Security - PowerPoint PPT Presentation

About This Presentation
Title:

Security

Description:

Secure Replicated Services Sharing a secret signature in a group ... (see also [camp.lj96a]) E-cash The principle of anonymous electronic cash using blind signatures. – PowerPoint PPT presentation

Number of Views:42
Avg rating:3.0/5.0
Slides: 53
Provided by: SteveA158
Learn more at: https://www.cise.ufl.edu
Category:

less

Transcript and Presenter's Notes

Title: Security


1
Security
  • Chapter 8

2
Types of Threats
  • Interception
  • Interruption
  • Modification
  • Fabrication

3
Security Mechanisms
  • Encryption
  • Authentication
  • Authorization
  • Auditing

4
Example Globus Security Architecture
  • Diagram of Globus security architecture.

5
Focus of Control
  • Three approaches for protection against security
    threats
  • Protection against invalid operations
  • Protection against unauthorized invocations
  • Protection against unauthorized users

6
Layering of Security Mechanisms (1)
  • The logical organization of a distributed system
    into several layers.

7
Layering of Security Mechanisms (2)
  • Several sites connected through a wide-area
    backbone service.

8
Distribution of Security Mechanisms
  • The principle of RISSC as applied to secure
    distributed systems.

9
Cryptography (1)
  • Intruders and eavesdroppers in communication.

10
Cryptography (2)
Notation Description
KA, B Secret key shared by A and B
Public key of A
Private key of A
  • Notation used in this chapter.

11
Symmetric Cryptosystems DES (1)
  1. The principle of DES
  2. Outline of one encryption round

12
Symmetric Cryptosystems DES (2)
  • Details of per-round key generation in DES.

13
Public-Key Cryptosystems RSA
  • Generating the private and public key requires
    four steps
  • Choose two very large prime numbers, p and q
  • Compute n p x q and z (p 1) x (q 1)
  • Choose a number d that is relatively prime to z
  • Compute the number e such that e x d 1 mod z

14
Hash Functions MD5 (1)
  • The structure of MD5

15
Hash Functions MD5 (2)
  • The 16 iterations during the first round in a
    phase in MD5.

16
Authentication (1)
  • Authentication based on a shared secret key.

17
Authentication (2)
  • Authentication based on a shared secret key, but
    using three instead of five messages.

18
Authentication (3)
  • The reflection attack.

19
Authentication Using a Key Distribution Center (1)
  • The principle of using a KDC.

20
Authentication Using a Key Distribution Center (2)
  • Using a ticket and letting Alice set up a
    connection to Bob.

21
Authentication Using a Key Distribution Center (3)
  • The Needham-Schroeder authentication protocol.

22
Authentication Using a Key Distribution Center (4)
  • Protection against malicious reuse of a
    previously generated session key in the
    Needham-Schroeder protocol.

23
Authentication Using Public-Key Cryptography
  • Mutual authentication in a public-key
    cryptosystem.

24
Digital Signatures (1)
  • Digital signing a message using public-key
    cryptography.

25
Digital Signatures (2)
  • Digitally signing a message using a message
    digest.

26
Secure Replicated Services
  • Sharing a secret signature in a group of
    replicated servers.

27
General Issues in Access Control
  • General model of controlling access to objects.

28
Access Control Matrix
  • Comparison between ACLs and capabilities for
    protecting objects.
  • Using an ACL
  • Using capabilities.

29
Protection Domains
  • The hierarchical organization of protection
    domains as groups of users.

30
Firewalls
  • A common implementation of a firewall.

31
Protecting the Target (1)
8-27
  • The organization of a Java sandbox.

32
Protecting the Target (2)
8-28
  1. A sandbox
  2. A playground

33
Protecting the Target (3)
8-29
  • The principle of using Java object references as
    capabilities.

34
Protecting the Target (4)
  • The principle of stack introspection.

35
Key Establishment
  • The principle of Diffie-Hellman key exchange.

36
Key Distribution (1)
  • Secret-key distribution

37
Key Distribution (2)
  • Public-key distribution (see also menezes.a96).

38
Secure Group Management
  • Securely admitting a new group member.

39
Capabilities and Attribute Certificates (1)
48 bits 24 bits 8 bits 48 bits
Server port Object Rights Check
  • A capability in Amoeba.

40
Capabilities and Attribute Certificates (2)
  • Generation of a restricted capability from an
    owner capability.

41
Delegation (1)
  • The general structure of a proxy as used for
    delegation.

42
Delegation (2)
  • Using a proxy to delegate and prove ownership of
    access rights.

43
Example Kerberos (1)
  • Authentication in Kerberos.

44
Example Kerberos (2)
  • Setting up a secure channel in Kerberos.

45
SESAME Components
  • Overview of components in SESAME.

46
Privilege Attribute Certificates (PACs)
Field Description
Issuer domain Name the security domain of the issuer
Issuer identity Name the PAS in the issuer's domain
Serial number A unique number for this PAC, generated by the PAS
Creation time UTC time when this PAC was created
Validity Time interval when this PAC is valid
Time periods Additional time periods outside which the PAC is invalid
Algorithm ID Identifier of the algorithm used to sign this PAC
Signature value The signature placed on the PAC
Privileges A list of (attribute, value)-pairs describing privileges
Certificate information Additional information to be used by the PVF
Miscellaneous Currently used for auditing purposes only
Protection methods Fields to control how the PAC i s used
  • The organization of a SESAME Privilege Attribute
    Certificate.

47
Electronic Payment Systems (1)
  • Payment systems based on direct payment between
    customer and merchant.
  • Paying in cash.
  • Using a check.
  • Using a credit card.

48
Electronic Payment Systems (2)
  • Payment systems based on money transfer between
    banks.
  • Payment by money order.
  • Payment through debit order.

49
Privacy (1)
Merchant Customer Date Amount Item
Merchant Full Partial Full Full Full
Customer Full Full Full Full Full
Bank None None None None None
Observer Full Partial Full Full Full
  • Information hiding in a traditional cash payment.

50
Privacy (2)
Information
Merchant Customer Date Amount Item
Merchant Full Full Full Full Full
Customer Full Full Full Full Full
Bank Full Full Full Full None
Observer Full Partial Full Full Full
Party
  • Information hiding in a traditional credit-card
    system (see also camp.lj96a)

51
E-cash
  • The principle of anonymous electronic cash using
    blind signatures.

52
Secure Electronic Transactions (SET)
  • The different steps in SET.
Write a Comment
User Comments (0)
About PowerShow.com