NATIONAL INSTITUTE OF TRANSPORT

FACULT OF INFORMATICTS AND TECHNICAL EDUCATION

DEPARTMENT OF COMPUTING AND COMMUNICATION TECHNOLOGY

PROGRAMME : BIT (NTA LEVEL 8)

MODULE NAME : DISTRIBUTED SYSTEMS
MODULE CODE : ITU 08106
LECTURER NAME : Dr. NASSORO LWAMO
ACADEMIC YEAR : 2024/2025
SEMISTER :I
TASK : GROUP ASSIGNMENT
SUBMISSION : 7th December, 2024
GROUP NUMBER 07.
NO STUDENT’S NAME REGISTRATION NUMBER
01. TIMOTHEO RICHARD ISRAEL NIT/BIT/2022/1920
02. VICTOR JOSEPH DIMANYI NIT/BIT/2022/1826
03. AMINA IDD ALLY NIT/BIT/2022/1752
04. AISHA MATHIAS RUNGWA NIT/BIT/2022/1766
05. MESHACK VERAEL MASSAWE NIT/BIT/2022/1912
06. REUBEN MASOLWA NDATULU NIT/BIT/2022/1939
07. MARIA ADAM MBOYA NIT/BIT/2022/1928
08. RADHIA CHANDE UKOMO NIT/BIT/2022/1782
09. LINUS L KATABALO NIT/BIT/2022/1956
10. MAGAYANE MISHELI KATILAFU NIT/BIT/2022/1958
11. IBRAHIM MARTINE MATANGO NIT/BIT/2022/1945
QUESTION 07

( a ) Describe cryptography , advantages and disadvantages of cryptography

Cryptography is the strong tool for keeping confidentiality , integrity and authenticity of the
message and data in many different systems , cryptography is all about secured methods of
communication and information techniques that are based on mathematical algorithms to encrypt
the messages such that it is not readable by the third parties.

Cryptography involves secure communication in the presence of the third parties whereby it
comprises of variety of techniques for ensuring the security of information and communication
systems. In the field of computer science, cryptography is implemented based on mathematical
and rules-based algorithms which are called algorithms, encrypt messages so that they may not
be read by unintended parties. These deterministic algorithms show the purpose of cryptographic
key generation , digital signing , verification , data privacy protection , web browsing on the
internet and the confidential information transfer like credit card transactions and email.

Advantages of cryptography

Cryptography has many benefits in computer science field as explained below;

• Cryptography offers confidentiality ;One of the safety measures of cryptography is

that it is only the authorized parties can effectively understand and gain access to the
information being transmitted or stored.
• Cryptography offers integrity ; It guarantees that data is not modified by the of its
transmission and stored.
• Cryptography offers authentication ; Cryptography reliably verifies the sender’s
identity thus messages are never tampered with , ensuring that they only come from
trusted sources
• Cryptography offers non-repudiation ; With cryptographic techniques , the date and
time of this message or its receipt are being proved so no one can deny it has done what.
 • Cryptography offers secure communication ; It provides for encrypted data
transmission over almost every channel including the insecure internet , that prevents
criminals from spying or intercepting sensitive information .
• Cryptography data integrity verification ; Cryptography can use a digital signature to
seal a document , validating that it is untouched by the person to whom it belongs.
• Cryptography offers access control ; Cryptography brings up the confidentiality of the
data by encrypting it and makes decryption a procedure accessible only to privileged
users of the data
• Cryptography offers secure transactions ; It secures digital transaction for example e-
commerce or online banking , make sure that business personal-related information is
safe from theft or fraud

Disadvantages of cryptography

In the field of computer science, the cryptography has its own drawbacks as explained below;

