Notes on Security

Security is a greater concern for distributed systems than single CPU systems.


Methods of attack

User identification can be based on something you:



Private key

Public key

RSA is symmetric, either key can encrypt or decrypt.

Digital signatures provide a means of assuring the identify of the message sender.  Digital IDs are a means of implementing digital signatures.


Logon protocols for authentication

Without server (assume A&B know each other’s public keys)


Public Key


A sends B sends
userid, nonce1 ((nonce1, nonce2 )Kapub)Kbpriv
(f(nonce2))Kbpub OK


Private Key

assume A & B know Kab

A sends B sends
userid, nonce1 (nonce1, nonce2 ) Kab
(f(nonce2)) Kab OK

With Key server. Key server has a private key for use with each client.

Needham-Schroeder Protocol

A S A, B, N1
S A {N1, B, Kab,{A, Kab}Kbs}Kas
A B {A, Kab} Kbs
B A {N2} Kab
A B {f(N2)} Kab


Kerberos is a system for administering keys using DES.

Firewalls are a means of keeping intruders out of a local network.