Security

Objectives

Some aspects of computer security are now almost household topics and most students will be aware of many of the security risks, often in an exaggerated and distorted form. Our aim is to dispel any unsupported beliefs and to provide the knowledge needed to assess the real security risks for distributed systems. We convey knowledge of cryptography-based security techniques in sufficient detail to enable students to evaluate their strength and the cost of their deployment and to use them to design secure distributed systems.

Students will become familiar with the range of security threats faced by networked and distributed systems and they will gain an understanding of the main algorithms and protocols, based on both secret-key and public-key cryptography, that are available for the authentication of communication partners and the maintenance of the privacy and integrity of data in communication channels.

The more important cryptographic functions are presented in a separate section (Section 11.3). This section will help to convince students of their soundness and strength. The section may be omitted, and the soundness of modern cryptography taken for granted, if desired.

Points to emphasize

Expand on the security model discussed in Chapter 2 with real-world examples such as those discussed in subsections 11.1.1-2.

Note the analogy made at the beginning of Section 11.1.3 between designing secure systems and producing bug-free programs. In both cases, the aim is to exclude all possible errors or loopholes. Analytic techniques are available in both cases, but they are difficult or impossible to apply to large systems. Instead, the entire design process must be informed with relevant security policies and sound security techniques deployed wherever the policies require enforcement.

The hybrid protocols (a secure channel based on public keys used to exchange a shared secret key which is then used for subsequent communication) are a recurring theme in the chapter and they are the default technique for securing client-derver communication in large scale systems such as the Internet. They should be introduced at an early stage.

The case studies in Section 7.6 enable the knowledge of principles gained in earlier sections to be integrated and consolidated.

Possible difficulties

There are many new concepts from the cryptography and security worlds and some new notation. Taken all together, they are somewhat daunting. Section 11.2 is intended to provide knowledge of the main techniques using a minimum of notation.

Teaching hints

There is something to be said for teaching the material in two or more portions, allowing sufficient time between them for the concepts and notation to sink in. The first portion might cover Sections 11.1 and 2 and one or more of the case studies from Section 11.6. The second portion would coverthe remainder of the material in the chapter.