Naming in Content-Oriented Architectures
|
|
- Austen Lane
- 5 years ago
- Views:
Transcription
1 Naming in Content-Oriented Architectures 1
2 Data publishing RWI select produce own Data Name certify Key 2
3 Basic bindings The ICN paper argued that RWI, Name, and Key should be bound together RWI If not, then it is impossible to identify the principal of the object If not, then anyone could claim to be the principal associated with the data Name If not, then the receiver doesn t know which public key to use to verify the provenance of the data Key 3
4 Binding between RW and cyberspace Real world RWI Who should take care of the bindings associated with RWI? Network or users? Cyberspace Data Name Key 4
5 NDN bindings in the ICN paper RWI The paper argued The purpose of human-readability is to establish an intrinsic binding between the name and the RWI Name The paper argued The binding (between the name and key) can be established using an external authority. Key 5
6 The true story about NDN security Security of NDN does not rely on human-readability human-readability just provides contexts for consumers to understand and remember names NDN secure the binding between name and data decision on which key is legitimate to certify the binding is left to consumers consumers define their own trust management policies the key can be derived from consumers own policies Data Name certify Key 6
7 SCN bindings RWI The paper said the binding between the RWI and key must be established by an external authority Name Key Label The paper argued that The use of cryptographic hash provides the binding between the name and the key, enabling the receiver to check the key Key 7
8 Unresolved security issues in SCN It is more difficult to make SCN name correct SCN name consist of two parts: producers key and data label. both parts must be correct NDN name is data name only, no requirement on producer s key The ICN paper suggested several methods of getting the right key search engine based trust social network based trust the ICN paper did not elaborate how to achieve the goal using these methods 8
9 DoS In content-oriented network, DoS means consumer cannot get the requested data The ICN paper argued that DoS can be prevented if routers can reject false data content-oriented routing must be done on a name-key basis, not just on the name this makes the key an essential part of the name 9
10 Different views SCN trusts the network as a whole to return the correct data in fact, given a name, network may not always return the correct data consumer has no choice when receiving the false data NDN assumes it is possible to receive false data from the network intelligent forwarding is used to avoid bad routers or hosts in the network when receiving false data, consumer can notify routers to try some other paths 10
11 Scalability of SCN routing In order to fetch data C, concatenation of the form A.B.C is used A, B, and C are all selfcertifying names Upon receiving a request for A.B.C, look up A, B, and C in routing table Take the deepest match A.B.C A.B.C Router 1 name A B F Router 2 name B C F out-if out-if
12 back to hierarchical name Concatenation in the ICN paper is actually hierarchical name "The semantics of such concatenations (A.B.C) are that when following routing entries for A, you will eventually find one for B; and that when following routing entries for B, you will eventually find an entry for C. in Section 3.1 The only difference is the component of a concatenation is flat name The ICN paper also admitted that the label part in SCN name could also be hierarchical This hybrid choice merely requires that the labels in the P:L format for self-certifying names be human readable and hierarchical. in Section 2.2 Denial of Service 12
13 Flexibility of SCN The ICN paper was focused on the flexibility of trust model The paper argued that NDN has to rely on PKI, because network must be able to verify data without key as a part of name, decentralized trust is impossible 13
14 Flexibility is not just about trust model NDN is more flexible than SCN in trust model NDN, from very beginning, allows decentralized trust consumers decide if the signing key can be trusted given a binding between name and data NDN allows multiple signers SCN allows only one signer, which is bound to the name NDN is more flexible than SCN in naming NDN does not restrict the format of names SCN name can be represented as NDN name two-component NDN name: producer s key and data name concatenation in SCN is also NDN name as well several pairs of producers key and data name NDN name cannot be represented as SCN name SCN name requires key which does not exist in NDN name 14
