INF 311: Distributed Systems

Lecture 4: Security in Distributed

Systems
 Introduction
• There is a pervasive need for measures to
attain the applicable objectives of
preserving the “CIA” – Confidentiality,
Integrity and Availability of distributed
system resources.
• Designers of secure distributed systems
must cope with exposed service
interfaces and insecure networks and
they must be able to deploy the
algorithms to ensure security.
 Introduction
• Confidentiality: This term covers two
related concepts:
• Data confidentiality: Assures that private or
confidential information is not made available
or disclosed to unauthorized individuals.
• Privacy: Assures that individuals control or
influence what information related to them
may be collected and stored and by whom
and to whom that information may be
disclosed.
• also known as information privacy) refers to the proper
handling, processing, and sharing of personal data in
accordance with applicable laws, regulations, and ethical
 Introduction
• Integrity: This term covers two related concepts:
– Data integrity: Assures that information and
programs are changed only in a specified and
authorized manner.
– System integrity: Assures that a system
performs its intended function in an
unimpaired manner, free from deliberate or
inadvertent unauthorized manipulation of the
system.
• Availability: Assures that systems work promptly
and service is not denied to authorized users

4
 Introduction
• If we regard shared resources as objects, then the
requirement is to protect any processes that
encapsulate shared objects and any
communication channels that are used to interact
with them against all conceivable forms of attack.
• In the physical world, organizations adopt
security policies that provide for the sharing of
resources within specified limits.
– For example, a company may permit entry to its
buildings only to its employees and accredited visitors.
• Security policies are enforced with the help of
security mechanisms.
 Security
• Security can be defined as the
“mechanisms and techniques that
control who may use or modify the
computer or the information stored in
it”.

• Set of measures to guarantee the

Confidentiality, Integrity and
Availability of resources: objects,
databases, servers, processes,
channels, etc.
 Security
• Involves protection of objects and
securing processes and
communication channels
• Security Policies
– Specify who is authorised to access
resources (e.g. file ownership)
• Security Mechanisms
– Enforce security policy (e.g. file access
control)
 Privacy
• Privacy can be defined as “the
ability of an individual (or
organization) to decide whether,
when, and to whom personal (or
organizational) information is
released.”

8
 Classes of Security Threats
Security threats fall into three
categories
• Leakage: Refers to the acquisition
of information by unauthorized
recipients
• Tampering: Refers to the
unauthorized alteration of
information
• Vandalism:The intentional act of
disrupting or damaging a system, network, or
 Methods of Attack
• Eavesdropping
– Obtaining copies of messages without
authority.
• Masquerading
– Sending/receiving messages using the
identity of another principal without
their authority.
• Message Tampering
– Intercepting and altering messages
before passing them on to the intended
recipient.
 Methods of Attack
• Replaying
– Intercepting, storing and replaying messages.
– Storing intercepted messages and sending
them at a later date.
– This attack may be effective even with
authenticated and encrypted messages.
• Denial of Service (DoS)
– Flooding a channel with requests to deny
access to others.
– Flooding a channel or other resources with
messages in order to deny access for others.
 Methods of Attack
• DoS: A form of attack in which the enemy
interferes with the activities of authorized
users by making excessive and pointless
invocations on services or message
transmissions in a network, resulting in
overloading of physical resources (network
bandwidth, server processing capacity).
• Such attacks are usually made with the
intention of delaying or preventing actions
by other users.
 Threats from Mobile Code
• Mobile code (Java JVM)
– Applets, mobile agents (travel collecting information)
– Downloaded from server, run locally
• Security issues: what if the program...
– Illegally writes to a file?
– Writes over another program’s memory?
– Crashes?
• Some solutions
– Stored separately from other classes
– Type-checking and code-validation (instruction subset)
– Still does not guard fully against programming errors...
 Designing Secure Systems
• Security is about avoiding disasters
and minimizing mishaps, although
the design of secure system remains
an inherently difficult task but the
designer’s aim is to exclude all
possible attacks and loophole.
• The design of secure system is an
exercise in balancing costs and
threats
 Designing Secure Systems
• The range of techniques that can be
deployed for protecting processes and
securing inter-process communication is
strong enough to withstand almost any
attack, but their use incurs costs and
inconvenience.
• The cost must be balanced against the
threats.
• Inappropriately specified security measures
may exclude legitimate users from
performing necessary actions.
 Overview of Security Techniques
• Cryptography
• Authentication
• Digital Signature
• Certificates
• Access Control
• Credentials
• Firewalls
 Cryptography
• The science of how to prepare encoded
information
• It is the process of encoding a message in
such a way as to hide its contents.
• Modern cryptography includes several
secure algorithms for encrypting and
decrypting messages
• They are all based on the use of secrets
called KEYS.
 Cryptography
• A cryptographic key is a parameter
used in an encryption algorithm in
such a way that the encryption
cannot be reversed without
knowledge of the key.
• There are two main classes of
encryption algorithm in general use.
– shared secret keys(Symmetric Cryptography)
– the sender and the recipient must
share the key and it must not be
18
revealed to anyone else.
 Cryptography
• AlgorithmAsymmetricCryptography
public/private key pairs the sender
uses a public key – one that has
already been published by the
recipient – to encrypt the message.
• The recipient uses a corresponding
private key to decrypt the message.
• Although many principals may
examine the public key, only the
recipient can decrypt the message,
because they have the private key.
 3rd
• Hashing: Cryptographic hash functions take
input data and produce a fixed-size string of
characters, which is typically used to verify
data integrity. For example, SHA-256 is a
commonly used hashing algorithm in
blockchain and other security mechanisms.

