3/15/01CSCI {4,6}900: Ubiquitous Computing1 Announcements.

Slides:

Advertisements

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Akshat Sharma Samarth Shah

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

1 Operating System vs. Network Security Butler Lampson Microsoft Outline What security is about Operating systems security Network security How they fit.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

Page 15/5/2015 CSE 542: Graduate Operating Systems Outline  Chapter 18: Protection  Chapter 19: Security  A Method for Obtaining Digital Signatures.

Access Control Methodologies

Grid Security. Typical Grid Scenario Users Resources.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter 10 Securing Exchange Server 2003.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Security Issues in Grid Computing Reading: Grid Book, Chapter 16: “Security, Accounting and Assurance” By Clifford Neuman.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Copyright, 1996 © Dale Carnegie & Associates, Inc. Digital Certificates Presented by Sunit Chauhan.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

Security Protocols in Automation Dwaine Clarke MIT Laboratory for Computer Science January 8, 2002 With help from: Matt Burnside, Todd.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Chapter 10: Authentication Guide to Computer Network Security.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.

Masud Hasan Secue VS Hushmail Project 2.

BY MOHAMMED ALQAHTANI (802.11) Security. What is ? IEEE is a set of standards carrying out WLAN computer communication in frequency bands.

Kerberos: An Authentication Service for Open Network Systems Jennifer G. Steiner Clifford Neuman Jeffrey I. Schiller.

Mar 13, 2001CSCI {4,6}900: Ubiquitous Computing1 Announcements HW 4 due Thursday – 11:00 AM If you have any questions regarding HW3, Project Proposal and.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

Module 9: Fundamentals of Securing Network Communication.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.

Key Management. Given a computer network with n hosts, for each host to be able to communicate with any other host would seem to require as many as n*(n-1)

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Security (and privacy) Larry Rudolph With help from Srini Devedas, Dwaine Clark.

The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.

Kerberos  Kerberos was a 3-headed dog in Greek mythology Guarded the gates of the deadGuarded the gates of the dead Decided who might enterDecided who.

Security, Accounting, and Assurance Mahdi N. Bojnordi 2004

Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.

Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Module 13: Enterprise PKI Active Directory Certificate Services (AD CS)

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Chapter 7 – Confidentiality Using Symmetric Encryption.

The overview How the open market works. Players and Bodies  The main players are –The component supplier  Document  Binary –The authorized supplier.

Fall 2006CS 395: Computer Security1 Key Management.

 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.

Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Authentication in Dist Systems Presented in cs294-4 P2P Systems by Sailesh Krishnamurthy Oct

Secure HTTP (HTTPS) Pat Morin COMP 2405.

Key management issues in PGP

Computer Security Distributed System Security

CSE 542: Operating Systems

Presentation transcript:

3/15/01CSCI {4,6}900: Ubiquitous Computing1 Announcements

3/15/01CSCI {4,6}900: Ubiquitous Computing2 Tomorrow Authentication in Distributed Systems: Theory and Practice, Butler Lampson, Martin Abadi, Michael Burrows, Edward Wobber –Butler Lampson (MSR) - He was one of the designers of the SDS 940 time-sharing system, the Alto personal distributed computing system, the Xerox 9700 laser printer, two-phase commit protocols, the Autonet LAN, and several programming languages. –Martin Abadi (Bell Labs) –Michael Burrows, Edward Wobber (Compaq SRC)

3/15/01CSCI {4,6}900: Ubiquitous Computing3 Authentication Method for obtaining the source of the request –Who said this? Interpreting the access rule – authorization –Who is trusted to access this? –Access control list (ACL) Easier in central servers because the server knows all the sources

3/15/01CSCI {4,6}900: Ubiquitous Computing4 Distributed authentication (ala searchget) Autonomy: Request might come through a number of untrusted nodes. So “Surendar” is not the same as “Surendar working network” Size: Multiple authentication sources Heterogeneity: Different methods of connecting Fault-tolerance: Parts of the system may be broken

3/15/01CSCI {4,6}900: Ubiquitous Computing5 Access Control Model Principal: source for requests Requests to perform operations on objects Reference monitor: a guard for each object that examines each request for the object and decides whether to grant it Objects: Resource such as files, processes.. Principal Do operation Reference Monitor Object

3/15/01CSCI {4,6}900: Ubiquitous Computing6 Trusted Computing Base A small amount of software and hardware that security depends upon –You have to trust something Possible to obtain trusted statements from untrusted source –end-to-end argument TCB typically includes: –Operating system –Hardware –Encryption mechanisms –Algorithms for authentication and authorization

3/15/01CSCI {4,6}900: Ubiquitous Computing7 Example scenario One user, two machines, two operating systems, two subsystems, and two channels All communication over channels (no direct comm.) Accounting Application Workstation Operating System File Server Server Operating System Network channel request Keyboard/ Display channel

3/15/01CSCI {4,6}900: Ubiquitous Computing8 Encryption channels Shared vs public key cryptography –Shared is fast –Public key systems are easy to manage –Hybrids offer best of both worlds (e.g. SSL) Broadcast encryption channels –Public key channel is broadcast channel: you can send a message without knowing who will receive it –Shows how you can implement broadcast channel using shared keys Node-to-node secure channels

3/15/01CSCI {4,6}900: Ubiquitous Computing9 Principals with names When requests arrive on a channel it is granted only if the channel speaks for one of the principals on the ACL –Push: sender collects A’s credentials and presents them when needed –Pull: receiver looks up A in some database to get credentials for A

3/15/01CSCI {4,6}900: Ubiquitous Computing10 Man in the middle attach 1.C requests server certificate from S 2.S sends server certificate with Spublic to C 3.C verifies validity of Spublic 4.C generate symmetric key for session 5.C encrypts Csymmetric using Spublic 6.C transmits Csymmetric(data) and Spublic(Csymmetric) to S Principal (C) Resource (S)

3/15/01CSCI {4,6}900: Ubiquitous Computing11 Man in the middle attach 1.C requests server certificate from S 2.S sends server certificate with Spublic to C 3.C verifies validity of Spublic 4.C generate symmetric key for session 5.C encrypts Csymmetric using Spublic 6.C transmits Csymmetric(data) and Spublic(Csymmetric) to S –Certification authorities Principal (C) Resource (S) Intruder S1/C2

3/15/01CSCI {4,6}900: Ubiquitous Computing12 Certification Authority Difficult to make system highly available and highly secure –Leave CA offline, endorse certificates with long timeout –Online agent highly available, countersign with shorter timeout – Cache while both timeouts fresh –Invalidation at cache granularity Simple Certification Authority –CA speaks for A and is trusted when it says that C speaks for A Everyone trusts CA to speak for named principal Everyone knows public key of CA Pathnames and Multiple authorities –Decentralized authority, Parents cannot unconditionally speak for children

3/15/01CSCI {4,6}900: Ubiquitous Computing13 Groups Each principal speaks for the group Group membership certificates –Impossible to tell the membership Alternate approach is to distribute certificates to all principals –Revocation?

3/15/01CSCI {4,6}900: Ubiquitous Computing14 Roles and programs Role that a user play; a normal user or sysadmin? ACL may distinguish the role Delegation: –Users delegate to compute server

3/15/01CSCI {4,6}900: Ubiquitous Computing15 Auditing Formal proof for every access control decision

3/15/01CSCI {4,6}900: Ubiquitous Computing16 Discussion