internet security and cluster technologies for reliable e ... · internet security and cluster...
TRANSCRIPT
September 7, 2000 K. Hwang at USC 1
Kai HwangInternet and Cluster Computing Laboratory
University of Southern California
Internet Security and ClusterTechnologies for Reliable
E-Commerce Services
Keynote Speech, SSGRR-2000L’Aquila, Italy, July 31, 2000
September 7, 2000 K. Hwang at USC 2
Internet-based Societyin the new millennium
g E-Business, E-Commerce
g Metacomputing Grid
g E-Education, E-Society
g E-Government, . . . . . By year 2001, the global theater ofE-commerce will reach US $13 trillion; 42% of which will be at B2B, 20% at B/C2G, and 38% at B2C levels.
September 7, 2000 K. Hwang at USC 3
Hot Issues in E-Commerce! Enabling technologies, web-servers, …
! Security, reliability, and data Recovery
! Databases and datamining techniques
! Fast communication protocols, etc.
! eCash, eCheque, eBank, eSociety, eGovernment, eEntertainment, eTravel, . . .
! Groupware, Middleware, and Infowares
! ISPs, ASPs, and Decision support systems
! . . . . . . . .
September 7, 2000 K. Hwang at USC 4
Underlying Technologiesfor E-Commerce Services
Core TechnologiesScalability Data Warehousing
RAS UNIX/Linux SecurityNetworking RDBMS
Open Standards
Enabling TechnologiesOLAP
HTML/XMLMessaging
Security
COM/DCOM/DNACORBA/IIOP
PerformanceMeasurement
KnowledgeManagement
Supply ChainManagement
Data Mining
Personalization
Advertising/Promotions
Billing/Payment Systems
Decision-Support TechnologiesRelationship management
(Source: Kalakota and Robinson, e-Business:Roadmap for Success, Addison-Wesley, 1999)
September 7, 2000 K. Hwang at USC 5
Threats on Internet
gConfidentiality - Eavesdropping
gIntegrity - Modification of data
or viruses
gAuthenticity - “Spoofing”
gAvailability - “SYN flooding”
or DOS Attacks
September 7, 2000 K. Hwang at USC 6
Securing E-commerce withintrusion control and automatic recovery from malicious attacks
Highly secure and reliableenterprise applications with
intrusion preventionand automatic recovery
from malicious hackersor unexpectedcrashes or threats
Frontendfirewall
securityarchitectureWeb sites
with nosecurityprotection
Incr
easi
ngre
liabi
lity
Single server SMP server Cluster of serversIncreasing scalability
No dataprotection
Faulttolerance
September 7, 2000 K. Hwang at USC 7
Collaborative security agentsworking collectively to counteract
hackers and intruders
Internet
Security Controllers
Security Controllers
Security Controllers
Security Controllers Security Controllers
Security Controllers
Intranets
Intranets
Intranets
Intranets
Intranets
Intranets
September 7, 2000 K. Hwang at USC 8
10 Most Critical Internet Security Threats
due to software vulnerability on Web servers
g BIND ( Berkeley Internet Name Domain)g CGI (Common Gateway Interface)g RPC in rpc.ttdbserved (toolTalk), . .g RDS security hole in Microsoft IISg sadmind and mounted on Unix machinesg Sendmail buffer overflow, pipe attacks,g File sharing via NetBIOS and NT portsg User Ids as root/Adm with no passwordsg IMAP and POP buffer overflowg Default SNMP community string
September 7, 2000 K. Hwang at USC 9
E-Commerce SecurityComponent Technologies
! Client software enhancement
! Server software enhancement
! Middleware for clustering
! Network transport protocols
! Security & Assurance Policies
September 7, 2000 K. Hwang at USC 10
The Internet Security Testbedat the University of Southern California
Compaq
Server cluster atUSC Marshall
Business School
Server clusterat ICC Lab in
Engineering
KPMG
IBM Institutefor Advanced
Commerce
ITRI
Sun Microsystems
Haas Business Schoolat UC Berkeley
CISCO
The security testbed at three USC sites: Internet and Cluster Computing(ICC) Lab in Engineering School, E-commerce Lab at Marshall BusinessSchool, and Information Science Institute (ISI), connected to E-businessresearch sites in industry and academia. Web site: http://andy.usc.edu/trojan/.
Server clusterat ISI in
Marina Del Rey
Compaq
. ….
