[PPT] - Advanced Network Security 1. Course Outline Jaap-Henk Hoepman PowerPoint Presentation

SLIDE 1 Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh

Advanced Network Security

1. Course Outline

SLIDE 2 Jaap-Henk Hoepman // Radboud University Nijmegen //

About me

28-01-2019 // Course outline 2

SLIDE 3 Jaap-Henk Hoepman // Radboud University Nijmegen //

About you

28-01-2019 // Course outline 3 Applied cryptography?

SLIDE 4 Jaap-Henk Hoepman // Radboud University Nijmegen //

Administrative details

n Course code:

NWI-IMC050, 5 ects

n Teachers:

Jaap-Henk Hoepman
Harald Vranken

n Written exam n Course website

Not using Blackboard
Instead see: http://www.cs.ru.nl/~jhh/ans.html

n Literature

Selected papers, see website.

n Excercises

See website.

28-01-2019 // Course outline 4

SLIDE 5 Jaap-Henk Hoepman // Radboud University Nijmegen //

Schedule: see website

28-01-2019 // Course outline 5

SLIDE 6 Jaap-Henk Hoepman // Radboud University Nijmegen //

Rough lecture setup

n Several papers per lecture

Read them in advance
Ask questions you may have about them after lecture

n Homework

Not graded
But discussed at start of next lecture
You are strongly advised to do the homework to get some exercise

before the exam 28-01-2019 // Course outline 6

SLIDE 7

Course contents

7

SLIDE 8 Jaap-Henk Hoepman // Radboud University Nijmegen //

Advanced Network Security

n Two quite separate and distinct parts

Distributed algorithms, in particular fault tolerance
More traditional advanced network security, like intrusion detection,

wireless/cellular network security, etc.

CIA Availability

28-01-2019 // Course outline 8

SLIDE 9 Jaap-Henk Hoepman // Radboud University Nijmegen //

Distributed algorithms

28-01-2019 // Course outline 9

SLIDE 10 Jaap-Henk Hoepman // Radboud University Nijmegen //

Fault tolerance: Consensus

28-01-2019 // Course outline 10

SLIDE 11 Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 11

SLIDE 12 Jaap-Henk Hoepman // Radboud University Nijmegen //

Consensus

n How could you solve it? 28-01-2019 // Course outline 12

SLIDE 13 Jaap-Henk Hoepman // Radboud University Nijmegen //

Fault tolerance: self stabilisation

28-01-2019 // Course outline 13

SLIDE 14 Jaap-Henk Hoepman // Radboud University Nijmegen //

Self-stabilisation

n How could it be achieved? 28-01-2019 // Course outline 14

SLIDE 15 Jaap-Henk Hoepman // Radboud University Nijmegen //

Meta-knowledge

n Distributed algorithms

Modelling
Reasoning
Designing: “Algorithmics”

n Global ‘emergent’ behaviour based on local decisions n The ‘forgotten’ security properties

Availability
Privacy

28-01-2019 // Course outline 15

SLIDE 16 Jaap-Henk Hoepman // Radboud University Nijmegen //

Questions? If not, let’s hit the road!

28-01-2019 // Course outline 16 twitter: @xotoxot 8 blog.xot.nl * jhh@cs.ru.nl 8 www.cs.ru.nl/~jhh

SLIDE 17

Basics of distributed algorithms

SLIDE 18 Jaap-Henk Hoepman // Radboud University Nijmegen //

Distributed algorithms are everywhere!

n Computer networks

Message passing
Routing
DNS
…

n Multi-threaded applications

Shared memory / message

passing

User interface
Browser loading page elements
Operating system
Services
Parallel processing

28-01-2019 // Course outline 18

SLIDE 19 Jaap-Henk Hoepman // Radboud University Nijmegen //

A distributed system has concurrency

n Several processes

Each executing actions sequentially

n But working independently

Individual actions on different processes may overlap in time
Some actions may take much longer to complete than others

n And order of actions on different processes not guaranteed 28-01-2019 // Course outline 19

SLIDE 20 Jaap-Henk Hoepman // Radboud University Nijmegen // n What will be the output of this simple program? n It depends

Events never take place instantaneous
Order of execution is not fixed; determined by scheduler

Assume for the moment this is an atomic operation

Concurrency: a basic example

28-01-2019 // Course outline 20 i := 1, j := 0, thread i := 2 end thread; thread j := i end thread; print j

SLIDE 21 Jaap-Henk Hoepman // Radboud University Nijmegen //

A basic example: answer

n 0 n 1 n 2 28-01-2019 // Course outline 21 i := 1, j := 0, thread i := 2 end thread; thread j := i end thread; print j

SLIDE 22 Jaap-Henk Hoepman // Radboud University Nijmegen //

A slightly more complex example

n Again, what will be the output of this program? 28-01-2019 // Course outline 22 i := 1, j := 0, thread i := 2; print j end thread; thread j := i; print j end thread;

SLIDE 23 Jaap-Henk Hoepman // Radboud University Nijmegen //

A slightly more complex example: answer

n 2 2 n 0 2 n 1 1 n 0 1??

