Blog

This question is related to the distributed systems security…

This question is related to the distributed systems security modules. Many secure services use https (as you did in project 4) where a client C accesses a remote service S over an open network. For secure communication and authentication,  services often have certificates but clients are not required to provide certificates when a secure channel is set up between C and S.Since a client certificate is not available, assume a secure channel is set up using the following protocol (this is a highly simplified version of the real protocol). C creates a secret key K and stores it locally. It also encrypts it with server S’s public key and sends it to S, which uses its private key to retrieve K. Messages exchanged between C and S are encrypted with K. How is a secure channel that is authenticated and ensures confidentiality defined in the distributed systems security paper? (1+1 pts.) Is the channel established as above authenticated and does it provide confidentiality? (2+2 pts.) Service S provides access to files and a certain file F can be read by principal (Alice ∧ Bob). Consider the following cases and explain if Charlie will be able to gain read access to F. Explain your answer. Both Alice and Bob share their private keys with Charlie. ( 1+2 pts.) Alice creates a statement Alice says Charlie => Alice, and Bob creates a statement Bob says Charlie => Bob. They provide these statements to Charlie. (1 + 2 pts.) Alice and Bob both delegate to Charlie (e.g., Charlie has the credentials Charlie for Alice and Charlie for Bob. (1+ 2pts.) If Alice and Bob do not want to allow Charlie to have their full authority, which of the above three options must they choose? How will access to F be controlled based on the option you choose? (2 + 2 pts.) Assume we use the secure boot, secure communication channel and delegation protocols to build a secure distributed system where access control for a file at a file service can be specified for a remote user U. Assume U delegates to a node that is running a securely booted operating system OS on a machine M. Access to file F is governed with the access control statement “M as OS as Accounting for Alice can access file F”. It has been discovered that there is a compromise and the data in F has been accessed by an attacker who is not authorized. An investigation of the compromise results in one of the findings listed below. Does each finding in cases I-III explain the unauthorized access? Explain your answer.   The attacker has stolen M but Alice did logout of M as OS before this happened. (2+3 pts.) The attacker was able to compromise OS by exploiting a vulnerability while Alice was logged in but this happened well after Alice’s login session was initiated. The compromise was immediately detected and M was securely rebooted with OS. (2+ 3 pts.) The attacker is able to phish Alice and steal her private key but she still has possession of M. (2 +1  pts.) Is the phishing attack described in 3.III feasible? Explain how it can be successfully launched or why it is not feasible. Explain your answer. (1+2 pts.)