September 7, 2000 K. Hwang at USC 11
Major Research Tasks inSecuring E-Commerce Web Sites
Task 1: Security testbed construction andreliability enhancement with multi-severclustering and checkpointing RAIDs
Task 2: Developmentof multi-agent securitysoftware environment
Task 3: New policies, standardsand component technologiesfor security, assurance, andconfidentiality in E-commerce
Task 4: Integrating with B2B or B2G processesin global supply chain management
September 7, 2000 K. Hwang at USC 12
Architecture of A Highly SecureWeb Site for E-Business Services
Internetfirewall
Intranet servers
Intranet servers
Switch
Switch
Switch Switch
E-commerce Server Cluster
Security controller
September 7, 2000 K. Hwang at USC 13
g Prototype has 16 Pentinum PCshoused in two 9-ft computer racks.
g All PCs run with the Redhat Linuxversion 6.0 (Kernel version 2.2.5)
g All 16 PC nodes are interconnectedby a 100 Mbps Fast Ethernet
g The cluster is ported with DQS,LSF, MPI, PVM, TreadMarks,Elias, and NAS benchmarks, etc.
g Scaling to a future system with100’s to 1000’s of future processorsinterconnected by Gigabit networks
Trojans Cluster ProjectUSC Internet and Cluster
Computing Laboratory
Web site: http://andy.usc.edu/trojan/
September 7, 2000 K. Hwang at USC 14
Trojans cluster built at USC Internet and Cluster Computing Laboratory
E n tr yP a r t it io n
F a s t E th e rn e t
In te rn e t/ In tra n e tC lie n t
D a ta b a seP a r t it io n
S e r v ic eP a r t it io n
S e r v ic e F lo w D a ta F lo w
September 7, 2000 K. Hwang at USC 15
Attack Characteristics and Counter-measures in Federated E-commerce
Attack characteristics A ttack Type C ounterm easuresIP Address SpoofingThe hacker impersonates an internal ortrusted external IP address to bypass thesecurity systems
From internalor externalagainst host
Firew all and use strongerauthentication methodsFirew alls are ineffective againstinternal attacks
Softw are vulnerabilitiesH ackers send string sizes larger than theinput buffer or illegal H TM L code to gainroot authority and/or execute their ownprogram s on the web server
From externalagainst thehost
Firew all to filter some of the trafficbefore it reaches the w eb server.• Firewalls are very effective in
blocking eternal attacksA gent can do a better job here
Flooding the hostA hacker sending a large num ber of IPpackets to shut down or to overload the hoston the bad packets.
From internalor externalagainst thehost
C reating R edundant resourcesCreating redundant resources helpsw ithstand this attack for a longer tim eand it is not a com plete solution
Personated endpointsThe hacker cuts in a transaction and assum ethe identity of an endpoint to intercept mailand steal sensitive information
From internalor externalagainst hostor other agents
Strong authentication and digitalcertificates that rely on private keys.
• Very effective for both internaland external attacks
U ser im personationA hacker with a legitimate IP address andstolen password m ay try to impersonate auser
From internalor externalagainst otheragent
U se of Digital C ertificates• Very effective for both internal
and external attacks
V iruses & Trojan H orse programsM alicious Java applets and viruses thatusers can download unwittingly causingm assive destruction to the com puter systems
From internalor externalagainst thehost
V irus Scanning and C ontent Filtering.• The inform ation for virus scanning
and content filtering needs to becontinuously updated, else it w illbecom e ineffective
September 7, 2000 K. Hwang at USC 16
Agent PKI
Agent Name Service
Agent SecurityInfrastructure
Data-MiningAgents
DefinedSecurity Policy
Decision MakingSystem
AgentController
Communication Agents
Architecture of the security controllerbuilt with a cluster of Linux servers
Intrusion
Database
September 7, 2000 K. Hwang at USC 17
Distributed RAID-x ArchitectureCluster Network
P/M
CDD
P/M
CDD
P/M
CDD
Node 0 Node 1 Node 3
P/M
CDD
Node 2
B0B12B24B25’
B26’B27’
B1B13B25B14’
B15’B24’
B2B14B26B3’
B12’B13’
B3B15B27B0’
B1’B2’