• Cryptography is very complex ; Cryptographic systems are not quite easy to implement
and manage because of high level of technical skills needed hence specialized knowledge
and expertise are should enhanced.
• It enhances performance overhead ; Efficient encryption /decryption at the point of
degrading performance may compromise the overall efficiency especially in cases of
resource-constrained environments.
• It may enhance vulnerabilities; Cryptography algorithms and their implementations are
known by the security attackers therefore it is possible that the cryptography operators
can uncover unauthentic weakness. This leaves the virtual system at risk of being
compromised with the whole system’s cyber security destroyed.
• It has key compromise ; When keys of the cryptography are compromised or even
stolen , this leads to third part to gain unauthorized access and decryption of sensitive
information
• It has regulatory compliance ; Rule compliance in the crypto field can be troublesome
for the corporate bodies as it requires engagement with policies and practices that are
used exclusively in the effort to be legalized.
( b ) Describe security techniques needed in securing distributed system

Securing distributed systems is a multifaceted challenge that requires a comprehensive approach

to protect data integrity, confidentiality, and availability. Below are key security techniques that
should be implemented in distributed systems:

1. Authentication Mechanisms

Authentication is the first line of defense in securing distributed systems. It ensures that only
authorized users and services can access resources. Key authentication techniques include:

• Password-based Authentication: Users authenticate using a username and password.

While common, this method is vulnerable to breaches.
• Multi-factor Authentication (MFA): This technique enhances security by requiring two
or more verification factors, such as a password combined with a one-time password
(OTP) or biometric data.
• Token-based Authentication: Utilizes tokens like JWT, OAuth tokens generated by an
authentication server for user validation.
• Biometric Authentication: Employs unique biological traits (like fingerprints or facial
recognition) for secure access.
• Certificate-based Authentication: Involves the use of digital certificates issued by
trusted Certificate Authorities (CAs) to verify identities.
• Single Sign-On (SSO): Allows users to authenticate once and gain access to multiple
services, improving user experience while maintaining security.

2. Authorization Controls

Once authenticated, users must be granted appropriate permissions to perform actions on

resources. Effective authorization controls include:

• Role-Based Access Control (RBAC): Assigns permissions based on user roles,

simplifying management by grouping users with similar responsibilities.
• Attribute-Based Access Control (ABAC): Grants access based on specific attributes
related to users or resources, allowing for fine-grained control.
• Access Control Lists (ACLs): Define permissions associated with users or groups
directly linked to resources.
• Policy-Based Access Control: Uses policies that define access rules dynamically based
on conditions and attributes.
• Mandatory Access Control (MAC): Enforces strict policies where access decisions are
made based on predefined security labels assigned to resources and subjects.

3. Data Protection and Encryption

Data protection is critical in safeguarding sensitive information from unauthorized access. Key
practices include:
 • Encryption of Data at Rest and in Transit: Encrypting data stored on servers as well as
data being transmitted across networks protects against interception and unauthorized
access. TLS should be used for securing communication channels.
• Full Disk Encryption: Encrypting entire disk volumes ensures all data is protected
without needing individual file encryption mechanisms.
• Application-Level Encryption: If full disk encryption isn’t feasible, encrypt sensitive
application data at the database level to ensure confidentiality even if the database is
compromised.

4. Secure Communication Protocols

Ensuring secure communication between nodes in a distributed system is vital:

• Use protocols like TLS over SSL for secure communications between clients and servers
as well as inter-node communications.
• Implement VPNs or private networks where possible to further isolate traffic from
potential threats.

5. Continuous Monitoring and Auditing

Regular monitoring of system activities helps detect anomalies that may indicate security
breaches:

• Implement logging mechanisms that track user activities and system changes.
• Conduct regular audits of security policies and configurations to ensure compliance with
best practices and regulatory requirements.

6. Incident Response Planning

Having an incident response plan prepares organizations for potential breaches:

• Develop clear procedures for identifying, responding to, and recovering from security
incidents.
• Regularly test the incident response plan through simulations to ensure effectiveness
during actual events.

By implementing these techniques systematically, organizations can significantly enhance the

security posture of their distributed systems against various cyber threats.
( c ) Describe different steps on how to implement cryptography and other security
techniques needed in securing distributed system Securing distributed systems involves a
multi-faceted approach that integrates various cryptographic techniques and security measures.
Below are the detailed steps to implement these security techniques effectively.

