Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

Similar presentations

Presentation on theme: "CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz."— Presentation transcript:

1 CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz

2 Trust  How much to trust a particular certificate?  Based on: –CA authentication policy –Rigor with which policy is followed –Assumptions inherent in the policy

3 Example…  Certificate issued based on a passport  Assumptions: –Passport not forged –Passport issued to the right person –Person presenting passport is the right person –CA actually checked the passport when issuing the certificate

4 Anonymity vs. pseudonymity  Anonymity –No one can identify the source of any messages –Can be achieved via the use of “persona” certificates (with “meaningless” DNs)  Pseudonymity –No one can identify the source of a set of messages… –…but they can tell that they all came from the same person

5 Levels of anonymity  There is a scale of anonymity –Ranges from no anonymity (complete identification), to partial anonymity (e.g., crowds),to complete anonymity –Pseudonymity is tangential to this…

6 Anonymizers  Proxies that clients can connect to, and use to forward their communication –Primarily used for email, http  Can also provide pseudonymity –This may lead to potential security flaws if mapping is compromised  Must trust the anonymizer… –Can limit this by using multiple anonymizers

7 Traffic analysis  If messages sent to remailers are not encrypted, it is easy to trace the sender  Even if encrypted, may be possible to perform traffic analysis –Timing –Message sizes –Replay attacks

8 Http anonymizers  Two approaches –Centralized proxy/proxies –“Crowds…”

9 Implications of anonymity?  Is anonymity good or bad? –Unclear… –Can pseudonymity help?

10 Identity on the Web  Certificates are not (yet?) ubiquitous for individuals  Other means for assigning identities?

11 Host identity  E.g., in the context of the OSI model –Potentially different “names” at each layer MAC address (data link layer) IP address (network layer) hostname (application layer)  In general, it is easy to spoof these identities

12 Static/dynamic identifiers  E.g., Domain Name Service (DNS) –Associates hostnames and IP addresses (static)  E.g., DHCP servers –When laptop connects to network, the network assigns the laptop an unused IP address –Local identifier = identifier used between client and server –Global identifier = identifier used by client in other contexts

13 E.g., address translation  Company with more computers than IP addresses –Each computer has a fixed local address used internally –When a computer sends a packet to the Internet, those packets are assigned a valid IP address by a gateway –The gateway keeps track of the correspondence

14 “Cookies”  Cookies are tokens containing state information about a transaction  May contain (for example): –Name/value; expiration time –Intended domain (cookie is sent to any server in that domain) No requirement that cookie is sent by that domain

15 Security violations?  Cookies potentially violate privacy –E.g., connecting to one server results in a cookie that will be transmitted to another  Storing authentication information in a cookie is also potentially dangerous (unless cookie is kept confidential, or other methods are used)

Download ppt "CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz."

Similar presentations

Ads by Google