1. CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz

2. Review of cryptography…  Private-key (key shared in advance) –Private-key encryption –Message authentication codes (MACs)  Public-key (PK distributed/SK secret) –Public-key encryption –Signature schemes

3. Review of cryptography… –Encryption does not provide integrity –Signatures/MACs do not provide secrecy –Signing is not the same as (public key) encryption/decryption –A “checksum” is not the same as a MAC –Deterministic encryption is not secure –CBC-MAC is not the same as CBC encryption

4. Midterm stats  Average: 65  (Roughly:) –80-100: A –60-80: B –45-60: C –<45: D/F

5. Administrative items  HW3  Project coming soon…

6. Representing Identity (Chapter 14)

7. Identity  An identity specifies a principal (a unique entity)  Authentication binds a principal to a (representation of an) identity  Identities are used for, e.g., accountability and access control (among others)

8. Example: files and objects  Note: the name of an object may depend on the context –E.g., a filename for human use, a file descriptor for process use, and a file allocation entry used by the kernel –E.g., user with different accounts

9. Example: groups  An “entity” may be a set of entities, i.e., a group  Two implementations of groups 1.Group is an alias for a set of principals; principals stay in their groups 2.Principals can change groups; rights depend upon current group membership

10. Roles  A role is a group that ties membership to function –When a principal assumes a role, the principal is given the rights belonging to that role

11. Naming and certificates  Identifiers correspond to principals –Must uniquely identify the principal –(Real) names alone are not enough!

12. E.g., X.509 certificates  Distinguished names identify a principal –Series of fields, each with key and value E.g. /O=University of Maryland/OU=College Park/OU=Computer Science/CN=J. Katz “O” - organization; “OU” - organizational unit; “CN” = common name

13. Certificates  Certification authorities vouch for the identity of the principal to whom a certificate is issued  CA authentication policy determines the level of authentication needed to identify the principal before the certificate is issued  CA issuance policy describes the principals to whom the CA will issue certificates  A single CA can “act” as multiple CAs, each with their own policies…

14. Example: Verisign (1996)  Three levels of authentication –Verification of valid email address –Verification of name/address –Background check  Different authentication policies; same issuance policy (individuals)  Another issuance policy was for issuing certificates to web servers

15. Certificate infrastructure  Hierarchical structure of CAs –Nodes correspond to CAs –Children of a CA are constrained by the policies of their parents –Example…  We will revisit cert. infrastructures later…

16. Example  Internet Policy Registration Authority (IPRA) issues certificates for policy certification authorities (PCAs)  PCAs certify other CAs –Note that their policies cannot conflict with those of the IPRA

17. Conflicts  What if a single CA issues certificates under different policies?  What if a CA issues a certificate tied to an email address, but the owner of this address changes?  What if two CAs have the same dist. name?  What if two different CAs issue certificates for the same distinguished name (to different principals)?

18. Easy solution  For organizational certificates, the last type of conflict can be prevented by incorporating CA name into distinguished name  Does not solve the other problems, in general…

19. Handling conflicts  Conflict detection database…  Before a PCA may issue a certificate to a CA, it checks for a conflict in the database –Sends a hash of the CAs dist. name, the CAs public key, and the dist. name of the PCA  If first two fields conflict with a database entry, the two PCAs must resolve the conflict  Note that this only ensures uniqueness of (DN, PK) pairs

20. Handling conflicts (in action)  Two CAs with same dist. name? –Will have different public keys…  Same CA with two different policies? –Will use different public keys for each

21. What does identity mean?  Ultimately, identity is proved using physical means –Driver’s license, fingerprints, etc.  If these are compromised, then certificates are irrelevant! –Certificate is just a binding between external identity and (DN, PK)

22. Anonymity vs. pseudonymity  Anonymity –No one can identify the source of any messages –Can be achieved via the use of “persona” certificates (with “meaningless” DNs)  Pseudonymity –No one can identify the source of a set of messages… –…but they can tell that they all came from the same person

23. Levels of anonymity  There is a scale of anonymity –Ranges from no anonymity (complete identification), to partial anonymity (e.g., crowds),to complete anonymity –Pseudonymity is an orthogonal issue…