ÿþ<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <title>CS111: Lecture Date 12/02/2008</title> </head> <body> <div> <h2><font color="#4F81BD" size="4" face="Cambria"><b><i>CS 111: Scribe Notes for 12/02/2008</i></b></font></h2> <p><font size="2" face="Liberation Serif"><b><i>by Sahil Amoli, Max Chang, Sheng Lu, Sharon Tang</i></b></font> <br> <br></p> <p><font color="#4F81BD" size="3" face="Liberation Serif"><b><i>NFS protocol</i></b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">used to communicate between NFS client and server (CIFS in Microsoft)</font></li> <li><font size="3" face="Times New Roman">Looks similar to Unix system calls</font></li> </ul> <br> <p><font color="#4F81BD" size="3" face="Liberation Serif"><b><i>For Example:</i></b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">CREATE(dirfh, name, attr) -&gt; fh</font> <ul> <li><font size="3" face="Times New Roman">dirfh  directory file handle</font></li> <li><font size="3" face="Times New Roman">name  name of file to create</font></li> <li><font size="3" face="Times New Roman">attr  attribute of file</font></li> </ul> </li> <li><font size="3" face="Times New Roman">LOOKUP(dirfh, name) -&gt; fh</font></li> <li><font size="3" face="Times New Roman">REMOVE(dirfh, name)</font></li> <li><font size="3" face="Times New Roman">READ(fh, offset, nbytes) -&gt;bytes read</font></li> <li><font size="3" face="Times New Roman">WRITE</font></li> </ul> <p><font size="2" face="Times New Roman"><b>*Can be found in Table 4-1, page 4-46* </b></font> <br></p> <p><font size="3" face="Times New Roman">NFS file handle  unique ID for the file in that NFS server</font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">Similar to file descriptor; however one level down (in the kernel)</font></li> <li><font size="3" face="Times New Roman">(like dev + mode pair in Unix)</font> <ul> <li><font size="3" face="Times New Roman">filesystem + inode # of file</font></li> </ul></li></ul> <br> <p><font color="#4F81BD" size="3" face="Times New Roman"><b><i>Important Design Criteria of original NFS</i></b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">NFS server is  stateless </font></li> <li><font size="3" face="Times New Roman">No important state in RAM on server  all important state information on disk</font> <ul> <li><font size="3" face="Times New Roman">If NFS server crashes, no problem other than performance</font> <ul> <li><font size="3" face="Times New Roman">Advantages</font> <ul> <li><font size="3" face="Times New Roman">reliability</font></li> <li><font size="3" face="Times New Roman">simplicity in server</font></li> </ul></li> </ul> <ul><li><font size="3" face="Times New Roman">Disadvantages</font> <ul> <li><font size="3" face="Times New Roman">performance, particularly on writes (states written to disk)</font></li> </ul></li></ul></li> </ul></li></ul> <br> <p><font size="3" face="Times New Roman"><i>Caching could </i> <b><i>help</i></b><i> </i><b><i>performance</i></b><i> but at the </i> <b><i>expense of losing</i></b><i> </i> <b><i>simplicity</i></b></font> <br></p> <p><font color="#4F81BD" size="3" face="Times New Roman"><b><i>Problems with NFS</i></b></font></p> <ol type="1"> <li><font size="3" face="Times New Roman"><b>Locks on files</b></font> <ul type="DISC"> <li><font size="3" face="Times New Roman">fcntl() advisory locks</font> <ul type="DISC"> <li><font size="3" face="Times New Roman">doesn&#39;t work in original NFS v3</font></li> <li><font size="3" face="Times New Roman">NFS v4</font> <ul type="DISC"> <li><font size="3" face="Times New Roman"> statefull </font></li> <li><font size="3" face="Times New Roman">locks</font></li> </ul></li></ul></li></ul></li> <li><font size="3" face="Times New Roman"><b>Packet loss</b></font> <ul type="DISC"> <li><font size="3" face="Times New Roman">Client to Server</font> <ul type="DISC"> <li><font size="3" face="Times New Roman"> if client issues a packet </font><font size="3" face="Wingdings">à</font><font size="3" face="Times New Roman"> times out </font><font size="3" face="Wingdings">à</font><font size="3" face="Times New Roman"> <b> RETRY </b></font> <ul type="DISC"> <li><font size="3" face="Times New Roman">NFS method issues at least one retry</font></li> </ul></li> <li><font size="3" face="Times New Roman">Client issues REMOVE </font><font size="3" face="Wingdings">à</font><font size="3" face="Times New Roman"> server removes </font><font size="3" face="Wingdings">à</font><font size="3" face="Times New Roman"> sends packet back </font><font size="3" face="Wingdings">à</font><font size="3" face="Times New Roman"> packet loss</font> <ul