distributed systems
play

Distributed Systems Secure Communication Paul Krzyzanowski - PowerPoint PPT Presentation

Sep 30, 2023 •246 likes •860 views

Distributed Systems Secure Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Symmetric cryptography Both parties

  1. Distributed Systems Secure Communication Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.

  2. Symmetric cryptography • Both parties must agree on a secret key, K • message is encrypted, sent, decrypted at other side D K (C ) E K (P) Bob Alice • Key distribution must be secret – otherwise messages can be decrypted – users can be impersonated

  3. Key explosion Each pair of users needs a separate key for secure communication Bob Alice Alice Bob K AB K AB K AC K BC 2 users: 1 key 4 users: 6 keys Charles 3 users: 3 keys 100 users: 4950 keys 1000 users: 399500 keys n ( n 1 ) n users: keys 2 6 users: 15 keys

  4. Key distribution Secure key distribution is the biggest problem with symmetric cryptography

  5. Key exchange How can you communicate securely with someone you’ve never met? Whit Diffie: idea for a public key algorithm Challenge: can this be done securely? Knowledge of public key should not allow derivation of private key

  6. Diffie-Hellman exponential key exchange Key distribution algorithm – first algorithm to use public/private keys – not public key encryption – based on difficulty of computing discrete logarithms in a finite field compared with ease of calculating exponentiation allows us to negotiate a secret session key without fear of eavesdroppers

  7. Diffie-Hellman exponential key exchange • All arithmetic performed in field of integers modulo some large number • Both parties agree on – a large prime number p – and a number < p • Each party generates a public/private key pair private key for user i : X i public key for user i : Y i =

  8. Diffie-Hellman exponential key exchange • Alice has secret key X A • Bob has secret key X B • Alice has public key Y A • Bob has public key Y B • Alice computes K = (Bob’s public key) (Alice’s private key) mod p

  9. Diffie-Hellman exponential key exchange • Alice has secret key X A • Bob has secret key X B • Alice has public key Y A • Bob has public key Y B • Alice computes • Bob computes K’ = (Alice’s public key) (Bob’s private key) mod p

  10. Diffie-Hellman exponential key exchange • Alice has secret key X A • Bob has secret key X B • Alice has public key Y A • Bob has public key Y B • Alice computes • Bob computes • expanding: • expanding: K = K’ K is a common key , known only to Bob and Alice

  11. Diffie-Hellman example Suppose p = 31667, = 7 Bob picks Alice picks X B = 27 X A = 18 Bob’s public key is: Alice’s public key is: Y B = 7 27 mod 31667 = Y A = 7 18 mod 31667 = 22184 6780 K = 6780 27 mod 31667 K = 22184 18 mod 31667 K = 14265 K = 14265

  12. Key distribution problem is solved! • User maintains private key • Publishes public key in database (“phonebook”) • Communication begins with key exchange to establish a common key • Common key can be used to encrypt a session key – increase difficulty of breaking common key by reducing the amount of data we encrypt with it – session key is valid only for one communication session

  13. RSA: Public Key Cryptography • Ron Rivest, Adi Shamir, Leonard Adleman created a true public key encryption algorithm in 1977 • Each user generates two keys – private key (kept secret) – public key • difficulty of algorithm based on the difficulty of factoring large numbers – keys are functions of a pair of large (~200 digits) prime numbers

  14. RSA algorithm Generate keys – choose two random large prime numbers p , q – Compute the product n = pq – randomly choose the encryption key, e , such that: e and ( p - 1)( q - 1) are relatively prime – use the extended Euclidean algorithm to compute the decryption key, d : ed = 1 mod (( p - 1) ( q - 1)) d = e -1 mod (( p - 1) ( q - 1)) – discard p , q

  15. RSA algorithm • encrypt – divide data into numerical blocks < n – encrypt each block: c = m e mod n • decrypt: m = c d mod n

  16. Communication with public key algorithms Different keys for encrypting and decrypting – no need to worry about key distribution

