DOCSLIB.ORG

Final Resourcediscoverysecuritydistrsystems Thesis Linelarsen

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Final Resourcediscoverysecuritydistrsystems Thesis Linelarsen Resource discovery and Security in Distributed systems Resource discovery and Security in Distributed systems by Line Larsen Thesis is partial fulfilment of the degree of Master in Technology in Information and Communication Technology Agder University College Faculty of Engineering and Science Grimstad Norway May 2007 May 2007 – Line Larsen 1 Resource discovery and Security in Distributed systems Abstract To be able to access our files at any time and any where, we need a system or service which is free, has enough storage space and is secure. A centralized system can handle these challenges today, but does not have transparency, openness and scalability like a peer to peer network has. A hybrid system with characteristics from both distributed and centralized topologies is the ideal choice. In this paper I have gone through the basic theory of network topology, protocols and security and explained “search engine”, “Middleware”, “Distributed Hash Table” and the JXTA protocol. I then have briefly examined three existing peer to peer architectures which are “Efficient and Secure Information Sharing in Distributed, collaborative Environments” based on Sandbox and transitive delegation from 1999, pStore: A Secure Peer–to-Peer backup System” based on versioning and file blocks from 2001 and iDIBS from 2006, which is an improved versions of the SourceForge project Distributed Internet Backup System (DIBS) using Luby Transform codes instead of Reed-Solomon codes for error correction when reconstructing data. I have also looked into the security aspects related to using distributed systems for resource discovery and I have suggested a design of a resource discovery architecture which will use JXTA for backup of personal data using Super-peer nodes in a peer to peer architecture. Keywords Resource discovery, DHT, transitive delegation, middleware, heterogeneous networks, network security, hybrid architecture, peer to peer May 2007 – Line Larsen 2 Resource discovery and Security in Distributed systems Preface This thesis concludes the two-year Master of Science program in Information and Communication Technology (ICT) at Agder University College (AUC), Faculty of Engineering and Science in Grimstad, Norway. The workload of this thesis equals 30 ECTS and the project has been carried out from January to end of May 2007. I would like to thank, post Doc Ulf C. Carlsen, my supervisor at Agder University College, for excellent supervision and guidance throughout the project period. I appreciate that you came up with an Idea for a thesis when I did not like any of those that were originally proposed. Also I appreciate that you had not planned to be a supervisor at all this year and then you suddenly had two groups to supervise. Grimstad, May 2007 ___________________________ Line Larsen May 2007 – Line Larsen 3 Resource discovery and Security in Distributed systems Table of contents Abstract .................................................................................................................................. 2 Keywords ............................................................................................................................... 2 Preface.................................................................................................................................... 3 Table of contents .................................................................................................................... 4 Figure list................................................................................................................................6 1 INTRODUCTION.............................................................................................................. 7 1.1 Background ................................................................................................................ 7 1.2 Thesis definition......................................................................................................... 8 1.3 Problem statement...................................................................................................... 9 1.4 Importance of study.................................................................................................. 11 1.5 Report outline........................................................................................................... 11 2 THEORY AND STATE OF THE ART........................................................................... 12 2.1 Theory ...................................................................................................................... 12 2.1.1 Topology .......................................................................................................... 12 2.1.2 Algorithm and Protocols .................................................................................. 16 2.1.2.1 Communication protocol.............................................................................. 16 2.1.2.2 Routing algorithms....................................................................................... 17 2.1.2.3 Resource discovery (look-up service) algorithms........................................ 18 2.1.3 Security............................................................................................................. 20 2.1.3.1 The CIA of computer security...................................................................... 20 2.1.3.2 Secure data transmission .............................................................................. 21 2.1.3.3 Software security.......................................................................................... 23 2.1.3.4 Secure access................................................................................................ 24 2.1.3.5 Secure storage of data on hardware.............................................................. 26 2.2 Discovery services in use ......................................................................................... 27 2.2.1 Search engine ................................................................................................... 27 2.2.2 Middleware....................................................................................................... 28 2.2.3 Distributed Hash Table (DHT) algorithm ........................................................ 