B4B16B28B29’
B30’B31’
B5B17B29B18’
B19’B28’
B6B18B30B7’
B16’B17’
B7B19B31B4’
B5’B6’
D0 D1 D2 D3
D4 D5 D6 D7
D8 D9 D10 D11B8B20B32B33’
B34’
B35’
B9B21B33B22’
B23’B32’
B10B22B34B11’
B20’B21’
B11B23B35B8’
B9’B10’
September 7, 2000 K. Hwang at USC 18
0
2
4
6
8
10
12
14
16
18
1 4 8 12 16Number of Clients
Aggr
egate
Band
width
(MB/s
) RAID-xRAID-5RAID-1NFS
0
2
4
6
8
10
12
14
16
18
1 4 8 12 16Number of Clients
Aggr
egate
Band
widt
h(MB
/s)
RAID-xRAID-5RAID-1NFS
0
2
4
6
8
10
12
14
16
18
1 4 8 12 16Number of Clients
Aggre
gate
Band
width
(MB/s
)
RAID-xRAID-5RAID-1NFS
0
2
4
6
8
10
12
14
16
1 4 8 12 16Number of Clients
Aggr
egate
Band
width
(MB/s
)
RAID-xRAID-5RAID-1NFS
(a) Large read (20MB per client) (b) Small read (32KB per client)
(c) Large write (20MB per client) (d) Small write (32KB per client)
Benchmark Performanceof Distributed RAID Architectures
September 7, 2000 K. Hwang at USC 19
Trojans Linux Clusterwith Middleware for Security
and Checkpoint Recovery
Server ServerServer
Gigabit Network Interconnect
Security and Checkpointing middleware
Single System Image (SSI) Infrastructure
Programming Environments(Java, EDI, HTML, XML)
Web WindowsUser Interface
Other Subsystems(Database, OLTP, etc.)
Linux Linux Linux
September 7, 2000 K. Hwang at USC 20
Intelligent Agent-basedE-Commerce Infrastructure
! Need a robust testbed– WWW Servelet + SSL + Applet– Mobile agent platform:
! IBM Aglet! JATLite (KQML)! ObjectSpace Voyager (CORBA, XML)
! EDI vs. XML data flow model
September 7, 2000 K. Hwang at USC 21
Adaptive Security Controlwith intelligent agents to detect threats,to learn from intrusion patterns, and to
safeguard E-business operations
SecuritySafeguards
•Firewall•Authentication•Access control•Encryption
=
DetectThreats
Detectvulnerabilities
+ +
Response
AdaptiveSecurity
DistributedMulti-Agent Computing
24
Internet
Agent Name Server
OracleDatabaseWeb Browser
Agent
Agent
AgentAgent
Agent DatabaseServer
1
2
3
4
56
7
September 7, 2000 K. Hwang at USC 23
Electronic Solutions
! Confidentiality
! OriginAuthentication
! ContentIntegrity
! Non-repudiationof origin/receipt
! Availability
! Data Encryption
! Digital Signatures,Certificates, Digital Ids
! Hash Algorithms, MessageDigests, Digital Signatures
! Digital Signatures,Audit Logs
! Redundant Systems,Automatic Failover
24
Public-Key Cryptography! Secure E-mail and other
communications– Secure Internet communications– S/MIME standard– Lotus Notes, Entrust, PGP
! Secure WWW transactions– Consumer-merchant purchases– On-line banking– SSL, S-HTTP, SET
! Business-to-business transactions– Electronic Data Interchange– Electronic Trading
September 7, 2000 K. Hwang at USC 25
Originator’sSigned Message
DecryptEncrypt
CleartextMessage
CleartextMessage
Recepient’sPublic Key
Originator
Recepient’sPrivate Key
Recipient
Secure Communication withPublic-Key Cryptography
September 7, 2000 K. Hwang at USC 26
Non-Repudiation of Origin
! This technique protects the receiver of a message
from sender’s denial of having sent it.
! Protection is achieved by including a digital signature,
obtained by encrypting message with a public and/or
private keys.
document document
hash value hash value
public keyprivate key
sender receiver
September 7, 2000 K. Hwang at USC 27
Collaborative Security Projectsbetween USC and Industrial partners
! Internet payment system– Credit card payment with
enhanced SSL protocol– Micro payment with wallet server
! Internet security control– New cryptographic algorithms– S-MIME protocol revision (PKCS)– Wireless security control
! Securing mobile agents in personalized E-commerce using PDA, cellular phone, etc.
September 7, 2000 K. Hwang at USC 28
! Intrusion-proof web servers and firewalls are in
great demand in E-business services
! Distributed checkpointing to secure federated
E-commerce operations
! Distributed RAID for Unix, Windows NT, and Linux
web servers in cluster or grid environments
! Clustered security appeals to consolidated web
services and global supply chain management
Concluding Remarks :