Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004."— Presentation transcript:

1 1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004

2 2 Overview Certificates Network identities Remailers

3 3 What is Identity? Def: A principal is a unique entity. An identity specifies a principal. A principal may be a person, an organization, or an object

4 4 Example Identities URL File name File descriptor Login User Identification Number (UID)

5 5 Certificates Used to bind crypto keys to identifiers Certification Authority (CA) vouches for identity of principal to which certificate is issued CA authentication policy describes level of authentication required to identify principal when certificate issued CA issuance policy describes principals to whom CA will issue certificates

6 6 Internet Policy Registration Authority (IPRA) Sets policies for all subordinate CAs Certifies Policy Certification Authorities (PCAs) – each may have their own authentication and issuance policy – may not conflict with IPRA PCAs issue certificates to CAs CAs issue certificates to organizations and individuals

7 7 Network Identities Media Access Control (MAC) address used at link layer Internet Protocol (IP) address used at network layer Host name used at application layer Dynamic Host Configuration Protocol (DHCP) may be used to temporarily assign an IP address

8 8 Domain Name System (DNS) Records Forward: map host name to IP address Reverse: map IP addresses to host names May compare forward and reverse mappings in order to determine whether to trust a host name

9 9 Cookies Used to represent state of a web session Fields: – Name, value: bind value to name – Expires: delete at end of session or at specified time – Domain: to whom cookie may be sent, must have embedded "." – Path: restricts domain – Secure: whether to use SSL

10 10 Anonymity on the Web Pseudo-anonymous remailer - replaces originating email address before forwarding, keeps mapping of anonymous identities and associated origins Cypherpunk remailer (type 1) - deletes header of incoming message and forwards remainder – typically used in chain – typically enciphered messages

11 11 Attacking Cypherpunk Monitor traffic in/out of remailers Observe times of arrival/departure Observe size of messages Flood remailer with messages to defeat countermeasures

12 12 Mixmaster Remailers (Type 2) Cypherpunk remailer plus: – padding or fragmentation to create fixed size records – uniquely numbered messages to avoid replay attacks

13 13 Why is Anonymity Needed? Whistleblowing Protection of privacy ???

Download ppt "1 Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004."

Similar presentations

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.

1 ISA 562 Information Systems Theory and Practice 10. Digital Certificates.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
6/15/2015 3:39 PM Lecture 6: Identity and Data Mining James Hook (Some material from Bishop, 2004) CS 591: Introduction to Computer Security.

6/15/2015 3:39 PM Lecture 6: Identity and Data Mining James Hook (Some material from Bishop, 2004) CS 591: Introduction to Computer Security.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #13-1 Chapter 14: Identity What is identity Multiple names for one thing Different.

November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #13-1 Chapter 14: Identity What is identity Multiple names for one thing Different.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Similar presentations

Ads by Google