20
 Authentication
Authentication
• Authentication is the process of verifying the identity of an entity
(user, device, or system) to ensure that they are who they claim
to be.
• Password-based Authentication: A user provides a password,
which is compared against a stored hash of the password. The
system only allows access if the hashes match.
• Multi-Factor Authentication (MFA): This involves two or more
forms of verification before granting access, such as something
you know (password), something you have (a mobile phone), or
something you are (biometric data).
• Public Key Authentication: In public key authentication (such as
SSH), a user proves their identity using a private key, and the
system verifies it with the corresponding public key.
 Digital Signature (DS)
• Is a mathematical technique used to
validate the authenticity and
integrity of a message, software or
digital document.

• A digital signature is basically a way

to ensure that an electronic
document is authentic.

• Authentic means that you know who

created the document and that it has
not been altered
 Digital Signature
• A digital signature is a cryptographic mechanism used to
verify the authenticity and integrity of digital messages or
documents. It ensures that the sender cannot deny sending
a message (non-repudiation) and guarantees that the
content has not been altered.
• How it Works:
– The sender creates a hash of the message (using a hash function).
– The hash is then encrypted with the sender’s private key, creating
the digital signature.
– The recipient can decrypt the hash using the sender’s public key,
allowing them to verify both the sender’s identity and the
integrity of the message.
• Use Cases: Digital signatures are widely used in email
systems, software distribution (to verify that code hasn’t
been tampered with), and legal documents. 23
 Digital Signature (DS)
• This emulates the role of a conventional
signature, verifying to a third party that a
message or a document is an unaltered
copy of one produced by the signer.
• Digital signature techniques are based
upon an irreversible binding to the
message or document of a secret known
only to the signer.
• Its Common in e-commerce
– To ensure that users buy from a legitimate
sellers.
24
 Digital Signature
• A digital signature is an authentication
mechanism that enables the creator of a
message to attach a code that acts as a
signature.
• Typically the signature is formed by taking the
hash of the message and encrypting the message
with the creator’s private key.
• The signature guarantees the source and integrity
of the message.
• The digital signature standard (DSS) is an NIST
standard that uses the secure hash algorithm
(SHA).
Digital Signature Model
 Digital Certificate (DC)