30 2.2.4 JXTA protocol.................................................................................................. 31 2.3 Requirements for a centralized system..................................................................... 32 2.4 Requirements for a distributed system ..................................................................... 33 2.5 Centralized versus Distributed ................................................................................. 34 2.6 “Resource discovery and Security” literature review .............................................. 35 3 SURVEY ON DIFFERENT CURRENT P2P ARCHITECTURES................................ 35 3.1 Peer to Peer systems................................................................................................. 35 3.2 Efficient and Secure Information Sharing in Distributed, collaborative Environment .................................................................................................................................. 37 3.3 pStore: A Secure Peer To Peer Backup system........................................................ 38 3.4 iDIBS: An Improved Distributed Backup System .................................................. 38 4 SECURITY REQUIREMENTS OF A SYSTEM............................................................ 39 4.1 Security policy.......................................................................................................... 39 4.2 Anonymity and Trustworthiness .............................................................................. 40 4.3 Physical security....................................................................................................... 41 5 DESIGN OF HYBRID ARCHITECTURE ..................................................................... 42 5.1 Topology .................................................................................................................. 42 5.2 Protocols and algorithms.......................................................................................... 42 5.3 Security..................................................................................................................... 44 May 2007 – Line Larsen 4 Resource discovery and Security in Distributed systems 6 DISCUSSION .................................................................................................................. 46 6.1 The 3 backup systems .............................................................................................. 46 6.1.1 Efficient and Secure information sharing......................................................... 46 6.1.2 pStore ............................................................................................................... 46 6.1.3 iDIBS................................................................................................................ 47 6.2 Security requirements of a system ........................................................................... 47 6.2.1 Topology .......................................................................................................... 47 6.2.2 Algorithms and protocols................................................................................. 47
Load more

Recommended publications
  • Cryptography
    Pattern Recognition and Applications Lab CRYPTOGRAPHY Giorgio Giacinto [email protected] University of Cagliari, Italy Spring Semester 2019-2020 Department of Electrical and Electronic Engineering Cryptography and Security • Used to hide the content of a message • Goals – Confidentiality – Authenticity – Integrity • The text is modified by an encryption function – An interceptor should not be able to understand all or part of the message content http://pralab.diee.unica.it 2 Encryption/Decryption Process Key Key (Optional) (Optional) Original Plaintext Encryption Ciphertext Decryption Plaintext http://pralab.diee.unica.it 3 Keys and Locks http://pralab.diee.unica.it 4 Keys L F A Y B D E T C A R C S E E T Y H G S O U S U D H R D F C E I D B T E M E P Q X N R C I D S F T U A E T C A U R M F N P E C J N A C R D B E M K C I O P F B E W U X I Y M C R E P F N O G I D C N T M http://pralab.diee.unica.it 5 Keys L F A Y B D E T C A R C S E E T Y H G S O U S U D H R D F C E I D B T E M E P Q X N R C I D S F T U A E T C A U R M F N P E C J N A C R D B E M K C I O P F B E W U X I Y M C R E P F N O G I D C N T M http://pralab.diee.unica.it 6 Steganography - = http://pralab.diee.unica.it https://towardsdatascience.com/steganography-hiding-an-image-inside-another-77ca66b2acb1 7 Definitions • Cryptography algorithm C = E(K,M) A function E with two inputs – a message M – a key K that outputs – the encrypted message C The algorithm is based on a shared secret between the sender and the receiver K The Encryption Key http://pralab.diee.unica.it 8 Symmetric
    [Show full text]
  • Looking up Data in P2p Systems
    LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan, M. Frans Kaashoek, David Karger, Robert Morris, Ion Stoica∗ MIT Laboratory for Computer Science 1. Introduction a good example of how the challenges of designing P2P systems The recent success of some widely deployed peer-to-peer (P2P) can be addressed. file sharing applications has sparked new research in this area. We The recent algorithms developed by several research groups for are interested in the P2P systems that have no centralized control the lookup problem present a simple and general interface, a dis- or hierarchical organization, where the software running at each tributed hash table (DHT). Data items are inserted in a DHT and node is equivalent in functionality. Because these completely de- found by specifying a unique key for that data. To implement a centralized systems have the potential to significantly change the DHT, the underlying algorithm must be able to determine which way large-scale distributed systems are built in the future, it seems node is responsible for storing the data associated with any given timely to review some of this recent research. key. To solve this problem, each node maintains information (e.g., The main challenge in P2P computing is to design and imple- the IP address) of a small number of other nodes (“neighbors”) in ment a robust distributed system composed of inexpensive com- the system, forming an overlay network and routing messages in puters in unrelated administrative domains. The participants in a the overlay to store and retrieve keys. typical P2P system might be home computers with cable modem One might believe from recent news items that P2P systems are or DSL links to the Internet, as well as computers in enterprises.
