Presentation is loading. Please wait.

Presentation is loading. Please wait.

® © 2003 Intel Corporation Security Issues with Names Carl Ellison Sr. Security Architect Network Architecture Lab Intel Corporation June 17, 2003.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "® © 2003 Intel Corporation Security Issues with Names Carl Ellison Sr. Security Architect Network Architecture Lab Intel Corporation June 17, 2003."— Presentation transcript:

1 ® © 2003 Intel Corporation Security Issues with Names Carl Ellison Sr. Security Architect Network Architecture Lab Intel Corporation June 17, 2003

2 Network Architecture Lab © 2003 Intel Corporation 2 Ceremony ( = Protocol ) BCDA Alice Bob

3 Network Architecture Lab © 2003 Intel Corporation 3 Summary of the problem  Security depends in part on the accurate human use of the system.  When humans are objects in the system, they need to be named.  It is becoming common practice to use common names in these cases.  Programmers and humans use names in fundamentally different ways.

4 Network Architecture Lab © 2003 Intel Corporation 4 Programmer’s Use of Names  Names are unique (file, path, variable, URL)  sometimes globally  sometimes within some block or directory  The computer follows a name to the same object every time.  sometimes the wrong object, but that’s a bug  The computer executes immediately.  except perhaps with two-phase commit in transaction processing

5 Network Architecture Lab © 2003 Intel Corporation 5 Human’s Use of Names  The confusion over Dave was resolved by the end of the conversation.  The confusion itself served a useful purpose.  Natural language tolerates a great deal of ambiguity.  It also teaches humans to be sloppy in the use of names. What Dave Did

6 Network Architecture Lab © 2003 Intel Corporation 6 Sources of Failure  Programmers write code expecting computer-style processing of names.  They assume that also for human names processed by other humans.  By using human names in these UIs, they inadvertently invoke millennia of training to be sloppy in the use of names.  Then, when users exhibit that sloppiness, they blame the users.

7 Network Architecture Lab © 2003 Intel Corporation 7 Some Samples  John Wilson e-mail  John Wilson at the airport  Carl Carlson  Ann Harrison  David Nelson Lesson: People whose last names end in “son” are in trouble.

8 Network Architecture Lab © 2003 Intel Corporation 8 Why PGP > S/MIME  Certificate sent with the mail, in S/MIME  Some mailers display just the common name of the DN.  Humans would ignore everything else anyway.  PGP practice verifies incoming signatures against the local key ring and the key ring is filled only with personally verified certificates.

9 Network Architecture Lab © 2003 Intel Corporation 9 General Problems  ID PKI  Matt Blaze: “A commercial CA will protect you from anyone whose money it refuses to take.”  Corporate Authorization Directories

10 Network Architecture Lab © 2003 Intel Corporation 10 Solutions 1.Drop all names – but then what? 2.SDSI, EUDORA, PINE, … 3.Deferred Binding 4.???

11 Network Architecture Lab © 2003 Intel Corporation 11 Conclusion  Something must change.  The problem has been with us since at least the 1940’s, probably since the industrial revolution.  It’s getting worse, with the Internet.  Modern S/W techniques make it worse faster.  We need to find a way to solve this.

Download ppt "® © 2003 Intel Corporation Security Issues with Names Carl Ellison Sr. Security Architect Network Architecture Lab Intel Corporation June 17, 2003."

Similar presentations

Intel Labs Improvements on Conventional PKI Wisdom Carl M. Ellison Sr. Security Architect Corporate Technology Group Intel Corporation 1 st PKI Workshop:

Intel Labs Improvements on Conventional PKI Wisdom Carl M. Ellison Sr. Security Architect Corporate Technology Group Intel Corporation 1 st PKI Workshop:
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.

Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.

CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.
Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.
Namespaces in SPKI Carl M. Ellison Intel Architecture Labs

Namespaces in SPKI Carl M. Ellison Intel Architecture Labs
Lecture 12 e-mail Security. Summary  PEM  secure email  PGP  S/MIME.

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Email Security Jonathan Calazan December 12, 2005.

Security Jonathan Calazan December 12, 2005.
CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.
Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.

Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Similar presentations

Ads by Google