Information Security in Distributed

Systems & Cryptography

By Anish Kumar Thakur
2020BCS-076
Submitted to
Dr. Amrendra Singh Yadav
  Distributed systems are composed of interconnected nodes or
components that collaborate to achieve a common goal.
 Communication between these distributed components is crucial for
the system's functionality and requires robust security mechanisms to
safeguard the transmitted data.
 A compromised computer or network may not be the only location
Introduction where data is at risk; other systems or segments may also become
infected with malicious code.
 Communication in distributed systems poses unique challenges due to
factors such as network vulnerabilities, potential for interception or
eavesdropping, and the need to establish trust between disparate
entities. These challenges necessitate the use of cryptography to
ensure secure and private communication.
  1. Data Privacy: Ensuring confidentiality of sensitive data is more
challenging in D. S. where data is distributed and transmitted over the
entire network. There are multiple attack points in distributed systems.
 Data Integrity: Ensuring the integrity of data becomes more
Security challenging in distributed systems where data may be replicated across
multiple nodes. Coordinating data updates and preventing
challenges in unauthorized modifications or tampering is crucial for maintaining
Distributed data integrity.

systems  Key Management: In distributed systems, managing encryption keys,

digital certificates, and other cryptographic assets become complex.
Secure key distribution, storage, and revocation mechanisms are
required to maintain the confidentiality and integrity of cryptographic
operations.
  Confidentiality
 Cryptography enables the secure exchange and storage of sensitive
information by providing confidentiality.
 Encryption algorithms are used to transform plaintext data into
ciphertext, making it unreadable to unauthorized entities.
 In distributed systems, cryptography protects sensitive data as it travels
across networks and is stored on different nodes, ensuring that only

Role of authorized parties can access and decipher the information.

cryptography  Key Exchange

 Secure key exchange is vital in distributed systems to establish secure
communication channels between entities.
 Cryptographic protocols, such as Diffie-Hellman key exchange, enable
the secure generation and exchange of encryption keys.
 This ensures that only authorized parties possess the necessary keys to
decrypt and access the transmitted data.
  Authentication:
 Cryptography plays a crucial role in authenticating the identity of entities
in distributed systems.
 Public key cryptography (asymmetric encryption) allows for secure
authentication by using digital certificates and signatures.
 Digital certificates verify the identity of individuals, devices, or services,
while digital signatures provide proof of authenticity and integrity.
Role of  Non-Repudiation
cryptography  Cryptography provides non-repudiation capabilities in distributed
systems.
 Non-repudiation ensures that an entity cannot deny its involvement in a
particular transaction or communication.
 Digital signatures, combined with secure key management, provide
evidence of the origin and integrity of data, preventing entities from
denying their actions.
  The foundation of secure communication lies in the ability to encrypt
and decrypt data using a shared secret key known only to the
communicating parties.
 However, a fundamental challenge arises when initiating such
communication for the first time: how can the parties establish a
shared secret key securely without falling prey to eavesdroppers or
attackers?
Key
 To address this issue - one of the widely used and influential key
Exchange exchange algorithm is the Diffie-Hellman key exchange.
 By leveraging mathematical properties, such as the difficulty of
computing discrete logarithms, the Diffie-Hellman key exchange
ensures that even if an eavesdropper intercepts the public keys, it
remains computationally infeasible for them to determine the shared
secret key.
  Public Key Infrastructure (PKI) is a framework of cryptographic
techniques, policies, and procedures used to secure
communication and verify the authenticity of digital entities.
 It provides a set of tools and services to manage public key
Public Key cryptography, enabling secure and trusted communication over
Infrastructure networks.
 PKI plays a vital role in ensuring the confidentiality, integrity, and
authentication of data in various applications such as secure web
browsing, email encryption, and digital signatures.
  Certificate Authority (CA)
 A Certificate Authority is a trusted entity responsible for issuing and
managing digital certificates.
 It acts as a trusted third party that verifies the identity of individuals,
organizations, or devices and vouches for the authenticity of their public
keys.
 CAs play a critical role in establishing trust and facilitating secure
communication by digitally signing and issuing certificates.
Components  Digital Certificates
of PKI  A digital certificate is an electronic document that binds a public key to a
specific entity, such as an individual, organization, or device.
 It contains information about the entity's identity, public key, the CA that
issued the certificate, and a digital signature from the CA to ensure its
authenticity and integrity.
 Digital certificates serve as a means to verify the identity of parties and
enable secure encryption, digital signatures, and other cryptographic
operations.
  Trust Stores
 Trust stores are repositories that contain trusted root certificates
or intermediate certificates from CAs.
 They store the public keys of trusted CAs, enabling clients to
verify the authenticity and trustworthiness of digital certificates.
 Browsers, operating systems, and applications typically maintain
Components their own trust stores.
of PKI
 Others: Key Management, Certificate Revocation, Registration
Authorities, are some other components of Public Key Infrastructure
which together ensure ensures that the entities involved in
communication are authentic, trusted, and that their communication
channels remain secure.
  Secure Message Authentication verifies that the received message
has not been altered or tampered with during transit and confirms
the identity of the sender.
Secure Message  By employing cryptographic hash functions and message
Authentication authentication codes (MACs), message authentication provides a
strong layer of protection against data manipulation and
unauthorized access.
  A cryptographic hash function is a mathematical algorithm that
takes an input (message) and produces a fixed-size output (hash
value).
 Hash functions have the following characteristics:
 Deterministic: For the same input, a hash function will always
Cryptographic produce the same hash value.

