haidong xue. part one: review of the knowledge in textbook goals, issues, solutions part two:...

8.7 Summary of Distributed Computer

SecurityHaidong Xue

Part One: Review of the Knowledge in Textbook goals, issues, solutions

Part Two: Current Application X509.V3

Part Three: Future Work

Content

Part One: Review of the Knowledge in

TextbookgoalsIssuessolutions

Goals: Secrecy Integrity Availability Reliability Safety

Review of the Knowledge in Textbook

Issues: Access authorization discretionary access control mandatory access control Message Security cryptography Mutual Authentication cryptography

Review of the Knowledge in Textbook

Cryptography: private key system public key system protocol: Kerberos, X.509

Review of the Knowledge in Textbook

DESRSAMD5

Review of the Knowledge in Textbook

Part Two: Current Application

X.509 V3

Certificate ◦ Version ◦ Serial Number ◦ Signature Algorithm◦ Issuer ◦ Validity Subject ◦ Subject Public Key Info

Public Key Algorithm Subject Public Key

◦ Issuer Unique Identifier (Optional) ◦ Subject Unique Identifier (Optional) ◦ Extensions (Optional)

Certificate Signature Algorithm Certificate Signature

(http://en.wikipedia.org/wiki/X.509)

Part Two: Current Application

Part Two: Current Application

CustomerKc-privateKb-public

BankKb-privateKc-public

1. A = RSA(Information, Kb-public)2. B = RSA(A, Kc-private)3. Send A,B

Part Two: Current Application

CustomerKc-privateKb-public

BankKb-privateKc-public

1.Signature:(1). A = MD5(information)(2). B = RSA(A, Kc-private)

2. Encrypt:(1). Generate 128bits DES Key(2). C = DES(information, K-des)(3). D = RSA(K-des, Kb-public)

3. Send B, C, D

Part Two: Current Application

CustomerKc-privateKb-publicKca-public

BankKb-privateKc-public

Certificate Authority:Kca-private

Kb-publicRSA( MD5(Kb-public), Kca-private)

Part Three: Future Work

A new kind of private key

Randy Chow, Theodore Johnson. Distributed Operating Systems& Algorithms. Addison Wesley, 1997

X.509. http://en.wikipedia.org/wiki/X.509 Public key certificate. http://

en.wikipedia.org/wiki/Digital_Certificate Introduction to the digital certificates. http://

hi.baidu.com/chenxu321/blog/item/783d100834aa50d862d986ca.html

Principles of digital certificates. http://blog.csdn.net/liukeforever/archive/2009/07/31/4396521.aspx

Reference