15 General process of data fetching NDN given a data name send an interest to network get the data with signature and signer info consumer determines whether the signer can be trusted if so, accept the data if not, notify router to try some other paths SCN given a data label consumer determines who is the producer consumer gets producer s key construct a SCN name Hash(key) + label send request assume returned data is always correct 15
16 NDN vs. SCN The goals of NDN 1 are security: NDN is as secure as SCN NDN allows consumers to decide which key can be trusted NDN use intelligent forwarding to prevent against DoS usability: NDN name is more useful Human-readable name is easier to use than flat name NDN name stays with data, while SCN name has to changes due to routine key replacement flexibility: NDN is more flexible than SCN in general More flexible trust model More flexible naming mechanism The ICN paper also mentioned scalability SCN resolved back to hierarchical name which has been used by NDN 1. Diana Smetters and Van Jacobson, Securing Network Content, NDN TR 16
Expires: February 21, Huawei & USTC G. Wang. Huawei Technologies. August 20, 2013
ICN Research Group Internet-Draft Intended status: Informational Expires: February 21, 2014 X. Zhang R. Ravindran Huawei Technologies H. Xie Huawei & USTC G. Wang Huawei Technologies August 20, 2013 Abstract
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationLogging System for Longlifetime
Logging System for Longlifetime Data Validation! Lifetime of data vs. signing key Lifetime of a data packet! depends on data usage! may exist for a long time! even forever! Lifetime of a signing key! must
More informationToward Unspoofable Network Identifiers. CS 585 Fall 2009
Toward Unspoofable Network Identifiers CS 585 Fall 2009 The Problem DNS Spoofing Attacks (e.g., Kaminsky) At link (Ethernet) and IP layers, either: Software sets the source address in the packet, or Software
More informationNetworking Named Content
Networking Named Content Van Jacobson Diana K. Smetters James D. Thorton Machael F. Plass Nicholas H. Briggs Rebecca L. Braynard Presented by: Vladislav Perelman Advanced Networking Seminar Jacobs University
More informationL8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L8: Public Key Infrastructure Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/21/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from
More informationNetwork Security (and related topics)
Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other colleagues at Princeton
More informationNext Week. Network Security (and related topics) Project 3 Q/A. Agenda. My definition of network security. Network Security.
Next Week No sections Network Security (and related topics) EE122 Fall 2012 Scott Shenker http://inst.eecs.berkeley.edu/~ee122/ Materials with thanks to Jennifer Rexford, Ion Stoica, Vern Paxson and other
More informationCSE 5306 Distributed Systems
CSE 5306 Distributed Systems Naming Jia Rao http://ranger.uta.edu/~jrao/ 1 Naming Names play a critical role in all computer systems To access resources, uniquely identify entities, or refer to locations
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationTen Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier
Presented by Joshua Schiffman & Archana Viswanath Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier Trust Models Rooted Trust Model! In a
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationCSE 5306 Distributed Systems. Naming
CSE 5306 Distributed Systems Naming 1 Naming Names play a critical role in all computer systems To access resources, uniquely identify entities, or refer to locations To access an entity, you have resolve
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationIntroduction to Information Centric Networking
Introduction to Information Centric Networking... with a Dash of Security Claudio Marxer Computer Networks Group University of Basel Switzerland Open Source IoT & Blockchain
More informationAuthentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi
Authentication Overview of Authentication systems 1 Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based
More informationNaming. Brighten Godfrey cs598pbg Sept slides 2010 by Brighten Godfrey unless otherwise noted
Naming Brighten Godfrey cs598pbg Sept 23 2010 slides 2010 by Brighten Godfrey unless otherwise noted Announcements Presentations are not on the assigned reading We all read it; no need to see a detailed
More informationNDN-NIC: Name-based Filtering on Network Interface Card
NDN-NIC: Name-based Filtering on Network Interface Card Junxiao Shi, Teng Liang, Beichuan Zhang (University of Arizona) Hao Wu, Bin Liu (Tsinghua University) Communication over shared media Each device
More informationProblem. BGP is a rumour mill.