1. Assess Security Requirements

Before implementing any security measures, it is crucial to assess the specific security
requirements of the distributed system. This includes identifying:

• Data Sensitivity: Determine what data needs protection (e.g., personal information,
financial records).
• Threat Model: Analyze potential threats and vulnerabilities that could affect the system.
• Compliance Needs: Understand regulatory requirements (e.g., GDPR, HIPAA) that may
dictate certain security practices.

2. Establish a Secure Architecture

Designing a secure architecture is foundational for any distributed system. Key considerations
include:

• Network Segmentation: Divide the network into segments to limit access and reduce
attack surfaces.
• Trust Boundaries: Define trust boundaries within the system where different levels of
security controls apply.
• Redundancy and Failover Mechanisms: Implement redundancy to ensure availability
even during attacks or failures.

3. Implement Cryptographic Techniques

Cryptography plays a vital role in securing data in transit and at rest. The following
cryptographic techniques should be implemented:

• Encryption: Use strong encryption algorithms (e.g., AES-256) for encrypting sensitive
data both at rest and in transit. Implement end-to-end encryption for communications
between nodes to prevent eavesdropping.

• Digital Signatures: Utilize digital signatures to verify the authenticity of messages and
transactions within the system. Ensure that public key infrastructure (PKI) is established
for managing keys securely.
 • Hash Functions: Apply cryptographic hash functions (e.g., SHA-256) to ensure data
integrity by generating unique hashes for data blocks. Use hashes in combination with
digital signatures to provide non-repudiation.

4. Secure Authentication Mechanisms

Authentication is critical in ensuring that only authorized users can access the system. Steps
include:

• Multi-Factor Authentication (MFA): Implement MFA to add an additional layer of

security beyond just passwords.
• Token-Based Authentication: Use tokens (e.g., JWTs) for stateless authentication
across distributed components.
• Role-Based Access Control (RBAC): Define roles and permissions clearly to restrict
access based on user roles.

5. Implement Secure Communication Protocols

To protect data during transmission, secure communication protocols must be used:

• Transport Layer Security (TLS): Employ TLS for securing communications between
clients and servers, ensuring confidentiality and integrity.
• Secure APIs: If using APIs, ensure they are secured using OAuth or similar protocols to
control access effectively.

6. Regularly Update Software Components

Keeping all software components up-to-date is essential for maintaining security:

• Patch Management: Regularly apply patches and updates to all software libraries,
frameworks, and operating systems used within the distributed system.
• Vulnerability Scanning: Conduct regular vulnerability assessments using automated
tools to identify potential weaknesses.

7. Monitor and Audit System Activity

Continuous monitoring helps detect anomalies that may indicate security breaches:

• Logging Mechanisms: Implement comprehensive logging of all activities within the

system for later analysis.
• Intrusion Detection Systems (IDS): Deploy IDS solutions to monitor network traffic for
suspicious activities or known attack patterns.
8. Develop Incident Response Plans

Having a well-defined incident response plan ensures quick action during a security breach:

• Response Procedures: Outline clear procedures for identifying, containing, eradicating,

and recovering from incidents.
• Regular Drills and Training: Conduct regular drills with team members to prepare them
for real-world scenarios involving breaches or attacks.

By following these steps systematically, organizations can significantly enhance the security
posture of their distributed systems through effective implementation of cryptography and other
necessary security techniques.
 REFERENCES

1.Anderson, R. (2020). Security Engineering: A Guide to Building Dependable Distributed

Systems (3rd ed.). Wiley.
2 Dolev, D., & Yao, H. (1983). On the security of public key protocols. IEEE Transactions on
Information Theory, 29(2), 198-208.

3.Boneh, D., & Shoup, V. (2020). A Graduate Course in Applied Cryptography. Version 0.5,
available online.

4. Abadi, M., & Needham, R. M. (1996). Prudent Engineering Practice for Cryptographic
Protocols. IEEE Transactions on Software Engineering, 22(1), 6-15

5.Castro, M., & Liskov, B. (2002). Practical Byzantine Fault Tolerance and Proactive Recovery.
ACM Transactions on Computer Systems, 20(4), 398-461.

6.Schneier, B. (2000). Secrets and Lies: Digital Security in a Networked World. Wiley.