CMSC 414
Computer (and Network) Security
Lecture 16
Jonathan Katz
Trust
 How much to trust a particular certificate?
 Based on:
– CA authentication policy
– Rigor with which policy is followed
– Assumptions inherent in the policy
Example…
 Certificate issued based on a passport
 Assumptions:
– Passport not forged
– Passport issued to the right person
– Person presenting passport is the right person
– CA actually checked the passport when issuing
the certificate
Anonymity vs. pseudonymity
 Anonymity
– No one can identify the source of any messages
– Can be achieved via the use of “persona”
certificates (with “meaningless” DNs)
 Pseudonymity
– No one can identify the source of a set of
messages…
– …but they can tell that they all came from the
same person
Levels of anonymity
 There is a scale of anonymity
– Ranges from no anonymity (complete
identification), to partial anonymity (e.g.,
crowds),to complete anonymity
– Pseudonymity is tangential to this…
Anonymizers
 Proxies that clients can connect to, and use
to forward their communication
– Primarily used for email, http
 Can also provide pseudonymity
– This may lead to potential security flaws if
mapping is compromised
 Must trust the anonymizer…
– Can limit this by using multiple anonymizers
Traffic analysis
 If messages sent to remailers are not
encrypted, it is easy to trace the sender
 Even if encrypted, may be possible to
perform traffic analysis
– Timing
– Message sizes
– Replay attacks
Http anonymizers
 Two approaches
– Centralized proxy/proxies
– “Crowds…”
Implications of anonymity?
 Is anonymity good or bad?
– Unclear…
– Can pseudonymity help?
Identity on the Web
 Certificates are not (yet?) ubiquitous for
individuals
 Other means for assigning identities?
Host identity
 E.g., in the context of the OSI model
– Potentially different “names” at each layer
• MAC address (data link layer)
• IP address (network layer)
• hostname (application layer)
 In general, it is easy to spoof these identities
Static/dynamic identifiers
 E.g., Domain Name Service (DNS)
– Associates hostnames and IP addresses (static)
 E.g., DHCP servers
– When laptop connects to network, the network
assigns the laptop an unused IP address
– Local identifier = identifier used between client
and server
– Global identifier = identifier used by client in
other contexts
E.g., address translation
 Company with more computers than IP
addresses
– Each computer has a fixed local address used
internally
– When a computer sends a packet to the Internet,
those packets are assigned a valid IP address by
a gateway
– The gateway keeps track of the correspondence
“Cookies”
 Cookies are tokens containing state
information about a transaction
 May contain (for example):
– Name/value; expiration time
– Intended domain (cookie is sent to any server in
that domain)
• No requirement that cookie is sent by that domain
Security violations?
 Cookies potentially violate privacy
– E.g., connecting to one server results in a
cookie that will be transmitted to another
 Storing authentication information in a
cookie is also potentially dangerous (unless
cookie is kept confidential, or other
methods are used)