Lec19 - Security: Focus of Control a) b) c) Three...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Computer Science Lecture 19, page CS677: Distributed OS Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized users Computer Science Lecture 19, page CS677: Distributed OS Authentication Question: how does a receiver know that remote communicating entity is who it is claimed to be?
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Computer Science Lecture 19, page CS677: Distributed OS Authentication Protocol (ap) Ap 1.0 Alice to Bob: “I am Alice” Problem: intruder “Trudy” can also send such a message Ap 2.0 Authenticate source IP address is from Alice’s machine Problem: IP Spoofing (send IP packets with a false address) Ap 3.0: use a secret password Alice to Bob: “I am Alice, here is my password” (e.g., telnet) Problem: Trudy can intercept Alice’s password by sniffing packets Computer Science Lecture 19, page CS677: Distributed OS Authentication Protocol Ap 3.1: use encryption use a symmetric key known to Alice and Bob Alice & Bob (only) know secure key for encryption/decryption A to B: msg = encrypt("I am A") B computes: if decrypt(msg)=="I am A" then A is verified else A is fradulent failure scenarios: playback attack Trudy can intercept Alice’s message and masquerade as Alice at a later time
Background image of page 2
Computer Science Lecture 19, page CS677: Distributed OS Authentication Using Nonces Problem with ap 3.1: same password is used for all sessions Solution: use a sequence of passwords pick a "once-in-a-lifetime-only" number (nonce) for each session Ap 4.0 A to B: msg = "I am A" /* note: unencrypted message! */ B to A: once-in-a-lifetime value, n A to B: msg2 = encrypt(n) /* use symmetric keys */ B computes: if decrypt(msg2)==n then A is verified else A is fradulent note similarities to three way handshake and initial sequence number choice problems with nonces? Computer Science Lecture 19, page CS677: Distributed OS Authentication Using Public Keys Ap 4.0 uses symmetric keys for authentication Question: can we use public keys? symmetry: DA( EA(n) ) = EA ( DA(n) ) AP 5.0 A to B: msg = "I am A" B to A: once-in-a-lifetime value, n A to B: msg2 = DA( n ) B computes: if EA (DA( n ))== n then A is verified else A is fradulent
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Computer Science Lecture 19, page CS677: Distributed OS Problems with Ap 5.0 Bob needs Alice’s public key for authentication Trudy can impersonate as Alice to Bob Trudy to Bob: msg = “I am Alice” Bob to Alice: nonce n (Trudy intercepts this message) Trudy to Bob: msg2= DT(n) Bob to Alice: send me your public key (Trudy intercepts)
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/22/2011 for the course COMPSCI 677 taught by Professor Shenoy during the Spring '08 term at UMass (Amherst).

Page1 / 17

Lec19 - Security: Focus of Control a) b) c) Three...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online