Problem BGP is a rumour mill. We want to give it a bit more authorita We think we have a model AusNOG-03 2009 IP ADDRESS AND ASN CERTIFICATION TO IMPROVE ROUTING SECURITY George Michaelson APNIC R&D ggm@apnic.net
More informationDNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION
DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION Peter R. Egli 1/10 Contents 1. Security Problems of DNS 2. Solutions for securing DNS 3. Security with DNSSEC
More informationLecture Notes 14 : Public-Key Infrastructure
6.857 Computer and Network Security October 24, 2002 Lecture Notes 14 : Public-Key Infrastructure Lecturer: Ron Rivest Scribe: Armour/Johann-Berkel/Owsley/Quealy [These notes come from Fall 2001. These
More informationAuditing TPM Commands
Chapter 16 Auditing TPM Commands As used in the TPM, audit is the process of logging TPM command and response parameters that pass between the host and the TPM. The host is responsible for maintaining
More informationPasswords. EJ Jung. slide 1
Passwords EJ Jung slide 1 Basic Problem? How do you prove to someone that you are who you claim to be? Any system with access control must solve this problem slide 2 Many Ways to Prove Who You Are What
More informationThe Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla
The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Venugopalan Ramasubramanian Emin Gün Sirer Presented By: Kamalakar Kambhatla * Slides adapted from the paper -
More informationFull file at https://fratstock.eu
Solutions Manual Introduction to Computer Security Version 1.1 M. T. Goodrich and R. Tamassia December 20, 2010 1 Terms of Use This manual contains solutions for selected exercises in the book Introduction
More informationCryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies
Intro to Cryptographic Hash Functions Hash Pointers and Data Structures Block Chains Merkle Trees Digital Signatures Public Keys and Identities Let s design us some Digital Cash! Intro to Cryptographic
More informationSupporting Mobility in MobilityFirst
Supporting Mobility in MobilityFirst F. Zhang, K. Nagaraja, T. Nguyen, D. Raychaudhuri, Y. Zhang WINLAB, Rutgers University Technology Centre of NJ 671 Route 1, North Brunswick, NJ 08902, USA Mobile Data
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationNetwork-Layer Trust in Named-Data Networking
Network-Layer Trust in Named-Data Networking Cesar Ghali Gene Tsudik University of California, Irvine {cghali,gene.tsudik}@uci.edu Ersin Uzun Palo Alto Research Center Ersin.Uzun@parc.com ABSTRACT In contrast
More informationEnabling Network Identifier (NI) in Information Centric Networks to Support Optimized Forwarding
Enabling Network Identifier (NI) in Information Centric Networks to Support Optimized Forwarding IETF/IRTF/ICNRG, 97 (draft-azgin-icnrg-ni-00.txt) Authors: Aytac Azgin, Ravi Ravindran (aytac.azgin@huawei.com,
More informationThe epassport: What s Next?