  17. Communication with public key algorithms Alice Bob Alice’s public key: K A Bob’s public key: K B exchange public keys (or look up in a directory/DB)

  18. Communication with public key algorithms Alice Bob Alice’s public key: K A Bob’s public key: K B D b (C) E B (P) decrypt message with encrypt message with Bob’s private key Bob’s public key

  19. Communication with public key algorithms Alice Bob Alice’s public key: K A Bob’s public key: K B D b (C) E B (P) decrypt message with encrypt message with Bob’s private key Bob’s public key E A (P) D a (C) encrypt message with decrypt message with Alice’s public key Alice’s private key

  20. Public key woes Public key cryptography is great but: – RSA about 100 times slower than DES in software, 1000 times slower in HW – Vulnerable to chosen plaintext attack • if you know the data is one of n messages, just encrypt each message with the recipient’s public key and compare – It’s a good idea to reduce the amount of data encrypted with any given key • but generating RSA keys is computationally very time consuming

  21. Hybrid cryptosystems Use public key cryptography to encrypt a randomly generated symmetric key session key

  22. Communication with a hybrid cryptosystem Alice Bob Bob’s public key: K B Get recipient’s public key (or fetch from directory/database)

  23. Communication with a hybrid cryptosystem Alice Bob Bob’s public key: K B Pick random session key, K Encrypt session key with Bob’s public key E B ( K ) K = D b (E B ( K )) Bob decrypts K with his private key

  24. Communication with a hybrid cryptosystem Alice Bob Bob’s public key: K B K = D b (E B ( K )) E B ( K ) D K (C) E K (P) encrypt message using a decrypt message using a symmetric algorithm symmetric algorithm and key K and key K

  25. Communication with a hybrid cryptosystem Alice Bob Bob’s public key: K B K = D b (E B ( K )) E B ( K ) D K (C) E K (P) E K (P’) D K (C’) decrypt message using a encrypt message using a symmetric algorithm symmetric algorithm and key K and key K

  26. Digital Signatures

  27. Signatures We use signatures because a signature is: Authentic Unforgeable Not reusable Non repudiatable Renders document unalterable

  28. Signatures We use signatures because a signature is Authentic Unforgeable Not reusable Non repudiatable Renders document unalterable ALL UNTRUE! Can we do better with digital signatures?

  29. Digital signatures - arbitrated protocol Arbitrated protocol using symmetric encryption – turn to trusted third party (arbiter) to authenticate messages Trent Trent is trusted and has everyone’s keys C=E A (P) Bob Alice Alice encrypts message for herself and sends it to Trent

  30. Digital signatures - arbitrated protocol Trent P= D A (C) Bob Alice Trent receives Alice’s message and decrypts it with Alice’s key - this authenticates that it came from Alice - he may choose to log a hash of the message to create a record of the transmission

  31. Digital signatures - arbitrated protocol Trent C’= E B (P) Bob Alice Trent now encrypts the message for Bob and sends it to Bob

  32. Digital signatures - arbitrated protocol Trent P’= D B (C’) Bob Alice Bob receives the message and decrypts it - it must have come from Trent since only Trent and Bob have Bob’s key - if the message says it’s from Alice, it must be - we trust Trent

  33. Digital signatures with multiple parties Bob can forward the message to Charles in the same manner. Trent can validate stored hash to ensure that Bob did not alter the message Charles Trent C’’= E B (P’) P’= D B (C’) Bob Alice Bob encrypts message with his key and sends it to Trent

  34. Digital signatures with multiple parties Charles Trent P’’= D B (C’’) Bob Alice Trent decrypts the message - knows it must be from Bob - looks up ID to match original hash from Alice’s message - validates that the message has not been modified - adds a “signed by Bob” indicator to the message

  35. Digital signatures with multiple parties Charles Trent C’’’= E C (P’’) Bob Alice Trent encrypts the new message for Charles

