(BQ) Part 1 book "Distributed systems - Concepts and design" has contents: Security, distributed file systems, name services, time and global states, coordination and agreement, transactions and concurrency control, distributed transactions, replication, mobile and ubiquitous computing, distributed multimedia systems,. and other contents. | 11 SECURITY Introduction Overview of security techniques Cryptographic algorithms Digital signatures Cryptography pragmatics Case studies: Needham–Schroeder, Kerberos, TLS, WiFi Summary There is a pervasive need for measures to guarantee the privacy, integrity and availability of resources in distributed systems. Security attacks take the forms of eavesdropping, masquerading, tampering and denial of service. Designers of secure distributed systems must cope with exposed service interfaces and insecure networks in an environment where attackers are likely to have knowledge of the algorithms used and to deploy computing resources. Cryptography provides the basis for the authentication of messages as well as their secrecy and integrity; carefully designed security protocols are required to exploit it. The selection of cryptographic algorithms and the management of keys are critical to the effectiveness, performance and usability of security mechanisms. Public-key cryptography makes it easy to distribute cryptographic keys but its performance is inadequate for the encryption of bulk data. Secret-key cryptography is more suitable for bulk encryption tasks. Hybrid protocols such as Transport Layer Security (TLS) establish a secure channel using public-key cryptography and then use it to exchange secret keys for use in subsequent data exchanges. Digital information can be signed, producing digital certificates. Certificates enable trust to be established among users and organizations. The chapter concludes with case studies on the approaches to security system design and the security mechanisms deployed in Kerberos, TLS/SSL and WiFi. 463 464 CHAPTER 11 SECURITY Introduction In Section we introduced a simple model for examining the security requirements in distributed systems. We concluded that the need for security mechanisms in distributed systems arises from the desire to share resources. (Resources that
