1 of 33

�Security��Gullagong�Assoc. Prof.�PG Deptt. Of Comp. Sc. & IT

2 of 33

Security Threats, Policies, and Mechanisms

Types of security threats to consider:

Interception
Interruption
Modification
Fabrication

3 of 33

Layering of Security Mechanisms (1)

The logical organization of a �distributed system into several layers.

4 of 33

Layering of Security Mechanisms (2)

Several sites connected through� a wide-area backbone service.

5 of 33

Distribution of Security Mechanisms

The principle of RISSC as �applied to secure distributed systems.

6 of 33

Cryptography (1)

Intruders and eavesdroppers in communication.

7 of 33

Cryptography (2)

Notation used in this chapter.

8 of 33

Symmetric Cryptosystems: DES (1)

(a) The principle of DES. �

9 of 33

Symmetric Cryptosystems: DES (2)

(b) Outline of

one encryption round.

10 of 33

Symmetric Cryptosystems: DES (3)

Details of per-round key generation in DES.

11 of 33

Public-Key Cryptosystems: RSA

Generating the private and public keys requires

four steps:

Choose two very large prime numbers, p and q.
Compute n = p × q and z = (p − 1) × (q − 1).
Choose a number d that is relatively prime to z.
Compute the number e such that �e × d = 1 mod z.

12 of 33

Hash Functions: MD5 (1)

The structure of MD5.

13 of 33

Hash Functions: MD5 (2)

The 16 iterations during the �first round in a phase in MD5.

14 of 33

Authentication Based on a Shared Secret Key (1)

Authentication based on a shared secret key.

15 of 33

Authentication Based on a Shared Secret Key (2)

Authentication based on a shared �secret key, but using three instead of five messages.

16 of 33

Authentication Based on a Shared Secret Key (3)

The reflection attack.

17 of 33

Authentication Using a �Key Distribution Center (1)

The principle of using a KDC.

18 of 33

Authentication Using a �Key Distribution Center (2)

Using a ticket and letting �Alice set up a connection to Bob.

19 of 33

Authentication Using a �Key Distribution Center (3)

The Needham-Schroeder authentication protocol.

20 of 33

Authentication Using a �Key Distribution Center (4)

Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol.

21 of 33

Authentication Using a �Key Distribution Center (5)

Mutual authentication in a public-key cryptosystem.

22 of 33

Digital Signatures (1)

Digital signing a message �using public-key cryptography.

23 of 33

Digital Signatures (2)

Digitally signing a message using a message digest.

24 of 33

Secure Replicated Servers

Sharing a secret signature �in a group of replicated servers.

25 of 33

Firewalls

A common implementation of a firewall.

26 of 33

Protecting the Target (1)

The organization of a Java sandbox.

27 of 33

Protecting the Target (2)

(a) A sandbox. (b) A playground.

28 of 33

Protecting the Target (3)

The principle of using Java object �references as capabilities.

29 of 33

Protecting the Target (4)

The principle of stack introspection.

30 of 33

Key Establishment

The principle of Diffie-Hellman key exchange.

31 of 33

Key Distribution (1)

Secret-key distribution. �

32 of 33

Key Distribution (2)

Public-key distribution �

33 of 33

Secure Group Management

Securely admitting a new group member.