Distributed System XII
摸🐟真可怕,不知不觉已经2017的最后一天了。想想果然没有任何地方是比自己家里更好的吧~在外面的时候忙起来都不觉得有什么但是回到家里就会觉得一点也不想去想别的事情了只想在家呆着…啊 我要把它写完 很明显越来越乱写可能觉得写这个的时间还不如学一学Database?感觉是靠着强迫症凑个整来到这_(:з」∠)_ 可是学database就有用吗?我已经…
这一篇DS最后一个知识点,Sercurity. 主要讲安全隐患与网络通信的安全技术。是相对来说比较独立于其他知识点的科普。
Internet Security Weakness
- Anyone can connect
- Millions of hosts run nearly identical software
- Connection-less datagram service
Need for secure communication
- Authentication
- Confidentiality
- Integrity
Some example of attack:
Authenticity Attack - Fabrication
- Unauthorized assumption of other’s identity
- Generate and distribute objects under this identity
Integrity Attack - Tampering
- Stop the flow of the message
- Delay and optionally modify the message
- Release the message again
Availability Attack
- Destroy hardware (cutting fiber) or software
- Modify software in a subtle way
- Corrupt packets in transit
Key Cryptography
Symmetric Key Crypto
Given a key k and a message m: Encryption (E), decryption (D)
- ciphertext c = E(k, m)
- plaintext m = D(k, c)
Symmetric Key: Confidentiality
Scheme: You send her the xor(M,K) and then they “decrypt” using xor(M,K) again.
Problem: One-time Pad (OTP) is secure but usually impractical
Solution: Stream Ciphers, Block Ciphers
Symmetric Key: Integrity
Background: Hash Function Properties
- Consistent: hash(X) always yields same result
- One-way: given X, can’t find Y s.t. hash(Y) = X
- Collision resistant: given hash(W) = Z, can’t find X such that hash(X) = Z
Solution: HMAC
Hash Message Authentication Code (HMAC):
Symmetric Key: Authentication
Solution: HMAC + Nonce
双方事先约定key并发送指定文件确认身份(HMAC)。但是相同的message可能会被获取并转发,这样攻击者不需要知道key就可以发送确认身份的消息。解决方法是加入random nonce使每一次Authenticatoin的消息不同.
Random nonce: A random bitstring used only once. Alice sends nonce to Bob as a “challenge”. Bob Replies with “fresh” MAC result.
Asymmetric Key Crypto
非同步的,双方事先没有share任何key。
- Instead of shared keys, each person has a key pair: public key K, private key K-1
- The keys are inverses: K-1(K(m)) = m
Given a key k and a message m: Encryption (E), decryption (D)
- ciphertext c = E(K, m)
- plaintext m = D(K-1 , c)
Asymmetric Key: Confidentiality
Encrypt with Public Key of Receiver.
Asymmetric Key: Sign & Verify
Sign message with private key of the sender.
Sign(M) = K-1(M) = Signature S
Verify (S, M) = test( K(S) == M )
Use Sign() and Verify() in a similar manner as HMAC in symmetric schemes.
Asymmetric Key: Authentication
Entity being authenticated signs a nonce with private key, signature is then verified with the public key.
Symmetric Vs Asymmetric
- Symmetric key primitives assumed sender and receiver had already shared a key.
- Asymmetric key primitives assumed sender knew recever’s public key.
Key Distribution
Dreaded PKI
PKI: Public Key Infrastructure
- A system in which “roots of trust” authoritatively bind public keys to real- world identities
- A significant stumbling block in deploying many “next generation” secure Internet protocol or applications.
TLS aka SSL
TLS: Transport Layer Security SSL: Secure Socket Layer
Special TLS socket layer between application and TCP.
Handles confidentiality, integrity, and authentication.
Uses “hybrid” cryptography.
Key Distribution Center (KDC)
Alice, Bob need shared symmetric key.
KDC: server shares different secret key with each registered user (many users).
Alice, Bob know own symmetric keys, KA-KDC, KB-KDC, for communicating with KDC.
- Must always be online to support secure communication
- KDC can expose our session keys to others!
- Centralized trust and point of failure.
