CMSC 414 Computer (and Network) Security Lecture 16

1
CMSC 414Computer (and Network) SecurityLecture
16

• Jonathan Katz

2
Trust

• How much to trust a particular certificate?
• Based on
• CA authentication policy
• Rigor with which policy is followed
• Assumptions inherent in the policy

3
Example

• Certificate issued based on a passport
• Assumptions
• Passport not forged
• Passport issued to the right person
• Person presenting passport is the right person
• CA actually checked the passport when issuing the
  certificate

4
Anonymity vs. pseudonymity

• Anonymity
• No one can identify the source of any messages
• Can be achieved via the use of persona
  certificates (with meaningless DNs)
• Pseudonymity
• No one can identify the source of a set of
  messages
• but they can tell that they all came from the
  same person

5
Levels of anonymity

• There is a scale of anonymity
• Ranges from no anonymity (complete
  identification), to partial anonymity (e.g.,
  crowds),to complete anonymity
• Pseudonymity is tangential to this

6
Anonymizers

• Proxies that clients can connect to, and use to
  forward their communication
• Primarily used for email, http
• Can also provide pseudonymity
• This may lead to potential security flaws if
  mapping is compromised
• Must trust the anonymizer
• Can limit this by using multiple anonymizers

7
Traffic analysis

• If messages sent to remailers are not encrypted,
  it is easy to trace the sender
• Even if encrypted, may be possible to perform
  traffic analysis
• Timing
• Message sizes
• Replay attacks

8
Http anonymizers

• Two approaches
• Centralized proxy/proxies
• Crowds

9
Implications of anonymity?

• Is anonymity good or bad?
• Unclear
• Can pseudonymity help?

10
Identity on the Web

• Certificates are not (yet?) ubiquitous for
  individuals
• Other means for assigning identities?

11
Host identity

• E.g., in the context of the OSI model
• Potentially different names at each layer
• MAC address (data link layer)
• IP address (network layer)
• hostname (application layer)
• In general, it is easy to spoof these identities

12
Static/dynamic identifiers

• E.g., Domain Name Service (DNS)
• Associates hostnames and IP addresses (static)
• E.g., DHCP servers
• When laptop connects to network, the network
  assigns the laptop an unused IP address
• Local identifier identifier used between client
  and server
• Global identifier identifier used by client in
  other contexts

13
E.g., address translation

• Company with more computers than IP addresses
• Each computer has a fixed local address used
  internally
• When a computer sends a packet to the Internet,
  those packets are assigned a valid IP address by
  a gateway
• The gateway keeps track of the correspondence

14
Cookies

• Cookies are tokens containing state information
  about a transaction
• May contain (for example)
• Name/value expiration time
• Intended domain (cookie is sent to any server in
  that domain)
• No requirement that cookie is sent by that domain

15
Security violations?

• Cookies potentially violate privacy
• E.g., connecting to one server results in a
  cookie that will be transmitted to another
• Storing authentication information in a cookie is
  also potentially dangerous (unless cookie is kept
  confidential, or other methods are used)