Depends….

28-01-2019 // Course outline 23 i := 1, j := 0, thread i := 2; print j end thread; thread j := i; print j end thread; → 2 1 f- i 2-1 1- printj -1 → 2 1- j in 1- print , ' -1

# ?

e- innen? ,

„ + nu;?

}

} }

Er?

SLIDE 24 Jaap-Henk Hoepman // Radboud University Nijmegen //

Indivisibility of events/atomicity

n If j:=i and print j are ‘indivisible’

Then 0 1 is not a possible output

n If j:=i is a read of i followed by a write to j, or if print j is a read of j followed by writing the output to the screen

Then 0 1 is a possible output

28-01-2019 // Course outline 24 i := 1, j := 0, thread i := 2; print j end thread; thread j := i; print j end thread;

O

µ
→ 0

1-printje 1- i. =L -1 1- prints -1 ( i .

⇒ 1

, te → 2 is 1- ' j i -1 1- prints -1

tj :

1 1-print ;

Äj

i - c- prints.É

→ c- i. =L

1

1-prints ' -1 ja

SLIDE 25 Jaap-Henk Hoepman // Radboud University Nijmegen //

What about infinite executions?

n Possible outputs: 28-01-2019 // Course outline 25 i := 0; thread while i == 0 do print i ; print i end thread; thread i := 1 end thread; Note: indentation! 11 1 611 01 0011 001 00011 000 1

SLIDE 26 Jaap-Henk Hoepman // Radboud University Nijmegen //

Scheduling

n Scheduler determines next action to be executed

In a non-deterministic way
An executed action is called an event

n Note: scheduler is not a real system component

It just models the influence of (external) factors on which action is executed

n Fairness:

A scheduler is fair if an action that is continuously enabled will always

executed eventually

So: the protocol on the previous slide will eventually terminate

28-01-2019 // Course outline 26

SLIDE 27 Jaap-Henk Hoepman // Radboud University Nijmegen //

Non determinism vs randomness

Non-deterministic Random 28-01-2019 // Course outline 27 i := 0, thread while i == 0 do print i; print i thread i := 1 Possible outputs: 1 01 001 0001 00001 i := 0, while i == 0 do i := random(0,1) ; print i We cannot say anything about likelihood! Possible outputs: 1 p = 0.5 01 p = 0.25 001 p = 0.125 0001 p = 0.063 00001 p = 0.031

SLIDE 28 Jaap-Henk Hoepman // Radboud University Nijmegen //

Modelling a distributed system

n Node (aka process)

Executes a sequence of actions
Each action-execution is an event
Communicates with other nodes through shared memory or message

passing n Graph ! = ($, &) of nodes $ and edges &

( = $ the number of nodes
), * ∈ & if node ) can communicate data to *
Graph can be directed or undirected

28-01-2019 // Course outline 28

SLIDE 29 Jaap-Henk Hoepman // Radboud University Nijmegen //

Some common topologies

28-01-2019 // Course outline 29

ü:

:

in

✓seiner

)

ir

I

completely

a connected STAR

r

( no

/ l

.

'

I

it

\

°
r
← ~

A

in

° .

try

broadcast

SLIDE 30 Jaap-Henk Hoepman // Radboud University Nijmegen //

Causality: Ordering events

n Let , be the set of events, and let -, . ∈ , be events n Define the ‘happened before’ relation - → . as follows .

If - is executed before . by the same process, or
(Message passing) If - is a send event whose value is received by receive event ., or
(Shared memory) If - is a write event whose value is read by read event ..

n Transitivity: if - → . and . → 1 then - → 1 n We assume - ↛ - n If neither - → . nor . → - then they are concurrent: - ∥ .