Hash  Fixed Output Size: Hash functions produce a fixed-size output,

Functions regardless of the size of the input.
 One-Way: It is computationally infeasible to derive the original input
from the hash value.
 Collision Resistance: It is extremely difficult to find two different
inputs that produce the same hash value.
  A Message Authentication Code (MAC) is a cryptographic technique that
combines a secret key with the message to produce a fixed-size tag or code.
 MACs provide authentication and integrity by ensuring that the received
message has not been tampered with and that it originates from the expected
sender.
 MACs utilize symmetric key algorithms, where the same key is used for both
generating and verifying the MAC.
Message  MACs in distributed systems involve key agreement, MAC generation, and
Authentication MAC verification:
Code  Key Agreement: Parties agree on a shared secret key.
 MAC Generation: Sender calculates MAC using the key and a MAC
algorithm. MAC is appended to the message.
 MAC Verification: Recipient separates message and MAC, recalculates
MAC using the key and algorithm. If calculated MAC matches the
received MAC, the message is considered authentic.
  MPC, or Multi-Party Computation, is a cryptographic technique
that enables secure computation among multiple parties while
preserving the privacy of their inputs.
 Unlike traditional approaches where data is shared or revealed to a
Multi-Party central authority, MPC allows distributed systems to perform
computations on sensitive data without disclosing individual
Computation inputs.
 Cryptographic techniques Secure Function Evaluation, Secret
Sharing, Homomorphic Encryption, Zero-Knowledge proofs,
etc. are utilized to facilitate Multi-Party Computation.
  Common threats to communication in distributed systems include:
 Eavesdropping: Unauthorized individuals or entities may attempt to
intercept and listen to the communication between distributed systems,
aiming to gain sensitive information.
 Data Tampering: Attackers may modify the data being transmitted
between distributed systems, potentially leading to data corruption,
unauthorized access, or incorrect results.

Common  Man-in-the-Middle (MitM) Attacks: Attackers position themselves

between communicating parties, intercepting and potentially modifying
Threats the communication without the parties' knowledge. This allows them to
impersonate one or both parties and gain access to sensitive information.
 Denial-of-Service (DoS) Attacks: Malicious actors target distributed
systems with excessive requests or resource exhaustion techniques,
disrupting communication and rendering the systems unavailable to
legitimate users.
  To mitigate these threats, several countermeasures can be employed:
 Encryption: Implementing strong encryption mechanisms, such
as SSL/TLS for secure communication protocols, ensures that
data is protected against eavesdropping and tampering.
Encryption algorithms scramble the data, making it unintelligible
to unauthorized individuals.
 Authentication: Robust authentication mechanisms, such as
digital certificates and secure login credentials, verify the
Mitigation identities of communicating parties. This helps prevent MitM
attacks and ensures that only authorized entities can access the
distributed systems.
 Intrusion Detection Systems (IDS): IDS continuously monitor
network traffic and system logs, detecting any suspicious or
malicious activities. They can raise alerts or take preventive
actions to mitigate potential threats and unauthorized access
attempts.
  Firewalls and Network Segmentation: Employing firewalls and
proper network segmentation helps protect distributed systems by
isolating critical components and controlling access to them.
Firewalls monitor and filter network traffic, allowing only authorized
communication.
Mitigation  Regular Patching and Updates: Keeping distributed systems and
their components up to date with the latest patches and security
updates is crucial. This helps mitigate vulnerabilities that attackers
may exploit to gain unauthorized access or disrupt communication.
  Quantum Computing and Post-Quantum Cryptography
 The rise of quantum computers poses a significant threat to
traditional cryptographic algorithms.
 Post-quantum cryptography focuses on developing algorithms that
are resistant to attacks from quantum computers.
 Research is ongoing to develop quantum-resistant encryption
Emerging schemes that can safeguard communication in the presence of
quantum threats. ECDSA is quantum-resistant encryption unlike
Trends and RSA.
Challenges  Homomorphic Encryption:
 Homomorphic encryption, which allows computation on encrypted
data, is gaining attention as a powerful technique for secure
distributed systems communication.
 Advancements in homomorphic encryption are being made to
improve its efficiency and practicality, enabling secure computation
on sensitive data while preserving privacy.
  Zero-Trust Architecture
 Zero-trust architecture is an approach that assumes no implicit trust
within the network and requires continuous verification and
authentication for all communication and access attempts.
 It helps protect against insider threats, unauthorized access, and
Emerging lateral movement within distributed systems.

Trends and  AI-Enabled Attacks and Defense

Challenges  As artificial intelligence (AI) and machine learning (ML)
technologies advance, they can be both a threat and a defense in
distributed systems communication.
 Attackers can leverage AI for sophisticated attacks, while AI-based
techniques can be employed for detecting and mitigating security
threats in real-time.
  Privacy-Preserving Technologies
 With increasing concerns about data privacy, there is a growing

Emerging emphasis on privacy-preserving technologies in distributed systems

communication.
Trends and  Techniques such as differential privacy, secure multi-party
Challenges computation (MPC), and federated learning aim to enable
collaborative analysis and data sharing while protecting individual
privacy.
  In conclusion, information security and cryptography play vital
roles in ensuring the confidentiality, integrity, and availability of

Conclusion communication in distributed systems. As distributed systems

become increasingly prevalent and interconnected, the need for
robust security measures becomes paramount.