  36. Digital signatures with multiple parties Charles Trent P’’’= D C (C’’’) Bob Alice Charles decrypts the message - knows the message must have come from Trent - trusts Trent’s assertion that the message originated with Alice and was forwarded through Bob

  37. Digital signatures - public key cryptography Encrypting a message with a private key is the same as signing! Alice Bob D A (C) E a (P) encrypt message with decrypt message with Alice’s private key Alice’s public key

  38. Digital signatures - public key cryptography • What if Alice was sending Bob binary data? – Bob might have a hard time knowing whether the decryption was successful or not • Public key encryption is considerably slower than symmetric encryption – what if the message is very large? • What if we don’t want to hide the message, yet want a valid signature?

  39. Digital signatures - public key cryptography • Create a hash of the message • Encrypt the hash and send it with the message • Validate the hash by decrypting it and comparing it with the hash of the received message

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/17/2017 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

572 views • 7 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals &amp; Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
Distributed Systems Reasons for distributed systems Resource sharing sharing and

Distributed Systems Reasons for distributed systems Resource sharing sharing and

CSC 4103 - Operating Systems Motivation Spring 2007 Distributed system is collection of loosely coupled processors that do not share memory Lecture - XXII interconnected by a communications network Distributed Systems

477 views • 4 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

961 views • 36 slides
Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp;

Introduction to Distributed Systems Material adapted from Distributed Systems: Concepts &amp; Design , George Coulouris, et al. and Engineering Distributed Objects , Wolfgang Emmerich Outline What is a Distributed System? Examples of

565 views • 18 slides
Distributed Systems of distributed systems Types of Distributed Describe various

Distributed Systems of distributed systems Types of Distributed Describe various

Objectives/Outline (selected topics from chapter 16 &amp; 18) Objectives Outline Provide a high-level overview Introduction Distributed Systems of distributed systems Types of Distributed Describe various methods for

436 views • 9 slides
Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous

Coordinating distributed systems Marko Vukoli Distributed Systems and Cloud Computing Previous lectures Distributed Storage Systems CAP Theorem Amazon Dynamo Cassandra 2 Today Distributed systems coordination Apache

1.57k views • 62 slides
Distributed Systems - III What about distributed systems? No common clock or memory

Distributed Systems - III What about distributed systems? No common clock or memory

CSC 4103 - Operating Systems Distributed Coordination Spring 2007 Ordering events and achieving synchronization in centralized systems is easier. Lecture - XXIV We can use common clock and memory Distributed Systems - III What

286 views • 4 slides
Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve

Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve

Towards a Theory of Formal Distributed Systems Why and how distributed systems can solve distributed problems ? Towards = immature or not ready for presenting Formal = unrealistic or useless Masafumi Yamashita (Kyushu Univ.) Table of

578 views • 33 slides
CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers

CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers

CSE 452 Distributed Systems Tom Anderson Distributed Systems How to make a set of computers work together Reliably Efficiently At (huge) scale With high availability Despite messages being lost and/or taking a variable

833 views • 40 slides
CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of

CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of

CSE 452 Distributed Systems Arvind Krishnamurthy Distributed Systems How to make a set of computers work together Correctly Efficiently At (huge) scale With high availability Despite messages being lost and/or taking a

779 views • 29 slides
Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems

Distributed File Systems: An Overview of Peer-to-Peer Architectures Distributed File Systems Data is distributed among many sources Ex. Distributed database systems Frequently utilize a centralized lookup server for addressing

500 views • 15 slides
WHAT WE TALK ABOUT WHEN WE TALK ABOUT DISTRIBUTED SYSTEMS ALVARO VIDELA DISTRIBUTED SYSTEMS

WHAT WE TALK ABOUT WHEN WE TALK ABOUT DISTRIBUTED SYSTEMS ALVARO VIDELA DISTRIBUTED SYSTEMS

WHAT WE TALK ABOUT WHEN WE TALK ABOUT DISTRIBUTED SYSTEMS ALVARO VIDELA DISTRIBUTED SYSTEMS FOR THE IKEA FAMILY ALVARO VIDELA HTTP://BIT.LY/DIST-SYS101 @HINTJENS DISTRIBUTED SYSTEMS A DISTRIBUTED SYSTEM IS ONE IN WHICH THE FAILURE