We sometimes write . ↚ - to visually emphasise that . may precede -.

n

→ . means that - can have a causal influence on .

n This is a irreflexive partial order over all events

Defined by only looking what can externally be observed
Does not depend on ‘global time’
Extending the total order of events on each individual process
Modelling a causal order among events

28-01-2019 // Course outline 30 while truc do print J ← action → → → printj ; printje

←events

IIIout variaties → → . noden : 1- i. 2-1 # j i -

ftp.nnti-lhodeb

: 1- te 2-1 1- r 1-1 ⑨ →

µ

I shared {i-03 ✓ vondst, hoera : 1- i. = 2-1 en modekikker 4- ik readi -1 Lies + i.⇒ → bed 1- k raadt -1 (Kro }

SLIDE 31 Jaap-Henk Hoepman // Radboud University Nijmegen //

Execution

n When we run a distributed system, the nodes execute their

actions. This leads to
a particular set of events ,
partially ordered using the happened before relation →
Note: every run may result in a different set of events and a different
rder among them

n This partial order can be extended to a total order ⇒

(There are often many different options)

n ,, ⟹ is an execution of the system 28-01-2019 // Course outline 31

SLIDE 32 Jaap-Henk Hoepman // Radboud University Nijmegen //

State, configuration, evolution

n Every node has a local state n Every edge has also a state

Either the values in the shared variables or the

messages in the message buffers n The global state of the system is the Cartesian product of all local states and edge states, and called the configuration 7

We write 7[9] for the state of node 9, and

7 9 . )-;9-.<= for the value of that variable in 9’s state.

We write 7 = for the state of edge =. In the

shared memory model, 7 = . )-;9-.<= denotes the value of that shared variable 28-01-2019 // Course outline 32 7 2 7 4 7 1 7 3 7 6 7 5 7[=DE] 7[=ED]

SLIDE 33 Jaap-Henk Hoepman // Radboud University Nijmegen //

Execution, evolution

n A node 9 may have 0 or more actions enabled

Depending on its local state 7 9
As well as the states of the incoming edges 7[=

GH] n An execution ,, ⟹ induces an evolution of the state of the system

Let -D, -I, -J, … be the sequence of events such that -H ⇒ -G iff 9 < M
Let 7N be the initial configuration
Let -H change 7HOD into 7H
Then 7N, 7D, 7I, … is the evolution of the system

28-01-2019 // Course outline 33

SLIDE 34 Jaap-Henk Hoepman // Radboud University Nijmegen //

Execution, evolution (continued)

n If we want to prove property P about a distributed system, we need to prove P for all possible executions.

Possible executions are restricted by the ’logic’ of the distributed

system

This logic is captured by the happened before relation → (which

indirectly also captures details of the topology of the network) n In other words: to prove property P we need to show that for all total orders ⇒ that extend → we have that P holds for ,, ⟹ n Such a total order is consistent with all local observations

Global observations (”god’s view”) do not exist…

28-01-2019 // Course outline 34

SLIDE 35 Jaap-Henk Hoepman // Radboud University Nijmegen //

Exploiting causality

n The happens before relation → (i.e. causality) restricts the set of possible executions n Designing a distributed system that satisfies or reaches a certain property means we have to use the design to shape the → relation so it ensures this property is acheived n Example: how to guarantee message delivery? 28-01-2019 // Course outline 35

= 3-2-2020

SLIDE 36 Jaap-Henk Hoepman // Radboud University Nijmegen //

Guaranteeing message delivery

28-01-2019 // Course outline 36

Ïb

? c

a

÷ :

¥;

'

Ë

"

Én

t

:3

na

ËË

, → Is ? a + ⇒ i. ⇒ y x ? y

Én

SLIDE 37 Jaap-Henk Hoepman // Radboud University Nijmegen //

Atomicity

n So far we have assumed events are instantaneous

But in reality all events take time,

sometimes a long time, to complete n For - ∈ ,, let Q(-) be the local start time and R - be the local end time

Clearly Q - < R(-)
Also, for -, . ∈ , from the same process,

either R - < Q(.) or R . < Q(-). « (No events of the same process can

verlap.)
For -, . ∈ , from the same process, if

R - < Q(.) then - → .

For -, . ∈ , from different processes, let
→ . if - causally influences .

