Documente Academic
Documente Profesional
Documente Cultură
Security
Distributed Systems:
Concepts and Design
Edition 5, Addison-Wesley 2012
Figure 11.1
Familiar names for the protagonists in security protocols
Alice
Firstparticipant
Bob
Secondparticipant
Carol
Participantinthreeandfourparty
protocols
Participantinfourparty
Dave
Eve
protocols
Eavesdropper
Mallory
Maliciousattacker
Sara
Aserver
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.2
Cryptography notations
KA
Alicessecretkey
KB
Bobssecretkey
KAB
SecretkeysharedbetweenAliceandBob
KApriv
Alicesprivatekey(knownonlytoAlice)
KApub
Alicespublickey(publishedbyAliceforalltoread)
{M}K
MessageMencryptedwithkeyK
[M]K
MessageMsignedwithkeyK
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.3
Alices bank account certificate
1.Certificatetype:
2.Name:
3.Account:
4.Certifyingauthority:
5.Signature:
Accountnumber
Alice
6262626
BobsBank
{Digest(field2+field3)}KBpriv
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.4
Public-key certificate for Bobs Bank
1.Certificatetype:
Publickey
2.Name:
BobsBank
3.Publickey:
KBpub
4.Certifyingauthority:
FredTheBankersFederation
{Digest(field2+field3)}KFpriv
5.Signature:
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.5
Cipher block chaining
n+3
plaintext blocks
n+2
n+1
XOR
E(K, M)
ciphertext blocks
n-3
n-2
n-1
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.6
Stream cipher
number
generator
keystream
n+3
n+2
n+1
E(K, M)
buffer
XOR
ciphertext
stream
plaintext
stream
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.7
TEA encryption function
voidencrypt(unsignedlongk[],unsignedlongtext[]){
unsignedlongy=text[0],z=text[1];
unsignedlongdelta=0x9e3779b9,sum=0;intn;
for(n=0;n<32;n++){
sum+=delta;
y+=((z<<4)+k[0])^(z+sum)^((z>>5)+k[1]);
z+=((y<<4)+k[2])^(y+sum)^((y>>5)+k[3]);
}
text[0]=y;text[1]=z;
}
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
1
2
3
4
5
6
7
Figure 11.8
TEA decryption function
voiddecrypt(unsignedlongk[],unsignedlongtext[]){
unsignedlongy=text[0],z=text[1];
unsignedlongdelta=0x9e3779b9,sum=delta<<5;intn;
for(n=0;n<32;n++){
z=((y<<4)+k[2])^(y+sum)^((y>>5)+k[3]);
y=((z<<4)+k[0])^(z+sum)^((z>>5)+k[1]);
sum=delta;
}
text[0]=y;text[1]=z;
}
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.9
TEA in use
voidtea(charmode,FILE*infile,FILE*outfile,unsignedlongk[]){
/*modeiseforencrypt,dfordecrypt,k[]isthekey.*/
charch,Text[8];inti;
while(!feof(infile)){
i=fread(Text,1,8,infile);
/*read8bytesfrominfileintoText*/
if(i<=0)break;
while(i<8){Text[i++]='';} /*padlastblockwithspaces*/
switch(mode){
case'e':
encrypt(k,(unsignedlong*)Text);break;
case'd':
decrypt(k,(unsignedlong*)Text);break;
}
fwrite(Text,1,8,outfile);
/*write8bytesfromTexttooutfile*/
}
}
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
RSA Encryption - 1
Tofindakeypaire,d:
1.Choosetwolargeprimenumbers,PandQ(eachgreaterthan10100),andform:
N=PxQ
Z=(P1)x(Q1)
2.FordchooseanynumberthatisrelativelyprimewithZ(thatis,suchthatdhasno
commonfactorswithZ).
WeillustratethecomputationsinvolvedusingsmallintegervaluesforPandQ:
P=13,Q=17>N=221,Z=192
d=5
3. Tofindesolvetheequation:
exd=1modZ
Thatis,exdisthesmallestelementdivisiblebydintheseriesZ+1,2Z+1,3Z+1,....
exd=1mod192=1,193,385,...
