Security & Privacy. Larry Rudolph. Pervasive Computing MIT SMA 5508 Spring 2006 Larry Rudolph

Similar documents
Distributed Access Control. Trust Management Approach. Characteristics. Another Example. An Example

Lecture Notes 14 : Public-Key Infrastructure

CSE 565 Computer Security Fall 2018

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

CS Computer Networks 1: Authentication

Kurose & Ross, Chapters (5 th ed.)

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename

Cryptography (Overview)

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Cryptography and Network Security

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

CS November 2018

ÓBUDA UNIVERSITY, BUDAPEST SSL CERTIFICATES

Crypto meets Web Security: Certificates and SSL/TLS

Public-Key Infrastructure NETS E2008

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Security in ECE Systems

CS 425 / ECE 428 Distributed Systems Fall 2017

Configuring SSL CHAPTER

Chapter 9: Key Management

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Configuring SSL. SSL Overview CHAPTER

Diffie-Hellman. Part 1 Cryptography 136

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Key Management and Distribution

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

CS155b: E-Commerce. Lecture 6: Jan. 25, Security and Privacy, Continued

Using Cryptography CMSC 414. October 16, 2017

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

User Authentication. Modified By: Dr. Ramzi Saifan

Security. Alessandro Margara Slides based on previous work by Matteo Migliavacca and Alessandro Sivieri

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

Security: Focus of Control. Authentication

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Massachusetts Institute of Technology Handout : Network and Computer Security October 23, 2003 Professor Ronald L. Rivest.

Overview of Authentication Systems

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Unit-VI. User Authentication Mechanisms.

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Configuring SSL. SSL Overview CHAPTER

Authenticating People and Machines over Insecure Networks

Lecture 7 - Applied Cryptography

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Security: Focus of Control

Trusted Intermediaries

AIT 682: Network and Systems Security

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Configuring Certificate Authorities and Digital Certificates

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

CPSC 467b: Cryptography and Computer Security

CSC 8560 Computer Networks: Network Security

Send documentation comments to

CS590U Access Control: Theory and Practice. Lecture 15 (March 1) Overview of Trust Management

Part 2. Use Cases (40 points). Consider examples of such signed records R (as in Part 1) from systems we discussed.

5. Authentication Contents

Course Administration

Overview. SSL Cryptography Overview CHAPTER 1

Anonymous Credentials: How to show credentials without compromising privacy. Melissa Chase Microsoft Research

Authentication Part IV NOTE: Part IV includes all of Part III!

CONIKS: Bringing Key Transparency to End Users

Mavenir Systems Inc. SSX-3000 Security Gateway

Authentication & Authorization

Cryptographic Protocols 1

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

HTTPS--HTTP Server and Client with SSL 3.0

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Digital Certificates Demystified

HTTPS--HTTP Server and Client with SSL 3.0

Kerberized Certificate Issuance Protocol (KX509)

Computer Networks & Security 2016/2017

How to Set Up External CA VPN Certificates

Certificateless Public Key Cryptography

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Lecture 2 Applied Cryptography (Part 2)

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

1 Identification protocols

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

CS 161 Computer Security

Implementing Secure Socket Layer

Public Key Cryptography, OpenPGP, and Enigmail. 31/5/ Geek Girls Carrffots GVA

Internet security and privacy

Configuring SSL Security

ArcGIS Server and Portal for ArcGIS An Introduction to Security

UNIT - IV Cryptographic Hash Function 31.1

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Lesson 13 Securing Web Services (WS-Security, SAML)

CS Computer and Network Security: PKI

Cryptography. some history. modern secret key cryptography. public key cryptography. cryptography in practice

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Certificate-based authentication for data security

Security Fundamentals

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Transcription:

Security & Privacy Larry 1

Who cares about Privacy? Everybody? Nobody? Criminals? Governments? Corporations? Privacy is the right to keep information hidden. But there is lots of information. You do not have to use stuff that can be tracked, or do you? We in academia can have real impact here

Do we have privacy? Mobile Location Protocol another standard Used to keep track of your mobile phone In case you make an emergency call

Who cares about Security? Today, nearly everyone Limit discussion to information security Are you allowed to use this device? authorization Are you who you say you are? authentication Is this device what you think it is? authentication

