Trust How much to trust a particular certificate? Based on: –CA authentication policy –Rigor with which policy is followed –Assumptions inherent in the policy
Example… Certificate issued based on a passport Assumptions: –Passport not forged –Passport issued to the right person –Person presenting passport is the right person –CA actually checked the passport when issuing the certificate
Anonymity vs. pseudonymity Anonymity –No one can identify the source of any messages –Can be achieved via the use of “persona” certificates (with “meaningless” DNs) Pseudonymity –No one can identify the source of a set of messages… –…but they can tell that they all came from the same person
Levels of anonymity There is a scale of anonymity –Ranges from no anonymity (complete identification), to partial anonymity (e.g., crowds),to complete anonymity –Pseudonymity is tangential to this…
Anonymizers Proxies that clients can connect to, and use to forward their communication –Primarily used for email, http Can also provide pseudonymity –This may lead to potential security flaws if mapping is compromised Must trust the anonymizer… –Can limit this by using multiple anonymizers
Traffic analysis If messages sent to remailers are not encrypted, it is easy to trace the sender Even if encrypted, may be possible to perform traffic analysis –Timing –Message sizes –Replay attacks
Http anonymizers Two approaches –Centralized proxy/proxies –“Crowds…”
Implications of anonymity? Is anonymity good or bad? –Unclear… –Can pseudonymity help?
Identity on the Web Certificates are not (yet?) ubiquitous for individuals Other means for assigning identities?
Host identity E.g., in the context of the OSI model –Potentially different “names” at each layer MAC address (data link layer) IP address (network layer) hostname (application layer) In general, it is easy to spoof these identities
Static/dynamic identifiers E.g., Domain Name Service (DNS) –Associates hostnames and IP addresses (static) E.g., DHCP servers –When laptop connects to network, the network assigns the laptop an unused IP address –Local identifier = identifier used between client and server –Global identifier = identifier used by client in other contexts
E.g., address translation Company with more computers than IP addresses –Each computer has a fixed local address used internally –When a computer sends a packet to the Internet, those packets are assigned a valid IP address by a gateway –The gateway keeps track of the correspondence
“Cookies” Cookies are tokens containing state information about a transaction May contain (for example): –Name/value; expiration time –Intended domain (cookie is sent to any server in that domain) No requirement that cookie is sent by that domain
Security violations? Cookies potentially violate privacy –E.g., connecting to one server results in a cookie that will be transmitted to another Storing authentication information in a cookie is also potentially dangerous (unless cookie is kept confidential, or other methods are used)