Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management."— Presentation transcript:

1 1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management

2 2 Administration Online survey http://create.hci.cornell.edu/cssurvey.cfm

3 3 Users Digital objects Identification & authenticity Attributes Authentication Roles Permitted Operations Laws and agreements Policies Authorization Information Managers Access

4 4 A publishing example Collection consists of: current journals, back list, promotional materials Subscribers have access: current and back list - general, no redistribution Other users have access: current - list price, no redistribution back list - 50% of list price, no redistribution Promotional materials - unlimited access

5 5 Attributes of digital objects Attributes currentCurrent backBack list promoPromotional

6 6 Roles of users Roles subscriberUser is a subscriber otherOther user list Has paid list price discountHas paid 50% of list price

7 7 Permitted operations Operations general General access dist Redistribution

8 8 Policies AttributeRole Operations current or backsubscriber general, not dist currentother and list general, not dist backother and discount general, not dist promoany general, dist Each row of the table represents a policy.

9 9 Revision The publisher changes its policies. Current and back list will be treated the same, with a 20% discount on all journals.

10 10 Example: Revised Role Define a new role: standardHas paid 80% of list price

11 11 Revised policies AttributeRole Operations current or backsubscriber general, not dist current or backother and standard general, not dist promoany general, dist

12 12 The basic decisions Providing access is harder than blocking access Intrusive technology drives people away People value their privacy It must be clear what the technology is trying to achieve Technology serves economic or organizational goals Every technical question has an organizational context

13 13 Technical strategies Technology can support alternative market strategies: Strong enforcement: Emphasis is on strict control by technical means. Subsequent use is barred by technology. Weak enforcement: Emphasis is on customer satisfaction and market growth. Technology augmented by economic and social forces.

14 14 Trade-offs in enforcing access management Convenience to users Strength of enforcement What is the cost of failure of authorization systems? Loss of revenue Harmful effects of security failure Loss of privacy Local compromise of security Global compromise of security In digital libraries, the harm from security failures may be small The loss from unhappy customers may be great

15 15 Encryption Decryption

16 16 Dual key encryption Encrypt Decrypt A  A public key -- known to the public private key -- kept private Each individual is given a key pair:

17 17 You wish to send me an encrypted message 1.I tell you my public key (public information) 2.You encrypt the message using my public key and send it to me 3.I decrypt the message using my private key

18 18 Encryption in practice Key management is difficult Single key encryption needs shared private keys. Dual key encryption needs public key infrastructure. One-time keys are good for secure transmission. Government policies are misguided

19 19 Authentication of users The issue: Cornell University has a site license to ACM journals. Is this user a member of Cornell University? Approaches: IP address of user IP address of proxy login ID and password -> separate for each application or system -> campus authentication (e.g., Kerberos)

20 20 Authentication of users Approaches to authentication What you know -- password What you have -- smart card, IP address Who you are -- finger print Trade-off Simple, but insecure Address of computer ID and password Expensive and intrusive

21 21 Authenticity of digital objects The issue: Content can easily be changed by error or maliciously. Authentication systems based on digital signatures fail if one bit changes. Authentication of content should be invariant over changes of font, format, encoding, and layout. Examples: Copyright registration. International document delivery.

22 22 Hashing as test of identity Hash (MD5) A B a b If a = b then A is identical to B. Chance of error is tiny. a and b are each 128 bits

23 23 I wish to prove a message came from me 1.I calculate a hash of the message. 2.I encrypt the hash using my private key. 3.I send you: the message the encrypted hash 4.You decrypt the hash using my public key. 5.You calculate the hash on the received message.

24 24 Digital Signature Hash A a Encrypt  a (private key)  Sender Hash B b Decrypt   (public key) Receiver  b’ If b = b’ then: (a) Message is unaltered, A = B. (b) Encryption used correct private key.

25 25 Subsequent use Access management policies frequently restrict the subsequent use that a user may make of digital objects, e.g., No redistribution without attribution. Display on screen, but not print. Use on a specified computer only. Enforcement of subsequent use policies by technical methods is rarely possible without great inconvenience.

26 26 Secure container (Cryptolope)

27 27 Trusted systems If all computers in a system can trust each other, powerful and flexible access management is possible. General purpose personal computers are unlikely to be trusted. Special purpose computers may be trusted, e.g., smart cards, printers.

Download ppt "1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management."

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.
What is. Digital Certificate It is an identity.

What is. Digital Certificate It is an identity.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Confidentiality and Privacy Controls

Confidentiality and Privacy Controls
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
William Y. Arms Using Technology to Manage Copyrighted Resources.

William Y. Arms Using Technology to Manage Copyrighted Resources.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Cryptographic Technologies

Cryptographic Technologies
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
1 CS 502: Computing Methods for Digital Libraries Lecture 25 Access Management.

1 CS 502: Computing Methods for Digital Libraries Lecture 25 Access Management.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Similar presentations

Ads by Google