type="DISC"> <li><font size="3" face="Times New Roman">Would the retry be appropriate? <b>NO</b>, file already removed</font></li> <li><font size="3" face="Times New Roman">Workaround: <b>Item Potency Cache</b></font> <ul type="DISC"> <li><font size="3" face="Times New Roman">server maintains cache of recent requests allowing a duplicate response to be sent in the case of receiving a duplicate request</font></li> <li><font size="3" face="Times New Roman">Not truly stateless</font></li> </ul></li></ul></li></ul></li></ul></li></ol> <br> <ol type="1" start="3"> <li><font size="3" face="Times New Roman"><b>Stale file handle</b> problem</font> <ul type="DISC"> <li><font size="3" face="Times New Roman"><b>Scenario</b></font> <ol type="1"> <li><font size="3" face="Times New Roman">Client 1 opens  f </font></li> <li><font size="3" face="Times New Roman">Receives file handle  963 (usually a much larger number)</font></li> <li><font size="3" face="Times New Roman">Client 2 removes  f </font></li> <li><font size="3" face="Times New Roman">Client 1 performs read of 963</font></li> <li><font size="3" face="Times New Roman">errno == ESTALE (obtained because server does not know open files of each client)</font></li> </ol></li></ul> <br> <ul type="DISC"> <li><font size="3" face="Times New Roman"><b><i>Hack</i>:</b> client kernel, when told to unlink an open file, instead renames it to  .nfs196 </font> <ul type="DISC"> <li><font size="3" face="Times New Roman">Same file handle, although under different name</font></li> <li><font size="3" face="Times New Roman">On last close, client kernel unlinks  .nfs196 </font></li> <li><font size="3" face="Times New Roman"><i>Issues?</i></font> <ul type="DISC"> <li><font size="3" face="Times New Roman">Only works if same machine performs operations on the same file (client 1 = client 2)</font></li> <li><font size="3" face="Times New Roman">Client crash before final unlink will result in file with cryptic name</font></li> </ul></li></ul></li></ul> <br> <ul type="DISC"> <li><font size="3" face="Times New Roman">In Unix</font> <ul type="DISC"> <li><font size="3" face="Times New Roman">No clean up is done until last file descriptor is closed</font></li> <li><font size="3" face="Times New Roman">NFS is  stateless and does not know what is open, so it removes when asked</font></li> </ul></li></ul></li></ol> <br> <p><font color="#4F81BD" size="3" face="Liberation Serif"><b><i>NFS model </i></b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman"><i>Advantage</i></font> <ul type="DISC"> <li><font size="3" face="Times New Roman">simple stateless server</font></li> <li><font size="3" face="Times New Roman">A client that hangs will not affect other clients</font></li> </ul></li> <li><font size="3" face="Times New Roman"><i>Disadvantages</i></font> <ul type="DISC"> <li><font size="3" face="Times New Roman">Client side that is a bit more complicated (client-side cache)</font></li> </ul></li></ul> <br> <br> <p><font size="3" face="Times New Roman"><b>NFS does not have write-to-read consistency</b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">Can be caught by extra handshaking  in practice, too expensive to be practical</font></li> <li><font size="3" face="Times New Roman">Simply do not assume that there is consistency</font></li> <li><font size="3" face="Times New Roman">However it is <b><i> OK</i></b> to slow down less commonly used system calls</font> <ul type="DISC"> <li><font size="3" face="Times New Roman">Open/Close  Close-to-open consistency does work; close() on client will make sure cached data are sent to server</font> <ul type="DISC"> <li><font size="3" face="Times New Roman">interesting consequence is that close() can fail with errno == EIO, ESPACE, which is not possible in Linux filesystem</font></li> </ul></li> <li><font size="3" face="Times New Roman">Rename</font></li> <li><font size="3" face="Times New Roman">Unlink</font></li> </ul></li></ul><br> <p class=MsoNormal><b><u><span style='font-size:14.0pt;line-height:115%'>NFS Security</span></u></b></p> <p class=MsoListParagraph style='margin-left:.75in;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt;line-height: 115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Evil client host that lets users become  root , or any other user</p> <p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in'><span style='font-family:Wingdings'>§</span><span class=GramE><span style='font-size: 7.0pt;line-height:115%;font-family:"Times New Roman","serif"'>&nbsp; </span>You</span> can look at any file you like (Quick hack:  root =  nobody over wire)</p> <p class=MsoNormal