CMSC 414 Computer and Network Security Lecture 16

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz

Trust ¨ How much to trust a particular certificate? ¨ Based on: – CA authentication policy – Rigor with which policy is followed – Assumptions inherent in the policy

Example… ¨ Certificate issued based on a passport ¨ Assumptions: – Passport not forged – Passport issued to the right person – Person presenting passport is the right person – CA actually checked the passport when issuing the certificate

Anonymity vs. pseudonymity ¨ Anonymity – No one can identify the source of any messages – Can be achieved via the use of “persona” certificates (with “meaningless” DNs) ¨ Pseudonymity – No one can identify the source of a set of messages… – …but they can tell that they all came from the same person

Levels of anonymity ¨ There is a scale of anonymity – Ranges from no anonymity (complete identification), to partial anonymity (e. g. , crowds), to complete anonymity – Pseudonymity is tangential to this…

Anonymizers ¨ Proxies that clients can connect to, and use to forward their communication – Primarily used for email, http ¨ Can also provide pseudonymity – This may lead to potential security flaws if mapping is compromised ¨ Must trust the anonymizer… – Can limit this by using multiple anonymizers

Traffic analysis ¨ If messages sent to remailers are not encrypted, it is easy to trace the sender ¨ Even if encrypted, may be possible to perform traffic analysis – Timing – Message sizes – Replay attacks

Http anonymizers ¨ Two approaches – Centralized proxy/proxies – “Crowds…”

Implications of anonymity? ¨ Is anonymity good or bad? – Unclear… – Can pseudonymity help?

Identity on the Web ¨ Certificates are not (yet? ) ubiquitous for individuals ¨ Other means for assigning identities?

Host identity ¨ E. g. , in the context of the OSI model – Potentially different “names” at each layer • MAC address (data link layer) • IP address (network layer) • hostname (application layer) ¨ In general, it is easy to spoof these identities

Static/dynamic identifiers ¨ E. g. , Domain Name Service (DNS) – Associates hostnames and IP addresses (static) ¨ E. g. , DHCP servers – When laptop connects to network, the network assigns the laptop an unused IP address – Local identifier = identifier used between client and server – Global identifier = identifier used by client in other contexts

E. g. , address translation ¨ Company with more computers than IP addresses – Each computer has a fixed local address used internally – When a computer sends a packet to the Internet, those packets are assigned a valid IP address by a gateway – The gateway keeps track of the correspondence

“Cookies” ¨ Cookies are tokens containing state information about a transaction ¨ May contain (for example): – Name/value; expiration time – Intended domain (cookie is sent to any server in that domain) • No requirement that cookie is sent by that domain

Security violations? ¨ Cookies potentially violate privacy – E. g. , connecting to one server results in a cookie that will be transmitted to another ¨ Storing authentication information in a cookie is also potentially dangerous (unless cookie is kept confidential, or other methods are used)