The epassport: What s Next? Justin Ikura LDS2 Policy Sub-Group Co-chair Tom Kinneging Convenor of ISO/IEC JTC1 SC17 WG3 International Organization for Standardization (ISO) Strengthening Aviation Security
More informationBackground. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33
Background Network Security - Certificates, Keys and Signatures - Dr. John Keeney 3BA33 Slides Sources: Karl Quinn, Donal O Mahoney, Henric Johnson, Charlie Kaufman, Wikipedia, Google, Brian Raiter. Recommended
More informationElectronic Signature Systems
Electronic Signature Systems A Guide for IT Personnel Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents
More informationEncrypted Phone Configuration File Setup
This chapter provides information about encrypted phone configuration files setup. After you configure security-related settings, the phone configuration file contains sensitive information, such as digest
More informationPublic Key Infrastructures
Public Key Infrastructures Trust Models Cryptography and Computer Algebra Prof. Johannes Buchmann Dr. Johannes Braun We trust certificates because we trust the system(s). Direct trust Web of trust Hierarchical
More informationEXBO e-signing Automated for scanned invoices
EXBO e-signing Automated for scanned invoices Signature Policy Document OID: 0.3.2062.7.2.1.12.1.0 Approval Status: Approved Version: 1.0 Page #: 1 of 13 1. Introduction 1.1. Scope This document covers
More informationPublic Key Establishment
Public Key Establishment Bart Preneel Katholieke Universiteit Leuven February 2007 Thanks to Paul van Oorschot How to establish public keys? point-to-point on a trusted channel mail business card, phone
More informationWeb Tap Payment Authentication and Encryption With Zero Customer Effort
Web Tap Payment Authentication and Encryption With Zero Customer Effort Henry Ng Tap-Card-Pay Systems Corporation, Vancouver BC V5X3Y3, Canada henryng@tapcardpay.com Abstract. We propose a public-key authentication
More informationInterdomain Routing Design for MobilityFirst
Interdomain Routing Design for MobilityFirst October 6, 2011 Z. Morley Mao, University of Michigan In collaboration with Mike Reiter s group 1 Interdomain routing design requirements Mobility support Network
More informationBBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -
BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air - Kenji Saito and Takeshi Kubo {ks91 t-kubo}@beyond-blockchain.org Revision 0.1 October 31, 2017 1 Introduction Blockchain
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 19th February 2009 Outline Basics Constructing signature schemes Security of
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationCryptography V: Digital Signatures
Cryptography V: Digital Signatures Computer Security Lecture 10 David Aspinall School of Informatics University of Edinburgh 10th February 2011 Outline Basics Constructing signature schemes Security of
More informationeidas Interoperability Architecture Version November 2015
eidas Interoperability Architecture Version 1.00 6. November 2015 1 Introduction This document specifies the interoperability components of the eidas-network, i.e. the components necessary to achieve interoperability
More informationUsing Cryptography CMSC 414. October 16, 2017
Using Cryptography CMSC 414 October 16, 2017 Digital Certificates Recall: K pub = (n, e) This is an RSA public key How do we know who this is for? Need to bind identity to a public key We can do this using
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationHybrid Information-Centric Networking
Hybrid Information-Centric Networking ICN inside the Internet Protocol Luca Muscariello, Principal Engineer Giovanna Carofiglio, Distinguished Engineer Jordan Augé, Michele Papalini, Mauro Sardara, Alberto
More informationDISTRIBUTED COMPUTER SYSTEMS ARCHITECTURES
DISTRIBUTED COMPUTER SYSTEMS ARCHITECTURES Dr. Jack Lange Computer Science Department University of Pittsburgh Fall 2015 Outline System Architectural Design Issues Centralized Architectures Application
