Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Management.

Published byChristal Pope Modified over 8 years ago

Similar presentations

Presentation on theme: "Security Management."— Presentation transcript:

1 Security Management

2 Given Credit Where It Is Due
Most slides are from Scott Shenker and Ion Stoica at University of California, Berkeley I have modified and added some slides

3 Outline Key Management Group management Authorization management

4 Authentication Using Public-Key Cryptography
KA+, KB+: public keys KB+(A, RA) 1 2 KA+(RA, RB,KA,B) Alice Bob 3 KA,B(RB) What if KA+ or KB+ is faked?

5 Security Management Problem: how do you get keys in the first place?
Key distribution: securely associate an entity with a key Example: Public Key Infrastructure (PKI), a system that manages public key distribution on a wide-scale Key establishment: establish session keys Use public key cryptography (we already know how to do it) Diffie-Hellman key exchange

6 Components of a PKI

7 Digital Certificate Signed data structure that binds an entity (E) with its corresponding public key (KE+) Signed by a recognized and trusted authority, i.e., Certification Authority (CA) Provide assurance that a particular public key belongs to a specific entity How? CA generates KCA-(E, KE+) Everyone can verify signature using KCA+

8 Certification Authority (CA)
People, processes responsible for creation, delivery and management of digital certificates Organized in a hierarchy (use delegation) Root CA CA-1 CA-2

9 Registration Authority
People, processes and/or tools that are responsible for Authenticating the identity of new entities (users or computing devices) Requiring certificates from CA’s.

10 Certificate Repository
A database which is accessible to all users of a PKI, contains: Digital certificates, Certificate revocation information Policy information

11 Example Alice generates her own key pair
public key Alice private key Bob generates his own key pair public key Bob private key Both send their public key to a CA and receive a digital certificate

12 Example Alice gets Bob’s public key from the CA
private key Alice public key Bob Bob gets Alice’s public key from the CA private key Bob public key Alice

13 Certificate Revocation
Process of publicly announcing that a certificate has been revoked and should no longer be used Approaches: Use certificates that automatically time out Use certificate revocation list

14 Key Establishment Method 1
What’s your public key? Bob picks a symmetric key and encrypts it using Alice’s public key Alice decrypts the symmetric key using her private key Then sends the key to Alice Bob encrypts his message using the symmetric key Then sends the message to Alice Alice decrypts the message using the symmetric key hi

15 Key Establishment Method 2: Diffie-Hellman Key Exchange
Agree on two numbers n, g; both numbers can be made public! Alice and Bob pick two secret numbers x and y n=10, g=7, x=3, g^x mod n = 3; y=5, g^{xy} mod n = 3; g^y mod n = 7; g^{xy} mod n = 3.

16 Outline Key Management Group management Authorization management

17 Secure Group Management
Motivation: offer high availability for security services How: replicate services Problem: how to add a new replica to a group without compromising the integrity of the group?

18 Securely Admitting A New Group Member
CKG: secret key used for communication within group KG+,KG-: public-private key pair to communicate with non-group members KP,G: secret key RP: reply pad T: local time Notation: [X]Y: X was signed by Y join request group admittance Process in group G New process

19 Outline Key Management Group management Authorization management

20 Authorization Management
Granting authorization rights Related with access control which verifies access rights

21 Capabilities (1) How to grant a capability?
How to verify a capability?

22 Capabilities (2) Capability:
Unforgeable data structure for a specific resource R Specify access right the holder has with respect to R Capability in Amoeba (one of the first object-based DS): 48 bits 24 bits 8 bits Server port Object Rights Check Amoeba was one of the first object-based distributed systems.

23 Capabilities (3) Owner Generation of a restricted capability from an owner capability

24 Delegation: Motivation Example
A user Alice has read-only access rights on a large file F Alice wants to print F on printer P no earlier than 2am Method A: Alice sends the entire file F to the printer P; Method B: Alice passes the file name to P and printer P copies the file F to its spooling directory when F is actually needed. For method B, Alice needs to delegate her read-only access rights on F to printer P

25 Delegation A wants to delegate an operation on a resource to B
Problem: how does A delegates its access rights to B? Solutions: A signs (A, B, R) If B wants to delegate operation to C, C needs to contact A Avoid this problem using a proxy (Neuman scheme) Proxy: a token allowing its owner to operate with the same or restricted rights as the entity granting the token

26 Delegation: Neuman Scheme
The general structure of a proxy as used for delegation:

27 Delegation: Neuman Scheme
Using a proxy to delegate and prove ownership of access rights In practice S+proxy, S-proxy can be a public-private key pair and N can be a nonce If Bob wants to delegate some of his access rights to Chuck, how to do that securely without Alice’s involvement?

28 Virus vs. Worm

Download ppt "Security Management."

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.

1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Similar presentations

Ads by Google