ITU 08106: Distributed Systems

CRYPTOGRAPHY AND SECURITY TECHNIQUES IN

DISTRIBUTED SYSTEM

Department of Computing & Communication Technology

Content Outline:

• Cryptography Basic:
• Definition and importance
• Overview of Distributed Systems
• Advantages and disadvantages

• Security techniques for distributed systems

• Encryption
• Digital signatures
• Access controls
• Firewall

• Implementing cryptography in distributed system

• Steps
• Other security techniques
 INTRODUCTION TO CRYPTOGRAPHY:
Cryptography is the art and science of securing information by encoding it into an
unreadable format, known as ciphertext. This process ensures that only authorized
parties can decipher and access the original information, known as plaintext.
Importance of Cryptography:
- Protects sensitive data.
- Ensures confidentiality, integrity, and authenticity.
- Essential for secure communication.

Overview of Distributed Systems:

A distributed system consists of multiple independent computers that work together as
a single system. They communicate via a network to coordinate their actions and share
resources.
 Cryptography: Advantages
Advantages:

 Cryptography offers confidentiality ; Cryptography ensures that only authorized parties can
access and understand the encrypted information, preventing unauthorized access. This is
achieved through symmetric encryption (e.g., AES), which uses the same key for both
encryption and decryption.

 Cryptography offers integrity ; Cryptography guarantees that data remains unchanged

during transmission or storage by using hash functions (e.g., SHA-256) to detect any
alterations. The sender includes a hash value with the data, and the recipient verifies it to
ensure it hasn't been tampered with.

 Cryptography offers authentication ; Cryptography verifies the sender's identity using digital
signatures (e.g., RSA) and certificates, ensuring messages are from trusted sources and
have not been tampered with. Digital signatures are created using the sender's private key
and verified using the sender's public key.
 Cont.....

Advantages:

 Cryptography offers non-repudiation ; With cryptographic techniques , the

date and time of this message or its receipt are being proved so no one can
deny it has done what.

 Cryptography offers secure communication ; It provides for encrypted data

transmission over almost every channel including the insecure internet , that
prevents criminals from spying or intercepting sensitive information .

 Cryptography data integrity verification ; Cryptography can use a digital

signature to seal a document , validating that it is untouched by the person
to whom it belongs.
 Cont...
Advantages:

 Cryptography offers access control ; Cryptography brings up the

confidentiality of the data by encrypting it and makes decryption a procedure
accessible only to privileged users of the data

 Cryptography offers secure transactions ; It secures digital transaction for

example e-commerce or online banking , make sure that business personal-
related information is safe from theft or fraud
 Cryptography: Disadvantages
Disadvantages:

 Cryptography is very complex ; Cryptographic systems are not quite easy to

implement and manage because of high level of technical skills needed hence
specialized knowledge and expertise are should enhanced.

 It enhances performance overhead ; Efficient encryption /decryption at the point

of degrading performance may compromise the overall efficiency especially in cases
of resource-constrained environments.

 It may enhance vulnerabilities; Cryptography algorithms and their implementations

are known by the security attackers therefore it is possible that the cryptography
operators can uncover unauthentic weakness. This leaves the virtual system at risk
of being compromised with the whole system’s cyber security destroyed.
 Cont...

Disadvantages:

 It has key compromise ; When keys of the cryptography are compromised or

even stolen , this leads to third part to gain unauthorized access and
decryption of sensitive information
• It has regulatory compliance ; Rule compliance in the crypto field can be
troublesome for the corporate bodies as it requires engagement with policies
and practices that are used exclusively in the effort to be legalized
Security Techniques for Distributed Systems
Encryption:
Encryption protects data by converting it into an unreadable format using
cryptographic algorithms. This ensures that data remains confidential and
secure both at rest (stored data) and in transit (data being transmitted).
• Data at Rest: Encryption of data stored on devices or databases
ensures that even if physical storage is compromised, the data remains
protected. Techniques like full disk encryption and file-level encryption
are commonly used.
• Data in Transit: Encryption of data being transmitted over networks
prevents interception and eavesdropping. Protocols like TLS (Transport
Layer Security) and VPNs (Virtual Private Networks) are used to secure
communication channels.
• Symmetric Encryption: Uses the same key for both encryption and
decryption (e.g., AES).
• Asymmetric Encryption: Uses a pair of keys, one for encryption (public
key) and one for decryption (private key) (e.g., RSA).
 Symmetric
encryption involves
using a single key to
encrypt and decrypt
data