    [Show full text]
  • N2N: a Layer Two Peer-To-Peer VPN
    N2N: A Layer Two Peer-to-Peer VPN Luca Deri1, Richard Andrews2 ntop.org, Pisa, Italy1 Symstream Technologies, Melbourne, Australia2 {deri, andrews}@ntop.org Abstract. The Internet was originally designed as a flat data network delivering a multitude of protocols and services between equal peers. Currently, after an explosive growth fostered by enormous and heterogeneous economic interests, it has become a constrained network severely enforcing client-server communication where addressing plans, packet routing, security policies and users’ reachability are almost entirely managed and limited by access providers. From the user’s perspective, the Internet is not an open transport system, but rather a telephony-like communication medium for content consumption. This paper describes the design and implementation of a new type of peer-to- peer virtual private network that can allow users to overcome some of these limitations. N2N users can create and manage their own secure and geographically distributed overlay network without the need for central administration, typical of most virtual private network systems. Keywords: Virtual private network, peer-to-peer, network overlay. 1. Motivation and Scope of Work Irony pervades many pages of history, and computing history is no exception. Once personal computing had won the market battle against mainframe-based computing, the commercial evolution of the Internet in the nineties stepped the computing world back to a substantially rigid client-server scheme. While it is true that the today’s Internet serves as a good transport system for supplying a plethora of data interchange services, virtually all of them are delivered by a client-server model, whether they are centralised or distributed, pay-per-use or virtually free [1].
    [Show full text]
  • Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard V1.2.3
    Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3 Phong Q. Nguyen CNRS/Ecole´ normale sup´erieure D´epartement d’informatique 45 rue d’Ulm, 75230 Paris Cedex 05, France. [email protected] http://www.di.ens.fr/˜pnguyen Abstract. More and more software use cryptography. But how can one know if what is implemented is good cryptography? For proprietary soft- ware, one cannot say much unless one proceeds to reverse-engineering, and history tends to show that bad cryptography is much more frequent than good cryptography there. Open source software thus sounds like a good solution, but the fact that a source code can be read does not imply that it is actually read, especially by cryptography experts. In this paper, we illustrate this point by examining the case of a basic In- ternet application of cryptography: secure email. We analyze parts of thesourcecodeofthelatestversionofGNUPrivacyGuard(GnuPGor GPG), a free open source alternative to the famous PGP software, com- pliant with the OpenPGP standard, and included in most GNU/Linux distributions such as Debian, MandrakeSoft, Red Hat and SuSE. We ob- serve several cryptographic flaws in GPG v1.2.3. The most serious flaw has been present in GPG for almost four years: we show that as soon as one (GPG-generated) ElGamal signature of an arbitrary message is released, one can recover the signer’s private key in less than a second on a PC. As a consequence, ElGamal signatures and the so-called ElGamal sign+encrypt keys have recently been removed from GPG.
    [Show full text]
  • Security & Savings with Virtual Private Networks
    Everybody’s connecting. Security & Savings with Virtual Private Networks In today’s New Economy, small businesses that might have dealt with just local or regional concerns now have to consider global markets and logistics. Many companies even have facilities spread across the country or throughout the world. At the same time security concerns of their network from hackers, Denial-of-Service (DoS) attacks and sending data over the Internet have become more widespread. Whether companies have a local, national, or global presence, they all need one thing: a way to maintain fast, secure, and reliable communications wherever their offices and workers are located. Until recently, such communications were only available by using leased telephone lines to maintain a Wide Area Network (WAN). Leased lines enabled companies to expand their private network beyond their immediate geographic area. Moreover, a WAN provided advantages over a public network like the Internet when it came to reliability, performance, and security. Unfortunately, leased lines are expensive to maintain, with costs rising as the distance between the offices increases. As the popularity of the Internet grew, businesses turned to it as a cost-effective way to extend their networks. The continuing popularity with the Internet has led to the evolution of Virtual Private Networks (VPNs). A VPN is a connection that allows private data to be sent securely over a shared or public network, such as the Internet. In fact, one of the driving forces behind VPNs is the Internet and its global presence. With VPNs, communication links between users and sites can be achieved quickly, inexpensively, and safely across the world.
