Add to collection(s) Add to saved
  1. Science
  2. Biology
  3. Cell Biology
Uploaded by Lidiya Mamo Kibret (UGR/2485/14)

Cyber - Access control and Cryptographic concepts

advertisement 
ACCESS
CONTROL
MODELS
ACCESS CONTROL MODELS
• Access control is a method of guaranteeing that users are who they say they are and
that they have the appropriate access to company data..
• By providing for a rigorous means of determining who has access to various pieces of
information, we can often prevent attacks on confidentiality, integrity, and anonymity.
• In this section, we discuss some of the most popular models for managing access
control.
• All of the models assume that there are data managers, data owners, or system
administrators who are defining the access control specifications.
• The intent is that these folks should be restricting access to those who have a need to access
and/or modify the information in question.
ACCESS
CONTROL
MATRICES
A useful tool for determining access
control rights
A table that defines permissions.
Each row of this table is associated with a
subject
A subject is an active entity, generally in the form of user ,
group, or system that can perform actions.
Each column of the table is associated with
an object
An object can be a record, field, pages, segments, file,
directory, document, device, resource, or any other
entity that contains/receives an info. for which we want to
define access rights.
Each cell of the table is then filled with the access rights for the associated
combination of subject and object.
Access rights can include actions such as reading, writing, copying, executing,
deleting, and annotating.
An empty cell means that no access rights are granted.
EXAMPLE ACCESS CONTROL MATRIX
ADVANTAGE
AND
DISADVANTAGE
OF ACM
• Advantage
• It allows for fast and easy determination of the access
control rights for any subject-object pair
• Just go to the cell in the table for this subject’s row
and this object’s column
• Disadvantage
• It can get really big with lots of empty cells.
• For example, a reasonably sized computer server could
easily have 1,000 subjects, who are its users, and
1,000,000 objects, which are its files and directories.
• An access control matrix with 1 billion cells!
• nobody would be able to view this table all at once
ACCESS CONTROL LISTS
• This model takes an object-centered approach
• It defines, for each object, o, a list, L, called o’s access control list, which enumerates
all the subjects that have access rights for o and, for each such subject, s, gives the
access rights that s has for object o.
• The ACL model takes each column of the access control matrix and compresses it into
a list by ignoring all the subject-object pairs in that column that correspond to empty
cells
ACCESS CONTROL LISTS
/etc/passwd
root: r,w
mike: r
roberto: r
backup: r
/usr/bin/
root: r,w,x
mike: r,x
roberto: r,x
backup: r,x
/u/roberto/
/admin/
root: r,w,x
roberto: r,w,x
backup: r,x
root: r,w,x
backup: r,x
ADVANTAGE
AND
DISADVANTAGE
OF ACL
• Advantage
• The total size of all the access control lists in a system will be proportional to the number of
non empty cells in the access control matrix, which is expected to be much smaller than the
total number of cells in the access control matrix
• The ACL for an object can be stored directly with that object as part of its metadata, which
is particularly useful for file systems. That is, the header blocks for files and directories can
directly store the access control list of that file or directory.
• Disadvantage
•
In order to determine all the access rights for a given subject, s, a secure system based
on ACLs would have to search the access control list of every object looking for records
involving s.
•
But access control matrix simply involves examining the row for subject s.
• If a subject is to be removed from a system, the administrator has no choice but to
search all the ACLs to find any that contain that subject
CAPABILITIES
• Takes a subject-centered approach to access control.
• It defines, for each subject s, the list of the objects for which s has nonempty access
control rights, together with the specific rights for each such object
• It is essentially a list of cells for each row in the access control matrix, compressed
to remove any empty cells
CAPABILITIES
root
/etc/passwd: r,w,x; /usr/bin: r,w,x;
/u/roberto: r,w,x; /admin/: r,w,x
mike
/usr/passwd: r; /usr/bin: r,x
roberto
backup
/usr/passwd: r; /usr/bin: r;
/u/roberto: r,w,x
/etc/passwd: r,x; /usr/bin: r,x;
/u/roberto: r,x; /admin/: r,x
ADVANTAGE
AND
DISADVANTAGE
OF
CAPABILITIES
• Advantage
• The capabilities access control model has the same advantage in
space over the access control matrix as the access control list
model has.
• The capabilities model makes it easy for an administrator to quickly
determine for any subject all the access rights that that subject has
•
Thus, if the size of the capabilities list for a subject is not too big, this is
a reasonably fast computation.
• Disadvantage
• They are not associated directly with objects.
• The only way to determine all the access rights for an object o is to
search all the capabilities lists for all the subjects.
• With the access control matrix, such a computation would
simply involve searching the column associated with object o.
ROLE-BASED ACCESS
CONTROL
• Define roles and then specify
access control rights for these roles,
rather than for subjects directly.
• Users are granted membership into
roles based on their competencies
and responsibilities in the
organization
• Principle of least privilege need to
be applied
Department Chair
Administrative Manager
Accountant
Administrative Personnel
Secretary
Lab Manager
System Administrator
Lab Technician
Undergraduate TA
Backup Agent
Technical Personnel
Department Member
Undergraduate Student
Faculty
Student
Graduate TA
Graduate Student
CRYPTOGRAPHIC
CONCEPTS
FUNDAMENTALS OF CRYPTOGRAPHIC CONCEPTS
• Computer security policies are worthless if we don’t have ways of enforcing them.
• Technological solutions are the primary mechanism for enforcing security policies
and achieving security goals.