style='margin-left:.5in'>+ Simple client authentication: </p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt;line-height: 115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>based on IP address  ideal for local networks</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt;line-height: 115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span><span class=GramE>We</span> can also use SSH, IPSec, and hardware assisted security while losing performance</p> <p class=MsoNormal align=center style='text-align:center;text-indent:.5in'><u>Users in NFS are modeled by UIDs (user ID)</u></p> <center> <img width=334 height=242 src="image001.gif" alt="NFS"> </center> <br style='mso-ignore:vglayout' clear=ALL> <p class=MsoNormal style='text-indent:.5in'>&nbsp;If user  <span class=SpellE>Eggert</span> has two different UIDs on system A and B, the NFS will recognize <span class=SpellE>Eggert</span>-A and <span class=SpellE>Eggert</span>-B as two different users. One way to solve this issue is by using an authentication system, such as Kerberos.</p> <p class=MsoNormal><b><span style='font-size:14.0pt;line-height:115%'>&nbsp;</span></b></p> <p class=MsoNormal><b><u><span style='font-size:14.0pt;line-height:115%'>Security</span></u></b></p> <p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt;line-height: 115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Real world security - defend against force &amp; fraud attacks</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span class=GramE><span style='font-family:"Courier New"'>o</span></span><span style='font-size:7.0pt;line-height:115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp; </span>Main forms of attacks:</p> <p class=MsoNormal>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - <span class=GramE>against</span> <u>privacy</u></p> <p class=MsoNormal>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - <span class=GramE>against</span> <u>integrity</u></p> <p class=MsoNormal>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; - <span class=GramE>against</span> <u>service</u> (commonly seen as <span class=SpellE>DoS</span>)</p> <p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt;line-height: 115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>General goals:</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt;line-height: 115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Allow authorized access (a positive goal)</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt;line-height: 115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Disallow unauthorized access (a negative goal)</p> <p class=MsoListParagraph style='margin-left:2.0in;text-indent:-.25in'><span class=GramE><span style='font-family:"Courier New"'>o</span></span><span style='font-size:7.0pt;line-height:115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp; </span>Harder to test  attackers never file bug reports</p> <p class=MsoNormal style='margin-left:.5in'>&nbsp;</p> <p class=MsoListParagraph style='margin-left:1.0in;text-indent:-.25in'><span style='font-family:Symbol'>·</span><span style='font-size:7.0pt;line-height: 115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </span>Threat modeling + classification</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span class=GramE><span style='font-family:"Courier New"'>o</span></span><span style='font-size:7.0pt;line-height:115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp; </span>Insiders</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span class=GramE><span style='font-family:"Courier New"'>o</span></span><span style='font-size:7.0pt;line-height:115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp; </span>Social engineering</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span class=GramE><span style='font-family:"Courier New"'>o</span></span><span style='font-size:7.0pt;line-height:115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp; </span>Network attacks:</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:.5in'>- <span class=GramE>virus</span>, drive-by downloads (phishing)</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:.5in'>- <span class=SpellE>DoS</span> (Denial of Service)</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:.5in'>- Buffer overruns</p> <p class=MsoListParagraph style='margin-left:1.5in;text-indent:-.25in'><span class=GramE><span style='font-family:"Courier New"'>o</span></span><span style='font-size:7.0pt;line-height:115%;font-family:"Times New Roman","serif"'>&nbsp;&nbsp; </span>Device attacks:</p> <p class=MsoListParagraph style='margin-left:2.0in'>- USB virus</p> <p><font