CMSC 414 Computer (and Network) Security Lecture 15

1
CMSC 414Computer (and Network) SecurityLecture
15

• Jonathan Katz

2
Review of cryptography

• Private-key (key shared in advance)
• Private-key encryption
• Message authentication codes (MACs)
• Public-key (PK distributed/SK secret)
• Public-key encryption
• Signature schemes

3
Review of cryptography

• Encryption does not provide integrity
• Signatures/MACs do not provide secrecy
• Signing is not the same as (public key)
  encryption/decryption
• A checksum is not the same as a MAC
• Deterministic encryption is not secure
• CBC-MAC is not the same as CBC encryption

4
Midterm stats

• Average 65
• (Roughly)
• 80-100 A
• 60-80 B
• 45-60 C
• lt45 D/F

5
Administrative items

• HW3
• Project coming soon

6
Representing Identity (Chapter 14)
7
Identity

• An identity specifies a principal (a unique
  entity)
• Authentication binds a principal to a
  (representation of an) identity
• Identities are used for, e.g., accountability and
  access control (among others)

8
Example files and objects

• Note the name of an object may depend on the
  context
• E.g., a filename for human use, a file descriptor
  for process use, and a file allocation entry used
  by the kernel
• E.g., user with different accounts

9
Example groups

• An entity may be a set of entities, i.e., a
  group
• Two implementations of groups
• Group is an alias for a set of principals
  principals stay in their groups
• Principals can change groups rights depend upon
  current group membership

10
Roles

• A role is a group that ties membership to
  function
• When a principal assumes a role, the principal is
  given the rights belonging to that role

11
Naming and certificates

• Identifiers correspond to principals
• Must uniquely identify the principal
• (Real) names alone are not enough!

12
E.g., X.509 certificates

• Distinguished names identify a principal
• Series of fields, each with key and value
• E.g. /OUniversity of Maryland/OUCollege
  Park/OUComputer Science/CNJ. Katz
• O - organization OU - organizational unit
  CN common name

13
Certificates

• Certification authorities vouch for the identity
  of the principal to whom a certificate is issued
• CA authentication policy determines the level of
  authentication needed to identify the principal
  before the certificate is issued
• CA issuance policy describes the principals to
  whom the CA will issue certificates
• A single CA can act as multiple CAs, each with
  their own policies

14
Example Verisign (1996)

• Three levels of authentication
• Verification of valid email address
• Verification of name/address
• Background check
• Different authentication policies same issuance
  policy (individuals)
• Another issuance policy was for issuing
  certificates to web servers

15
Certificate infrastructure

• Hierarchical structure of CAs
• Nodes correspond to CAs
• Children of a CA are constrained by the policies
  of their parents
• Example
• We will revisit cert. infrastructures later

16
Example

• Internet Policy Registration Authority (IPRA)
  issues certificates for policy certification
  authorities (PCAs)
• PCAs certify other CAs
• Note that their policies cannot conflict with
  those of the IPRA

17
Conflicts

• What if a single CA issues certificates under
  different policies?
• What if a CA issues a certificate tied to an
  email address, but the owner of this address
  changes?
• What if two CAs have the same dist. name?
• What if two different CAs issue certificates for
  the same distinguished name (to different
  principals)?

18
Easy solution

• For organizational certificates, the last type of
  conflict can be prevented by incorporating CA
  name into distinguished name
• Does not solve the other problems, in general

19
Handling conflicts

• Conflict detection database
• Before a PCA may issue a certificate to a CA, it
  checks for a conflict in the database
• Sends a hash of the CAs dist. name, the CAs
  public key, and the dist. name of the PCA
• If first two fields conflict with a database
  entry, the two PCAs must resolve the conflict
• Note that this only ensures uniqueness of (DN,
  PK) pairs

20
Handling conflicts (in action)

• Two CAs with same dist. name?
• Will have different public keys
• Same CA with two different policies?
• Will use different public keys for each

21
What does identity mean?

• Ultimately, identity is proved using physical
  means
• Drivers license, fingerprints, etc.
• If these are compromised, then certificates are
  irrelevant!
• Certificate is just a binding between external
  identity and (DN, PK)

22
Anonymity vs. pseudonymity

• Anonymity
• No one can identify the source of any messages
• Can be achieved via the use of persona
  certificates (with meaningless DNs)
• Pseudonymity
• No one can identify the source of a set of
  messages
• but they can tell that they all came from the
  same person

23
Levels of anonymity

• There is a scale of anonymity
• Ranges from no anonymity (complete
  identification), to partial anonymity (e.g.,
  crowds),to complete anonymity
• Pseudonymity is an orthogonal issue