    [Show full text]
  • A History of End-To-End Encryption and the Death of PGP
    25/05/2020 A history of end-to-end encryption and the death of PGP Hey! I'm David, a security engineer at the Blockchain team of Facebook (https://facebook.com/), previously a security consultant for the Cryptography Services of NCC Group (https://www.nccgroup.com). I'm also the author of the Real World Cryptography book (https://www.manning.com/books/real-world- cryptography?a_aid=Realworldcrypto&a_bid=ad500e09). This is my blog about cryptography and security and other related topics that I Ûnd interesting. A history of end-to-end encryption and If you don't know where to start, you might want to check these popular the death of PGP articles: posted January 2020 - How did length extension attacks made it 1981 - RFC 788 - Simple Mail Transfer Protocol into SHA-2? (/article/417/how-did-length- extension-attacks-made-it-into-sha-2/) (https://tools.ietf.org/html/rfc788) (SMTP) is published, - Speed and Cryptography the standard for email is born. (/article/468/speed-and-cryptography/) - What is the BLS signature scheme? (/article/472/what-is-the-bls-signature- This is were everything starts, we now have an open peer-to-peer scheme/) protocol that everyone on the internet can use to communicate. - Zero'ing memory, compiler optimizations and memset_s (/article/419/zeroing-memory- compiler-optimizations-and-memset_s/) 1991 - The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations The US government introduces the 1991 Senate Bill 266, (/article/461/the-9-lives-of-bleichenbachers- which attempts to allow "the Government to obtain the cat-new-cache-attacks-on-tls- plain text contents of voice, data, and other implementations/) - How to Backdoor Di¸e-Hellman: quick communications when appropriately authorized by law" explanation (/article/360/how-to-backdoor- from "providers of electronic communications services di¸e-hellman-quick-explanation/) and manufacturers of electronic communications - Tamarin Prover Introduction (/article/404/tamarin-prover-introduction/) service equipment".
    [Show full text]
  • Analysis of Recent Attacks on Ssl/Tls Protocols A
    ANALYSIS OF RECENT ATTACKS ON SSL/TLS PROTOCOLS A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF APPLIED MATHEMATICS OF MIDDLE EAST TECHNICAL UNIVERSITY BY DUYGU OZDEN¨ IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN CRYPTOGRAPHY SEPTEMBER 2016 Approval of the thesis: ANALYSIS OF RECENT ATTACKS ON SSL/TLS PROTOCOLS submitted by DUYGU OZDEN¨ in partial fulfillment of the requirements for the de- gree of Master of Science in Department of Cryptography, Middle East Technical University by, Prof. Dr. Bulent¨ Karasozen¨ Director, Graduate School of Applied Mathematics Prof. Dr. Ferruh Ozbudak¨ Head of Department, Cryptography Assoc. Prof. Dr. Murat Cenk Supervisor, Cryptography, METU Examining Committee Members: Assoc. Prof. Dr. Murat Cenk Cryptography, METU Assoc. Prof. Dr. Ali Doganaksoy˘ Mathematics, METU Asst. Prof. Dr. Fatih Sulak Mathematics, ATILIM UNIVERSITY Date: I hereby declare that all information in this document has been obtained and presented in accordance with academic rules and ethical conduct. I also declare that, as required by these rules and conduct, I have fully cited and referenced all material and results that are not original to this work. Name, Last Name: DUYGU OZDEN¨ Signature : v vi ABSTRACT ANALYSIS OF RECENT ATTACKS ON SSL/TLS PROTOCOLS Ozden,¨ Duygu M.S., Department of Cryptography Supervisor : Assoc. Prof. Dr. Murat Cenk September 2016, 46 pages Transport Layer Security(TLS) and its predecessor Secure Socket Layer(SSL) are two important cryptographic, certificate based protocols that satisfy secure communication in a network channel. They are widely used in many areas such as online banking systems, online shopping, e-mailing, military systems or governmental systems.
