Exam questions

Distributed Systems Fall 2014

Chapter 11 Security

1. What are the three broad classes of security threats. Name and de�ne them!

answer:

1. Leakage: Refers to the acquisition of information by unauthorized recipi-ents

2. Tampering : Refers to the unauthorized alteration of information.

3. Vandalism: Refers to interference with the proper operation of a systemwithout gain to the perpetrator.

2. What are the methods of attack towards message channels? Name (5) andde�ne/describe each of them separately!

answer:

Eavesdropping: Obtaining copies of messages without authority.

1

Masquerading: Sending or receiving messages using the identity of anotherprincipal without their authority.

Message tampering: Intercepting messages and altering their contents be-fore passing them on to the intended recipient. The man-in-the-middleattack is a form of message tampering in which an attacker intercepts thevery �rst message in an exchange of encryption keys to establish a securechannel. The attacker substitutes compromised keys that enable them todecrypt subsequent messages before re- encrypting them in the correctkeys and passing them on.

Replaying: Storing intercepted messages and sending them at a later date.This attack may be e�ective even with authenticated and encrypted mes-sages.

Denial of service: Flooding a channel or other resource with messages in or-der to deny access for others.

3. What is non-repudiation?

answer:Non-repudiation is to ensure that the account holder cannot deny that they

participated in a transaction

2

4. Name the six worst-case assumptions and design guidelines for secure distributedsystems!

answer:

Interfaces are exposed: Distributed systems are composed of processes thato�er services or share information. Their communication interfaces arenecessarily open (to allow new clients to access them) � an attacker cansend a message to any interface.

Networks are insecure: For example, message sources can be falsi�ed � mes-sages can be made to look as though they came from Alice when they wereactually sent by Mallory. Host addresses can be `spoofed' � Mallory canconnect to the network with the same address as Alice and receive copiesof messages intended for her.

Limit the lifetime and scope of each secret: When a secret key is �rst gen-erated we can be con�dent that it has not been compromised. The longerwe use it and the more widely it is known, the greater the risk. The use ofsecrets such as passwords and shared secret keys should be time-limited,and sharing should be restricted.

Algorithms and program code are available to attackers: The bigger andthe more widely distributed a secret is, the greater the risk of its disclosure.Secret encryption algorithms are totally inadequate for today's large-scalenetwork environments. Best practice is to publish the algorithms usedfor encryption and authentication, relying only on the secrecy of cryp-tographic keys. This helps to ensure that the algorithms are strong bythrowing them open to scrutiny by third parties.

Attackers may have access to large resources: The cost of computing poweris rapidly decreasing. We should assume that attackers will have access

3

to the largest and most powerful computers projected in the lifetime ofa system, then add a few orders of magnitude to allow for unexpecteddevelopments.

Minimize the trusted base: The portions of a system that are responsiblefor the implementation of its security, and all the hardware and softwarecomponents upon which they rely, have to be trusted � this is often referredto as the trusted computing base. Any defect or programming error inthis trusted base can produce security weaknesses, so we should aim tominimize its size. For example, application programs should not be trustedto protect data from their users.

5. What is the di�erence in performance of public-key encryption algorithmscompared with secret-key algorithms?

answer:Public-key encryption algorithms typically require 100 to 1000 times as much

processing power as secret-key algorithms

6. Describe (or draw a diagram of action) a scenario of secret communication

with a shared key! (2 steps) Name two problems that one can face withthis scenario!

answer:

Alice wishes to send some information secretly to Bob. Alice and Bob sharea secret key KAB .

4

1. Alice uses KAB and an agreed encryption function E(KAB ,M) to encryptand send any number of messages {Mi}KAB

to Bob. (Alice can go on usingKAB as long as it is safe to assume that KAB has not been compromised.)

2. Bob decrypts the encrypted messages using the corresponding decryptionfunction D(KAB ,M).

Problem 1 : How can Alice send a shared key K AB to Bob securely?Problem 2 : How does Bob know that any {Mi} isn't a copy of an earlierencrypted message from Alice that was captured by Mallory and replayedlater? Mallory needn't have the key KAB to carry out this attack � hecan simply copy the bit pattern that represents the message and send itto Bob later. For example, if the message is a request to pay some moneyto someone, Mallory might trick Bob into paying twice.

5

7. Describe (or draw a diagram of action) a scenario of authenticated communication

with a server! (5 steps)

answer:

1. Alice sends an (unencrypted) message to Sara stating her identity andrequesting a ticket for access to Bob.

2. Sara sends a response to Alice encrypted inKA consisting of a ticket (to besent to Bob with each request for �le access) encrypted in KB and a newsecret key KAB for use when communicating with Bob. So the responsethat Alice receives looks like this:

{{Ticket}KB

,KAB

}KA

.

3. Alice decrypts the response using KA (which she generates from her pass-word using the same transformation; the password is not transmitted overthe network, and once it has been used it is deleted from local storage toavoid compromising it). If Alice has the correct password-derived key KA,she obtains a valid ticket for using Bob's service and a new encryption keyfor use in communicating with Bob. Alice can't decrypt or tamper withthe ticket, because it is encrypted in KB . If the recipient isn't Alice thenthey won't know Alice's password, so they won't be able to decrypt themessage.