« By writing to shared memory or sending a message

This again fixes the partial order →

n Now assume - takes place instantaneously somewhere between Q(-) and R -

This creates a total order ,, ⟹

consistent with → n We call - atomic

Atomicty is an assumption on the

behaviour of actions

Atomic operations can be constructed

using protocols using smaller building blocks. 28-01-2019 // Course outline 37

SLIDE 38 Jaap-Henk Hoepman // Radboud University Nijmegen // data * flat sla)

gft

1- 1

1=1

|

"¥-4

'

I

a ⇒ b b ⇒ a

realtime

SLIDE 39 Jaap-Henk Hoepman // Radboud University Nijmegen //

Back to slightly more complex example

n Serialisation

The process of ‘shrinking’ actions to

a single point in time and creating a total order. n Assume j := i is an atomic

peration

n Now assume only reads and writes are atomic 28-01-2019 // Course outline 38 i := 1, j := 0, thread i := 2; print j end thread; thread j := i; print j end thread; i := 1, j := 0, thread i := 2; x := j; print x end thread; thread y := i; j := y; y := j; print y end thread;

SLIDE 40 Jaap-Henk Hoepman // Radboud University Nijmegen // 28-01-2019 // Course outline 39 readvariabele v'

testes

→ reed

1

returns reed nnodify write '1-2 2 reed '

"

%

"

(

teIII]?

" """"

return b

b. =D
utput

tas (b) node a III, 0 I node k

1*-1+11

taslb)

SLIDE 41 Jaap-Henk Hoepman // Radboud University Nijmegen //

Logical clocks (Lamport paper): model

n Goal

Totally order events

n Model

Every event - of node 9 is assigned a natural number 7H - , the local

clock value of node 9

The logical clock 7 is defined by 7 - = 7H - for event - that belongs

to node 9

Correctness: - → . implies 7 - < 7 .

28-01-2019 // Course outline 40 + either ( (a) c ( Cb )

r ((b)

' < ( (a) :

=)

SLIDE 42 Jaap-Henk Hoepman // Radboud University Nijmegen //

Logical clocks (Lamport paper)

n Implementation

Each node 9 maintains a counter 1H
Initially 1H = 0 for every node 9
Nodes increment 1H after every event
7H - is assigned the value of 1H just before event -
If - is a send event of message S, then this message is labelled with T

U = 7H(-)

When receiving a message S with event . by node M, 1G ← max(1G, T

U + 1) after which 7 G . = 1G n Events are now totally ordered (by clock and node number, 7H - , 9 )

But this is not the only possible order!

28-01-2019 // Course outline 41

SLIDE 43 Jaap-Henk Hoepman // Radboud University Nijmegen //

SLIDE 44 Jaap-Henk Hoepman // Radboud University Nijmegen //

Communication

n Shared memory

Write overwrites previous value
Read returns last value written

n Message passing

(Infinite) buffers
Usually FIFO: First-In-First-Out

«But messages may get dropped or reordered 28-01-2019 // Course outline 42 writeal writetel writeII)

# # ← ÷

;

send ( 3) Senda ) Senda )

( receive

3 receive 2 receive I

SLIDE 45 Jaap-Henk Hoepman // Radboud University Nijmegen //

Properties of distributed systems

n Communication

Shared memory vs message passing

n Timing

Synchronous, partially synchronous, asynchronous

n Scheduling

Fair, round-robin

n Identity

Uniform, random identifiers, 0..N-1

n Network topology

G = (V, E) , N = |V|
And whether the size of the network N is known
Directionality

n Sense of direction n Run/execution 28-01-2019 // Course outline 43

SLIDE 46 Jaap-Henk Hoepman // Radboud University Nijmegen //

Reasoning about distributed systems

n Prove global property based on local actions n Measure the cost of achieving this

Worst-case, average case
Time complexity: number of rounds, number of steps
Message complexity
Bit complexity

n Prove lower bounds n Prove impossibililty 28-01-2019 // Course outline 44

SLIDE 47 Jaap-Henk Hoepman // Radboud University Nijmegen //

Round complexity

n Round

The smallest period in which all nodes in the system have executed at least
ne action

n Any execution can uniquely split into rounds n Round complexity

The number of rounds in an execution

n Rationale

Slowest node usually delays progress
Without round complexity, asynchronous systems would have unbounded

time complexity 28-01-2019 // Course outline 45 Remember fairness

SLIDE 48 Jaap-Henk Hoepman // Radboud University Nijmegen //

Round complexity

n Round

The smallest period in which all nodes in the system have executed at least
ne action

n Any execution can uniquely split into rounds n Round complexity

The number of rounds in an execution

n Rationale

Slowest node usually delays progress
Without round complexity, asynchronous systems would have unbounded

time complexity 28-01-2019 // Course outline 45 Remember fairness