    [Show full text]
  • Cryptographic Control Standard, Version
    Nuclear Regulatory Commission Office of the Chief Information Officer Computer Security Standard Office Instruction: OCIO-CS-STD-2009 Office Instruction Title: Cryptographic Control Standard Revision Number: 2.0 Issuance: Date of last signature below Effective Date: October 1, 2017 Primary Contacts: Kathy Lyons-Burke, Senior Level Advisor for Information Security Responsible Organization: OCIO Summary of Changes: OCIO-CS-STD-2009, “Cryptographic Control Standard,” provides the minimum security requirements that must be applied to the Nuclear Regulatory Commission (NRC) systems which utilize cryptographic algorithms, protocols, and cryptographic modules to provide secure communication services. This update is based on the latest versions of the National Institute of Standards and Technology (NIST) Guidance and Federal Information Processing Standards (FIPS) publications, Committee on National Security System (CNSS) issuances, and National Security Agency (NSA) requirements. Training: Upon request ADAMS Accession No.: ML17024A095 Approvals Primary Office Owner Office of the Chief Information Officer Signature Date Enterprise Security Kathy Lyons-Burke 09/26/17 Architecture Working Group Chair CIO David Nelson /RA/ 09/26/17 CISO Jonathan Feibus 09/26/17 OCIO-CS-STD-2009 Page i TABLE OF CONTENTS 1 PURPOSE ............................................................................................................................. 1 2 INTRODUCTION ..................................................................................................................
    [Show full text]
  • Conducting and Optimizing Eclipse Attacks in the Kad Peer-To-Peer Network
    Conducting and Optimizing Eclipse Attacks in the Kad Peer-to-Peer Network Michael Kohnen, Mike Leske, and Erwin P. Rathgeb University of Duisburg-Essen, Institute for Experimental Mathematics, Ellernstr. 29, 45326 Essen [email protected], [email protected], [email protected] Abstract. The Kad network is a structured P2P network used for file sharing. Research has proved that Sybil and Eclipse attacks have been possible in it until recently. However, the past attacks are prohibited by newly implemented secu- rity measures in the client applications. We present a new attack concept which overcomes the countermeasures and prove its practicability. Furthermore, we analyze the efficiency of our concept and identify the minimally required re- sources. Keywords: P2P security, Sybil attack, Eclipse attack, Kad. 1 Introduction and Related Work P2P networks form an overlay on top of the internet infrastructure. Nodes in a P2P network interact directly with each other, i.e., no central entity is required (at least in case of structured P2P networks). P2P networks have become increasingly popular mainly because file sharing networks use P2P technology. Several studies have shown that P2P traffic is responsible for a large share of the total internet traffic [1, 2]. While file sharing probably accounts for the largest part of the P2P traffic share, also other P2P applications exist which are widely used, e.g., Skype [3] for VoIP or Joost [4] for IPTV. The P2P paradigm is becoming more and more accepted also for professional and commercial applications (e.g., Microsoft Groove [5]), and therefore, P2P technology is one of the key components of the next generation internet.
    [Show full text]
  • Gnu Privacy Guard (Gnupg) Mini Howto (Italiano)
    Gnu Privacy Guard (GnuPG) Mini Howto (italiano) Brenno J.S.A.A.F. de Winter (inglese) <[email protected]>, Michael Fischer v. Mollard (tedesco) <[email protected]>, Arjen Baart (olandese) <[email protected]>, Cristian Riga- monti (italiano) <[email protected]> Versione 0.1.4 12 maggio 2003 Questo documento spiega come usare GNU Privacy Guard (GnuPG), un sistema di crittografia Open Source e compatibile con OpenPGP. Per mantenere il programma totalmente libero, si `eevitato l’uso di RSA e di altri algoritmi brevettati. Il documento originale `escritto in tedesco da Michael Fischer v. Mollard, questa traduzione italiana, a cura di Cristian Rigamonti, `ebasata sulla traduzione inglese del testo originale. Indice 1 Concetti 2 1.1 Crittografia a chiave pubblica .................................... 2 1.2 Firme digitali ............................................. 2 1.3 Rete di fiducia ............................................ 3 1.4 Limiti alla sicurezza ......................................... 3 2 Installazione 3 2.1 Sorgenti di GnuPG .......................................... 3 2.2 Configurazione ............................................ 4 2.3 Compilazione ............................................. 4 2.4 Installazione .............................................. 5 3 Uso delle chiavi 5 3.1 Creare una chiave ........................................... 5 3.2 Esportare le chiavi .......................................... 6 3.3 Importare le chiavi .......................................... 6 3.4 Revocare una chiave ........................................