• Electronic identification and/or

encryption systems developed for
use over the internet.
• DC serves two main purposes
which are used for either
identification or encryption.
 Digital Certificate (DC)
• Typically contains the following
– Certificate’s holder public key
– Information about the individual, computer or
organization to which the certificate was issued
– Information about the Certificate Authority (CA)
or organization that issued the certificate
including the CA’s digital signature
– Date that the certificate was issued and its
expiration date
– Serial number of the certificate
28
• A certificate is a digital document issued by a trusted entity
(called a Certificate Authority or CA) that binds a public key
with the identity of the certificate holder. Certificates are used
in Public Key Infrastructure (PKI) to ensure the trustworthiness
of public keys.
• Components of a Certificate:
– Public Key: The public key associated with the entity.
– Issuer Information: The CA’s details that issued the certificate.
– Validity Period: The dates between which the certificate is valid.
– Digital Signature: The certificate is signed by the CA’s private key to
ensure its authenticity.
• Use Cases: Certificates are used in protocols like HTTPS (to
secure web traffic), email encryption, and in code signing to
verify the authenticity of software 30
 Access Control
• The prevention of unauthorized use of a
resource (i.e. this service controls who can
have access to a resource, under what
conditions access can occur, and what
those accessing the resource are allowed
to do).
• Ensure that users/processes access
computer resources in a controlled and
authorized manner.
 Access Control
• Protection domain
– Is a set of rights for each resource, e.g.
Unix files associated with each principal
• Two implementations of protection
domains
– Capabilities
• request accompanied by key, simple access
check
• open to key theft, or key retained when
person left company
– Access control lists
•
 Access Control
How it works: Reference Monitor
• Intercepts all access attempts
• Authenticates request and principal’s credentials
• Applies access control
– If Yes, access proceeds
– If No, access is denied, error message returned to the
subject
 Access Control
Access control is the process of managing and regulating access to
resources within a system. It ensures that only authorized entities can
access specific data or perform certain actions.
• Types of Access Control:
– Discretionary Access Control (DAC): The owner of a resource determines
who can access it. For example, file permissions in an operating system.
– Mandatory Access Control (MAC): Access decisions are made based on fixed
policies, often implemented by the operating system or hardware. Examples
include security levels in government systems.
– Role-Based Access Control (RBAC): Access is granted based on roles rather
than individual identities. For example, users in an organization might be
granted access to files based on their job role (e.g., admin, manager,
employee).
– Attribute-Based Access Control (ABAC): Access decisions are based on
attributes (e.g., user department, time of day).
34
 Credentials
Credentials
• Credentials are the information or tokens used to authenticate and
authorize users or systems within a distributed environment. They
typically include:
• Passwords: The most common form of credentials, though they can be
weak if not properly managed.
• Biometric Data: Fingerprints, facial recognition, or retina scans can be
used as credentials for authentication.
• Tokens: Time-sensitive, cryptographically generated codes (e.g., TOTP -
Time-based One-Time Passwords), which are often used in two-factor
authentication (2FA).
• Certificates: As mentioned above, certificates contain cryptographic keys
used for authentication, especially in secure communications like SSL/TLS.
 Firewalls
• Monitor and control all
communication into and out of an
intranet.

• Service control:
– filter requests for services on internal
hosts
– e.g. reject HTTP request unless to official
web server
• A firewall is a network security device that monitors and filters
incoming and outgoing network traffic based on predefined security
rules. It serves as a barrier between trusted internal networks and
untrusted external networks, such as the internet.
• Types of Firewalls:
– Packet Filtering Firewall: Examines network packets to see if they match a
set of predefined rules (e.g., IP addresses, ports, and protocols). This is a
simple and fast type of firewall.
– Stateful Inspection Firewall: Keeps track of the state of active connections
and makes decisions based on the context of traffic, rather than just
inspecting individual packets.
– Proxy Firewalls: Acts as an intermediary between users and the services
they wish to access, forwarding requests and responses, often with
additional security checks.
– Next-Generation Firewalls (NGFW): Combines traditional firewall features
with advanced capabilities such as deep packet inspection (DPI), intrusion
detection and prevention (IDPS), and application awareness.
• Use Cases: Firewalls are deployed at the boundaries of networks to
block unauthorized access, monitor for malicious activity, and 37
 Firewalls
• Behaviour control
– prevent illegal or anti-social behaviour
– e.g. filter ‘spam’ messages

• User control
– allow access to authorised group of
users
– e.g. dial-up services

38
 Summary
Each of these components plays a crucial role in securing
distributed systems:
• Cryptography protects data confidentiality and integrity.
• Authentication ensures that only legitimate users or systems
gain access.
• Digital Signatures guarantee the authenticity and integrity of
messages.
• Certificates provide trust and secure key management in
Public Key Infrastructure (PKI).
• Access Control ensures that only authorized entities can
access resources or perform actions.
• Credentials are used for identity verification and authorization.
• Firewalls prevent unauthorized access and attacks by
monitoring and controlling network traffic 39
 Cryptographic Algorithms
• Art of hiding information.
• Art of achieving security by encoding
messages to make them unreadable.
• Study of mathematical techniques related
to the aspect of information security such
as confidentiality, data integrity,
authentication and data origination.
• Science of using mathematics to encrypt
and decrypt data.
 E.g.