- In practice, the KDC model is mostly used within single organizations.
Certification Authorities
Certification authority (CA): binds public key to particular entity, E.
An entity E registers its public key with CA:
- E provides “proof of identity” to CA.
- CA creates certificate binding E to its public key.
- Certificate contains E’s public key AND the CA’s signature of E’s public key.
When Alice wants Bob’s public key:
Gets Bob’s certificate (Bob or elsewhere). Use CA’s public key to verify the signature within Bob’s certificate, then accepts public key.
Better scaling: CA must only sign once… no matter how many connections the server handles. If CA is compromised, attacker can trick clients into thinking they’re the real server.
Forward secrecy
Diffie-Hellman Key Exchange
Different model of the world: How to generate keys between two people, securely, no trusted party, even if someone is listening in.
Illustrative Example | Diffie-Hellman Key Exchange |
---|---|
Vulnerable to man-in-the- middle attack. Attacker pair-wise negotiates keys with each of A and B and decrypts traffic in the middle. No authentication.
Hybrid solution: use diffie-hellman key exchange with HMAC + nonce.
3 parties DH:
A=ga mod p, B=gb mod p, C=gc mod p Alice sends A to Bob, Bob sends B to Charlie, Charlie sends C to Alice. Alice computes SA as Ca mod p = gca mod p , Bob computes SB as Ab mod p = gab mod p , Charlie computes SC as Bc mod p = gbc mod p. Alice sends SA to Bob, Bob sends SB to Charlie, Charlie sends SC to Alice. Alice computes S as SCa mod p = gbca mod p, Bob computes S as SAb mod p = gcab mod p, Charlie computes S as SBc mod p = gabc mod p. Only A, B, C, SA, SB, SC, p, g are sent in the clear. There is not enough information to discover gabc mod p using this information.
Access control
Access Control Matrix (ACM)
A model of protection systems describes who (subject) can do what
(rights) to what/whom (object/subject).
ACL和CL是为了节省所占空间。
Access Control Lists
An ACL stores (non-empty elements of) each column with its object. With same structure, ACLS:
file1: { (Andy, rx) (Betty, rwx) (Charlie, rx) }
file2: { (Andy, r) (Betty, r) (Charlie, rw) }
file3: { (Andy, rw) (Charlie, w) }
Capability Lists
C-Lists: what objects can subject acces, and how?
Andy: { (file1, rx) (file2, r) (file3, rw) }
Betty: { (file1, rwx) (file2, r) }
Charlie: { (file1, rx) (file2, rw) (file3, w) }
Privacy and Tor
Randomized Routing
Hide message source by routing it randomly.
Routers don’t know for sure if the apparent source of a message is the true sender or another router.
Route Establishment
Routing info for each link encrypted with routers public key Each router learns only the identity of the next router
Tor: second-generation onion routing network
- Client proxy establish a symmetric session key and circuit with Onion Router #1
- Client proxy extends the circuit by establishing a symmetric session key with Onion Router #2
- Client proxy extends the circuit by establishing a symmetric session key with Onion Router #3
- Client applications connect and communicate over the established Tor circuit
DS的所以课件笔记都写完了。越写到后面越不愿意写于是越写越糟糕,虽然明明期中考试之后的比较会…小土刀前辈真是厉害可以一直坚持写还可以写的那么好∠( ᐛ 」∠)_ 总之因为很喜欢DS的讲师Daniel所以写了DS在这,虽然不会有人看但是想要留个纪念希望以后也能想起喜欢Daniel和学习DS很开心的心情。说到喜欢Daniel的理由嘛,上课讲笑话手舞足蹈,下课跟我们聊天,Office hour延时答疑,讲题还眨眼真是让人魂飞魄散哦(笑),大家都认为Daniel很有魅力啦。想想DS对于没有这方面基础的我来讲算是很难了,写prj也是两个组队prj一个被鸽solo另一个当时队友去onsite我刷夜debug,单人prj的话就感谢TAs让人思路清晰。对任何一门课而言,难道一定能上好吗,不依赖他人也不畏惧搞砸就已经很不错了啊❤
参考资料: