Transcript Representing Identity - Columbus State University

Chapter 14: Representing Identity
Dr. Wayne Summers
Department of Computer Science
Columbus State University
[email protected]
http://csc.colstate.edu/summers
Representing Identity
 Principal - unique entity (ex. File, user)
 Identity - specifies a principal (ex. Filename,
UID)
 Authentication binds a principal to a
representation of identity internal to the
computer
 Principals may be grouped into sets called
groups
 Role – type of group that ties membership to
function
2
Naming and Certificates
 Certificate – mechanism for binding
cryptographic keys to identifiers
– X.509v3 certificates use Distinguished Names: /O=Columbus
State University/OU=Computer Science Dept/CN=Wayne
Summers
 CA authentication policy
– describes the level of authentication required to identify the
principal to whom the certificate is to be issued
– Defines the way in which principals prove their identity
 CA issuance policy describes the principals to whom the
CA will issue certificates
3
Identity on the Web
 Host Identity
– Ethernet (MAC) address: 00-07-E9-72-B3-75
– IP address: 192.168.0.3
– Host name: jaring.colstate.edu
 Static & Dynamic Identifiers
–
–
–
–
ARP (maps MAC and IP addresses)
DNS (maps IP addresses and host names)
DHCP – provides a dynamic IP address
NAT (Network Address Translation): router that translates
between external and internal (private) addresses (e.g. 10.x.y.z)
4
Identity on the Web
 State and Cookies
– Cookie – token that contains information about the state of a
transaction on a network
•
•
•
•
•
name and associated value are encoded to represent the state
Expiration field indicates when the cookie is valid
Domain indicates for which domain the cookie is intended
Path restricts the dissemination of the cookie within the domain
Secure field restricts the use of the cookie to over SSL connections
only
5
Anonymity on the Web
 Anonymizer – site that hides the origin of the
connection (similar to a proxy server)
 Pseudo-anonymous remailer – remailer that
replaces the originating e-mail address before it
forwards the e-mail but keeps the mappings
 Cyberpunk (type 1) remailer – strips the header
before forwarding
 Mixmaster (type 2) remailer- Cyperpunk
remailer that only handles enciphered messages
and pads messages to a fixed size before
sending them
6