• GIVE TWO MILLION

• JLYHWZRPLOOLRQ
 Cryptography
• Kryptos(hidden)+graphein(to write) =
secret writing
– Conceals messages from unauthorized
persons (secrecy + privacy)
– Verifies correctness of message and
authenticates to other party (integrity +
authentication )
 Terminologies
• Plain text- original message
• Cipher text-coded message
• Cipher-algorithm for transforming plain text to
cipher text
• Key- info used in cipher known only to
sender/receiver
• Encrypt(encipher)-converting plain text to
cipher text using the key
 Terminologies
• Decrypt (decipher)- recovering plain text from cipher
text using the key
• Cryptography- study of encryption
principles/methods
• Cyrptanalysis (code breaking)- study of
principles/methods of deciphering cipher text
without knowing the key
• Cryptology = cryptography + cryptanalysis
• Cryptosystem- a system for encryption and
decryption
Conventional Encryption Principles

• An encryption scheme has five ingredients:

– Plaintext
– Encryption algorithm
– Secret Key
– Ciphertext
– Decryption algorithm
• Security depends on the secrecy of the key, not the
secrecy of the algorithm

45
Conventional Encryption Principles

46
 Cryptography
• Classified along three independent dimensions:
– The type of operations used for transforming
plaintext to ciphertext (substitutions and
transpositions)
– The number of keys used
• symmetric (single key)
• asymmetric (two-keys, or public-key encryption)
– The way in which the plaintext is processed (block
cipher and stream cipher)

47
 Classifications of Cryptosystems

• Symmetric Cryptosystems

• Asymmetric Cryptosystems
 Symmetric Cryptosystems
• Same key is used for both encryption and
decryption purposes
• All classical encryption algorithms are private-
key
• Was only type prior to invention of public-key
in 1970’s
• And by far most widely used
– E.g. Data Encryption Standard (DES)
• Problem: How to distribute the key securely?
Symmetric or Secret/Single Key
 Symmetric Contd..
• Strength
– Simple and fast

• Weakness
– Must agree the key beforehand
– Securely pass the key to the other party
– The key must remain secret at both ends
 Asymmetric/Public Key Cryptosystems

• Different keys are used for encryption and

decryption purposes
– Public key is published
– Private key is kept secret
Public Key Encryption
 Asymmetric contd..
• Public key is used for encryption purposes and
lies in the public domain.
• Anybody can use the public key to send an
encrypted message.
• Private key is used for decryption purposes
and remains secret.
– E.g. RSA cryptosystem
 Public Key
• Strength
– Solves problem of passing the key
– Allows establishment of trust between
parties
– Relatively long lifetime of the key

• Weakness
– Susceptible to “known ciphertext” attacks
 Classical Ciphers
• Substitution Ciphers
– Letters of the plaintext messages are
replaced with other letters during
encryption

• Transposition Ciphers
– The order of plaintext letters is rearranged
during encryption
 Substitution Ciphers
• Monoalphabetic Cipher
– Caesar Cipher
• Polyalphabetic Cipher
– Vigenere Cipher
• Multiple Letter Cipher
– Playfair Cipher
• Note: We will cover only Caesar Cipher (in this
course)
 Caesar Cipher
• Earliest known substitution cipher
• by Julius Caesar
• First attested use in military affairs
• Replaces each letter by 3rd letter after it in the
alphabet
• Example:
meet me after the toga party
PHHW PH DIWHU WKH WRJD SDUWB
 Cryptanalysis of Caesar Cipher
• Only have 26 possible ciphers
– A maps to A,B,..Z
• Could simply try each in turn
• A brute force search
• Given ciphertext, just try all shifts of letters
• Do need to recognize when have plaintext
– E.g. break ciphertext "GCUA VQ DTGCM"
 Monoalphabetic Cipher
• Rather than just shifting the alphabet, shuffle
(jumble) the letters arbitrarily.
• Each plaintext letter maps to a different
random ciphertext letter.
• Hence key is 26 letters long
– Plain : abcdefghijklmnopqrstuvwxyz
– Cipher:
DKVQFIBJWPESCXHTMYAUOLRGZN
Drawback: key is too complicated to be remembered
 Keyword Cipher
• There will be many keys but still easy to remember

