CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz

advertisement
CMSC 414
Computer (and Network) Security
Lecture 15
Jonathan Katz
Review of cryptography…
 Private-key (key shared in advance)
– Private-key encryption
– Message authentication codes (MACs)
 Public-key (PK distributed/SK secret)
– Public-key encryption
– Signature schemes
Review of cryptography…
– Encryption does not provide integrity
– Signatures/MACs do not provide secrecy
– Signing is not the same as (public key)
encryption/decryption
– A “checksum” is not the same as a MAC
– Deterministic encryption is not secure
– CBC-MAC is not the same as CBC encryption
Midterm stats
 Average: 65
 (Roughly:)
– 80-100: A
– 60-80: B
– 45-60: C
– <45: D/F
Administrative items
 HW3
 Project coming soon…
Representing Identity
(Chapter 14)
Identity
 An identity specifies a principal (a unique
entity)
 Authentication binds a principal to a
(representation of an) identity
 Identities are used for, e.g., accountability
and access control (among others)
Example: files and objects
 Note: the name of an object may depend on
the context
– E.g., a filename for human use, a file descriptor
for process use, and a file allocation entry used
by the kernel
– E.g., user with different accounts
Example: groups
 An “entity” may be a set of entities, i.e., a
group
 Two implementations of groups
1. Group is an alias for a set of principals;
principals stay in their groups
2. Principals can change groups; rights depend
upon current group membership
Roles
 A role is a group that ties membership to
function
– When a principal assumes a role, the principal
is given the rights belonging to that role
Naming and certificates
 Identifiers correspond to principals
– Must uniquely identify the principal
– (Real) names alone are not enough!
E.g., X.509 certificates
 Distinguished names identify a principal
– Series of fields, each with key and value
• E.g. /O=University of Maryland/OU=College
Park/OU=Computer Science/CN=J. Katz
• “O” - organization; “OU” - organizational unit;
“CN” = common name
Certificates
 Certification authorities vouch for the identity of
the principal to whom a certificate is issued
 CA authentication policy determines the level of
authentication needed to identify the principal
before the certificate is issued
 CA issuance policy describes the principals to
whom the CA will issue certificates
 A single CA can “act” as multiple CAs, each with
their own policies…
Example: Verisign (1996)
 Three levels of authentication
– Verification of valid email address
– Verification of name/address
– Background check
 Different authentication policies; same
issuance policy (individuals)
 Another issuance policy was for issuing
certificates to web servers
Certificate infrastructure
 Hierarchical structure of CAs
– Nodes correspond to CAs
– Children of a CA are constrained by the policies
of their parents
– Example…
 We will revisit cert. infrastructures later…
Example
 Internet Policy Registration Authority (IPRA)
issues certificates for policy certification
authorities (PCAs)
 PCAs certify other CAs
– Note that their policies cannot conflict with those of the
IPRA
Conflicts
 What if a single CA issues certificates under
different policies?
 What if a CA issues a certificate tied to an email
address, but the owner of this address changes?
 What if two CAs have the same dist. name?
 What if two different CAs issue certificates for the
same distinguished name (to different principals)?
Easy solution
 For organizational certificates, the last type of
conflict can be prevented by incorporating CA
name into distinguished name
 Does not solve the other problems, in general…
Handling conflicts
 Conflict detection database…
 Before a PCA may issue a certificate to a CA, it
checks for a conflict in the database
– Sends a hash of the CAs dist. name, the CAs
public key, and the dist. name of the PCA
 If first two fields conflict with a database entry,
the two PCAs must resolve the conflict
 Note that this only ensures uniqueness of
(DN, PK) pairs
Handling conflicts (in action)
 Two CAs with same dist. name?
– Will have different public keys…
 Same CA with two different policies?
– Will use different public keys for each
What does identity mean?
 Ultimately, identity is proved using physical
means
– Driver’s license, fingerprints, etc.
 If these are compromised, then certificates
are irrelevant!
– Certificate is just a binding between external
identity and (DN, PK)
Anonymity vs. pseudonymity
 Anonymity
– No one can identify the source of any messages
– Can be achieved via the use of “persona”
certificates (with “meaningless” DNs)
 Pseudonymity
– No one can identify the source of a set of
messages…
– …but they can tell that they all came from the
same person
Levels of anonymity
 There is a scale of anonymity
– Ranges from no anonymity (complete
identification), to partial anonymity (e.g.,
crowds),to complete anonymity
– Pseudonymity is an orthogonal issue…
Download