MIT OpenCourseWare
http://ocw.mit.edu
6.033 Computer System Engineering
Spring 2009
For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms.
1)
2)
3)
Authentication
Authorization
Confidentiality
Sign, Verify
sign(m, k1) = sig
verify(m, sig, k2)
Encrypt, Decrypt
enc(m, k1) Æ c
dec(c, k2) Æ m
Secure Comm. Channel
1)
2)
3)
use pub key to exchange a shared key
use shared key to enc. comm
freshness
appropriateness
forward secrecy
Confidentiality
m
Encrypt
k1
c
cÎm
k2, c Î m
Decrypt
k2
m
Confidentiality + Authentication
sign(encrypt(m, kconf), kauth)
Authenticate
sign(m, kauth)
freshness – (e.g. T)
add timestamp to m
appropriateness
add context
Example: Web
CA
B
secure comm channel
authenticated
confidential
W
Q. How does W
know that B is
authorized to
access W?
(3) Authorization Functions
1)
2)
3)
Rendezvous (setup)
Verification (mediate)
Revoke
Authorization
ACL
access control lists
hard to
guess #
capabilities
Lists
Tickets
Setup
add to list
generate ticket
Mediate
search list,
check credentials
table lookup
Revoke
remove from list
invalidate ticket
Auth
who are you?
Guard
Service
{name, uk}
authNo
ticket
read acct B, ticket
Cookie
user,
timeout
hash(
user,
timeout,
random #)
B
W
tickets
t
resource
authNo
Acct B