1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management.

Slides:

Advertisements

Similar presentations

RP Designs Semi-Custom e-Commerce Package. Overview RP Designs semi- custom e-commerce package is a complete website solution. Visitors can browse a catalog.

Advertisements

What is. Digital Certificate It is an identity.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Confidentiality and Privacy Controls

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

Grid Security. Typical Grid Scenario Users Resources.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

William Y. Arms Using Technology to Manage Copyrighted Resources.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Cryptographic Technologies

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

1 CS 502: Computing Methods for Digital Libraries Lecture 25 Access Management.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Chapter 14 Encryption: A Matter Of Trust. Awad –Electronic Commerce 2/e © 2004 Pearson Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic.

AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.

Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.

1 herbert van de sompel CS 502 Computing Methods for Digital Libraries Cornell University – Computer Science Herbert Van de Sompel

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

1 ENC Encryption/ISO Julia Powell Office of Coast Survey Marine Chart Division.

Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.

CS CS 5150 Software Engineering Lecture 18 Security.

Sagar Joshi Senior Security Consultant | ACE Team, Microsoft Information Security

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Cryptography, Authentication and Digital Signatures

1 Boundary Control Chapter Materi: Boundary controls:  Cryptographic controls  Access controls  Personal identification numbers  Digital signatures.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Chapter 16 Security Introduction to CS 1 st Semester, 2012 Sanghyun Park.

Encryption. What is Encryption? Encryption is the process of converting plain text into cipher text, with the goal of making the text unreadable.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

Lifecycle Metadata for Digital Objects October 18, 2004 Transfer / Authenticity Metadata.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

DIGITAL SIGNATURE.

Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.

Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.

Corporation For National Research Initiatives Technical Issues in Electronic Publishing Corporation for National Research Initiatives William Y. Arms.

IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

Lifecycle Metadata for Digital Objects October 9, 2002 Transfer / Authenticity Metadata.

April 20023CSG11 Electronic Commerce Authentication John Wordsworth Department of Computer Science The University of Reading Room.

Unit 3 Section 6.4: Internet Security

Computer Communication & Networks

NET 311 Information Security

Lecture 4 - Cryptography

PKI (Public Key Infrastructure)

Advanced Computer Networks

Electronic Payment Security Technologies

Presentation transcript:

1 CS 502: Computing Methods for Digital Libraries Lecture 26 Techniques of Access Management

2 Administration Online survey

3 Users Digital objects Identification & authenticity Attributes Authentication Roles Permitted Operations Laws and agreements Policies Authorization Information Managers Access

4 A publishing example Collection consists of: current journals, back list, promotional materials Subscribers have access: current and back list - general, no redistribution Other users have access: current - list price, no redistribution back list - 50% of list price, no redistribution Promotional materials - unlimited access

5 Attributes of digital objects Attributes currentCurrent backBack list promoPromotional

6 Roles of users Roles subscriberUser is a subscriber otherOther user list Has paid list price discountHas paid 50% of list price

7 Permitted operations Operations general General access dist Redistribution

8 Policies AttributeRole Operations current or backsubscriber general, not dist currentother and list general, not dist backother and discount general, not dist promoany general, dist Each row of the table represents a policy.

9 Revision The publisher changes its policies. Current and back list will be treated the same, with a 20% discount on all journals.

10 Example: Revised Role Define a new role: standardHas paid 80% of list price

11 Revised policies AttributeRole Operations current or backsubscriber general, not dist current or backother and standard general, not dist promoany general, dist

12 The basic decisions Providing access is harder than blocking access Intrusive technology drives people away People value their privacy It must be clear what the technology is trying to achieve Technology serves economic or organizational goals Every technical question has an organizational context

13 Technical strategies Technology can support alternative market strategies: Strong enforcement: Emphasis is on strict control by technical means. Subsequent use is barred by technology. Weak enforcement: Emphasis is on customer satisfaction and market growth. Technology augmented by economic and social forces.

14 Trade-offs in enforcing access management Convenience to users Strength of enforcement What is the cost of failure of authorization systems? Loss of revenue Harmful effects of security failure Loss of privacy Local compromise of security Global compromise of security In digital libraries, the harm from security failures may be small The loss from unhappy customers may be great

15 Encryption Decryption

16 Dual key encryption Encrypt Decrypt A  A public key -- known to the public private key -- kept private Each individual is given a key pair:

17 You wish to send me an encrypted message 1.I tell you my public key (public information) 2.You encrypt the message using my public key and send it to me 3.I decrypt the message using my private key

18 Encryption in practice Key management is difficult Single key encryption needs shared private keys. Dual key encryption needs public key infrastructure. One-time keys are good for secure transmission. Government policies are misguided

19 Authentication of users The issue: Cornell University has a site license to ACM journals. Is this user a member of Cornell University? Approaches: IP address of user IP address of proxy login ID and password -> separate for each application or system -> campus authentication (e.g., Kerberos)

20 Authentication of users Approaches to authentication What you know -- password What you have -- smart card, IP address Who you are -- finger print Trade-off Simple, but insecure Address of computer ID and password Expensive and intrusive

21 Authenticity of digital objects The issue: Content can easily be changed by error or maliciously. Authentication systems based on digital signatures fail if one bit changes. Authentication of content should be invariant over changes of font, format, encoding, and layout. Examples: Copyright registration. International document delivery.

22 Hashing as test of identity Hash (MD5) A B a b If a = b then A is identical to B. Chance of error is tiny. a and b are each 128 bits

23 I wish to prove a message came from me 1.I calculate a hash of the message. 2.I encrypt the hash using my private key. 3.I send you: the message the encrypted hash 4.You decrypt the hash using my public key. 5.You calculate the hash on the received message.

24 Digital Signature Hash A a Encrypt  a (private key)  Sender Hash B b Decrypt   (public key) Receiver  b’ If b = b’ then: (a) Message is unaltered, A = B. (b) Encryption used correct private key.

25 Subsequent use Access management policies frequently restrict the subsequent use that a user may make of digital objects, e.g., No redistribution without attribution. Display on screen, but not print. Use on a specified computer only. Enforcement of subsequent use policies by technical methods is rarely possible without great inconvenience.

26 Secure container (Cryptolope)

27 Trusted systems If all computers in a system can trust each other, powerful and flexible access management is possible. General purpose personal computers are unlikely to be trusted. Special purpose computers may be trusted, e.g., smart cards, printers.