385isdivisiblebyd
e=385/5=77
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
RSA Encryption - 2
ToencrypttextusingtheRSAmethod,theplaintextisdividedintoequalblocksoflengthk
bitswhere2k<N(thatis,suchthatthenumericalvalueofablockisalwayslessthanN;in
practicalapplications,kisusuallyintherange512to1024).
k=7,since27=128
ThefunctionforencryptingasingleblockofplaintextMis:
E'(e,N,M)=MemodN
foramessageM,theciphertextisM77mod221
Thefunctionfordecryptingablockofencryptedtextctoproducetheoriginalplaintextblock
is:
D'(d,N,c)=cdmodN
Rivest,ShamirandAdelmanprovedthatE'andD'aremutualinverses
(thatis,E'(D'(x))=D'(E'(x))=x)forallvaluesofPintherange0PN.
Thetwoparameterse,Ncanberegardedasakeyfortheencryptionfunction,andsimilarlyd,N
representakeyforthedecryptionfunction.
SowecanwriteKe=<e,N>andKd=<d,N>,andwegettheencryptionfunction:
E(Ke,M)={M}K(thenotationhereindicatingthattheencryptedmessagecanbedecryptedonly
bytheholderoftheprivatekeyKd)andD(Kd,={M}K)=M.
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.10
Digital signatures with public keys
M
signed doc
H(M)
Signing
E(K pri , h)
128 bits
{h}Kpri
Verifying
D(Kpub ,{h})
{h}Kpri
h'
h = h'?
H(doc)
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.11
Low-cost signatures with a shared secret key
signed doc
H(M+K)
Signing
h
M
M
h
Verifying
h = h'?
K
H(M+K)
h'
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.12
X509 Certificate format
Subject
DistinguishedName,PublicKey
Issuer
DistinguishedName,Signature
Periodofvalidity
NotBeforeDate,NotAfterDate
Administrativeinformation
Version,SerialNumber
ExtendedInformation
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.13
Performance of symmetric encryption and secure digest algorithms
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.14
The NeedhamSchroeder secret-key authentication protocol
Header
Message
Notes
1.A>S:
A,B,NA
ArequestsStosupplyakeyforcommunication
withB.
2.S>A:
{NA,B,KAB,
{KAB,A}KB}KA
3.A>B:
{KAB,A}KB
4.B>A:
{NB}KAB
5.A>B:
{NB1}KAB
SreturnsamessageencryptedinAssecretkey,
containinganewlygeneratedkeyKABanda
ticketencryptedinBssecretkey.ThenonceNA
demonstratesthatthemessagewassentinresponse
totheprecedingone.AbelievesthatSsentthe
messagebecauseonlySknowsAssecretkey.
AsendsthetickettoB.
BdecryptstheticketandusesthenewkeyKABto
encryptanothernonceNB.
AdemonstratestoBthatitwasthesenderofthe
previousmessagebyreturninganagreed
transformationofNB.
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.15
System architecture of Kerberos
Kerberos Key Distribution Centre
Step A
1. Request for
TGS ticket
Authentication
service A
Authentication
database
Ticketgranting
service T
2. TGS
ticket
Client
C
Login
session setup
Server
session setup
DoOperation
Step B
3. Request for
server ticket
4. Server ticket
Step C
5. Service
request
Service
function
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Server
S
Figure 11.16
SSL protocol stack
SSL
Handshake SSL Change
Cipher Spec
protocol
SSL Alert
Protocol
HTTP
Telnet
Other protocols:
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.17
TLS handshake protocol
ClientHello
ServerHello
Certificate
Certificate Request
ServerHelloDone
Client
Certificate
Certificate Verify
Server
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.18
TLS handshake configuration options
Component
Description
Example
Keyexchange
method
themethodtobeusedfor
exchangeofasessionkey
RSAwithpublickey
certificates
Cipherfordata
transfer
theblockorstreamciphertobe IDEA
usedfordata
Messagedigest
function
forcreatingmessage
authenticationcodes(MACs)
SHA1
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
Figure 11.19
TLS record protocol
abcdefghi
Application data
Fragment/combine
Record protocol units
abc
def
Compress
Compressed units
Hash
MAC
Encrypt
Encrypted
Transmit
TCP packet
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012
ghi
Figure 11.20
Use of RC4 stream cipher in IEEE 802.11 WEP
Decryption
Encryption
Increment
IV
IV
RC4
RC4
keystream
plaintext
XOR
cipher textIV
cipher textIV
XOR
plaintext
InstructorsGuideforCoulouris,Dollimore,KindbergandBlair,DistributedSystems:ConceptsandDesignEdn.5
PearsonEducation2012