Asymmetric
encryption uses
two keys - one
public and one
private - to encrypt
and decrypt data.
 Cont...
Digital Signatures:
Digital Signatures provide data integrity and authentication by
signing data with a private key. This technique ensures that the
data has not been altered and confirms the identity of the
sender.
• How It Works: The sender generates a hash of the data and
encrypts it with their private key to create a digital signature.
The recipient decrypts the signature with the sender's public
key and compares the hash to verify integrity and authenticity.
• Use Cases: Commonly used in software distribution, financial
transactions, and secure email communications to ensure the
authenticity and integrity of the data.
 Cont...
Access Controls:
Access Controls implement user authentication and
authorization to restrict access to data. This ensures that only
authorized users can access sensitive information.
• Authentication: Verifies the identity of users before
granting access. Techniques include password-based
authentication, multi-factor authentication (MFA), and
biometric authentication.
• Authorization: Defines what authenticated users are
allowed to do. Techniques include Role-Based Access
Control (RBAC), Attribute-Based Access Control (ABAC), and
Access Control Lists (ACLs).
 Cont...
Firewalls
Firewalls monitor and control incoming and outgoing network traffic
based on predefined security rules. They act as a barrier between a
trusted internal network and untrusted external networks.
• Packet-Filtering Firewalls: Examine packets and allow or block
them based on source/destination addresses, ports, and protocols.
• Stateful Inspection Firewalls: Track the state of active connections
and make decisions based on the context of the traffic.
• Next-Generation Firewalls (NGFW): Combine traditional firewall
functions with additional features like application awareness and
intrusion prevention.
 Cont...
Intrusion Detection Systems (IDS)
Intrusion Detection Systems (IDS) monitor network traffic for
suspicious activity and potential threats. They alert administrators
to possible security incidents.
• Network-based IDS (NIDS): Monitors network traffic to detect
signs of intrusion.
• Host-based IDS (HIDS): Monitors the activities and state of
individual systems or hosts.
• Detection Techniques:
• Signature-Based Detection: Compares network traffic against a database
of known attack patterns.
• Anomaly-Based Detection: Detects deviations from normal network
behavior.
 Cont...
Security Policies
Security Policies establish rules and guidelines for maintaining
security within the system. They ensure that all users follow
best practices and security protocols.
• Acceptable Use Policy: Defines acceptable and unacceptable
use of organizational resources.
• Access Control Policy: Specifies how access to information
and systems is managed and who is authorized to access
them.
• Incident Response Policy: Provides guidelines for
responding to security incidents and mitigating their impact.
Implementing Cryptography in
Distributed Systems Steps
• Step 1: Identify Data to Protect: Determine which data is
sensitive and requires encryption.
• Step 2: Choose Cryptographic Algorithms: Select appropriate
algorithms (symmetric or asymmetric) based on security
requirements. Symmetric algorithms use the same key for
encryption and decryption, while asymmetric algorithms use a
pair of keys (public and private).
• Step 3: Generate and Manage Keys: Create cryptographic keys
and establish secure key management practices. Ensure keys are
stored securely and rotated regularly.
• Step 4: Encrypt Data: Apply encryption to the identified sensitive
data to protect it from unauthorized access.
• Step 5: Decrypt Data: Implement decryption processes to allow
authorized users to access the encrypted data.
 Implementing Other Security
Techniques in Distributed Systems
• User Authentication: Implement strong authentication
mechanisms, such as multi-factor authentication (MFA), to
verify user identities.
• Network Security: Configure firewalls and intrusion detection
systems (IDS) to monitor and protect the network from
potential threats.
• Regular Audits: Conduct regular security audits to identify
vulnerabilities, ensure compliance with security policies, and
improve overall security posture.
• Incident Response: Establish an incident response plan to
handle security breaches and mitigate their impact. Ensure
that the plan includes steps for detection, containment,
eradication, recovery, and post-incident analysis.
 Case Study: Securing a Distributed System
Scenario: An e-commerce company implementing security
measures to protect customer data and transaction
information.
Steps Taken:
• Encryption of customer data stored in databases and
transmitted over the network.
• Use of digital signatures to verify the authenticity of
transactions.
• Implementation of access controls to restrict data access to
authorized employees.
• Configuration of firewalls and intrusion detection systems to
monitor and protect the network.
• Regular security audits to identify and address vulnerabilities.
 Cont...

Results:
• Enhanced security of customer data and transaction
s.
• Reduced risk of data breaches and unauthorized acc
ess.
• Increased trust and confidence from customers in th
e company's security measures.
 Group 07 Members:
NO STUDENT’S NAME REGISTRATION NUMBER

01. TIMOTHEO RICHARD ISRAEL NIT/BIT/2022/1920

02. VICTOR JOSEPH DIMANYI NIT/BIT/2022/1826

03. AMINA IDD ALLY NIT/BIT/2022/1752

04. AISHA MATHIAS RUNGWA NIT/BIT/2022/1766

05. MESHACK VERAEL MASSAWE NIT/BIT/2022/1912

06. REUBEN MASOLWA NDATULU NIT/BIT/2022/1939

07. MARIA ADAM MBOYA NIT/BIT/2022/1928

08. RADHIA CHANDE UKOMO NIT/BIT/2022/1782

09. LINUS L KATABALO NIT/BIT/2022/1956

10. MAGAYANE MISHELI KATILAFU NIT/BIT/2022/1958

11. IBRAHIM MARTINE MATANGO NIT/BIT/2022/1945