Anonymity I am having a conversation with Alice Do you know we are talking? Do you know what we are talking about? Do you know who we are? Need indirection but also many-to-one (so things get lost) think about publish/subscribe think about multiple personalities multiple credit cards, cell phones, BlueTooth IDs rent personality every 5 min from trusted server

Where security? Communicate thru insecure area Over internet Through air (bluetooth, 802.11,..) USB keyboard, Monitor via cable Assumed to be secure Shared resources or devices RFID Tags -- very insecure stand next to you and listen to your cards response and replicate it later Want active RFID tags use radio power to drive computation

Public Key Crypto-system

Public Key Crypto-system Very quick overview Ke=Public Key, Kd= Private Key Encrypt message, E = Encrypt(M,Ke) Decrypt message, M = Decrypt(E,Kd) where M = Decrypt( Encrypt(M,Ke), Kd) and M = Encrypt( Decrypt(M,Kd), Ke) Given Ke, M, Encrypt(M,Ke) cannot easily compute Kd.

Signing Messages Alice & Bob have keys A1, A2, B1, B2 Alice sends message M to Bob Encrypt( M & Encrypt(Alice, A2), B1 ) Bob decrypts message M using B1 and then uses Alice s public key, A1 to decrypt the name Alice. Does Bob know that Alice sent the msg M?

Certification Authority No, it all depends on having correct public keys. How did Alice know that B1 is Bob s public key? Use a certification authority: some trusted site that associates keys with names. Hierarchy of CA s

Point to point communication Public Key scheme: many people can send messages to Alice But basically a one-to-one protocol: With signing and with replies Not well suited for pervasive computing Environment filled with devices

Want group keys Want all students in SMA 5508 and 6.883 to access course web site Want all SMA students to access SMA s main site, etc. A person belongs to many groups Grant access based on group Add/remove people from group

Usage Scenario Director s Office ACL Director Director TA TA Student TA Student ACL Director K1 Students Student ACL Director K1 Students K1 TAs

Access Control Security Model Useful mechanism in guarding access to resources Suitable for dynamic environments Each resource maintains a list referencing a set of valid keys Granting, delegating, revoking access user/application does not know accessibility of resource without explicitly attempting access Resource User User User

SPKI/SDSI Introduction (Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure) A group key infrastructure Build secure, scalable distributed computing systems Fine-grained access control over an untrusted network

SPKI/SDSI Introduction (Simple Public-Key Infrastructure/Simple Distributed Security Infrastructure) Designed by Ron Rivest, Butler Lampson and Carl Ellison Each public key is a CA Name certificate: defines a name in issuer s name space Authorization certificate: grants a specific authorization from issuer to subject

SPKI/SDSI: Name Certificates Traditional: {MIT Larry, K } L Kmit Local name spaces Groups SPKI/SDSI: {K c friends, K d c} K {K c friends, K e c} K {K c friends, K f c } K If K c friends is on an ACL, K d, K e and K f are allowed to access the object.

SPKI/SDSI: Name Certificate (cert (issuer (name (public-key (rsa-pkcs1-md5 (e #23#) (n AMMgMuKpqK13pHMhC8kuxaSeCo+yt8TadcgnG8bEo+erdrSBveY3C MBkkZqrM0St4KkmMuHMXhsp5FX71XBiVW1+JGCBLfI7hxWDZCxGTMg br4fk+ctyuxiv3cq93uyvkg9ca6awcxts0ei7slueb+hkuoljztsh+ +Txw9NAHq4r ))) friends)) (subject (public-key (rsa-pkcs1-md5 (e #23#) (n AKg3tOzoJ5PGQ5q9jzxzwxE8o6bIZ6/cE8gEL+1xJa23viE3bz68ru hpd5muqj+uydcnxgaz0jvxjazmx1qjigudj9kemuni8gjrlzru0t5e3 K7OU2dodu0kdDg32kym7+ooZNe/F0zWGekfESeezyQ25kvNO3XQvMHX afwcyjrw )))))

SPKI/SDSI: Authorization Model Simple trust policy model Authorizations specified in flexible, user-defined tags Authorizations can be defined as specific or as general as desired Delegation (specific)