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationLecture 14 Passwords and Authentication
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication
More informationPrivacy-Enabled NFTs: User-Mintable, Non-Fungible Tokens With Private Off-Chain Data
Privacy-Enabled NFTs: User-Mintable, Non-Fungible Tokens With Private Off-Chain Data Philip Stehlik Lucas Vogelsang August 8, 2018 1 Abstract Privacy-enabled NFTs (non-fungible tokens) are user-mintable
More informationAn Introduction to Digital Identity
1 An Introduction to Digital Identity Andreas Pfitzmann Dresden University of Technology, Department of Computer Science, D-01062 Dresden Nöthnitzer Str. 46, Room 3071 Phone: +49 351 463-38277, e-mail:
More informationChapter 3: User Authentication
Chapter 3: User Authentication Comp Sci 3600 Security Outline 1 2 3 4 Outline 1 2 3 4 User Authentication NIST SP 800-63-3 (Digital Authentication Guideline, October 2016) defines user as: The process
More informationTown Crier. Authenticated Data Feeds For Smart Contracts. CS5437 Lecture by Kyle Croman and Fan Zhang Mar 18, 2016
Town Crier Authenticated Data Feeds For Smart Contracts CS5437 Lecture by Kyle Croman and Fan Zhang Mar 18, 2016 Smart Contract Decentralized App: Programs are executed by all miners who reach consensus
More informationDNSSEC Trust tree: (A) ---dnslab.org. (DS keytag: 9247 dig (DNSKEY keytag. ---org. (DS keytag: d
DNSSEC Trust tree: www.dnslab.org. (A) ---dnslab.org. (DNSKEY keytag: 7308 alg ---dnslab.org. (DNSKEY keytag: 9247 ---dnslab.org. (DS keytag: 9247 dig DNSSEC ---org. (DNSKEY keytag: 24209 a Domain Name
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz II
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz II You have 80 minutes to answer the questions in this quiz. In order to receive credit
More informationA DNSSEC-based Trust Infrastructure
A DNSSEC-based Trust Infrastructure Bud P. Bruegger, Eray Özmü Fraunhofer IAO, Universität Stuttgart Nobelstr. 12, Allmandring 35 70569 Stuttgart bud.bruegger@iao.fraunhofer.de eray.oezmue@iat.uni-stuttgart.de
More informationX.509. CPSC 457/557 10/17/13 Jeffrey Zhu
X.509 CPSC 457/557 10/17/13 Jeffrey Zhu 2 3 X.509 Outline X.509 Overview Certificate Lifecycle Alternative Certification Models 4 What is X.509? The most commonly used Public Key Infrastructure (PKI) on
More informationDigital Certificates Demystified
Digital Certificates Demystified Ross Cooper, CISSP IBM Corporation RACF/PKI Development Poughkeepsie, NY Email: rdc@us.ibm.com August 9 th, 2012 Session 11622 Agenda Cryptography What are Digital Certificates
More informationLog into
State of Wyoming NEOGOV Application Guide To Create Your Applicant Profile and Apply Log into http://personnel.state.wy.us On this page click Job Seekers This page will open Click Here OR On This Image
More informationlifeid Foundation FAQ v.1
lifeid Foundation FAQ v.1 lifeid Foundation FAQ v.1 1 About the lifeid Foundation 2 1. What is the lifeid Foundation? 2 2. Who is on the lifeid Platform team? 2 3. What is the lifeid Foundation website
More informationCSCA08 Winter 2018 Week 3: Logical Operations, Design Recipe. Marzieh Ahmadzadeh, Brian Harrington University of Toronto Scarborough
CSCA08 Winter 2018 Week 3: Logical Operations, Design Recipe Marzieh Ahmadzadeh, Brian Harrington University of Toronto Scarborough Administrative Detail ex1 is up TT #1 and TT #2 info. can be found on
More informationA Blockchain-based Mapping System
A Blockchain-based Mapping System IETF 98 Chicago March 2017 Jordi Paillissé, Albert Cabellos, Vina Ermagan, Fabio Maino jordip@ac.upc.edu http://openoverlayrouter.org 1 A short Blockchain tutorial 2 Blockchain
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationICN IDENTIFIER / LOCATOR. Marc Mosko Palo Alto Research Center ICNRG Interim Meeting (Berlin, 2016)
ICN IDENTIFIER / LOCATOR Marc Mosko Palo Alto Research Center ICNRG Interim Meeting (Berlin, 2016) 1 A brief review of ID/Locators in IETF It s long, and we ll skim over it Then we discuss the CCNx & NDN