4. Alice sends the ticket to Bob together with her identity and a request Rto access a �le: {Ticket}KB

, Alice, R.

5. The ticket, originally created by Sara, is actually: {KAB , Alice}KB. Bob

decrypts the ticket using his key KB . So Bob gets the authentic identityof Alice (based on the knowledge shared between Alice and Sara of Alice'spassword) and a new shared secret key KAB for use when interacting withAlice. (This is called a session key because it can safely be used by Aliceand Bob for a sequence of interactions.)

6

7

8. Describe (or draw a diagram of action) a scenario of authenticated communication

with public keys to enable Bob and Alice to establish a shared secretkey KAB ! (3 steps)

answer:

1. Alice accesses a key distribution service to obtain a public-key certi�cate

giving Bob's public key. It's called a certi�cate because it is signed by atrusted authority � a person or organization that is widely known to bereliable. After checking the signature, she reads Bob's public key, KBpub

,from the certi�cate.

2. Alice creates a new shared key, KAB , and encrypts it using KBpubwith a

public-key algorithm. She sends the result to Bob, along with a name thatuniquely identi�es a public/private key pair (since Bob may have severalof them) � that is, Alice sends keyname, {KAB}KBpub

.

3. Bob selects the corresponding private key, KBpriv , from his private keystore and uses it to decrypt KAB . Note that Alice's message to Bobmight have been corrupted or tampered with in transit. The consequencewould simply be that Bob and Alice don't share the same key KAB . Ifthis is a problem, it can be circumvented by adding an agreed value orstring to the message, such as Bob's and Alice's names or email addresses,which Bob can check after decrypting.

8

9. What is a certi�cate?

answer:Certi�cate is a digitally signed document (by an authority) with given time

constrains associating a subject to his/her/its public key.

10. How to describe symmetric cryptographic algorithms?

answer:Decryption of a message is done with the inverse of the encryption function.

The calculation of the inverse function without knowing the key should be sohard to compute that it is not feasible.

11. How to describe asymmetric cryptographic algorithms?

answer:Existence of public and private keys; one of which can be used for encryption

and the other one for decryption of messages

12. What are block ciphers?

answer:Algorithms operate on �xed-size blocks of data; 64 bits is a popular size for

the blocks. A message is subdivided into blocks, the last block is padded to thestandard length if necessary and each block is encrypted independently. The�rst block is available for transmission as soon as it has been encrypted.

13. What is cipher block chaining (CBC)? (Describe what is done during encriptionand decryption!)

answer:In CBC each plaintext block is combined with the preceding ciphertext block

using the exclusive-or operation (XOR) before it is encrypted. On decryption,the block is decrypted and then the preceding encrypted block (which shouldhave been stored for this purpose) is XOR-ed with it to obtain the new plaintextblock. (Works because the XOR operation is symmetric.)

14. What is the functional property of a stream cipher?

answer:Stream ciphers are encryption algorithms that can perform encryption in-

crementally, converting plaintext to ciphertext one bit at a time.

9

15. Descibe the Shannon's principles of confusion and di�usion (to concealthe content of a cipertext blockM , combining it with a keyK of a su�cientsize to render it proof against brute-force attacks)!

answer:

Confusion: Non-destructive operations such as XOR and circular shifting areused to combine each block of plaintext with the key, producing a newbit pattern that obscures the relationship between the blocks in M and{M}K .

Di�usion: dissipates the regular patterns that result by transposing portionsof each plaintext block.

16. Name some symmetric-key algorithms!

answer:DES, 3DES, TEA, IDEA, RC4, AES

10

17. Outline the (three) key steps in RSA public-key algorithm!

answer:

1. Choose two large prime numbers, P and Q (each greater than 10100 ), andform

N = P ×Q

Z = (P�1)× (Q�1)

2. For d, choose any number that is relatively prime with Z (that is, suchthat d has no common factors with Z).

3. Solve the equation to �nd e:

e× d = 1 mod Z

(i.e. e× d is the smallest element divisible by d in series Z + 1, 2Z + 1, 3Z + 1,...)

To encrypt text using the RSA method, the plaintext is divided into equalblocks of length k bits, where 2k < N (that is, such that the numerical value ofa block is always less than N ; in practical applications, k is usually in the range512 to 1024).

For encrypting a block of plaintext M :

E′(e,N,M) = Me mod N

For decrypting:D′(d,N, c) = cd mod N

Private key Kd =< d,N >

Public key Ke =< e,N >

11

Rivest, Shamir and Adelman proved that E′ and D′ are mutual inverses (thatis, E′(D′(x)) = D′(E′(x)) = x) for all values of P in the range 0 ≤ P ≤ N .

12

18. Draw an outline of Kerberos system architecture!

answer:Figure 11.15 System architecture of Kerberos

13