size="3" face="Times New Roman"><b>General mechanisms for any security scheme: </b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">Authentication  people can prove who they really are</font></li> <li><font size="3" face="Times New Roman">Integrity  don t let people mess with the system</font></li> <li><font size="3" face="Times New Roman">Authorization  keep track of who is allowed to do what</font></li> <li><font size="3" face="Times New Roman">Auditing  logging user actions</font></li> <li><font size="3" face="Times New Roman">All of these things need <i>correctness</i> and <i>efficiency</i></font></li> </ul> <p><font size="3" face="Times New Roman"><b>Authentication</b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">Prevents masquerading</font></li> <li><font size="3" face="Times New Roman">Based on what you know, what you have, who you are</font></li> <li><font size="3" face="Times New Roman">Can be external or internal </font></li> <li><font size="3" face="Times New Roman">External authentication is like having a sentry determine who can and cannot enter the fortress  must not be forgeable/guessable</font> <ul type = "CIRCLE"> <li><font size="3" face="Times New Roman">Passwords</font></li> <li><font size="3" face="Times New Roman">Biometrics (fingerprints, retinas, etc.)</font></li> <li><font size="3" face="Times New Roman">Secret keys (managed by computers)</font></li></ul> <li><font size="3" face="Times New Roman">Internal authentication is like having guards in the fortress checking on your identity every time you try to do something  typically recorded in process descriptors and maintined by the OS</font></li> <li><font size="3" face="Times New Roman">Possible attacks:</font> <ul type="CIRCLE"> <li><font size="3" face="Times New Roman">Shoulder surfing  record over your shoulder to get your info</font></li> <li><font size="3" face="Times New Roman">Key logging  record all of your keystrokes to get your info</font></li> <li><font size="3" face="Times New Roman">Phishing/fake websites  pretend to be some trusted site to get your info</font></li> <li><font size="3" face="Times New Roman">Man-in-the-middle attacks  pretend to be the server to get your info</font></li></ul></li></ul> <p><font size="3" face="Times New Roman"><b>Cryptographic building blocks for authentication - hash functions</b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">H(M) ==> V</font></li> <li><font size="3" face="Times New Roman">With a hash function H, take a message M and make a unique hash value V</font></li> <li><font size="3" face="Times New Roman">Example: SHA1  takes a message M and gives back a 160-bit hash value H</font></li> <li><font size="3" face="Times New Roman">We don t want:</font> <ul type="CIRCLE"> <li><font size="3" face="Times New Roman">To be able to construct an M to have a given H</font></li> <li><font size="3" face="Times New Roman">To be able to modify M without getting a different H</font></li> <li><font size="3" face="Times New Roman">To have two different M s get the same H</font></li></ul> <li><font size="3" face="Times New Roman">Tricky to come up with good hash functions that meet our needs</font></li> </ul> <p><font size="3" face="Times New Roman"><b>Symmetric encryption</b></font></p> <ul type="DISC"> <li><font size="3" face="Times New Roman">DES  data encryption standard</font></li> <li><font size="3" face="Times New Roman">3DES  triple DES  formed by using DES three times</font></li> <li><font size="3" face="Times New Roman">We have:</font> <ul type="CIRCLE"> <li><font size="3" face="Times New Roman">P is the unencrypted message</font></li> <li><font size="3" face="Times New Roman">K is the key</font></li> <li><font size="3" face="Times New Roman">{P}<sup>K</sup> is the encrypted message</font></li></ul></li> <li><font size="3" face="Times New Roman">We need:</font> <ul type="CIRCLE"> <li><font size="3" face="Times New Roman">Given P and K, getting {P}<sup>K</sup> MUST BE EASY!</font></li> <li><font size="3" face="Times New Roman">Given {P}<sup>K</sup> and K, getting P MUST BE EASY!</font></li> <li><font size="3" face="Times New Roman">Given {P}<sup>K</sup>, getting P MUST BE HARD!</font></li> <li><font size="3" face="Times New Roman">Given P, getting {P}<sup>K</sup> MUST BE HARD!</font></li> <li><font size="3" face="Times New Roman">Given P and {P}<sup>K</sup>, getting K MUST BE HARD!</font></li> </ul></li></ul> <p><font size="3" face="Times New Roman"><b>Bottom Line: </b></font> <font size="3" face="Times New Roman">encryption and decryption must be hard if we don t have the required information</font></p> </div></body></html>