Notes on Security

Security is a greater concern for distributed systems than single CPU systems.

Threats

Methods of attack

User identification can be based on something you:

 

Encryption

Private key

Public key

RSA is symmetric, either key can encrypt or decrypt.

Digital signatures provide a means of assuring the identify of the message sender.  Digital IDs are a means of implementing digital signatures.

 

Logon protocols for authentication

Without server (assume A&B know each other’s public keys)

 

Public Key

 

A sends B sends
userid, nonce1 ((nonce1, nonce2 )Kapub)Kbpriv
(f(nonce2))Kbpub OK

 

Private Key

assume A & B know Kab

A sends B sends
userid, nonce1 (nonce1, nonce2 ) Kab
(f(nonce2)) Kab OK

With Key server. Key server has a private key for use with each client.

Needham-Schroeder Protocol

A S A, B, N1
S A {N1, B, Kab,{A, Kab}Kbs}Kas
A B {A, Kab} Kbs
B A {N2} Kab
A B {f(N2)} Kab

 

Kerberos is a system for administering keys using DES.

Firewalls are a means of keeping intruders out of a local network.