CMSC 414 Computer and Network Security Lecture 15

CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz

Review of cryptography… ¨ Private-key (key shared in advance) – Private-key encryption – Message authentication codes (MACs) ¨ Public-key (PK distributed/SK secret) – Public-key encryption – Signature schemes

Review of cryptography… – Encryption does not provide integrity – Signatures/MACs do not provide secrecy – Signing is not the same as (public key) encryption/decryption – A “checksum” is not the same as a MAC – Deterministic encryption is not secure – CBC-MAC is not the same as CBC encryption

Midterm stats ¨ Average: 65 ¨ (Roughly: ) – 80 -100: A – 60 -80: B – 45 -60: C – <45: D/F

Administrative items ¨ HW 3 ¨ Project coming soon…

Representing Identity (Chapter 14)

Identity ¨ An identity specifies a principal (a unique entity) ¨ Authentication binds a principal to a (representation of an) identity ¨ Identities are used for, e. g. , accountability and access control (among others)

Example: files and objects ¨ Note: the name of an object may depend on the context – E. g. , a filename for human use, a file descriptor for process use, and a file allocation entry used by the kernel – E. g. , user with different accounts

Example: groups ¨ An “entity” may be a set of entities, i. e. , a group ¨ Two implementations of groups 1. Group is an alias for a set of principals; principals stay in their groups 2. Principals can change groups; rights depend upon current group membership

Roles ¨ A role is a group that ties membership to function – When a principal assumes a role, the principal is given the rights belonging to that role

Naming and certificates ¨ Identifiers correspond to principals – Must uniquely identify the principal – (Real) names alone are not enough!

E. g. , X. 509 certificates ¨ Distinguished names identify a principal – Series of fields, each with key and value • E. g. /O=University of Maryland/OU=College Park/OU=Computer Science/CN=J. Katz • “O” - organization; “OU” - organizational unit; “CN” = common name

Certificates ¨ Certification authorities vouch for the identity of the principal to whom a certificate is issued ¨ CA authentication policy determines the level of authentication needed to identify the principal before the certificate is issued ¨ CA issuance policy describes the principals to whom the CA will issue certificates ¨ A single CA can “act” as multiple CAs, each with their own policies…

Example: Verisign (1996) ¨ Three levels of authentication – Verification of valid email address – Verification of name/address – Background check ¨ Different authentication policies; same issuance policy (individuals) ¨ Another issuance policy was for issuing certificates to web servers

Certificate infrastructure ¨ Hierarchical structure of CAs – Nodes correspond to CAs – Children of a CA are constrained by the policies of their parents – Example… ¨ We will revisit cert. infrastructures later…

Example ¨ Internet Policy Registration Authority (IPRA) issues certificates for policy certification authorities (PCAs) ¨ PCAs certify other CAs – Note that their policies cannot conflict with those of the IPRA

Conflicts ¨ What if a single CA issues certificates under different policies? ¨ What if a CA issues a certificate tied to an email address, but the owner of this address changes? ¨ What if two CAs have the same dist. name? ¨ What if two different CAs issue certificates for the same distinguished name (to different principals)?

Easy solution ¨ For organizational certificates, the last type of conflict can be prevented by incorporating CA name into distinguished name ¨ Does not solve the other problems, in general…

Handling conflicts ¨ Conflict detection database… ¨ Before a PCA may issue a certificate to a CA, it checks for a conflict in the database – Sends a hash of the CAs dist. name, the CAs public key, and the dist. name of the PCA ¨ If first two fields conflict with a database entry, the two PCAs must resolve the conflict ¨ Note that this only ensures uniqueness of (DN, PK) pairs

Handling conflicts (in action) ¨ Two CAs with same dist. name? – Will have different public keys… ¨ Same CA with two different policies? – Will use different public keys for each

What does identity mean? ¨ Ultimately, identity is proved using physical means – Driver’s license, fingerprints, etc. ¨ If these are compromised, then certificates are irrelevant! – Certificate is just a binding between external identity and (DN, PK)

Anonymity vs. pseudonymity ¨ Anonymity – No one can identify the source of any messages – Can be achieved via the use of “persona” certificates (with “meaningless” DNs) ¨ Pseudonymity – No one can identify the source of a set of messages… – …but they can tell that they all came from the same person

Levels of anonymity ¨ There is a scale of anonymity – Ranges from no anonymity (complete identification), to partial anonymity (e. g. , crowds), to complete anonymity – Pseudonymity is an orthogonal issue…