Security Systems Lecture notes Dr Clifford Neuman University
- Slides: 21
Security Systems Lecture notes Dr. Clifford Neuman University of Southern California Information Sciences Institute Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 1
CSci 530: Security Systems Lecture 5 – September 24, 2004 Key Management (2) Dr. Clifford Neuman University of Southern California Information Sciences Institute Slides by Drs. Brian Tung and Clifford Neuman Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 2
Administration v Assignment 1 is on web page – Due October 1 – Corrections posted last night (typos) v Paper proposal assignment on web – Proposals due October 8 – Will respond sooner if received early – Be sure to send queries to correct address Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 3
Key Management v Key management is where much security weakness lies – Choosing keys – Storing keys – Communicating keys Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 4
Key Management Review v Classes of Crypto – Public key – 2 n keys – Conventional n 2 keys Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 5
Public Key Distribution v Public key can be public! – How does either side know who and what the key is for? Private agreement? (Not scalable. ) v Does this solve the key distribution problem? – No – while confidentiality is not required, integrity is. Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 6
Certification Infrastructures v Public keys represented by certificates v Certificates signed by other certificates – User delegates trust to trusted certifiers. – Certificate chains transfer trust several steps Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 7
Examples v PGP – “Web of Trust” – Can model as connected digraph of signers v X. 500 – Hierarchical model: tree (or DAG? ) – (But X. 509 certificates use ASN. 1!) Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 8
Examples v SSH – User keys out of band exchange. – Weak assurance of server keys. u Was the same host you spoke with last time. – Discussion of benefits v SET – Hierarchical – Multiple roots – Key splitting Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 9
What to do with keys v Practical issues – How to carry them u Passwords vs. disks vs. smartcards – Where do they stay, where do they go – How many do you have – How do you get them to begin with. Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 10
Key Distribution v Conventional cryptography – Single key shared by both parties v Public Key cryptography – Public key published to the world – Private key known only by owner v Third party certifies or distributes keys – Certification infrastructure – Authentication Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 11
Practical use of keys v Email (PEM or S/MIME) – Hashes and message keys to be distributed and signed. v Conferencing – Group key management (discussed later) v Authentication (next lecture) v SSL – And other “real time” protocols – Key establishment Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 12
Recovery from exposed keys v Revocation lists (CRL’s) – Long lists – Hard to propogate v Lifetime / Expiration – Short life allows assurance of validitiy at time of issue. v Realtime validation – Online Certificate Status Protocol (OCSP) v What about existing messages? Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 13
Key Management Overview v Key size vs. data size – Affects security and usability v Reuse of keys – Multiple users, multiple messages v Initial exchange – The bootstrap/registration problem – Confidentiality vs. authentication Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 14
Key Management Review v KDC’s – Generate and distribute keys – Bind names to shared keys Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 15
Key Management Overview v Who needs strong secrets anyway – Users? – Servers? – The Security System? – Software? – End Systems? v Secret vs. Public Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 16
Security Architectures v DSSA – Delegation is the important issue Workstation can act as user u Software can act as workstation u – if given key u Software can act as developer – if checksum validated – Complete chain needed to assume authority – Roles provide limits on authority – new sub-principal Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 17
Group Key Management v Group key vs. Individual key – Identifies member of groups vs. which member of group – PK slower but allows multiple verification of individuals Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 18
Group Key Management Issues v Revoking access – Change messages, keys, redistribute v Joining and leaving groups – Does one see old message on join – How to revoke access v Performance issues – Hierarchy to reduce number of envelopes for very large systems – Hot research topic Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 19
Group Key Management Approaches v Centralized – Single entity issues keys – Optimization to reduce traffic for large groups – May utilize application specific knowledges v Decentralized – Employs sub managers v Distributed – Members do key generation – May involve group contributions Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 20
Current event Slashdot (by Cmdr. Taco Tuesday September 14, @03: 24 PM) Saint Aardvark writes "Lexar describes the Jump. Drive Secure as "loaded with software that lets you passwordprotect your data. If lost or stolen, you can rest assured that what you've saved there remains there with 256 -bit AES encryption. " @stake has a different take: The password can be observed in memory or read directly from the device, without evidence of tampering. " And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication. " That's why I use ROT-13 for my encryption needs. " Copyright © 2003 -2004 B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall 2003 21