SPKI/SDSI: (certauthorization Certificate (issuer (public-key (rsa-pkcs1-md5 (e #23#) (n AMMgMuKpqK13pHMhC8kuxaSeCo+yt8TadcgnG8bEo+erdrSBveY3C MBkkZqrM0St4KkmMuHMXhsp5FX71XBiVW1+JGCBLfI7hxWDZCxGTMg br4fk+ctyuxiv3cq93uyvkg9ca6awcxts0ei7slueb+hkuoljztsh+ +Txw9NAHq4r )))) (subject (public-key (rsa-pkcs1-md5 (e #23#) (n AKg3tOzoJ5PGQ5q9jzxzwxE8o6bIZ6/cE8gEL+1xJa23viE3bz68ru hpd5muqj+uydcnxgaz0jvxjazmx1qjigudj9kemuni8gjrlzru0t5e3 K7OU2dodu0kdDg32kym7+ooZNe/F0zWGekfESeezyQ25kvNO3XQvMHX afwcyjrw )))) (tag (http (* set GET POST) (* prefix http://ostrich.lcs.mit.edu/demo/))) (propagate))

Proxy to Proxy Initialization: Alice (Client Proxy) Bob (Server Proxy) D a (private key) E a (public key) Alice s client certs List of CA certs Set up SSL connection: Server auth Session key for privacy Freshness (nonce) Protection from MIM D b (private key) E b (public key) ACL Server certs

Proxy to Proxy Case 1: user s key is directly on the ACL Signed by alice Alice (Client) D a (private key) E a (public key) Alice s client certs List of CA certs [tag] Da Response Bob (Server) D b (private key) E b (public key) ACL Server certs ACL: {E c, E b, E a}

Proxy to Proxy Case 2: user s key is indirectly on the ACL Alice (Client Proxy) D a (private key) E a (public key) Alice s client certs List of CA certs Client performs certificate chain discovery. [tag] Da Rejected: ACL Bob (Server Proxy) D b (private key) E b (public key) ACL Server certs [tag] Da, certs ACL: { E b friends } Server verifies certificate chain.

Certificate Chaining Example Bob s ACL says only MIT faculty are allowed to access his server. Alice s first request is simply signed with Alice s key, and Bob rejects this request. Alice s second request contains a chain consisting of the following certificates: A certificate saying she is an CSAIL Professor A second certificate saying CSAIL Professors are MIT faculty

Certificate Chain Discovery (Client Proxy) Derive certificate chains Input: device s ACL, requestor s public key, requestor s set of signed certificates, tag Output: a chain of certificates leading from an entry on the ACL to the requestor s public key. (The certificate chain consists of signed certificates. It proves that the requestor is authorized to perform the tag s operations on the device.) * Recall, intuitively, a tag is a set of requests.

Certificate Chain Verification (Server Proxy) Verify certificate chains Input: device s ACL, requestor s public key, requestor s certificate chain, tag Output: 1 if certificate chain proves that the public key is authorized to perform the tag s operations on the device; 0 otherwise.

Proxy to Proxy Case 2 revisited user s key is indirectly on the ACL Alice (Client Proxy) D a (private key) E a (public key) Alice s client certs List of CA certs [tag] Da Rejected: ACL [tag] Da, certs Bob (Server Proxy) D b (private key) E b (public key) ACL Server certs Signed request provides proof of authenticity of the request Certificate chain provides proof that the request is authorized

Example: Public resource Mary wants to turn on/off a public light switch. [tag] Dm ok 1. Mary sends request (either signed or unsigned) via her proxy to the light switch s proxy. 2. Light switch s proxy has no ACL. It honors Mary s request. Light switch s proxy may require requests to be signed for auditing purposes.

User s key directly on ACL Mary wants to log into an account on a dialup machine. [tag] Dm ok ACL: {E c, E f, E 1. Mary sends signed request via her proxy to the dialup s m} proxy. 1. Dialup s proxy has an ACL which contains Mary s public-key. It checks the signature on Mary s request, and honors Mary s request to login if the signature verifies.

Example:user s key is indirectly on ACL Mary wants to play music on John s speaker. [tag] Dm [tag] Dm, { Ej friends, E m } Ej ACL ok ACL: { E j friends } 1. Mary sends signed request via her proxy to John s speaker s proxy. 2. John s speaker s proxy rejects first request, and returns the ACL. 1. Mary s proxy derives a chain of certificates and sends second request to John s speaker s proxy. 4. John s speaker s proxy verifies second request.

More fun Integrating access control with name lookup services Trusting untrusting devices Using public terminals in Startbucks as a cache for handheld

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback