Protection and Security

Slides:



Advertisements
Similar presentations
Hash Functions A hash function takes data of arbitrary size and returns a value in a fixed range. If you compute the hash of the same data at different.
Advertisements

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 Counter-measures Threat Monitoring Cryptography as a security tool Encryption Digital Signature Key distribution.
6/2/2015B.Ramamurthy1 Security B.Ramamurthy. 6/2/2015B.Ramamurthy2 Computer Security Collection of tools designed to thwart hackers Became necessary with.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
Security Chapters 14,15. The Security Environment Threats Security goals and threats.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
1 Security and Protection Chapter 9. 2 The Security Environment Threats Security goals and threats.
6/28/20151 Bringing Semantic Security to Semantic Web Services B. Ramamurthy.
BR1 Protection and Security B. Ramamurthy Chapters 18 and 19.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
9/21/2015B.Ramamurthy1 Security Chapter 7. 9/21/2015B.Ramamurthy2 Introduction What is the security model of your system? There are many issues: 1. Security.
Cryptography, Authentication and Digital Signatures
Public-Key Cryptography CS110 Fall Conventional Encryption.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
Module 3 – Cryptography Cryptography basics Ciphers Symmetric Key Algorithms Public Key Algorithms Message Digests Digital Signatures.
From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, © Addison-Wesley 2012 Slides for Chapter 11: Security.
1 Public-Key Cryptography and Message Authentication.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F
Computer Science and Engineering Computer System Security CSE 5339/7339 Lecture 14 October 5, 2004.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptographic Security Aveek Chakraborty CS5204 – Operating Systems1.
CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.
Overview Modern public-key cryptosystems: RSA
Security Outline Encryption Algorithms Authentication Protocols
Unit 3 Section 6.4: Internet Security
1. Public Key Encryption (A Simple Case)
Public-Key Cryptography and Message Authentication
Information Security message M one-way hash fingerprint f = H(M)
Computer Data Security & Privacy
Chapter 9 Security 9.1 The security environment
Chapters 14,15 Security.
Fundamental Concepts in Security and its Application Cloud Computing
Cryptography.
Information Security message M one-way hash fingerprint f = H(M)
Digital Signatures Last Updated: Oct 14, 2017.
Slides for Chapter 11: Security
Chap 6: Security and Protection
Elliptic Curve Cryptography (ECC)
CS/COE 1501 Recitation RSA Encryption/Decryption
Security Chapter 7 11/21/2018 B.Ramamurthy.
ELECTRONIC MAIL SECURITY
Information Security message M one-way hash fingerprint f = H(M)
Elliptic Curve Cryptography (ECC)
ELECTRONIC MAIL SECURITY
Enabling Technology1: Cryptography
Lecture 4 - Cryptography
Intro to Cryptography Some slides have been taken from:
OS Access Control Mauricio Sifontes.
Security Chapter 7 1/14/2019 B.Ramamurthy.
Digital Signatures…!.
Security Chapter 11 2/16/2019 B.Ramamurthy.
Security Chapter 7 2/22/2019 B.Ramamurthy.
Chapters 14,15 Security.
Security Chapter 7 2/28/2019 B.Ramamurthy.
Security Chapter 7 4/8/2019 B.Ramamurthy.
Public-Key, Digital Signatures, Management, Security
Chapter 3 - Public-Key Cryptography & Authentication
Chapter 29 Cryptography and Network Security
Security Chapter 7 4/29/2019 B.Ramamurthy.
Oblivious Transfer.
Operating Systems Concepts
Presentation transcript:

Protection and Security B. Ramamurthy BR

Access Matrix A general model of access control as exercised by a file or database management system is that of an access matrix. Basic elements of the model are: Subject: An entity capable of accessing objects. The concept of subject equates that of a process. Object: Anything to which access is controlled. Ex: files, programs, segments of memory. Access right: The way in which an object is accesses by the subject. Examples: read, write, and execute. BR

Access Matrix (contd.) userA userB userC File 1 File 2 File 3 File 4 Acct1 Acct2 Printer1 Own R, W Own R, W Inquiry Credit userA Inquiry Credit Own R, W Inquiry Debit R W R userB P Inquiry Debit Own R, W userC R,W R BR

