CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.

Slides:



Advertisements
Similar presentations
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
Advertisements

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CMSC 414 Computer (and Network) Security Lecture 13 Jonathan Katz.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lectures 19,20, and 21: April 5, 10, and 12, 2007 Cryptographic Primitives.
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 17 Prof. Crista Lopes.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Security Management.
TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Chapter 31 Network Security
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
CS526: Information Security Chris Clifton October 16, 2003 Authentication.
Secure Electronic Transaction (SET)
ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Cryptography Encryption/Decryption Franci Tajnik CISA Franci Tajnik.
Unit 1: Protection and Security for Grid Computing Part 2
Chapter 21 Distributed System Security Copyright © 2008.
CERTIFICATES. What is a Digital Certificate? Electronic counterpart to a drive licenses or a passport. Enable individuals and organizations to secure.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security Identity.
Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Cryptography (2) University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
ELECTROINC COMMERCE TOOLS Chapter 6. Outline 6.0 Introduction 6.1 PUBLIC KEY INFRASTRUCTURE (PKI) AND CERTIFICATE AUTHORITIES (CAs) TRUST
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
1 Lecture 19: PEM and S/MIME history PEM –establishing keys –public key hierarchy –message structure –message headers –encryption and integrity protection.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
1 Thuy, Le Huu | Pentalog VN Web Services Security.
Chapter 14: Representing Identity Dr. Wayne Summers Department of Computer Science Columbus State University
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Fundamentals of Network Security Ravi Mukkamala SCI 101 October 6, 2003.
Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.
Key management issues in PGP
Chapter 14: Representing Identity
Digital Certificates and X.509
Presentation transcript:

CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz

Review of cryptography…  Private-key (key shared in advance) –Private-key encryption –Message authentication codes (MACs)  Public-key (PK distributed/SK secret) –Public-key encryption –Signature schemes

Review of cryptography… –Encryption does not provide integrity –Signatures/MACs do not provide secrecy –Signing is not the same as (public key) encryption/decryption –A “checksum” is not the same as a MAC –Deterministic encryption is not secure –CBC-MAC is not the same as CBC encryption

Midterm stats  Average: 65  (Roughly:) –80-100: A –60-80: B –45-60: C –<45: D/F

Administrative items  HW3  Project coming soon…

Representing Identity (Chapter 14)

Identity  An identity specifies a principal (a unique entity)  Authentication binds a principal to a (representation of an) identity  Identities are used for, e.g., accountability and access control (among others)

Example: files and objects  Note: the name of an object may depend on the context –E.g., a filename for human use, a file descriptor for process use, and a file allocation entry used by the kernel –E.g., user with different accounts

Example: groups  An “entity” may be a set of entities, i.e., a group  Two implementations of groups 1.Group is an alias for a set of principals; principals stay in their groups 2.Principals can change groups; rights depend upon current group membership

Roles  A role is a group that ties membership to function –When a principal assumes a role, the principal is given the rights belonging to that role

Naming and certificates  Identifiers correspond to principals –Must uniquely identify the principal –(Real) names alone are not enough!

E.g., X.509 certificates  Distinguished names identify a principal –Series of fields, each with key and value E.g. /O=University of Maryland/OU=College Park/OU=Computer Science/CN=J. Katz “O” - organization; “OU” - organizational unit; “CN” = common name

Certificates  Certification authorities vouch for the identity of the principal to whom a certificate is issued  CA authentication policy determines the level of authentication needed to identify the principal before the certificate is issued  CA issuance policy describes the principals to whom the CA will issue certificates  A single CA can “act” as multiple CAs, each with their own policies…

Example: Verisign (1996)  Three levels of authentication –Verification of valid address –Verification of name/address –Background check  Different authentication policies; same issuance policy (individuals)  Another issuance policy was for issuing certificates to web servers

Certificate infrastructure  Hierarchical structure of CAs –Nodes correspond to CAs –Children of a CA are constrained by the policies of their parents –Example…  We will revisit cert. infrastructures later…

Example  Internet Policy Registration Authority (IPRA) issues certificates for policy certification authorities (PCAs)  PCAs certify other CAs –Note that their policies cannot conflict with those of the IPRA

Conflicts  What if a single CA issues certificates under different policies?  What if a CA issues a certificate tied to an address, but the owner of this address changes?  What if two CAs have the same dist. name?  What if two different CAs issue certificates for the same distinguished name (to different principals)?

Easy solution  For organizational certificates, the last type of conflict can be prevented by incorporating CA name into distinguished name  Does not solve the other problems, in general…

Handling conflicts  Conflict detection database…  Before a PCA may issue a certificate to a CA, it checks for a conflict in the database –Sends a hash of the CAs dist. name, the CAs public key, and the dist. name of the PCA  If first two fields conflict with a database entry, the two PCAs must resolve the conflict  Note that this only ensures uniqueness of (DN, PK) pairs

Handling conflicts (in action)  Two CAs with same dist. name? –Will have different public keys…  Same CA with two different policies? –Will use different public keys for each

What does identity mean?  Ultimately, identity is proved using physical means –Driver’s license, fingerprints, etc.  If these are compromised, then certificates are irrelevant! –Certificate is just a binding between external identity and (DN, PK)

Anonymity vs. pseudonymity  Anonymity –No one can identify the source of any messages –Can be achieved via the use of “persona” certificates (with “meaningless” DNs)  Pseudonymity –No one can identify the source of a set of messages… –…but they can tell that they all came from the same person

Levels of anonymity  There is a scale of anonymity –Ranges from no anonymity (complete identification), to partial anonymity (e.g., crowds),to complete anonymity –Pseudonymity is an orthogonal issue…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.