Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Slides:



Advertisements
Similar presentations
Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Advertisements

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
CS470, A.Selcuk Security1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
Cryptographic Technologies
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
Chapter 12 USING TECHNOLOGY TO ENHANCE BUSINESS PROCESSES.
CERTIFICATES “a document containing a certified statement, especially as to the truth of something ”
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 17 Prof. Crista Lopes.
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.
Chapter 10: Authentication Guide to Computer Network Security.
Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Unit 1: Protection and Security for Grid Computing Part 2
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
Module 9: Fundamentals of Securing Network Communication.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.
1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
CS453: Introduction to Information Security for E-Commerce Prof. Tom Horton.
Security in DNS(DNSSEC) Yalda Edalat Pramodh Pallapothu.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
Using Public Key Cryptography Key management and public key infrastructures.
Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University
Measures to prevent MITM attack and their effectiveness CSCI 5931 Web Security Submitted By Pradeep Rath Date : 23 rd March 2004.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Lecture 6.
Key management issues in PGP
Presented by Edith Ngai MPhil Term 3 Presentation
Chap 13. Representing Identity
Secure Software Confidentiality Integrity Data Security Authentication
Module 8: Securing Network Traffic by Using IPSec and Certificates
S/MIME T ANANDHAN.
Chapter 14: Representing Identity
Message Digest Cryptographic checksum One-way function Relevance
Pooja programmer,cse department
ELECTRONIC MAIL SECURITY
ELECTRONIC MAIL SECURITY
Module 8: Securing Network Traffic by Using IPSec and Certificates
Advanced Computer Networks
Presentation transcript:

csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity

csci5233 Computer Security2 Outline Introduction Naming & Certificates Identity on the web Anonymity

csci5233 Computer Security3 What is identity? An identity specifies a principal. –A principal is a unique entity. –What can be an entity? Subjects: users, groups, roles e.g., a user identification number (UID) identifies a user in a UNIX system Objects: files, web pages, etc. + subjects e.g., an URL identifies an object by specifying its location and the protocol used (such as

csci5233 Computer Security4 Authentication vs identity Authentication binds a principal to a representation of identity internal to the computer. Two main purposes of using identities: –Accountability (logging, auditing) –Access control

csci5233 Computer Security5 Identity Naming and Certificates In X.509 certificates, distinguished names (that is, X.500 Distinguished Name) are used to identify entities. X.500 Distinguished Name e.g., /O=UHCL/OU=SCE/CN=Andrew Yang/L=Houston/SP=Texas/C=US e.g., /O=UHCL/OU=SCE/CN=UnixLabAdministrator/L=Ho uston/SP=Texas/C=US A certification authority (CA) vouches, at some level, for the identity of the principals to which the certificate is issued.

csci5233 Computer Security6 Structure of CAs [RFC 1422, S. Kent, 1993] Privacy Enhancement for internet Electronic Mail: Part II, Certificate- Based Key Management The certificate-based key management infrastructure organizes CAs into a hierarchical, tree-based structure. Each node in the tree corresponds to a CA. A Higher-level CA set policies that all subordinate CAs must follow; it certifies the subordinate CAs.

csci5233 Computer Security7 Certificates & Trust A certificate is the binding of an external identity to a cryptographic key and a Distinguished Name. If the certificate issuer can be fooled, all who rely on that certificate may also be fooled. The authentication policy defines the way in which principals prove their identities, relying on nonelectronic proofs of identity such as biometrics, documents, or personal knowledge.

csci5233 Computer Security8 Certificates & Trust The goal of certificates is to bind a correct pair of identity and public key. PGP certificates include a series of signature fields, each of which contains a level of trust. The OpenPGP specification defines 4 levels of trusts: 1.Generic: no assertions 2.Persona (i.e., anonymous): no verification of the binding between the user name and the principal 3.Casual: some verification 4.Positive: substantial verification

csci5233 Computer Security9 Certificates & Trust Issues with the OpenPGP’s levels of trusts: The trust is not quantifiable. The same terms (such as ‘substantial verification’) can imply different levels of assurance to different signers. The interpretations are left to the verifiers. The point: “Knowing the policy or the trust level with which the certificate is signed is not enough to evaluate how likely it is that the identity identifies the correct principal.” Other knowledge is needed: e.g., how the CA or signer interprets the policy and enforces its requirements

csci5233 Computer Security10 Identity on the Internet Host identity: How is a computer identified on the Internet? –ISO/OSI 7-layer model –The possibility of ‘spoofing’ a computer’s IP or MAC address Static vs Dynamic Identifiers –The NAT (Network Address Translation) protocol

csci5233 Computer Security11 Domain Name Services DNS provides an association between a host name and an IP address. If the association is corrupted, the identifier in question will be associated with the wrong host (sometimes the malicious one). Attacks on the DNS: Bellovin, Schuba

csci5233 Computer Security12 State and Cookies The HTTP protocol is a stateless protocol: basically request/response Other mechanisms (such as cookies or sessions) are needed to maintain states between a client and a server. Def. 14-4: A cookie is a token that contains information about the state of a transaction on a network. pp : Values in the cookies Cookies may contain sensitive information. Protecting the confidentiality of the cookies may be critical.

csci5233 Computer Security13 Anonymity on the Web Anonymity: The ability to hide the identity of a host When would anonymity be needed? Examples: anonymous r ers, mixers  More details in the ‘network security’ course

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.