• Select a keyword-if any letters are repeated, drop the

second and all other occurrences from the keyword

• Write the keyword below the alphabet, fill in the rest

of the space with the remaining letters in the
alphabet in their standard order
 Example
Keyword is “count”
• Plaintext: abcdefghijklmnopqrstuvwxyz
• Ciphertext: countabdefghijklmpqrsvwxyz

Keyword need not start at the beginning

• Plaintext: abcdefghijklmnopqrstuvwxyz
• Ciphertext: mpqrsvwxyzcountabdefghijkl
 Transposition Ciphers
• Rearrange the letters of the message for
encryption
• Also known as permutation
– Keyless transposition ciphers
– Keyed transposition ciphers
– Combining two approaches
• Characters are permuted by writing plaintext
in one way and reading it in another way.
 Columnar Transposition

• Rearrangement of the characters of the

plaintext into columns

• E.g.: a five column transposition

• The plaintext characters are written in rows of five and
arranged one row after another.
• The ciphertext is formed by reading down the columns.
Columnar Transposition
 Columnar Transposition

• E.g: THIS IS A MESSAGE TO SHOW HOW A COLUMNAR

TRANSPOSITION WORKS.
• T H I S I
• S A M E S The resulting ciphertext is
• S A G E T TSSOH OANIW HAASO LRSTO IMGHW
• O S H O W UTPIR SEEOA MROOK ISTWC NASNS
• H O W A C
• O L U M N
• A R T R A
• N S P O S
• I T I O N
• W O R K S
 Confusion and Diffusion
• An encryption algorithm takes info from the plaintext
and transforms it so that an interceptor cannot
readily recognize the message.
• The interceptor should not be able to predict what
will happen to the ciphertext by changing one
character in the plaintext.
• This characteristic is called confusion.
• Makes relationship between ciphertext and key as
complex as possible
• Caesar cipher-> no good confusion
 Confusion and Diffusion
• The characteristic of distributing the information
from single plaintext letters over the entire output is
called Diffusion.
• Changes in the plaintext affect many parts of the
ciphertext.
• Dissipates statistical structure of plaintext over bulk
of ciphertext
• Good diffusion means that the interceptor needs
access to much of the ciphertext in order to infer the
algorithm.
• Substitution->confusion
• Transposition ->diffusion
 Stream and Block Ciphers
• Symmetric ciphers can be broadly classified
into
• Stream Ciphers- a symbol of plaintext is
immediately converted into a symbol of
ciphertext.
• Block Ciphers- a group of plaintext symbols
are converted as a block into a group of
ciphertext symbols.
Stream Ciphers
 Stream Ciphers
• Advantages
– Speed of transformation – each symbol is
encrypted without regard for any other
plaintext symbol
– Low error propagation – each symbol is
separately encoded, an error affects only
that character
 Stream Ciphers
• Disadvantages
– Low diffusion –each symbol is individually
encrypted. So all information of that symbol
is contained in one symbol of the ciphertext
– Susceptible to skipping of characters which
affect all other characters
– Susceptible to malicious insertions and
modifications
 Block Ciphers

• is a type of symmetric encryption algorithm

that encrypts data in fixed-size blocks,
typically 64 or 128 bits, rather than processing
data one bit at a time like stream ciphers.
Block ciphers take plaintext data and
transform it into ciphertext in fixed-size
chunks, using a secret key

73
 Block Ciphers
The key characteristics of a block cipher are:
• Block Size: It encrypts data in fixed-size blocks (e.g., 64 or 128
bits).
• Key Size: Uses a secret key for both encryption and decryption,
with the strength depending on key length (e.g., 128, 192, or
256 bits).
• Symmetric Encryption: The same key is used for both
encryption and decryption.
• Modes of Operation: Techniques like ECB(Electronic
Codebook) , CBC(Cipher Block Chaining, and CTR(Counter
Mode) are used to encrypt data larger than a single block, each
with varying security and performance trade-offs.
74
Block Ciphers
 Block Ciphers

• Advantages
– High diffusion-info from plaintext is diffused
into several ciphertext symbols.
– Immunity to insertion of symbols-it is
impossible to insert a single symbol into a
block
 Block Ciphers
• Disadvantages
– Slowness of encryption- has to wait for the
entire block of symbols to arrive before
starting the encryption process
– Require more memory
– Error propagation- error affects all other
characters in the block
Thank You!

78