1.58k views • 118 slides
Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all

5/20/2018 Distributed Systems How does the OS ensure security? 13C. Distributed Systems: Security all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure sessions processes cannot

129 views • 9 slides
Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems

5/27/2017 Distributed Systems How does the OS ensure security? 13C. Security for Distributed Systems all key resources are kept inside of the OS protected by hardware (mode, memory management) 13I. Secure Sessions processes cannot

253 views • 9 slides
LRTS: A Portable High Performance Low-level Communication Interface Yanhua Sun 1 ale 1

LRTS: A Portable High Performance Low-level Communication Interface Yanhua Sun 1 ale 1

LRTS: A Portable High Performance Low-level Communication Interface Yanhua Sun 1 ale 1 Laxmikant(Sanjay) V. K 1 University of Illinois at Urbana-Champaign sun51@illinois.edu April 15, 2013 Yanhua Sun U of Illinois at Urbana-Champaign 1/24

347 views • 32 slides
DISTRIBUTING INFORMATION AGENDA What does information distribution mean? Delegation Closures

DISTRIBUTING INFORMATION AGENDA What does information distribution mean? Delegation Closures

DISTRIBUTING INFORMATION AGENDA What does information distribution mean? Delegation Closures Notifications Property Observers Bindings / Key Value Observation INFORMATION DISTRIBUTION Mobile apps are highly interactive Multiple interfaces

642 views • 39 slides
How I Learned to Rohit Zambre,* Stop Aparna Chandramowlishwaran,* Worrying Pavan Balaji

How I Learned to Rohit Zambre,* Stop Aparna Chandramowlishwaran,* Worrying Pavan Balaji

How I Learned to Rohit Zambre,* Stop Aparna Chandramowlishwaran,* Worrying Pavan Balaji About *University of California, Irvine User-Visible Argonne National Laboratory Endpoints and Love MPI 2 HOW I LEARNED TO STOP WORRYING

1.16k views • 52 slides
Update Parallelism April 30, 2018 1 HW 3 Posted 2 Parallelism Models Option 4: Shared

Update Parallelism April 30, 2018 1 HW 3 Posted 2 Parallelism Models Option 4: Shared

Update Parallelism April 30, 2018 1 HW 3 Posted 2 Parallelism Models Option 4: Shared Nothing in which all communication is explicit. CPU Memory Disk Well be talking about shared nothing today. Other models are easier

1.56k views • 106 slides
System-on-Chip Design HW/SW Interfaces and Communica;ons Hao Zheng Comp Sci &amp; Eng U of

System-on-Chip Design HW/SW Interfaces and Communica;ons Hao Zheng Comp Sci &amp; Eng U of

System-on-Chip Design HW/SW Interfaces and Communica;ons Hao Zheng Comp Sci &amp; Eng U of South Florida 1 System Structural Model Mem CPU P1 P2 Arbiter Bridge P3 P5 P4 HW HW 2 Basic Elements of HW/SW Interfaces 1. On-chip

235 views • 22 slides
ts

ts

s t r t r s r s t r r t r rtrs

780 views • 64 slides
ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition

ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition

ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking , 5 th Edition Project #1 Starts next Tuesday Sept 13 th Is your Linux environment all ready? Bring your laptop Work time after discussion of

739 views • 52 slides
BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside

BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside

BLINC: Multilevel Traffic Classification in the Dark Thomas Karagiannis, UC Riverside Konstantina Papagiannaki, Intel Research Cambridge Michalis Faloutsos, UC Riverside The problem of workload characterization The goal: Classify Internet

649 views • 29 slides

More recommend