® © 2003 Intel Corporation Security Issues with Names Carl Ellison Sr. Security Architect Network Architecture Lab Intel Corporation June 17, 2003.

Slides:

Advertisements

Similar presentations

Intel Labs Improvements on Conventional PKI Wisdom Carl M. Ellison Sr. Security Architect Corporate Technology Group Intel Corporation 1 st PKI Workshop:

Advertisements

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.

CS 105 – Introduction to the World Wide Web  HTTP Request*  Domain Name Translation  Routing  HTTP Response*  Privacy and Cryptography  Adapted.

Introduction to PKI Mark Franklin September 10, 2003 Dartmouth College PKI Lab.

Namespaces in SPKI Carl M. Ellison Intel Architecture Labs

Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2006 Microsoft Corporation.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Security Jonathan Calazan December 12, 2005.

CAMP - June 4-6, Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin This work is the intellectual property of the authors.

Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Secure Electronic Transactions (SET). SET SET is an encryption and security specification designed to protect credit card transactions on the Internet.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Using Personal Certificates Jeff D’Angelo Jeremy Hill Network of People, Jan 6, 2005.

16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Registration Processing for the Wireless Internet Ian Gordon Director, Market Development Entrust Technologies.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.

Chapter 6 Electronic Mail Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.

Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.

Module 9: Fundamentals of Securing Network Communication.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

1 Chapter 5 Electronic mail security. 2 Outline Pretty good privacy S/MIME Recommended web sites.

1 ISA&D29-Oct ISA&D29-Oct-13 Systems Analyst: problem solver IT and Strategic Planning.

1 Information Security Practice I Lab 5. 2 Cryptography and security Cryptography is the science of using mathematics to encrypt and decrypt data.

Network Security – Special Topic on Skype Security.

SECURITY – Chapter 15 SECURITY – Chapter 15 ….for authentication and confidentiality PGP 1.Uses best algorithms as building blocks 2.General.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.

Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Security fundamentals Topic 9 Securing internet messaging.

Using Public Key Cryptography Key management and public key infrastructures.

Digital Signatures and Digital Certificates Monil Adhikari.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Security is one of the most widely used and regarded network services

Digital Signatures A digital signature is a protocol that produces the same effect as a real signature: It is a mark that only the sender can make but.

Module 8: Securing Network Traffic by Using IPSec and Certificates

S/MIME T ANANDHAN.

Unit 4: Data Communication

Security at the Application Layer: PGP and S/MIME

Distributed Peer-to-peer Name Resolution

Public Key Infrastructure (PKI)

ELECTRONIC MAIL SECURITY

ELECTRONIC MAIL SECURITY

Ceremonies (in 3 minutes)

Module 8: Securing Network Traffic by Using IPSec and Certificates

Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Chapter 8 roadmap 8.1 What is network security?

Presentation transcript:

® © 2003 Intel Corporation Security Issues with Names Carl Ellison Sr. Security Architect Network Architecture Lab Intel Corporation June 17, 2003

Network Architecture Lab © 2003 Intel Corporation 2 Ceremony ( = Protocol ) BCDA Alice Bob

Network Architecture Lab © 2003 Intel Corporation 3 Summary of the problem  Security depends in part on the accurate human use of the system.  When humans are objects in the system, they need to be named.  It is becoming common practice to use common names in these cases.  Programmers and humans use names in fundamentally different ways.

Network Architecture Lab © 2003 Intel Corporation 4 Programmer’s Use of Names  Names are unique (file, path, variable, URL)  sometimes globally  sometimes within some block or directory  The computer follows a name to the same object every time.  sometimes the wrong object, but that’s a bug  The computer executes immediately.  except perhaps with two-phase commit in transaction processing

Network Architecture Lab © 2003 Intel Corporation 5 Human’s Use of Names  The confusion over Dave was resolved by the end of the conversation.  The confusion itself served a useful purpose.  Natural language tolerates a great deal of ambiguity.  It also teaches humans to be sloppy in the use of names. What Dave Did

Network Architecture Lab © 2003 Intel Corporation 6 Sources of Failure  Programmers write code expecting computer-style processing of names.  They assume that also for human names processed by other humans.  By using human names in these UIs, they inadvertently invoke millennia of training to be sloppy in the use of names.  Then, when users exhibit that sloppiness, they blame the users.

Network Architecture Lab © 2003 Intel Corporation 7 Some Samples  John Wilson  John Wilson at the airport  Carl Carlson  Ann Harrison  David Nelson Lesson: People whose last names end in “son” are in trouble.

Network Architecture Lab © 2003 Intel Corporation 8 Why PGP > S/MIME  Certificate sent with the mail, in S/MIME  Some mailers display just the common name of the DN.  Humans would ignore everything else anyway.  PGP practice verifies incoming signatures against the local key ring and the key ring is filled only with personally verified certificates.

Network Architecture Lab © 2003 Intel Corporation 9 General Problems  ID PKI  Matt Blaze: “A commercial CA will protect you from anyone whose money it refuses to take.”  Corporate Authorization Directories

Network Architecture Lab © 2003 Intel Corporation 10 Solutions 1.Drop all names – but then what? 2.SDSI, EUDORA, PINE, … 3.Deferred Binding 4.???

Network Architecture Lab © 2003 Intel Corporation 11 Conclusion  Something must change.  The problem has been with us since at least the 1940’s, probably since the industrial revolution.  It’s getting worse, with the Internet.  Modern S/W techniques make it worse faster.  We need to find a way to solve this.