1. CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz

2. Trust  How much to trust a particular certificate?  Based on: –CA authentication policy –Rigor with which policy is followed –Assumptions inherent in the policy

3. Example…  Certificate issued based on a passport  Assumptions: –Passport not forged –Passport issued to the right person –Person presenting passport is the right person –CA actually checked the passport when issuing the certificate

4. Anonymity vs. pseudonymity  Anonymity –No one can identify the source of any messages –Can be achieved via the use of “persona” certificates (with “meaningless” DNs)  Pseudonymity –No one can identify the source of a set of messages… –…but they can tell that they all came from the same person

5. Levels of anonymity  There is a scale of anonymity –Ranges from no anonymity (complete identification), to partial anonymity (e.g., crowds),to complete anonymity –Pseudonymity is tangential to this…

6. Anonymizers  Proxies that clients can connect to, and use to forward their communication –Primarily used for email, http  Can also provide pseudonymity –This may lead to potential security flaws if mapping is compromised  Must trust the anonymizer… –Can limit this by using multiple anonymizers

7. Traffic analysis  If messages sent to remailers are not encrypted, it is easy to trace the sender  Even if encrypted, may be possible to perform traffic analysis –Timing –Message sizes –Replay attacks

8. Http anonymizers  Two approaches –Centralized proxy/proxies –“Crowds…”

9. Implications of anonymity?  Is anonymity good or bad? –Unclear… –Can pseudonymity help?

10. Identity on the Web  Certificates are not (yet?) ubiquitous for individuals  Other means for assigning identities?

11. Host identity  E.g., in the context of the OSI model –Potentially different “names” at each layer MAC address (data link layer) IP address (network layer) hostname (application layer)  In general, it is easy to spoof these identities

12. Static/dynamic identifiers  E.g., Domain Name Service (DNS) –Associates hostnames and IP addresses (static)  E.g., DHCP servers –When laptop connects to network, the network assigns the laptop an unused IP address –Local identifier = identifier used between client and server –Global identifier = identifier used by client in other contexts

13. E.g., address translation  Company with more computers than IP addresses –Each computer has a fixed local address used internally –When a computer sends a packet to the Internet, those packets are assigned a valid IP address by a gateway –The gateway keeps track of the correspondence

14. “Cookies”  Cookies are tokens containing state information about a transaction  May contain (for example): –Name/value; expiration time –Intended domain (cookie is sent to any server in that domain) No requirement that cookie is sent by that domain

15. Security violations?  Cookies potentially violate privacy –E.g., connecting to one server results in a cookie that will be transmitted to another  Storing authentication information in a cookie is also potentially dangerous (unless cookie is kept confidential, or other methods are used)