Digitally signing a message using a message digest. 9/25/2020 COP 5611 - Operating Systems 27

Key Establishment • The principle of Diffie-Hellman key exchange. 9/25/2020 COP 5611 - Operating Systems 28

Key Distribution 9/25/2020 COP 5611 - Operating Systems 29

Key Distribution – cont. 9/25/2020 COP 5611 - Operating Systems 30

Kerberos 9/25/2020 COP 5611 - Operating Systems 31

Kerberos – cont. • Setting up a secure channel in Kerberos. 9/25/2020 COP 5611 - Operating Systems 32

Electronic Payment Systems • Payment systems based on direct payment between customer and merchant. a) b) c) Paying in cash. Using a check. Using a credit card. 9/25/2020 COP 5611 - Operating Systems 33

Electronic Payment Systems – cont. • Payment systems based on money transfer between banks. a) Payment by money order. b) Payment through debit order. 9/25/2020 COP 5611 - Operating Systems 34

E-cash 9/25/2020 COP 5611 - Operating Systems 35

Secure Electronic Transactions 9/25/2020 COP 5611 - Operating Systems 36

Summary • Cryptography is a fundamental problem in security of distributed systems – Based on private keys – Based on public keys • Authentication in distributed systems • There are still a lot of challenges and research issues in this area 9/25/2020 COP 5611 - Operating Systems 37