    [Show full text]
  • Hartkad: a Hard Real-Time Kademlia Approach
    HaRTKad: A Hard Real-Time Kademlia Approach Jan Skodzik, Peter Danielis, Vlado Altmann, Dirk Timmermann University of Rostock Institute of Applied Microelectronics and Computer Engineering 18051 Rostock, Germany, Tel./Fax: +49 381 498-7284 / -1187251 Email: [email protected] Abstract—The Internet of Things is becoming more and time behavior. Additionally, many solutions leak flexibility and more relevant in industrial environments. As the industry itself need a dedicated instance for administrative tasks. These issues has different requirements like (hard) real-time behavior for will becomes more relevant in the future. As mentioned in many scenarios, different solutions are needed to fulfill future challenges. Common Industrial Ethernet solution often leak [3], the future for the industry will be more intelligent devices, scalability, flexibility, and robustness. Most realizations also which can act more dynamically. Facilities as one main area require special hardware to guarantee a hard real-time behavior. of application will consist of more devices still requiring real- Therefore, an approach is presented to realize a hard real- time or even hard real-time behavior. So we think, the existing time network for automation scenarios using Peer-to-Peer (P2P) solutions will not fulfill the future challenges in terms of technology. Kad as implementation variant of the structured decentralized P2P protocol Kademlia has been chosen as base scalability, flexibility, and robustness. for the realization. As Kad is not suitable for hard real-time Peer-to-Peer (P2P) networks instead offer an innovative applications per se, changes of the protocol are necessary. Thus, alternative to the typical Client-Server or Master-Slave concepts Kad is extended by a TDMA-based mechanism.
    [Show full text]
  • Crypto Projects That Might Not Suck
    Crypto Projects that Might not Suck Steve Weis PrivateCore ! http://bit.ly/CryptoMightNotSuck #CryptoMightNotSuck Today’s Talk ! • Goal was to learn about new projects and who is working on them. ! • Projects marked with ☢ are experimental or are relatively new. ! • Tried to cite project owners or main contributors; sorry for omissions. ! Methodology • Unscientific survey of projects from Twitter and mailing lists ! • Excluded closed source projects & crypto currencies ! • Stats: • 1300 pageviews on submission form • 110 total nominations • 89 unique nominations • 32 mentioned today The People’s Choice • Open Whisper Systems: https://whispersystems.org/ • Moxie Marlinspike (@moxie) & open source community • Acquired by Twitter 2011 ! • TextSecure: Encrypt your texts and chat messages for Android • OTP-like forward security & Axolotl key racheting by @trevp__ • https://github.com/whispersystems/textsecure/ • RedPhone: Secure calling app for Android • ZRTP for key agreement, SRTP for call encryption • https://github.com/whispersystems/redphone/ Honorable Mention • ☢ Networking and Crypto Library (NaCl): http://nacl.cr.yp.to/ • Easy to use, high speed XSalsa20, Poly1305, Curve25519, etc • No dynamic memory allocation or data-dependent branches • DJ Bernstein (@hashbreaker), Tanja Lange (@hyperelliptic), Peter Schwabe (@cryptojedi) ! • ☢ libsodium: https://github.com/jedisct1/libsodium • Portable, cross-compatible NaCL • OpenDNS & Frank Denis (@jedisct1) The Old Standbys • Gnu Privacy Guard (GPG): https://www.gnupg.org/ • OpenSSH: http://www.openssh.com/
    [Show full text]