More informationTrusted Computing: Introduction & Applications
Trusted Computing: Introduction & Applications Lecture 5: Remote Attestation, Direct Anonymous Attestation Dr. Andreas U. Schmidt Fraunhofer Institute for Secure Information Technology SIT, Darmstadt,
More informationRunning IoT Applications over ICN: A Guided Journey to NDN, RIOT, CCN-lite and NFN
ACM ICN-2017 Tutorial 1 Running IoT Applications over ICN: A Guided Journey to NDN, RIOT, CCN-lite and NFN at the Freie Universität Berlin, Sep 26, 2017 Welcome and a gentle introduction to ICN Alex Afanasyev,
More informationInvestigating the OpenPGP Web of Trust
Investigating the OpenPGP Web of Trust Alexander Ulrich, Ralph Holz, Peter Hauck, Georg Carle Diskrete Mathematik Universität Tübingen Netzarchitekturen und Netzdienste Technische Universität München ESORICS
More informationInformation Centric Networking for Delivering Big Data with Persistent Identifiers
Information Centric Networking for Delivering Big Data with Persistent Identifiers Research Project 2 Andreas Karakannas andreaskarakannas@os3.nl Supervised by: Dr. Zhiming Zhao University of Amsterdam
More informationNaming in Distributed Systems
Naming in Distributed Systems Distributed Systems Sistemi Distribuiti Andrea Omicini andrea.omicini@unibo.it Ingegneria Due Alma Mater Studiorum Università di Bologna a Cesena Academic Year 2010/2011 Andrea
More informationIntroduction to Security and User Authentication
Introduction to Security and User Authentication Brad Karp UCL Computer Science CS GZ03 / M030 14 th November 2016 Topics We ll Cover User login authentication (local and remote) Cryptographic primitives,
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationA TLV-Structured Data Naming Scheme for Content- Oriented Networking
A TLV-Structured Data Naming Scheme for Content- Oriented Networking Hang Liu InterDigital Communications, LLC 781 Third Avenue King of Prussia, PA 19406 Dan Zhang WINLAB, Rutgers University 671 Route
More informationLecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.
15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS
More informationDistributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018
Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to
More informationSecurity. Communication security. System Security
Security Communication security security of data channel typical assumption: adversary has access to the physical link over which data is transmitted cryptographic separation is necessary System Security
More informationICS 180 May 4th, Guest Lecturer: Einar Mykletun
ICS 180 May 4th, 2004 Guest Lecturer: Einar Mykletun 1 Symmetric Key Crypto 2 Symmetric Key Two users who wish to communicate share a secret key Properties High encryption speed Limited applications: encryption
More informationOutline. Java Models for variables Types and type checking, type safety Interpretation vs. compilation. Reasoning about code. CSCI 2600 Spring
Java Outline Java Models for variables Types and type checking, type safety Interpretation vs. compilation Reasoning about code CSCI 2600 Spring 2017 2 Java Java is a successor to a number of languages,
More informationOverview. Terminology. Password Storage
Class: CSG254 Network Security Team: Enigma (team 2) Kevin Kingsbury Tejas Parikh Tony Ryan Shenghan Zhang Assignment: PS3 Secure IM system Overview Our system uses a server to store the passwords, and
More informationCS November 2018
Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University
More informationDISTRIBUTED SYSTEMS. Second Edition. Andrew S. Tanenbaum Maarten Van Steen. Vrije Universiteit Amsterdam, 7'he Netherlands PEARSON.
DISTRIBUTED SYSTEMS 121r itac itple TAYAdiets Second Edition Andrew S. Tanenbaum Maarten Van Steen Vrije Universiteit Amsterdam, 7'he Netherlands PEARSON Prentice Hall Upper Saddle River, NJ 07458 CONTENTS
More informationHandout 20 - Quiz 2 Solutions
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.033 Computer Systems Engineering: Spring 2001 Handout 20 - Quiz 2 Solutions 20 Average: 81 Median: 83 Std.