• Cryptographic techniques help us achieve a broad range of security goals, including
some that at first might even seem to be impossible.
CRYPTOGRAPHIC CONCEPTS
• Encryption: a means to allow two
parties, customarily called Alice and
Bob, to establish confidential
communication over an insecure
channel that is subject to
eavesdropping.
Alice
Bob
Eve
ENCRYPTION
• Alice has a message, M, that she wishes to
communicate confidentially to Bob.
• The message M is called the plaintext, and it is
not to be transmitted in this form as it can be
observed by other parties while in transit.
• Instead, Alice will convert plaintext M to an
encrypted form using an encryption algorithm
E that outputs a ciphertext C for M.
• This encryption process is denoted by
C = E(M)
DECRYPTION
• Ciphertext C can be transmitted over an
insecure channel that can be
eavesdropped by an adversary
• Once Bob has received C, he applies a
decryption algorithm D to recover the
original plaintext M from ciphertext C.
• This decryption process is denoted:
 M = D(C).
The encryption and decryption algorithms (open design) are chosen so that it is infeasible for someone other than Alice and Bob to
determine plaintext M from ciphertext C.
CRYPTOSYSTEM
A computer system that employs cryptography. A basic cryptosystem includes the following components:
1.
The set of possible plaintexts: is the data that needs to be protected.
2.
The set of possible ciphertexts: is the encrypted, or unreadable, version of the plaintext.
3.
The set of encryption keys: is the value known to the sender that is used to compute the ciphertext for the given
plaintext.
4.
The set of decryption keys: is the value known to the receiver that is used to decode the given ciphertext into
plaintext.
5.
The encryption algorithm: is the mathematical algorithm that takes plaintext as the input and returns ciphertext.
It also produces the unique encryption key for that text
6.
The decryption algorithm: is the mathematical algorithm that takes ciphertext as the input and decodes it into
plaintext. It also uses the unique decryption key for that text
CAESAR CIPHER
• Replace each letter with the one “three over” in the alphabet.
• Define the components for Caesar cipher cryptosystem..
Public domain image from http://commons.wikimedia.org/wiki/File:Caesar3.svg
MODERN CRYPTOSYSTEMS
• Modern cryptosystems are much more complicated and harder to break unlike the
Caesar cipher and other traditional ciphers.
• For example, the Advanced Encryption Standard (AES) algorithm, uses keys that are 128,
196, or 256 bits in length
• It is practically infeasible for an eavesdropper to try all possible keys in a brute-force
attempt to discover the corresponding plaintext from a given ciphertext
SYMMETRIC
CRYPTOSYSTEMS
• Alice and Bob share a secret key, which is
used for both encryption and decryption.
• The length of the keys used is typically 128 or
256 bits, based on the security requirement
• the encryption process can be carried out
quickly.
• It’s mostly used when large chunks (a lot of
back and forth) of data need to be
transferred.
• RC4, AES, DES, 3DES, etc.
SYMMETRIC KEY
DISTRIBUTION
• They require some way of getting the key K to both Alice and
Bob without an eavesdropper, Eve, from discovering it
• Suppose that n parties wish to exchange encrypted messages
with each other in such a way that each message can be seen
only by the sender and recipient.
• A distinct secret key is needed for each pair of parties, for a total
of n(n−1)/2 keys
• It doesn’t scale very well
• An alternative approach to symmetric cryptosystems is the concept of
a public-key cryptosystem
PUBLIC-KEY CRYPTOGRAPHY
• Bob has two keys: a private key, SB, which Bob keeps secret, and a public key, PB,
which Bob broadcasts widely.
• For Alice to send an encrypted message to Bob,
• She need only obtain his public key, PB,
• Use that to encrypt her message, M, and
• Send the result, C = EPB (M), to Bob.
• Bob then uses his secret key to decrypt the message as M = DSB (C).
PUBLIC-KEY
CRYPTOGRAPHY
• Separate keys are used for
encryption and decryption.
• An attacker who eavesdrops the
communication channel cannot
decrypt the ciphertext (encrypted
message) without knowing the
private key
PUBLIC KEY
DISTRIBUTION
• Only one key is needed for each recipient, ,only private
keys need to be kept secret, while public keys can be
shared with anyone, including the attacker
• This fact represents a significant improvement over the
quadratic number of distinct keys required by a
symmetric cryptosystem
DISADVANTAGES OF PUBLIC-KEY CRYPTOGRAPHY
• Public-key cryptosystems require longer key length that is much larger than that for symmetric cryptosystems
• Ex. RSA 2,048-bit keys , while AES 256-bit keys.
• The encryption and decryption algorithms are much slower than the those for existing symmetric
encryption schemes
• Not used in interactive sessions that use a lot of back-and-forth communication
• In order to work around these disadvantages, public-key crypto systems are often used in practice just to
allow Alice and Bob to exchange a shared secretkey, which they subsequently use for communicating
with asymmetric encryption scheme.
• However: High security + more scalable
• RSA, Diffie-Hellman, ECC, etc.
PK CRYPTOSYSTEM
TO EXCHANGE A
SHARED SECRET
KEY
SSL USES BOTH ASYMMETRIC AND SYMMETRIC
ENCRYPTION
Related documents
Overview of Cryptography and Its Applications INCS741: Cryptography Dr. Monther Aldwairi
Overview of Cryptography and Its Applications INCS741: Cryptography Dr. Monther Aldwairi
HW2_Solutions
HW2_Solutions
Download
advertisement