Access Matrix Details Row index corresponds to subjects and column index the objects. Entries in the cell represent the access privileges/rights. In practice, access matrix is quite sparse and is implemented as either access control lists (ACLs) or capability tickets. BR

ACLs Access matrix can be decomposed by columns, yielding access control lists. For each object access control list lists the users and their permitted access rights. The access control list may also have a default or public entry to covers subjects that are not explicitly listed in the list. Elements of the list may include individual as well group of users. BR

Windows NT(W2K) Security Access Control Scheme name/password access token associated with each process object indicating privileges associated with a user security descriptor access control list used to compare with access control list for object BR

Access Token (per user/subject) Security ID (SID) Group SIDs Privileges Default Owner Default ACL BR

Security Descriptor (per Object) Flags Owner System Access Control List (SACL) Discretionary Access Control List (DACL) BR

Access Control List . BR ACL Header ACE Header Access Mask SID

Access Mask BR Delete Read Control Write DAC Write Owner Generic Access Types Synchronize Standard Access Types Specific Access Types Access System Security Maximum allowed Generic All Generic Execute Generic Write Generic Read BR

Access Control Using ACLs When a process attempts to access an object, the object manager in W2K executive reads the SID and group SIDs from the access token and scans down the object’s DACL. If a match is found in SID, then the corresponding ACE Access Mask provides the access rights available to the process. BR

RSA Encryption To find a key pair e, d: 1. Choose two large prime numbers, P and Q (each greater than 10100), and form: N = P x Q Z = (P–1) x (Q–1) 2. For d choose any number that is relatively prime with Z (that is, such that d has no common factors with Z). We illustrate the computations involved using small integer values for P and Q: P = 13, Q = 17 –> N = 221, Z = 192 d = 5 3. To find e solve the equation: e x d = 1 mod Z That is, e x d is the smallest element divisible by d in the series Z+1, 2Z+1, 3Z+1, ... . e x d = 1 mod 192 = 1, 193, 385, ... 385 is divisible by d e = 385/5 = 77 BR

RSA Encryption (contd.) To encrypt text using the RSA method, the plaintext is divided into equal blocks of length k bits where 2k < N (that is, such that the numerical value of a block is always less than N; in practical applications, k is usually in the range 512 to 1024). k = 7, since 27 = 128 The function for encrypting a single block of plaintext M is: (N = P X Q = 13X17 = 221), e = 77, d = 5: E'(e,N,M) = Me mod N for a message M, the ciphertext is M77 mod 221 The function for decrypting a block of encrypted text c to produce the original plaintext block is: D'(d,N,c) = cd mod N The two parameters e,N can be regarded as a key for the encryption function, and similarly d,N represent a key for the decryption function. So we can write Ke = <e,N> and Kd = <d,N>, and we get the encryption function: E(Ke, M) ={M}K (the notation here indicating that the encrypted message can be decrypted only by the holder of the private key Kd) and D(Kd, ={M}K ) = M. <e,N> - public key, d – private key for a station BR

Application of RSA Lets say a person in Atlanta wants to send a message M to a person in Buffalo: Atlanta encrypts message using Buffalo’s public key B  E(M,B) Only Buffalo can read it using it private key b: E(b, E(M,B))  M In other words for any public/private key pair determined as previously shown, the encrypting function holds two properties: E(p, E(M,P))  M E(P, E(M,p))  M BR

How can you authenticate “sender”? In real life you will use signatures: we will look at concept of digital signatures next. Instead of sending just a simple message, Atlanta will send a signed message signed by Atlanta’s private key: E(B,E(M,a)) Buffalo will first decrypt using its private key and use Atlanta’s public key to decrypt the signed message: E(b, E(B,E(M,a))  E(M,a) E(A,E(M,a))  M BR

Digital Signatures Strong digital signatures are essential requirements of a secure system. These are needed to verify that a document is: Authentic : source Not forged : not fake Non-repudiable : The signer cannot credibly deny that the document was signed by them. BR

Digest Functions Are functions generated to serve a signatures. Also called secure hash functions. It is message dependent. Only the Digest is encrypted using the private key. BR

Alice’s bank account certificate 1. Certificate type : Account number 2. Name Alice 3. Account 6262626 4. Certifying authority Bob’s Bank 5. Signature {Digest(field 2 + field 3)} KBpriv BR

Digital signatures with public keys BR

Low-cost signatures with a shared secret key BR