More informationCNT Computer and Network Security: BGP Security
CNT 5410 - Computer and Network Security: BGP Security Professor Kevin Butler Fall 2015 Internet inter-as routing: BGP BGP (Border Gateway Protocol): the de facto standard BGP provides each AS a means
More informationEncryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls Overview Cryptography functions Secret key (e.g., DES) Public key (e.g., RSA) Message
More informationAnti-Spoofing. Inbound SPF Settings
Anti-Spoofing SonicWall Hosted Email Security solution allows you to enable and configure settings to prevent illegitimate messages from entering your organization. Spoofing consists of an attacker forging
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationDisclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates
Disclosure text - PDS (PKI Disclosure Statement) for electronic signature and authentication certificates Index INDEX... 2 1. DISCLOSURE TEXT APPLICABLE TO NATURAL PERSON CERTIFICATES ISSUED ON QSCD...
More informationDesign and Implementation of a RFC3161-Enhanced Time-Stamping Service
Design and Implementation of a RFC3161-Enhanced Time-Stamping Service Chung-Huang Yang, 1 Chih-Ching Yeh, 2 and Fang-Dar Chu 3 1 Institute of Information and Computer Education, National Kaohsiung Normal
More informationSecure Web Forms with Client-Side Signatures
ICWE 2005 Secure Web Forms with Client-Side Signatures Mikko Honkala and Petri Vuorimaa, Finland Mikko.Honkala -at- hut.fi Outline of the talk Introduction to Secure Web Forms Research Problem and Use
More informationCS 3360 Design and Implementation of Programming Languages. Exam 1
1 Spring 2016 (Monday, March 21) Name: CS 3360 Design and Implementation of Programming Languages Exam 1 This test has 18 questions and pages numbered 1 through 6. Reminders This test is closed-notes and
More informationPeer-to-Peer Systems. Network Science: Introduction. P2P History: P2P History: 1999 today
Network Science: Peer-to-Peer Systems Ozalp Babaoglu Dipartimento di Informatica Scienza e Ingegneria Università di Bologna www.cs.unibo.it/babaoglu/ Introduction Peer-to-peer (PP) systems have become
More informationSecurity for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818
Security for Structured Peer-to-peer Overlay Networks By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818 1 Acknowledgement Some of the following slides are borrowed from talks by Yun Mao
More informationVariables, Functions and String Formatting
Variables, Functions and String Formatting Code Examples HW 2-1, 2-2 Logical Expressions Comparison Operators a == b Comparison operators compare the right-hand side and the lefthand side and return True
More information(a) Which of these two conditions (high or low) is considered more serious? Justify your answer.
CS140 Winter 2006 Final Exam Solutions (1) In class we talked about the link count in the inode of the Unix file system being incorrect after a crash. The reference count can either be either too high
More informationSecSpider: Distributed DNSSEC Monitoring and Key Learning
SecSpider: Distributed DNSSEC Monitoring and Key Learning Eric Osterweil UCLA Joint work with Dan Massey and Lixia Zhang Colorado State University & UCLA 1 Who is Deploying DNSSEC? Monitoring Started From
More informationWhat is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource.
P1L4 Authentication What is Authentication? All requests for resources have to be monitored. Every request must be authenticated and authorized to use the resource. Authentication: Who are you? Prove it.
More informationNSF Future Internet Architecture. Outline. Predicting the Future is Hard! The expressive Internet Architecture: from Architecture to Network
The expressive Internet Architecture: from Architecture to Network Peter Steenkiste Dave Andersen, David Eckhardt, Sara Kiesler, Jon Peha, Adrian Perrig, Srini Seshan, Marvin Sirbu, Hui Zhang Carnegie
More informationAn Authentication System for Data Archives in Named Data Networking
NDN DeLorean: An Authentication System for Data Archives in Named Data Networking Yingdi Yu (UCLA), Alexander Afanasyev (Florida International University), Jan Seedorf (HFT Stuttgart), Zhiyi Zhang (UCLA),
More informationIntroduction to Peer-to-Peer Systems
Introduction Introduction to Peer-to-Peer Systems Peer-to-peer (PP) systems have become extremely popular and contribute to vast amounts of Internet traffic PP basic definition: A PP system is a distributed
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More information