1 / 13

Representing Identity

Representing Identity. CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004. Overview. Certificates Network identities Remailers. What is Identity?. Def: A principal is a unique entity. An identity specifies a principal.

tadc
Télécharger la présentation

Representing Identity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Representing Identity CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 19, 2004

  2. Overview • Certificates • Network identities • Remailers

  3. What is Identity? • Def: A principal is a unique entity. An identity specifies a principal. • A principal may be a person, an organization, or an object

  4. Example Identities • URL • File name • File descriptor • Login • User Identification Number (UID)

  5. Certificates • Used to bind crypto keys to identifiers • Certification Authority (CA) vouches for identity of principal to which certificate is issued • CA authentication policy describes level of authentication required to identify principal when certificate issued • CA issuance policy describes principals to whom CA will issue certificates

  6. Internet Policy Registration Authority (IPRA) • Sets policies for all subordinate CAs • Certifies Policy Certification Authorities (PCAs) • each may have their own authentication and issuance policy • may not conflict with IPRA • PCAs issue certificates to CAs • CAs issue certificates to organizations and individuals

  7. Network Identities • Media Access Control (MAC) address used at link layer • Internet Protocol (IP) address used at network layer • Host name used at application layer • Dynamic Host Configuration Protocol (DHCP) may be used to temporarily assign an IP address

  8. Domain Name System (DNS) Records • Forward: map host name to IP address • Reverse: map IP addresses to host names • May compare forward and reverse mappings in order to determine whether to trust a host name

  9. Cookies • Used to represent state of a web session • Fields: • Name, value: bind value to name • Expires: delete at end of session or at specified time • Domain: to whom cookie may be sent, must have embedded "." • Path: restricts domain • Secure: whether to use SSL

  10. Anonymity on the Web • Pseudo-anonymous remailer - replaces originating email address before forwarding, keeps mapping of anonymous identities and associated origins • Cypherpunk remailer (type 1) - deletes header of incoming message and forwards remainder • typically used in chain • typically enciphered messages

  11. Attacking Cypherpunk • Monitor traffic in/out of remailers • Observe times of arrival/departure • Observe size of messages • Flood remailer with messages to defeat countermeasures

  12. Mixmaster Remailers (Type 2) • Cypherpunk remailer plus: • padding or fragmentation to create fixed size records • uniquely numbered messages to avoid replay attacks

  13. Why is Anonymity Needed? • Whistleblowing • Protection of privacy • ???

More Related