csc 382: computer securityslide #1 csc 382: computer security identity
Post on 03-Jan-2016
256 Views
Preview:
TRANSCRIPT
CSC 382: Computer Security Slide #1
CSC 382: Computer Security
Identity
CSC 382: Computer Security Slide #2
Identity
1. What is Identity?
2. Files and Objects
3. Users
4. Groups and Roles
5. Naming and Certificates
6. Internet Identity and Anonymity
CSC 382: Computer Security Slide #3
What is Identity?
Computer’s representation of an entity– Entities can be subjects or objects.
Authentication binds a principal to an identity.
Example:– username expresses your identity.– password binds the person typing to that
particular identity (username).
CSC 382: Computer Security Slide #4
Purpose of Identity
Access Control– Most systems base access rights on identity of
principal executing the process.
Accountability– Logging and auditing functions.– Need to track identity across account/role
changes (e.g., su, sudo).
CSC 382: Computer Security Slide #5
Files and Objects
Objects are identified by assigning names
Example: UNIX filenames– inode: unique identifier, contains file metadata and
location of disk blocks.
– file descriptor: abstracts inode on a per-process basis for file reading and writing.
– absolute pathnames: describe location in filesystem.
– relative pathnames: describe locations of file with respect to current working directory.
CSC 382: Computer Security Slide #6
Remote Objects
Remote objects require more complex names.
Example: URLs– Identifies objects by location and protocol
required to access it.– <scheme>://<authority><path>?<query>
– example: ftp://abcorp.com/pub/README
CSC 382: Computer Security Slide #7
Users
Identity tied to a single entity.
Example: UNIX UIDs– UNIX identifies user with 15- to 32-bit user ID.– Also provides login names for convenience
• Each login name corresponds to a single UID.• A UID may have multiple login names.
– UID=0 is superuser regardless of login name.– Real UID is actual user.– Effective UID (EUID) used for access control.– SetUID programs allow EUID to differ from UID.
CSC 382: Computer Security Slide #8
Groups and Roles
An “entity” may be a set of entities referred to by a single identifier.
Principals often need to share access to files, and thus are taken as groups.– static: alias for a group of principles.– dynamic: principal changes from one group to another
as different privileges are needed.
role: a group that ties membership to functionexample: UNIX groups
CSC 382: Computer Security Slide #9
Certificates
Bind a cryptographic key to a principal.
How to identify the principal?– Distinguished Names provide unique names
despite people sharing first and last names.– Certification Authorities (CAs) link DNs to a
particular person.
CSC 382: Computer Security Slide #10
Distinguished Names
Hierarchical naming system – Used by X509.3 certificates, LDAP
String representation:– Series of key value pairs, separated by /’s
Example:
/O=University of Toledo/OU=Dept. of EECS/CN=James Walden
CSC 382: Computer Security Slide #11
Certification Authorities
CA Authentication Policy: Describes level of authentication required to identify a principle to whom a certificate is issued
CA Issuance Policy: Describes principals to whom CA will issue certificates
CSC 382: Computer Security Slide #12
CA Example: Verisign
Authentication Policies1. Authenticates email address2. Authenticates real name and address3. Authenticates legal identity via a background
check from investigative service
Issuance Policies– Issue to individuals– Issue to web servers (organizations)
CSC 382: Computer Security Slide #13
CA Hierarchy
Hierarchical tree of CAs– Identify CAs by DNs– Root = Internet Policy Registration Authority– Policy Certification Authorities (PCAs)
• Each has public authentication and issuance policies.• Issue certificates to ordinary CA.
– Subordinate nodes must follow policies of parents, but can add more restrictions.
– Make trust decisions by walking up tree.
CSC 382: Computer Security Slide #14
Host IdentityEthernet (MAC) Address
– 48-bit data link level identifier– example: 00:0B:DB:78:39:8A
IP Address– 32-bit network level identifier– ex: 10.17.0.101
IPv6 Address– 128-bit network level identifier– ex: fe80::2a0:c9ff:fe97:153d/64
Hostname (DNS name)– string application level identifier– ex: www.nku.edu
CSC 382: Computer Security Slide #15
Anonymity
Internet connections are associated with a particular host.
What if you don’t want your identity associated with a connection?
Solution: anonymizer– A proxy server that performs connection on
your behalf.– Internet connection associated with
anonymizer, not your IP address.
CSC 382: Computer Security Slide #16
Pseudo-anonymous Remailer
1. Maps anonymous ID to sender.2. Replaces sender’s email addresses and
other identifying information.3. Forwards message to destination host.4. Replies are also anonymized and
forwarded to original sender.
Caveat: sender and recipient both known to pseudo-anonymous remailer.
CSC 382: Computer Security Slide #17
Cypherpunk Remailer
1. Encipher message with recipient’s public key.
2. No mapping between originator/remailer address.
3. Delete header.
4. Decipher one layer of PGP encryption (using remailer’s private key).
5. Encipher with PGP public key of next remailer.
6. Forward to next remailer or destination.
CSC 382: Computer Security Slide #18
Traffic Analysis
Attacker can still obtain association if remailer immediately forwards messages– Delay messages for random time interval.– Randomize processing order of messages.
• Keep pool of incoming messages.• Send random message once n messages in pool.• What if attacker sends messages to fill pool?
Attacker can obtain associations by watching message size.– Message size decreases with each remailing.
CSC 382: Computer Security Slide #19
Mixmaster Remailer
Cypherpunk remailer that handles only enciphered messages and pads or fragments all messages to a fixed size before sending.– All messages uniquely numbered to avoid
replay attacks.– Messages not re-assembled until last remailer.
CSC 382: Computer Security Slide #20
Key Points
1. All access control is based on identity.2. Identity may have multiple representations.3. Identities are bound to principals.4. Anonymity allows interaction without
knowledge of true identity.psuedo-anonymity: intermediary knows identity.true anonymity: no one knows true identity.
CSC 382: Computer Security Slide #21
References1. Phil Agre. “Your Face is not a Bar Code,”
http://polaris.gseis.ucla.edu/pagre/bar-code.html, 2003.2. Ross Anderson, Security Engineering, Wiley, 2001.3. Matt Bishop, Introduction to Computer Security, Addison-
Wesley, 2005.4. Bruce Schneier, “Biometrics: Truths and Fictions,” Cryptogram,
http://www.schneier.com/crypto-gram-9808.html#biometrics, 1998.
5. John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, 2002.
6. David Wheeler, Secure Programming for UNIX and Linux HOWTO, http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html, 2003.
top related